536ae9c73fd13f5a44daafcb1b4dccd187424074
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.FileInputStream;
53 import java.io.FileNotFoundException;
54 import java.io.InputStream;
55 import java.io.StringReader;
56 import java.net.MalformedURLException;
57 import java.net.URI;
58 import java.net.URISyntaxException;
59 import java.net.URL;
60 import java.security.Principal;
61 import java.util.Arrays;
62 import java.util.HashSet;
63 import java.util.Properties;
64
65 import junit.framework.TestCase;
66
67 import org.apache.log4j.BasicConfigurator;
68 import org.apache.xerces.parsers.DOMParser;
69 import org.xml.sax.EntityResolver;
70 import org.xml.sax.ErrorHandler;
71 import org.xml.sax.InputSource;
72 import org.xml.sax.SAXException;
73 import org.xml.sax.SAXNotRecognizedException;
74 import org.xml.sax.SAXNotSupportedException;
75 import org.xml.sax.SAXParseException;
76
77 /**
78  * Validation suite for <code>Arp</code> processing.
79  * 
80  * @ author Walter Hoehn(wassa@columbia.edu)
81  */
82
83 public class ArpTests extends TestCase {
84
85         DOMParser parser = new DOMParser();
86
87         public ArpTests(String name) {
88                 super(name);
89                 BasicConfigurator.resetConfiguration();
90                 BasicConfigurator.configure();
91         }
92
93         public static void main(String[] args) {
94                 junit.textui.TestRunner.run(ArpTests.class);
95                 BasicConfigurator.configure();
96         }
97
98         /**
99          * @see junit.framework.TestCase#setUp()
100          */
101         protected void setUp() throws Exception {
102                 super.setUp();
103                 try {
104                         parser.setFeature("http://xml.org/sax/features/validation", true);
105                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
106                         parser.setEntityResolver(new EntityResolver() {
107                                 public InputSource resolveEntity(String publicId, String systemId)
108                                         throws SAXException {
109
110                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
111                                                 InputStream stream;
112                                                 try {
113                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
114                                                         if (stream != null) {
115                                                                 return new InputSource(stream);
116                                                         }
117                                                         throw new SAXException("Could not load entity: Null input stream");
118                                                 } catch (FileNotFoundException e) {
119                                                         throw new SAXException("Could not load entity: " + e);
120                                                 }
121                                         } else {
122                                                 return null;
123                                         }
124                                 }
125                         });
126
127                         parser.setErrorHandler(new ErrorHandler() {
128                                 public void error(SAXParseException arg0) throws SAXException {
129                                         throw new SAXException("Error parsing xml file: " + arg0);
130                                 }
131                                 public void fatalError(SAXParseException arg0) throws SAXException {
132                                         throw new SAXException("Error parsing xml file: " + arg0);
133                                 }
134                                 public void warning(SAXParseException arg0) throws SAXException {
135                                         throw new SAXException("Error parsing xml file: " + arg0);
136                                 }
137                         });
138                 } catch (Exception e) {
139                         fail("Failed to setup xml parser: " + e);
140                 }
141
142         }
143
144         public void testArpMarshalling() {
145
146                 //Test ARP description
147                 try {
148                         InputStream inStream = new FileInputStream("test/arp1.xml");
149                         parser.parse(new InputSource(inStream));
150                         Arp arp1 = new Arp();
151                         arp1.marshall(parser.getDocument().getDocumentElement());
152                         assertEquals(
153                                 "ARP Description not marshalled properly",
154                                 arp1.getDescription(),
155                                 "Simplest possible ARP.");
156
157                         //Test Rule description
158                         assertEquals(
159                                 "ARP Rule Description not marshalled properly",
160                                 arp1.getAllRules()[0].getDescription(),
161                                 "Example Rule Description.");
162                 } catch (Exception e) {
163                         fail("Failed to marshall ARP: " + e);
164                 }
165
166                 //Test case where ARP description does not exist
167                 try {
168                         InputStream inStream = new FileInputStream("test/arp2.xml");
169                         parser.parse(new InputSource(inStream));
170                         Arp arp2 = new Arp();
171                         arp2.marshall(parser.getDocument().getDocumentElement());
172                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
173
174                         //Test case where ARP Rule description does not exist   
175                         assertNull(
176                                 "ARP Rule Description not marshalled properly",
177                                 arp2.getAllRules()[0].getDescription());
178                 } catch (Exception e) {
179                         fail("Failed to marshall ARP.");
180                 }
181
182         }
183
184         public void testMatchingFunctions() {
185
186                 try {
187
188                         /*
189                          * Test Arp Engine function retrieval
190                          */
191
192                         //Lookup a function that doesn't exist
193                         MatchFunction noFunction =
194                                 ArpEngine.lookupMatchFunction(
195                                         new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
196                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
197
198                         //Lookup some real functions
199                         MatchFunction exactSharFunction =
200                                 ArpEngine.lookupMatchFunction(
201                                         new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
202                         assertNotNull(
203                                 "ArpEngine did not properly load the Exact SHAR function.",
204                                 exactSharFunction);
205                         MatchFunction resourceTreeFunction =
206                                 ArpEngine.lookupMatchFunction(
207                                         new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
208                         assertNotNull(
209                                 "ArpEngine did not properly load the Resource Tree SHAR function.",
210                                 resourceTreeFunction);
211                         MatchFunction regexFunction =
212                                 ArpEngine.lookupMatchFunction(
213                                         new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
214                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
215
216                         /* 
217                          * Test the Exact SHAR function (requester)
218                          */
219
220                         assertTrue(
221                                 "Exact SHAR function: false negative",
222                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
223                         assertTrue(
224                                 "Exact SHAR function: false negative",
225                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
226                         assertTrue(
227                                 "Exact SHAR function: false negative",
228                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
229
230                         //Make sure we properly handle bad input
231                         try {
232                                 exactSharFunction.match(null, null);
233                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
234                         } catch (ArpException ie) {
235                                 //This is supposed to fail
236                         }
237
238                         /*
239                          * Test the Resource Tree function (resource)
240                          */
241
242                         URL requestURL1 = new URL("http://www.example.edu/test/");
243                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
244                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
245                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
246
247                         assertTrue(
248                                 "Resource Tree function: false negative",
249                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
250                         assertTrue(
251                                 "Resource Tree function: false positive",
252                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
253                         assertTrue(
254                                 "Resource Tree function: false negative",
255                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
256                         assertTrue(
257                                 "Resource Tree function: false positive",
258                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
259                         assertTrue(
260                                 "Resource Tree function: false negative",
261                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
262                         assertTrue(
263                                 "Resource Tree function: false negative",
264                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
265                         assertTrue(
266                                 "Resource Tree function: false negative",
267                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
268                         assertTrue(
269                                 "Resource Tree function: false positive",
270                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
271                         assertTrue(
272                                 "Resource Tree function: false negative",
273                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
274                         assertTrue(
275                                 "Resource Tree function: false negative",
276                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
277                         assertTrue(
278                                 "Resource Tree function: false negative",
279                                 resourceTreeFunction.match(
280                                         "http://www.example.edu/test2/index.html?test1=test1",
281                                         requestURL4));
282                         assertTrue(
283                                 "Resource Tree function: false positive",
284                                 !resourceTreeFunction.match(
285                                         "http://www.example.edu/test2/index.html?test1=test1",
286                                         requestURL3));
287
288                         //Make sure we properly handle bad input
289                         try {
290                                 resourceTreeFunction.match(null, null);
291                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
292                         } catch (ArpException ie) {
293                                 //This is supposed to fail
294                         }
295                         try {
296                                 resourceTreeFunction.match("Test", "Test");
297                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
298                         } catch (ArpException ie) {
299                                 //This is supposed to fail
300                         }
301
302                         /*
303                          * Test the Regex function (requester & resource)
304                          */
305
306                         //Try requester regexes
307                         assertTrue(
308                                 "Regex function: false negative",
309                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
310                         assertTrue(
311                                 "Regex function: false negative",
312                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
313                         assertTrue(
314                                 "Regex function: false negative",
315                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
316                         assertTrue(
317                                 "Regex function: false negative",
318                                 regexFunction.match(".*\\.edu", "shar.example.edu"));
319                         assertTrue(
320                                 "Regex function: false positive",
321                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
322                         assertTrue(
323                                 "Regex function: false positive",
324                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
325                         assertTrue(
326                                 "Regex function: false positive",
327                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
328
329                         //Try resource regexes
330                         assertTrue(
331                                 "Regex function: false negative",
332                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
333                         assertTrue(
334                                 "Regex function: false negative",
335                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
336                         assertTrue(
337                                 "Regex function: false negative",
338                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
339                         assertTrue(
340                                 "Regex function: false negative",
341                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
342                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
343                         assertTrue(
344                                 "Regex function: false positive",
345                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
346                         assertTrue(
347                                 "Regex function: false positive",
348                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
349
350                         //Make sure we properly handle bad input
351                         try {
352                                 regexFunction.match(null, null);
353                                 fail("Regex function seems to take improper input without throwing an exception.");
354                         } catch (ArpException ie) {
355                                 //This is supposed to fail
356                         }
357
358                 } catch (ArpException e) {
359                         fail("Encountered a problem loading match function: " + e);
360                 } catch (URISyntaxException e) {
361                         fail("Unable to create URI from test string.");
362                 } catch (MalformedURLException e) {
363                         fail("Couldn't create test URLs: " + e);
364                 }
365
366         }
367
368         public void testRepositories() {
369
370                 /*
371                  * Test the Factory
372                  */
373
374                 //Make sure we fail if no Repository is specified
375                 Properties props = new Properties();
376                 try {
377                         ArpRepositoryFactory.getInstance(props);
378                 } catch (ArpRepositoryException e) {
379                         //This is supposed to fail
380                 }
381
382                 // Make sure we can create an Arp Repository
383                 props.setProperty(
384                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
385                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
386                 ArpRepository repository = null;
387                 try {
388                         repository = ArpRepositoryFactory.getInstance(props);
389                 } catch (ArpRepositoryException e) {
390                         fail("Failed to create memory-based Arp Repository" + e);
391                 }
392                 assertNotNull(
393                         "Failed to create memory-based Arp Repository: Factory returned null.",
394                         repository);
395
396                 /*
397                  * Exercise the Memory Arp Repository
398                  */
399
400                 //Set/retrieve/remove a Site ARP
401                 Arp siteArp1 = new Arp();
402                 siteArp1.setDescription("Test Site Arp 1.");
403                 try {
404                         repository.update(siteArp1);
405                         assertEquals(
406                                 "Memory Repository does not store and retrieve Site ARPs properly.",
407                                 siteArp1,
408                                 repository.getSitePolicy());
409                         repository.remove(repository.getSitePolicy());
410                         assertNull(
411                                 "Memorty Repository does not properly delete Site ARPs.",
412                                 repository.getSitePolicy());
413                 } catch (ArpRepositoryException e) {
414                         fail("Error adding Site ARP to Memory Repository.");
415                 }
416
417                 //Set/retrieve/delete some user ARPs
418                 Arp userArp1 = new Arp();
419                 userArp1.setDescription("Broken User Arp 1.");
420                 try {
421                         repository.update(userArp1);
422                         assertTrue(
423                                 "Memory Repository does not store and retrieve User ARPs properly.",
424                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
425                 } catch (ArpRepositoryException e) {
426                         fail("Error adding User ARP to Memory Repository.");
427                 }
428
429                 Arp userArp2 = new Arp(new AAPrincipal("TestPrincipal"));
430                 userArp2.setDescription("Test User Arp 2.");
431                 try {
432                         repository.update(userArp2);
433                         assertEquals(
434                                 "Memory Repository does not store and retrieve User ARPs properly.",
435                                 userArp2,
436                                 repository.getUserPolicy(userArp2.getPrincipal()));
437                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
438                         assertNull(
439                                 "Memorty Repository does not properly delete User ARPs.",
440                                 repository.getUserPolicy(userArp2.getPrincipal()));
441                 } catch (ArpRepositoryException e) {
442                         fail("Error adding User ARP to Memory Repository.");
443                 }
444
445         }
446
447         public void testPossibleReleaseSetComputation() {
448                 Properties props = new Properties();
449                 props.setProperty(
450                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
451                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
452                 ArpRepository repository = null;
453                 try {
454                         repository = ArpRepositoryFactory.getInstance(props);
455                 } catch (ArpRepositoryException e) {
456                         fail("Failed to create memory-based Arp Repository" + e);
457                 }
458
459                 try {
460                         Principal principal1 = new AAPrincipal("TestPrincipal");
461                         URL url1 = new URL("http://www.example.edu/");
462                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
463                         URI[] list2 =
464                                 {
465                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
466                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
467                         URI[] list3 = new URI[0];
468
469                         //Test with just a site ARP
470                         InputStream inStream = new FileInputStream("test/arp1.xml");
471                         parser.parse(new InputSource(inStream));
472                         Arp arp1 = new Arp();
473                         arp1.marshall(parser.getDocument().getDocumentElement());
474                         repository.update(arp1);
475                         ArpEngine engine = new ArpEngine(repository, props);
476                         URI[] possibleAttributes =
477                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
478                         assertEquals(
479                                 "Incorrectly computed possible release set (1).",
480                                 new HashSet(Arrays.asList(possibleAttributes)),
481                                 new HashSet(Arrays.asList(list1)));
482
483                         //Test with site and user ARPs
484                         inStream = new FileInputStream("test/arp7.xml");
485                         parser.parse(new InputSource(inStream));
486                         Arp arp7 = new Arp();
487                         arp7.setPrincipal(principal1);
488                         arp7.marshall(parser.getDocument().getDocumentElement());
489                         repository.update(arp7);
490                         possibleAttributes =
491                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
492                         assertEquals(
493                                 "Incorrectly computed possible release set (2).",
494                                 new HashSet(Arrays.asList(possibleAttributes)),
495                                 new HashSet(Arrays.asList(list2)));
496
497                         //Ensure that explicit denies on any value are not in the release set
498                         inStream = new FileInputStream("test/arp6.xml");
499                         parser.parse(new InputSource(inStream));
500                         Arp arp6 = new Arp();
501                         arp6.setPrincipal(principal1);
502                         arp6.marshall(parser.getDocument().getDocumentElement());
503                         repository.update(arp6);
504                         possibleAttributes =
505                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
506                         assertEquals(
507                                 "Incorrectly computed possible release set (3).",
508                                 new HashSet(Arrays.asList(possibleAttributes)),
509                                 new HashSet(Arrays.asList(list3)));
510
511                 } catch (Exception e) {
512                         e.printStackTrace();
513                         fail("Failed to marshall ARP: " + e);
514                 }
515
516         }
517
518         public void testArpApplication() {
519
520                 //Setup a test ARP repository
521                 Properties props = new Properties();
522                 props.setProperty(
523                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
524                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
525                 ArpRepository repository = null;
526                 try {
527                         repository = ArpRepositoryFactory.getInstance(props);
528                 } catch (ArpRepositoryException e) {
529                         fail("Failed to create memory-based Arp Repository" + e);
530                 }
531
532                 try {
533
534                         arpApplicationTest1(repository, props, parser);
535                         arpApplicationTest2(repository, props, parser);
536                         arpApplicationTest3(repository, props, parser);
537                         arpApplicationTest4(repository, props, parser);
538                         arpApplicationTest5(repository, props, parser);
539                         arpApplicationTest6(repository, props, parser);
540                         arpApplicationTest7(repository, props, parser);
541                         arpApplicationTest8(repository, props, parser);
542                         arpApplicationTest9(repository, props, parser);
543                         arpApplicationTest10(repository, props, parser);
544                         arpApplicationTest11(repository, props, parser);
545                         arpApplicationTest12(repository, props, parser);
546                         arpApplicationTest13(repository, props, parser);
547                         arpApplicationTest14(repository, props, parser);
548                         arpApplicationTest15(repository, props, parser);
549                         arpApplicationTest16(repository, props, parser);
550                         arpApplicationTest17(repository, props, parser);
551                         arpApplicationTest18(repository, props, parser);
552                         arpApplicationTest19(repository, props, parser);
553                         arpApplicationTest20(repository, props, parser);
554                         arpApplicationTest21(repository, props, parser);
555
556                 } catch (Exception e) {
557                         e.printStackTrace();
558                         fail("Failed to apply filter to ARPs: " + e);
559                 }
560         }
561         /**
562          * ARPs: A site ARP only
563          * Target: Any
564          * Attribute: Any value release,
565          */
566         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser)
567                 throws Exception {
568
569                 //Gather the Input
570                 String rawArp =
571                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
572                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
573                                 + "                     <Rule>"
574                                 + "                             <Target>"
575                                 + "                                     <AnyTarget/>"
576                                 + "                             </Target>"
577                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
578                                 + "                                     <AnyValue release=\"permit\"/>"
579                                 + "                             </Attribute>"
580                                 + "                     </Rule>"
581                                 + "     </AttributeReleasePolicy>";
582
583                 Principal principal1 = new AAPrincipal("TestPrincipal");
584                 URL url1 = new URL("http://www.example.edu/");
585                 TestAttribute testAttribute =
586                         new TestAttribute(
587                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
588                                 new Object[] { "member@example.edu", "faculty@example.edu" });
589
590                 //Setup the engine
591                 parser.parse(new InputSource(new StringReader(rawArp)));
592                 Arp siteArp = new Arp();
593                 siteArp.marshall(parser.getDocument().getDocumentElement());
594                 repository.update(siteArp);
595                 ArpEngine engine = new ArpEngine(repository, props);
596
597                 //Apply the ARP
598                 ArpAttribute[] releaseAttributes =
599                         engine.filterAttributes(
600                                 new ArpAttribute[] { testAttribute },
601                                 principal1,
602                                 "shar.example.edu",
603                                 url1);
604
605                 assertEquals(
606                         "ARP application test 1: ARP not applied as expected.",
607                         new HashSet(Arrays.asList(releaseAttributes)),
608                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
609         }
610
611         /**
612          * ARPs: A site ARP only
613          * Target: Any
614          * Attribute: Any value release, implicit deny
615          */
616         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser)
617                 throws Exception {
618
619                 //Gather the Input
620                 String rawArp =
621                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
622                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
623                                 + "                     <Rule>"
624                                 + "                             <Target>"
625                                 + "                                     <AnyTarget/>"
626                                 + "                             </Target>"
627                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
628                                 + "                                     <AnyValue release=\"permit\"/>"
629                                 + "                             </Attribute>"
630                                 + "                     </Rule>"
631                                 + "     </AttributeReleasePolicy>";
632
633                 Principal principal1 = new AAPrincipal("TestPrincipal");
634                 URL url1 = new URL("http://www.example.edu/");
635                 TestAttribute testAttribute1 =
636                         new TestAttribute(
637                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
638                                 new Object[] { "member@example.edu", "faculty@example.edu" });
639                 TestAttribute testAttribute2 =
640                         new TestAttribute(
641                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
642                                 new Object[] { "mehoehn@example.edu" });
643
644                 //Setup the engine
645                 parser.parse(new InputSource(new StringReader(rawArp)));
646                 Arp siteArp = new Arp();
647                 siteArp.marshall(parser.getDocument().getDocumentElement());
648                 repository.update(siteArp);
649                 ArpEngine engine = new ArpEngine(repository, props);
650
651                 //Apply the ARP
652                 ArpAttribute[] releaseAttributes =
653                         engine.filterAttributes(
654                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
655                                 principal1,
656                                 "shar.example.edu",
657                                 url1);
658
659                 assertEquals(
660                         "ARP application test 2: ARP not applied as expected.",
661                         new HashSet(Arrays.asList(releaseAttributes)),
662                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1 })));
663         }
664
665         /**
666          * ARPs: A site ARP only
667          * Target: Any
668          * Attribute: One value release
669          */
670         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser)
671                 throws Exception {
672
673                 //Gather the Input
674                 String rawArp =
675                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
676                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
677                                 + "                     <Rule>"
678                                 + "                             <Target>"
679                                 + "                                     <AnyTarget/>"
680                                 + "                             </Target>"
681                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
682                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
683                                 + "                             </Attribute>"
684                                 + "                     </Rule>"
685                                 + "     </AttributeReleasePolicy>";
686
687                 Principal principal1 = new AAPrincipal("TestPrincipal");
688                 URL url1 = new URL("http://www.example.edu/");
689                 TestAttribute testAttribute =
690                         new TestAttribute(
691                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
692                                 new Object[] { "member@example.edu", "faculty@example.edu" });
693                 TestAttribute filteredAttribute =
694                         new TestAttribute(
695                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
696                                 new Object[] { "member@example.edu" });
697
698                 //Setup the engine
699                 parser.parse(new InputSource(new StringReader(rawArp)));
700                 Arp siteArp = new Arp();
701                 siteArp.marshall(parser.getDocument().getDocumentElement());
702                 repository.update(siteArp);
703                 ArpEngine engine = new ArpEngine(repository, props);
704
705                 //Apply the ARP
706                 ArpAttribute[] releaseAttributes =
707                         engine.filterAttributes(
708                                 new ArpAttribute[] { testAttribute },
709                                 principal1,
710                                 "shar.example.edu",
711                                 url1);
712
713                 assertEquals(
714                         "ARP application test 3: ARP not applied as expected.",
715                         new HashSet(Arrays.asList(releaseAttributes)),
716                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
717         }
718
719         /**
720          * ARPs: A site ARP only
721          * Target: Any
722          * Attribute: Any value except one release, canonical representation
723          */
724         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser)
725                 throws Exception {
726
727                 //Gather the Input
728                 String rawArp =
729                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
730                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
731                                 + "                     <Rule>"
732                                 + "                             <Target>"
733                                 + "                                     <AnyTarget/>"
734                                 + "                             </Target>"
735                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
736                                 + "                                     <AnyValue release=\"permit\"/>"
737                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
738                                 + "                             </Attribute>"
739                                 + "                     </Rule>"
740                                 + "     </AttributeReleasePolicy>";
741
742                 Principal principal1 = new AAPrincipal("TestPrincipal");
743                 URL url1 = new URL("http://www.example.edu/");
744                 TestAttribute testAttribute =
745                         new TestAttribute(
746                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
747                                 new Object[] {
748                                         "member@example.edu",
749                                         "faculty@example.edu",
750                                         "employee@example.edu" });
751                 TestAttribute filteredAttribute =
752                         new TestAttribute(
753                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
754                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
755
756                 //Setup the engine
757                 parser.parse(new InputSource(new StringReader(rawArp)));
758                 Arp siteArp = new Arp();
759                 siteArp.marshall(parser.getDocument().getDocumentElement());
760                 repository.update(siteArp);
761                 ArpEngine engine = new ArpEngine(repository, props);
762
763                 //Apply the ARP
764                 ArpAttribute[] releaseAttributes =
765                         engine.filterAttributes(
766                                 new ArpAttribute[] { testAttribute },
767                                 principal1,
768                                 "shar.example.edu",
769                                 url1);
770
771                 assertEquals(
772                         "ARP application test 4: ARP not applied as expected.",
773                         new HashSet(Arrays.asList(releaseAttributes)),
774                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
775         }
776
777         /**
778          * ARPs: A site ARP only
779          * Target: Any
780          * Attribute: Any value except one release, expanded representation
781          */
782         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser)
783                 throws Exception {
784
785                 //Gather the Input
786                 String rawArp =
787                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
788                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
789                                 + "                     <Rule>"
790                                 + "                             <Target>"
791                                 + "                                     <AnyTarget/>"
792                                 + "                             </Target>"
793                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
794                                 + "                                     <AnyValue release=\"permit\"/>"
795                                 + "                             </Attribute>"
796                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
797                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
798                                 + "                             </Attribute>"
799                                 + "                     </Rule>"
800                                 + "     </AttributeReleasePolicy>";
801
802                 Principal principal1 = new AAPrincipal("TestPrincipal");
803                 URL url1 = new URL("http://www.example.edu/");
804                 TestAttribute testAttribute =
805                         new TestAttribute(
806                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
807                                 new Object[] {
808                                         "member@example.edu",
809                                         "faculty@example.edu",
810                                         "employee@example.edu" });
811                 TestAttribute filteredAttribute =
812                         new TestAttribute(
813                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
814                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
815
816                 //Setup the engine
817                 parser.parse(new InputSource(new StringReader(rawArp)));
818                 Arp siteArp = new Arp();
819                 siteArp.marshall(parser.getDocument().getDocumentElement());
820                 repository.update(siteArp);
821                 ArpEngine engine = new ArpEngine(repository, props);
822
823                 //Apply the ARP
824                 ArpAttribute[] releaseAttributes =
825                         engine.filterAttributes(
826                                 new ArpAttribute[] { testAttribute },
827                                 principal1,
828                                 "shar.example.edu",
829                                 url1);
830
831                 assertEquals(
832                         "ARP application test 5: ARP not applied as expected.",
833                         new HashSet(Arrays.asList(releaseAttributes)),
834                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
835         }
836
837         /**
838          * ARPs: A site ARP only
839          * Target: Any
840          * Attribute: Any value except two release, expanded representation
841          */
842         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser)
843                 throws Exception {
844
845                 //Gather the Input
846                 String rawArp =
847                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
848                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
849                                 + "                     <Rule>"
850                                 + "                             <Target>"
851                                 + "                                     <AnyTarget/>"
852                                 + "                             </Target>"
853                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
854                                 + "                                     <AnyValue release=\"permit\"/>"
855                                 + "                             </Attribute>"
856                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
857                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
858                                 + "                             </Attribute>"
859                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
860                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
861                                 + "                             </Attribute>"
862                                 + "                     </Rule>"
863                                 + "     </AttributeReleasePolicy>";
864
865                 Principal principal1 = new AAPrincipal("TestPrincipal");
866                 URL url1 = new URL("http://www.example.edu/");
867                 TestAttribute testAttribute =
868                         new TestAttribute(
869                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
870                                 new Object[] {
871                                         "member@example.edu",
872                                         "faculty@example.edu",
873                                         "employee@example.edu" });
874                 TestAttribute filteredAttribute =
875                         new TestAttribute(
876                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
877                                 new Object[] { "employee@example.edu" });
878
879                 //Setup the engine
880                 parser.parse(new InputSource(new StringReader(rawArp)));
881                 Arp siteArp = new Arp();
882                 siteArp.marshall(parser.getDocument().getDocumentElement());
883                 repository.update(siteArp);
884                 ArpEngine engine = new ArpEngine(repository, props);
885
886                 //Apply the ARP
887                 ArpAttribute[] releaseAttributes =
888                         engine.filterAttributes(
889                                 new ArpAttribute[] { testAttribute },
890                                 principal1,
891                                 "shar.example.edu",
892                                 url1);
893
894                 assertEquals(
895                         "ARP application test 6: ARP not applied as expected.",
896                         new HashSet(Arrays.asList(releaseAttributes)),
897                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
898         }
899
900         /**
901          * ARPs: A site ARP only
902          * Target: Any
903          * Attribute: Two value release, canonical representation
904          */
905         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser)
906                 throws Exception {
907
908                 //Gather the Input
909                 String rawArp =
910                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
911                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
912                                 + "                     <Rule>"
913                                 + "                             <Target>"
914                                 + "                                     <AnyTarget/>"
915                                 + "                             </Target>"
916                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
917                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
918                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
919                                 + "                             </Attribute>"
920                                 + "                     </Rule>"
921                                 + "     </AttributeReleasePolicy>";
922
923                 Principal principal1 = new AAPrincipal("TestPrincipal");
924                 URL url1 = new URL("http://www.example.edu/");
925                 TestAttribute testAttribute =
926                         new TestAttribute(
927                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
928                                 new Object[] {
929                                         "member@example.edu",
930                                         "faculty@example.edu",
931                                         "employee@example.edu" });
932                 TestAttribute filteredAttribute =
933                         new TestAttribute(
934                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
935                                 new Object[] { "member@example.edu", "faculty@example.edu" });
936
937                 //Setup the engine
938                 parser.parse(new InputSource(new StringReader(rawArp)));
939                 Arp siteArp = new Arp();
940                 siteArp.marshall(parser.getDocument().getDocumentElement());
941                 repository.update(siteArp);
942                 ArpEngine engine = new ArpEngine(repository, props);
943
944                 //Apply the ARP
945                 ArpAttribute[] releaseAttributes =
946                         engine.filterAttributes(
947                                 new ArpAttribute[] { testAttribute },
948                                 principal1,
949                                 "shar.example.edu",
950                                 url1);
951
952                 assertEquals(
953                         "ARP application test 3: ARP not applied as expected.",
954                         new HashSet(Arrays.asList(releaseAttributes)),
955                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
956         }
957
958         /**
959          * ARPs: A site ARP only
960          * Target: Any
961          * Attribute: Two value release, expanded representation
962          */
963         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser)
964                 throws Exception {
965
966                 //Gather the Input
967                 String rawArp =
968                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
969                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
970                                 + "                     <Rule>"
971                                 + "                             <Target>"
972                                 + "                                     <AnyTarget/>"
973                                 + "                             </Target>"
974                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
975                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
976                                 + "                             </Attribute>"
977                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
978                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
979                                 + "                             </Attribute>"
980                                 + "                     </Rule>"
981                                 + "     </AttributeReleasePolicy>";
982
983                 Principal principal1 = new AAPrincipal("TestPrincipal");
984                 URL url1 = new URL("http://www.example.edu/");
985                 TestAttribute testAttribute =
986                         new TestAttribute(
987                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
988                                 new Object[] {
989                                         "member@example.edu",
990                                         "faculty@example.edu",
991                                         "employee@example.edu" });
992                 TestAttribute filteredAttribute =
993                         new TestAttribute(
994                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
995                                 new Object[] { "member@example.edu", "faculty@example.edu" });
996
997                 //Setup the engine
998                 parser.parse(new InputSource(new StringReader(rawArp)));
999                 Arp siteArp = new Arp();
1000                 siteArp.marshall(parser.getDocument().getDocumentElement());
1001                 repository.update(siteArp);
1002                 ArpEngine engine = new ArpEngine(repository, props);
1003
1004                 //Apply the ARP
1005                 ArpAttribute[] releaseAttributes =
1006                         engine.filterAttributes(
1007                                 new ArpAttribute[] { testAttribute },
1008                                 principal1,
1009                                 "shar.example.edu",
1010                                 url1);
1011
1012                 assertEquals(
1013                         "ARP application test 8: ARP not applied as expected.",
1014                         new HashSet(Arrays.asList(releaseAttributes)),
1015                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
1016         }
1017
1018         /**
1019          * ARPs: A site ARP only
1020          * Target: Any
1021          * Attribute: Any value deny
1022          */
1023         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser)
1024                 throws Exception {
1025
1026                 //Gather the Input
1027                 String rawArp =
1028                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1029                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1030                                 + "                     <Rule>"
1031                                 + "                             <Target>"
1032                                 + "                                     <AnyTarget/>"
1033                                 + "                             </Target>"
1034                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1035                                 + "                                     <AnyValue release=\"deny\"/>"
1036                                 + "                             </Attribute>"
1037                                 + "                     </Rule>"
1038                                 + "     </AttributeReleasePolicy>";
1039
1040                 Principal principal1 = new AAPrincipal("TestPrincipal");
1041                 URL url1 = new URL("http://www.example.edu/");
1042                 TestAttribute testAttribute =
1043                         new TestAttribute(
1044                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1045                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1046
1047                 //Setup the engine
1048                 parser.parse(new InputSource(new StringReader(rawArp)));
1049                 Arp siteArp = new Arp();
1050                 siteArp.marshall(parser.getDocument().getDocumentElement());
1051                 repository.update(siteArp);
1052                 ArpEngine engine = new ArpEngine(repository, props);
1053
1054                 //Apply the ARP
1055                 ArpAttribute[] releaseAttributes =
1056                         engine.filterAttributes(
1057                                 new ArpAttribute[] { testAttribute },
1058                                 principal1,
1059                                 "shar.example.edu",
1060                                 url1);
1061
1062                 assertEquals(
1063                         "ARP application test 9: ARP not applied as expected.",
1064                         new HashSet(Arrays.asList(releaseAttributes)),
1065                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1066         }
1067
1068         /**
1069          * ARPs: A site ARP only
1070          * Target: Any
1071          * Attribute: Any value deny trumps explicit permit expanded representation
1072          */
1073         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser)
1074                 throws Exception {
1075
1076                 //Gather the Input
1077                 String rawArp =
1078                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1079                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1080                                 + "                     <Rule>"
1081                                 + "                             <Target>"
1082                                 + "                                     <AnyTarget/>"
1083                                 + "                             </Target>"
1084                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1085                                 + "                                     <AnyValue release=\"deny\"/>"
1086                                 + "                             </Attribute>"
1087                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1088                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1089                                 + "                             </Attribute>"
1090                                 + "                     </Rule>"
1091                                 + "     </AttributeReleasePolicy>";
1092
1093                 Principal principal1 = new AAPrincipal("TestPrincipal");
1094                 URL url1 = new URL("http://www.example.edu/");
1095                 TestAttribute testAttribute =
1096                         new TestAttribute(
1097                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1098                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1099
1100                 //Setup the engine
1101                 parser.parse(new InputSource(new StringReader(rawArp)));
1102                 Arp siteArp = new Arp();
1103                 siteArp.marshall(parser.getDocument().getDocumentElement());
1104                 repository.update(siteArp);
1105                 ArpEngine engine = new ArpEngine(repository, props);
1106
1107                 //Apply the ARP
1108                 ArpAttribute[] releaseAttributes =
1109                         engine.filterAttributes(
1110                                 new ArpAttribute[] { testAttribute },
1111                                 principal1,
1112                                 "shar.example.edu",
1113                                 url1);
1114
1115                 assertEquals(
1116                         "ARP application test 10: ARP not applied as expected.",
1117                         new HashSet(Arrays.asList(releaseAttributes)),
1118                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1119         }
1120
1121         /**
1122          * ARPs: A site ARP only
1123          * Target: Any
1124          * Attribute: Any value deny trumps explicit permit canonical representation
1125          */
1126         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser)
1127                 throws Exception {
1128
1129                 //Gather the Input
1130                 String rawArp =
1131                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1132                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1133                                 + "                     <Rule>"
1134                                 + "                             <Target>"
1135                                 + "                                     <AnyTarget/>"
1136                                 + "                             </Target>"
1137                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1138                                 + "                                     <AnyValue release=\"deny\"/>"
1139                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1140                                 + "                             </Attribute>"
1141                                 + "                     </Rule>"
1142                                 + "     </AttributeReleasePolicy>";
1143
1144                 Principal principal1 = new AAPrincipal("TestPrincipal");
1145                 URL url1 = new URL("http://www.example.edu/");
1146                 TestAttribute testAttribute =
1147                         new TestAttribute(
1148                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1149                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1150
1151                 //Setup the engine
1152                 parser.parse(new InputSource(new StringReader(rawArp)));
1153                 Arp siteArp = new Arp();
1154                 siteArp.marshall(parser.getDocument().getDocumentElement());
1155                 repository.update(siteArp);
1156                 ArpEngine engine = new ArpEngine(repository, props);
1157
1158                 //Apply the ARP
1159                 ArpAttribute[] releaseAttributes =
1160                         engine.filterAttributes(
1161                                 new ArpAttribute[] { testAttribute },
1162                                 principal1,
1163                                 "shar.example.edu",
1164                                 url1);
1165
1166                 assertEquals(
1167                         "ARP application test 11: ARP not applied as expected.",
1168                         new HashSet(Arrays.asList(releaseAttributes)),
1169                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1170         }
1171
1172         /**
1173          * ARPs: A site ARP only
1174          * Target: Specific shar, Any Resource
1175          * Attribute: Any value release
1176          */
1177         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser)
1178                 throws Exception {
1179
1180                 //Gather the Input
1181                 String rawArp =
1182                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1183                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1184                                 + "                     <Rule>"
1185                                 + "                             <Target>"
1186                                 + "                                     <Requester>shar.example.edu</Requester>"
1187                                 + "                                     <AnyResource />"
1188                                 + "                             </Target>"
1189                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1190                                 + "                                     <AnyValue release=\"permit\"/>"
1191                                 + "                             </Attribute>"
1192                                 + "                     </Rule>"
1193                                 + "     </AttributeReleasePolicy>";
1194
1195                 Principal principal1 = new AAPrincipal("TestPrincipal");
1196                 URL url1 = new URL("http://www.example.edu/");
1197                 TestAttribute testAttribute =
1198                         new TestAttribute(
1199                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1200                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1201
1202                 //Setup the engine
1203                 parser.parse(new InputSource(new StringReader(rawArp)));
1204                 Arp siteArp = new Arp();
1205                 siteArp.marshall(parser.getDocument().getDocumentElement());
1206                 repository.update(siteArp);
1207                 ArpEngine engine = new ArpEngine(repository, props);
1208
1209                 //Apply the ARP
1210                 ArpAttribute[] releaseAttributes =
1211                         engine.filterAttributes(
1212                                 new ArpAttribute[] { testAttribute },
1213                                 principal1,
1214                                 "shar.example.edu",
1215                                 url1);
1216
1217                 assertEquals(
1218                         "ARP application test 12: ARP not applied as expected.",
1219                         new HashSet(Arrays.asList(releaseAttributes)),
1220                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1221         }
1222
1223         /**
1224          * ARPs: A site ARP only
1225          * Target: Specific shar, Any Resource (another example)
1226          * Attribute: Any value release
1227          */
1228         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser)
1229                 throws Exception {
1230
1231                 //Gather the Input
1232                 String rawArp =
1233                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1234                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1235                                 + "                     <Rule>"
1236                                 + "                             <Target>"
1237                                 + "                                     <Requester>shar.example.edu</Requester>"
1238                                 + "                                     <AnyResource />"
1239                                 + "                             </Target>"
1240                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1241                                 + "                                     <AnyValue release=\"permit\"/>"
1242                                 + "                             </Attribute>"
1243                                 + "                     </Rule>"
1244                                 + "     </AttributeReleasePolicy>";
1245
1246                 Principal principal1 = new AAPrincipal("TestPrincipal");
1247                 URL url1 = new URL("https://foo.com/");
1248                 TestAttribute testAttribute =
1249                         new TestAttribute(
1250                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1251                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1252
1253                 //Setup the engine
1254                 parser.parse(new InputSource(new StringReader(rawArp)));
1255                 Arp siteArp = new Arp();
1256                 siteArp.marshall(parser.getDocument().getDocumentElement());
1257                 repository.update(siteArp);
1258                 ArpEngine engine = new ArpEngine(repository, props);
1259
1260                 //Apply the ARP
1261                 ArpAttribute[] releaseAttributes =
1262                         engine.filterAttributes(
1263                                 new ArpAttribute[] { testAttribute },
1264                                 principal1,
1265                                 "shar.example.edu",
1266                                 url1);
1267
1268                 assertEquals(
1269                         "ARP application test 13: ARP not applied as expected.",
1270                         new HashSet(Arrays.asList(releaseAttributes)),
1271                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1272         }
1273
1274         /**
1275          * ARPs: A site ARP only
1276          * Target: Specific shar (no match), Any Resource
1277          * Attribute: Any value release
1278          */
1279         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser)
1280                 throws Exception {
1281
1282                 //Gather the Input
1283                 String rawArp =
1284                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1285                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1286                                 + "                     <Rule>"
1287                                 + "                             <Target>"
1288                                 + "                                     <Requester>shar.example.edu</Requester>"
1289                                 + "                                     <AnyResource />"
1290                                 + "                             </Target>"
1291                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1292                                 + "                                     <AnyValue release=\"permit\"/>"
1293                                 + "                             </Attribute>"
1294                                 + "                     </Rule>"
1295                                 + "     </AttributeReleasePolicy>";
1296
1297                 Principal principal1 = new AAPrincipal("TestPrincipal");
1298                 URL url1 = new URL("http://www.example.edu/");
1299                 TestAttribute testAttribute =
1300                         new TestAttribute(
1301                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1302                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1303
1304                 //Setup the engine
1305                 parser.parse(new InputSource(new StringReader(rawArp)));
1306                 Arp siteArp = new Arp();
1307                 siteArp.marshall(parser.getDocument().getDocumentElement());
1308                 repository.update(siteArp);
1309                 ArpEngine engine = new ArpEngine(repository, props);
1310
1311                 //Apply the ARP
1312                 ArpAttribute[] releaseAttributes =
1313                         engine.filterAttributes(
1314                                 new ArpAttribute[] { testAttribute },
1315                                 principal1,
1316                                 "www.example.edu",
1317                                 url1);
1318
1319                 assertEquals(
1320                         "ARP application test 14: ARP not applied as expected.",
1321                         new HashSet(Arrays.asList(releaseAttributes)),
1322                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1323         }
1324
1325         /**
1326          * ARPs: A site ARP only
1327          * Target: Specific shar, Specific resource
1328          * Attribute: Any value release
1329          */
1330         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser)
1331                 throws Exception {
1332
1333                 //Gather the Input
1334                 String rawArp =
1335                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1336                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1337                                 + "                     <Rule>"
1338                                 + "                             <Target>"
1339                                 + "                                     <Requester>shar.example.edu</Requester>"
1340                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1341                                 + "                             </Target>"
1342                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1343                                 + "                                     <AnyValue release=\"permit\"/>"
1344                                 + "                             </Attribute>"
1345                                 + "                     </Rule>"
1346                                 + "     </AttributeReleasePolicy>";
1347
1348                 Principal principal1 = new AAPrincipal("TestPrincipal");
1349                 URL url1 = new URL("http://www.example.edu/index.html");
1350                 TestAttribute testAttribute =
1351                         new TestAttribute(
1352                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1353                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1354
1355                 //Setup the engine
1356                 parser.parse(new InputSource(new StringReader(rawArp)));
1357                 Arp siteArp = new Arp();
1358                 siteArp.marshall(parser.getDocument().getDocumentElement());
1359                 repository.update(siteArp);
1360                 ArpEngine engine = new ArpEngine(repository, props);
1361
1362                 //Apply the ARP
1363                 ArpAttribute[] releaseAttributes =
1364                         engine.filterAttributes(
1365                                 new ArpAttribute[] { testAttribute },
1366                                 principal1,
1367                                 "shar.example.edu",
1368                                 url1);
1369
1370                 assertEquals(
1371                         "ARP application test 15: ARP not applied as expected.",
1372                         new HashSet(Arrays.asList(releaseAttributes)),
1373                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1374         }
1375
1376         /**
1377          * ARPs: A site ARP only
1378          * Target: Specific shar, Specific resource (no match)
1379          * Attribute: Any value release
1380          */
1381         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser)
1382                 throws Exception {
1383
1384                 //Gather the Input
1385                 String rawArp =
1386                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1387                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1388                                 + "                     <Rule>"
1389                                 + "                             <Target>"
1390                                 + "                                     <Requester>shar.example.edu</Requester>"
1391                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1392                                 + "                             </Target>"
1393                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1394                                 + "                                     <AnyValue release=\"permit\"/>"
1395                                 + "                             </Attribute>"
1396                                 + "                     </Rule>"
1397                                 + "     </AttributeReleasePolicy>";
1398
1399                 Principal principal1 = new AAPrincipal("TestPrincipal");
1400                 URL url1 = new URL("https://www.example.edu/index.html");
1401                 TestAttribute testAttribute =
1402                         new TestAttribute(
1403                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1404                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1405
1406                 //Setup the engine
1407                 parser.parse(new InputSource(new StringReader(rawArp)));
1408                 Arp siteArp = new Arp();
1409                 siteArp.marshall(parser.getDocument().getDocumentElement());
1410                 repository.update(siteArp);
1411                 ArpEngine engine = new ArpEngine(repository, props);
1412
1413                 //Apply the ARP
1414                 ArpAttribute[] releaseAttributes =
1415                         engine.filterAttributes(
1416                                 new ArpAttribute[] { testAttribute },
1417                                 principal1,
1418                                 "shar.example.edu",
1419                                 url1);
1420
1421                 assertEquals(
1422                         "ARP application test 16: ARP not applied as expected.",
1423                         new HashSet(Arrays.asList(releaseAttributes)),
1424                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1425         }
1426
1427         /**
1428          * ARPs: A site ARP only
1429          * Target: Multiple matching rules
1430          * Attribute: various
1431          */
1432         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser)
1433                 throws Exception {
1434
1435                 //Gather the Input
1436                 String rawArp =
1437                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1438                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1439                                 + "                     <Rule>"
1440                                 + "                             <Target>"
1441                                 + "                                     <AnyTarget />"
1442                                 + "                             </Target>"
1443                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1444                                 + "                                     <AnyValue release=\"permit\"/>"
1445                                 + "                             </Attribute>"
1446                                 + "                     </Rule>"
1447                                 + "                     <Rule>"
1448                                 + "                             <Target>"
1449                                 + "                                     <Requester>shar1.example.edu</Requester>"
1450                                 + "                                     <AnyResource />"
1451                                 + "                             </Target>"
1452                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1453                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1454                                 + "                             </Attribute>"
1455                                 + "                     </Rule>"
1456                                 + "                     <Rule>"
1457                                 + "                             <Target>"
1458                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1459                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1460                                 + "                             </Target>"
1461                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1462                                 + "                                     <AnyValue release=\"permit\"/>"
1463                                 + "                             </Attribute>"
1464                                 + "                     </Rule>"
1465                                 + "     </AttributeReleasePolicy>";
1466
1467                 Principal principal1 = new AAPrincipal("TestPrincipal");
1468                 URL url1 = new URL("https://www.example.edu/index.html");
1469                 TestAttribute testAttribute1 =
1470                         new TestAttribute(
1471                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1472                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1473                 TestAttribute testAttribute2 =
1474                         new TestAttribute(
1475                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1476                                 new Object[] { "wassa@columbia.edu" });
1477                 TestAttribute filteredAttribute1 =
1478                         new TestAttribute(
1479                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1480                                 new Object[] { "member@example.edu" });
1481
1482                 //Setup the engine
1483                 parser.parse(new InputSource(new StringReader(rawArp)));
1484                 Arp siteArp = new Arp();
1485                 siteArp.marshall(parser.getDocument().getDocumentElement());
1486                 repository.update(siteArp);
1487                 ArpEngine engine = new ArpEngine(repository, props);
1488
1489                 //Apply the ARP
1490                 ArpAttribute[] releaseAttributes =
1491                         engine.filterAttributes(
1492                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1493                                 principal1,
1494                                 "shar1.example.edu",
1495                                 url1);
1496
1497                 assertEquals(
1498                         "ARP application test 17: ARP not applied as expected.",
1499                         new HashSet(Arrays.asList(releaseAttributes)),
1500                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute2, filteredAttribute1 })));
1501         }
1502
1503         /**
1504          * ARPs: A site ARP only
1505          * Target: Any
1506          * Attribute: Any value release of two attributes in one rule
1507          */
1508         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser)
1509                 throws Exception {
1510
1511                 //Gather the Input
1512                 String rawArp =
1513                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1514                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1515                                 + "                     <Rule>"
1516                                 + "                             <Target>"
1517                                 + "                                     <AnyTarget/>"
1518                                 + "                             </Target>"
1519                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1520                                 + "                                     <AnyValue release=\"permit\"/>"
1521                                 + "                             </Attribute>"
1522                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1523                                 + "                                     <AnyValue release=\"permit\"/>"
1524                                 + "                             </Attribute>"
1525                                 + "                     </Rule>"
1526                                 + "     </AttributeReleasePolicy>";
1527
1528                 Principal principal1 = new AAPrincipal("TestPrincipal");
1529                 URL url1 = new URL("http://www.example.edu/");
1530                 TestAttribute testAttribute1 =
1531                         new TestAttribute(
1532                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1533                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1534                 TestAttribute testAttribute2 =
1535                         new TestAttribute(
1536                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1537                                 new Object[] { "mehoehn@example.edu" });
1538
1539                 //Setup the engine
1540                 parser.parse(new InputSource(new StringReader(rawArp)));
1541                 Arp siteArp = new Arp();
1542                 siteArp.marshall(parser.getDocument().getDocumentElement());
1543                 repository.update(siteArp);
1544                 ArpEngine engine = new ArpEngine(repository, props);
1545
1546                 //Apply the ARP
1547                 ArpAttribute[] releaseAttributes =
1548                         engine.filterAttributes(
1549                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1550                                 principal1,
1551                                 "shar.example.edu",
1552                                 url1);
1553
1554                 assertEquals(
1555                         "ARP application test 18: ARP not applied as expected.",
1556                         new HashSet(Arrays.asList(releaseAttributes)),
1557                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1, testAttribute2 })));
1558         }
1559
1560         /**
1561          * ARPs: A user ARP only
1562          * Target: Any
1563          * Attribute: Any value release,
1564          */
1565         void arpApplicationTest19(ArpRepository repository, Properties props, DOMParser parser)
1566                 throws Exception {
1567
1568                 //Gather the Input
1569                 String rawArp =
1570                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1571                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1572                                 + "                     <Rule>"
1573                                 + "                             <Target>"
1574                                 + "                                     <AnyTarget/>"
1575                                 + "                             </Target>"
1576                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1577                                 + "                                     <AnyValue release=\"permit\"/>"
1578                                 + "                             </Attribute>"
1579                                 + "                     </Rule>"
1580                                 + "     </AttributeReleasePolicy>";
1581
1582                 Principal principal1 = new AAPrincipal("TestPrincipal");
1583                 URL url1 = new URL("http://www.example.edu/");
1584                 TestAttribute testAttribute =
1585                         new TestAttribute(
1586                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1587                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1588
1589                 //Setup the engine
1590                 parser.parse(new InputSource(new StringReader(rawArp)));
1591                 Arp userArp = new Arp();
1592                 userArp.setPrincipal(principal1);
1593                 userArp.marshall(parser.getDocument().getDocumentElement());
1594                 repository.update(userArp);
1595                 ArpEngine engine = new ArpEngine(repository, props);
1596
1597                 //Apply the ARP
1598                 ArpAttribute[] releaseAttributes =
1599                         engine.filterAttributes(
1600                                 new ArpAttribute[] { testAttribute },
1601                                 principal1,
1602                                 "shar.example.edu",
1603                                 url1);
1604
1605                 assertEquals(
1606                         "ARP application test 19: ARP not applied as expected.",
1607                         new HashSet(Arrays.asList(releaseAttributes)),
1608                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1609         }
1610
1611         /**
1612          * ARPs: A site ARP and user ARP
1613          * Target: various
1614          * Attribute: various combinations
1615          */
1616         void arpApplicationTest20(ArpRepository repository, Properties props, DOMParser parser)
1617                 throws Exception {
1618
1619                 //Gather the Input
1620                 String rawSiteArp =
1621                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1622                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1623                                 + "                     <Rule>"
1624                                 + "                             <Target>"
1625                                 + "                                     <AnyTarget/>"
1626                                 + "                             </Target>"
1627                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1628                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1629                                 + "                             </Attribute>"
1630                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1631                                 + "                                     <AnyValue release=\"permit\" />"
1632                                 + "                             </Attribute>"
1633                                 + "                     </Rule>"
1634                                 + "                     <Rule>"
1635                                 + "                             <Target>"
1636                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1637                                 + "                                     <AnyResource />"
1638                                 + "                             </Target>"
1639                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1640                                 + "                                     <AnyValue release=\"permit\"/>"
1641                                 + "                             </Attribute>"
1642                                 + "                     </Rule>"
1643                                 + "                     <Rule>"
1644                                 + "                             <Target>"
1645                                 + "                                     <Requester>www.example.edu</Requester>"
1646                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1647                                 + "                             </Target>"
1648                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1649                                 + "                                     <AnyValue release=\"permit\"/>"
1650                                 + "                             </Attribute>"
1651                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1652                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1653                                 + "                             </Attribute>"
1654                                 + "                     </Rule>"
1655                                 + "                     <Rule>"
1656                                 + "                             <Target>"
1657                                 + "                                     <Requester>www.external.com</Requester>"
1658                                 + "                                     <Resource>http://www.external.com/</Resource>"
1659                                 + "                             </Target>"
1660                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1661                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1662                                 + "                             </Attribute>"
1663                                 + "                     </Rule>"
1664                                 + "     </AttributeReleasePolicy>";
1665
1666                 String rawUserArp =
1667                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1668                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1669                                 + "                     <Rule>"
1670                                 + "                             <Target>"
1671                                 + "                                     <AnyTarget/>"
1672                                 + "                             </Target>"
1673                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1674                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1675                                 + "                             </Attribute>"
1676                                 + "                     </Rule>"
1677                                 + "                     <Rule>"
1678                                 + "                             <Target>"
1679                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1680                                 + "                                     <AnyResource />"
1681                                 + "                             </Target>"
1682                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1683                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1684                                 + "                             </Attribute>"
1685                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1686                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1687                                 + "                             </Attribute>"
1688                                 + "                     </Rule>"
1689                                 + "     </AttributeReleasePolicy>";
1690
1691                 Principal principal1 = new AAPrincipal("TestPrincipal");
1692                 URL url1 = new URL("http://www.example.edu/test/index.html");
1693
1694                 TestAttribute entitlementInput =
1695                         new TestAttribute(
1696                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1697                                 new Object[] {
1698                                         "urn:example:lovesIceCream",
1699                                         "urn:example:poorlyDressed",
1700                                         "urn:example:contract:113455",
1701                                         "urn:example:contract:4657483" });
1702
1703                 TestAttribute affiliationInput =
1704                         new TestAttribute(
1705                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1706                                 new Object[] {
1707                                         "member@example.edu",
1708                                         "faculty@example.edu",
1709                                         "employee@example.edu" });
1710
1711                 TestAttribute principalNameInput =
1712                         new TestAttribute(
1713                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1714                                 new Object[] { "wassa@example.edu" });
1715
1716                 TestAttribute preferredLanguageInput =
1717                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1718
1719                 TestAttribute entitlementOutput =
1720                         new TestAttribute(
1721                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1722                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" });
1723
1724                 TestAttribute affiliationOutput =
1725                         new TestAttribute(
1726                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1727                                 new Object[] { "member@example.edu", "employee@example.edu" });
1728
1729                 //Add the site ARP
1730                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1731                 Arp siteArp = new Arp();
1732                 siteArp.marshall(parser.getDocument().getDocumentElement());
1733                 repository.update(siteArp);
1734
1735                 //Add the user ARP
1736                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1737                 Arp userArp = new Arp();
1738                 userArp.setPrincipal(principal1);
1739                 userArp.marshall(parser.getDocument().getDocumentElement());
1740                 repository.update(userArp);
1741
1742                 ArpEngine engine = new ArpEngine(repository, props);
1743
1744                 //Apply the ARP
1745                 ArpAttribute[] releaseAttributes =
1746                         engine.filterAttributes(
1747                                 new ArpAttribute[] {
1748                                         entitlementInput,
1749                                         affiliationInput,
1750                                         principalNameInput,
1751                                         preferredLanguageInput },
1752                                 principal1,
1753                                 "www.example.edu",
1754                                 url1);
1755
1756                 assertEquals(
1757                         "ARP application test 20: ARP not applied as expected.",
1758                         new HashSet(Arrays.asList(releaseAttributes)),
1759                         new HashSet(
1760                                 Arrays.asList(
1761                                         new ArpAttribute[] {
1762                                                 entitlementOutput,
1763                                                 affiliationOutput,
1764                                                 principalNameInput,
1765                                                 preferredLanguageInput })));
1766         }
1767
1768         /**
1769          * ARPs: A site ARP and user ARP
1770          * Target: various
1771          * Attribute: various combinations (same ARPs as 20, different requester)
1772          */
1773         void arpApplicationTest21(ArpRepository repository, Properties props, DOMParser parser)
1774                 throws Exception {
1775
1776                 //Gather the Input
1777                 String rawSiteArp =
1778                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1779                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1780                                 + "                     <Rule>"
1781                                 + "                             <Target>"
1782                                 + "                                     <AnyTarget/>"
1783                                 + "                             </Target>"
1784                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1785                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1786                                 + "                             </Attribute>"
1787                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1788                                 + "                                     <AnyValue release=\"permit\" />"
1789                                 + "                             </Attribute>"
1790                                 + "                     </Rule>"
1791                                 + "                     <Rule>"
1792                                 + "                             <Target>"
1793                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1794                                 + "                                     <AnyResource />"
1795                                 + "                             </Target>"
1796                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1797                                 + "                                     <AnyValue release=\"permit\"/>"
1798                                 + "                             </Attribute>"
1799                                 + "                     </Rule>"
1800                                 + "                     <Rule>"
1801                                 + "                             <Target>"
1802                                 + "                                     <Requester>www.example.edu</Requester>"
1803                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1804                                 + "                             </Target>"
1805                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1806                                 + "                                     <AnyValue release=\"permit\"/>"
1807                                 + "                             </Attribute>"
1808                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1809                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1810                                 + "                             </Attribute>"
1811                                 + "                     </Rule>"
1812                                 + "                     <Rule>"
1813                                 + "                             <Target>"
1814                                 + "                                     <Requester>www.external.com</Requester>"
1815                                 + "                                     <Resource>http://www.external.com/</Resource>"
1816                                 + "                             </Target>"
1817                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1818                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1819                                 + "                             </Attribute>"
1820                                 + "                     </Rule>"
1821                                 + "     </AttributeReleasePolicy>";
1822
1823                 String rawUserArp =
1824                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1825                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1826                                 + "                     <Rule>"
1827                                 + "                             <Target>"
1828                                 + "                                     <AnyTarget/>"
1829                                 + "                             </Target>"
1830                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1831                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1832                                 + "                             </Attribute>"
1833                                 + "                     </Rule>"
1834                                 + "                     <Rule>"
1835                                 + "                             <Target>"
1836                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1837                                 + "                                     <AnyResource />"
1838                                 + "                             </Target>"
1839                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1840                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1841                                 + "                             </Attribute>"
1842                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1843                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1844                                 + "                             </Attribute>"
1845                                 + "                     </Rule>"
1846                                 + "     </AttributeReleasePolicy>";
1847
1848                 Principal principal1 = new AAPrincipal("TestPrincipal");
1849                 URL url1 = new URL("http://www.external.com/");
1850
1851                 TestAttribute entitlementInput =
1852                         new TestAttribute(
1853                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1854                                 new Object[] {
1855                                         "urn:example:lovesIceCream",
1856                                         "urn:example:poorlyDressed",
1857                                         "urn:example:contract:113455",
1858                                         "urn:example:contract:4657483" });
1859
1860                 TestAttribute affiliationInput =
1861                         new TestAttribute(
1862                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1863                                 new Object[] {
1864                                         "member@example.edu",
1865                                         "faculty@example.edu",
1866                                         "employee@example.edu" });
1867
1868                 TestAttribute principalNameInput =
1869                         new TestAttribute(
1870                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1871                                 new Object[] { "wassa@example.edu" });
1872
1873                 TestAttribute preferredLanguageInput =
1874                         new TestAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" });
1875
1876                 TestAttribute entitlementOutput =
1877                         new TestAttribute(
1878                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1879                                 new Object[] { "urn:example:contract:113455" });
1880
1881                 TestAttribute affiliationOutput =
1882                         new TestAttribute(
1883                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1884                                 new Object[] { "member@example.edu" });
1885
1886                 //Add the site ARP
1887                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1888                 Arp siteArp = new Arp();
1889                 siteArp.marshall(parser.getDocument().getDocumentElement());
1890                 repository.update(siteArp);
1891
1892                 //Add the user ARP
1893                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1894                 Arp userArp = new Arp();
1895                 userArp.setPrincipal(principal1);
1896                 userArp.marshall(parser.getDocument().getDocumentElement());
1897                 repository.update(userArp);
1898
1899                 ArpEngine engine = new ArpEngine(repository, props);
1900
1901                 //Apply the ARP
1902                 ArpAttribute[] releaseAttributes =
1903                         engine.filterAttributes(
1904                                 new ArpAttribute[] {
1905                                         entitlementInput,
1906                                         affiliationInput,
1907                                         principalNameInput,
1908                                         preferredLanguageInput },
1909                                 principal1,
1910                                 "www.external.com",
1911                                 url1);
1912
1913                 assertEquals(
1914                         "ARP application test 21: ARP not applied as expected.",
1915                         new HashSet(Arrays.asList(releaseAttributes)),
1916                         new HashSet(
1917                                 Arrays.asList(
1918                                         new ArpAttribute[] {
1919                                                 entitlementOutput,
1920                                                 affiliationOutput,
1921                                                 preferredLanguageInput })));
1922         }
1923
1924         public class TestAttribute implements ArpAttribute {
1925                 private String name;
1926                 private Object[] values;
1927
1928                 public TestAttribute(String name, Object[] values) {
1929                         this.name = name;
1930                         this.values = values;
1931                 }
1932
1933                 /**
1934                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
1935                  */
1936                 public String getName() {
1937                         return name;
1938                 }
1939
1940                 /**
1941                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
1942                  */
1943                 public Object[] getValues() {
1944                         return values;
1945                 }
1946
1947                 /**
1948                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
1949                  */
1950                 public void setValues(Object[] values) {
1951                         this.values = values;
1952                 }
1953
1954                 /**
1955                  * @see java.lang.Object#equals(Object)
1956                  */
1957                 public boolean equals(Object object) {
1958                         if (!(object instanceof TestAttribute)) {
1959                                 return false;
1960                         }
1961                         return (new HashSet(Arrays.asList(values))).equals(
1962                                 new HashSet(Arrays.asList(((TestAttribute) object).getValues())));
1963                 }
1964
1965                 /**
1966                 * @see java.lang.Object#hashCode()
1967                 */
1968                 public int hashCode() {
1969                         int code = 0;
1970                         for (int i = 0; i < values.length; i++) {
1971                                 code += values[i].hashCode();
1972                         }
1973                         return name.hashCode() + code;
1974                 }
1975
1976         }
1977
1978 }