Added tests to the ARP filtering test suite for (multiple attributes) & (multiple...
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.FileInputStream;
53 import java.io.InputStream;
54 import java.io.StringReader;
55 import java.net.MalformedURLException;
56 import java.net.URI;
57 import java.net.URISyntaxException;
58 import java.net.URL;
59 import java.security.Principal;
60 import java.util.Arrays;
61 import java.util.HashSet;
62 import java.util.Properties;
63
64 import junit.framework.TestCase;
65
66 import org.apache.log4j.BasicConfigurator;
67 import org.apache.xerces.parsers.DOMParser;
68 import org.xml.sax.InputSource;
69
70 /**
71  * Validation suite for <code>Arp</code> processing.
72  * 
73  * @ author Walter Hoehn(wassa@columbia.edu)
74  */
75
76 public class ArpTests extends TestCase {
77
78         public ArpTests(String name) {
79                 super(name);
80                 BasicConfigurator.resetConfiguration();
81                 BasicConfigurator.configure();
82         }
83
84         public static void main(String[] args) {
85                 junit.textui.TestRunner.run(ArpTests.class);
86                 BasicConfigurator.configure();
87         }
88
89         public void testArpMarshalling() {
90
91                 //Test ARP description
92                 try {
93                         InputStream inStream = new FileInputStream("test/arp1.xml");
94                         DOMParser parser = new DOMParser();
95                         parser.parse(new InputSource(inStream));
96                         Arp arp1 = new Arp();
97                         arp1.marshall(parser.getDocument().getDocumentElement());
98                         assertEquals(
99                                 "ARP Description not marshalled properly",
100                                 arp1.getDescription(),
101                                 "Simplest possible ARP.");
102
103                         //Test Rule description
104                         assertEquals(
105                                 "ARP Rule Description not marshalled properly",
106                                 arp1.getAllRules()[0].getDescription(),
107                                 "Example Rule Description.");
108                 } catch (Exception e) {
109                         fail("Failed to marshall ARP: " + e);
110                 }
111
112                 //Test case where ARP description does not exist
113                 try {
114                         InputStream inStream = new FileInputStream("test/arp2.xml");
115                         DOMParser parser = new DOMParser();
116                         parser.parse(new InputSource(inStream));
117                         Arp arp2 = new Arp();
118                         arp2.marshall(parser.getDocument().getDocumentElement());
119                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
120
121                         //Test case where ARP Rule description does not exist   
122                         assertNull(
123                                 "ARP Rule Description not marshalled properly",
124                                 arp2.getAllRules()[0].getDescription());
125                 } catch (Exception e) {
126                         fail("Failed to marshall ARP.");
127                 }
128
129         }
130
131         public void testMatchingFunctions() {
132
133                 try {
134
135                         /*
136                          * Test Arp Engine function retrieval
137                          */
138
139                         //Lookup a function that doesn't exist
140                         MatchFunction noFunction =
141                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
142                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
143
144                         //Lookup some real functions
145                         MatchFunction exactSharFunction =
146                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
147                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
148                         MatchFunction resourceTreeFunction =
149                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
150                         assertNotNull(
151                                 "ArpEngine did not properly load the Resource Tree SHAR function.",
152                                 resourceTreeFunction);
153                         MatchFunction regexFunction =
154                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
155                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
156
157                         /* 
158                          * Test the Exact SHAR function (requester)
159                          */
160
161                         assertTrue(
162                                 "Exact SHAR function: false negative",
163                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
164                         assertTrue(
165                                 "Exact SHAR function: false negative",
166                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
167                         assertTrue(
168                                 "Exact SHAR function: false negative",
169                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
170
171                         //Make sure we properly handle bad input
172                         try {
173                                 exactSharFunction.match(null, null);
174                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
175                         } catch (ArpException ie) {
176                                 //This is supposed to fail
177                         }
178
179                         /*
180                          * Test the Resource Tree function (resource)
181                          */
182
183                         URL requestURL1 = new URL("http://www.example.edu/test/");
184                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
185                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
186                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
187
188                         assertTrue(
189                                 "Resource Tree function: false negative",
190                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
191                         assertTrue(
192                                 "Resource Tree function: false positive",
193                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
194                         assertTrue(
195                                 "Resource Tree function: false negative",
196                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
197                         assertTrue(
198                                 "Resource Tree function: false positive",
199                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
200                         assertTrue(
201                                 "Resource Tree function: false negative",
202                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
203                         assertTrue(
204                                 "Resource Tree function: false negative",
205                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
206                         assertTrue(
207                                 "Resource Tree function: false negative",
208                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
209                         assertTrue(
210                                 "Resource Tree function: false positive",
211                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
212                         assertTrue(
213                                 "Resource Tree function: false negative",
214                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
215                         assertTrue(
216                                 "Resource Tree function: false negative",
217                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
218                         assertTrue(
219                                 "Resource Tree function: false negative",
220                                 resourceTreeFunction.match(
221                                         "http://www.example.edu/test2/index.html?test1=test1",
222                                         requestURL4));
223                         assertTrue(
224                                 "Resource Tree function: false positive",
225                                 !resourceTreeFunction.match(
226                                         "http://www.example.edu/test2/index.html?test1=test1",
227                                         requestURL3));
228
229                         //Make sure we properly handle bad input
230                         try {
231                                 resourceTreeFunction.match(null, null);
232                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
233                         } catch (ArpException ie) {
234                                 //This is supposed to fail
235                         }
236                         try {
237                                 resourceTreeFunction.match("Test", "Test");
238                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
239                         } catch (ArpException ie) {
240                                 //This is supposed to fail
241                         }
242
243                         /*
244                          * Test the Regex function (requester & resource)
245                          */
246
247                         //Try requester regexes
248                         assertTrue(
249                                 "Regex function: false negative",
250                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
251                         assertTrue(
252                                 "Regex function: false negative",
253                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
254                         assertTrue(
255                                 "Regex function: false negative",
256                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
257                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
258                         assertTrue(
259                                 "Regex function: false positive",
260                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
261                         assertTrue(
262                                 "Regex function: false positive",
263                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
264                         assertTrue(
265                                 "Regex function: false positive",
266                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
267
268                         //Try resource regexes
269                         assertTrue(
270                                 "Regex function: false negative",
271                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
272                         assertTrue(
273                                 "Regex function: false negative",
274                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
275                         assertTrue(
276                                 "Regex function: false negative",
277                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
278                         assertTrue(
279                                 "Regex function: false negative",
280                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
281                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
282                         assertTrue(
283                                 "Regex function: false positive",
284                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
285                         assertTrue(
286                                 "Regex function: false positive",
287                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
288
289                         //Make sure we properly handle bad input
290                         try {
291                                 regexFunction.match(null, null);
292                                 fail("Regex function seems to take improper input without throwing an exception.");
293                         } catch (ArpException ie) {
294                                 //This is supposed to fail
295                         }
296
297                 } catch (ArpException e) {
298                         fail("Encountered a problem loading match function: " + e);
299                 } catch (URISyntaxException e) {
300                         fail("Unable to create URI from test string.");
301                 } catch (MalformedURLException e) {
302                         fail("Couldn't create test URLs: " + e);
303                 }
304
305         }
306
307         public void testRepositories() {
308
309                 /*
310                  * Test the Factory
311                  */
312
313                 //Make sure we fail if no Repository is specified
314                 Properties props = new Properties();
315                 try {
316                         ArpRepositoryFactory.getInstance(props);
317                 } catch (ArpRepositoryException e) {
318                         //This is supposed to fail
319                 }
320
321                 // Make sure we can create an Arp Repository
322                 props.setProperty(
323                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
324                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
325                 ArpRepository repository = null;
326                 try {
327                         repository = ArpRepositoryFactory.getInstance(props);
328                 } catch (ArpRepositoryException e) {
329                         fail("Failed to create memory-based Arp Repository" + e);
330                 }
331                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
332
333                 /*
334                  * Exercise the Memory Arp Repository
335                  */
336
337                 //Set/retrieve/remove a Site ARP
338                 Arp siteArp1 = new Arp();
339                 siteArp1.setDescription("Test Site Arp 1.");
340                 try {
341                         repository.update(siteArp1);
342                         assertEquals(
343                                 "Memory Repository does not store and retrieve Site ARPs properly.",
344                                 siteArp1,
345                                 repository.getSitePolicy());
346                         repository.remove(repository.getSitePolicy());
347                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
348                 } catch (ArpRepositoryException e) {
349                         fail("Error adding Site ARP to Memory Repository.");
350                 }
351
352                 //Set/retrieve/delete some user ARPs
353                 Arp userArp1 = new Arp();
354                 userArp1.setDescription("Broken User Arp 1.");
355                 try {
356                         repository.update(userArp1);
357                         assertTrue(
358                                 "Memory Repository does not store and retrieve User ARPs properly.",
359                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
360                 } catch (ArpRepositoryException e) {
361                         fail("Error adding User ARP to Memory Repository.");
362                 }
363
364                 Arp userArp2 = new Arp(new AAPrincipal("TestPrincipal"));
365                 userArp2.setDescription("Test User Arp 2.");
366                 try {
367                         repository.update(userArp2);
368                         assertEquals(
369                                 "Memory Repository does not store and retrieve User ARPs properly.",
370                                 userArp2,
371                                 repository.getUserPolicy(userArp2.getPrincipal()));
372                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
373                         assertNull(
374                                 "Memorty Repository does not properly delete User ARPs.",
375                                 repository.getUserPolicy(userArp2.getPrincipal()));
376                 } catch (ArpRepositoryException e) {
377                         fail("Error adding User ARP to Memory Repository.");
378                 }
379
380         }
381
382         public void testPossibleReleaseSetComputation() {
383                 Properties props = new Properties();
384                 props.setProperty(
385                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
386                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
387                 ArpRepository repository = null;
388                 try {
389                         repository = ArpRepositoryFactory.getInstance(props);
390                 } catch (ArpRepositoryException e) {
391                         fail("Failed to create memory-based Arp Repository" + e);
392                 }
393
394                 try {
395                         Principal principal1 = new AAPrincipal("TestPrincipal");
396                         URL url1 = new URL("http://www.example.edu/");
397                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
398                         URI[] list2 =
399                                 {
400                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
401                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
402                         URI[] list3 = new URI[0];
403
404                         //Test with just a site ARP
405                         InputStream inStream = new FileInputStream("test/arp1.xml");
406                         DOMParser parser = new DOMParser();
407                         parser.parse(new InputSource(inStream));
408                         Arp arp1 = new Arp();
409                         arp1.marshall(parser.getDocument().getDocumentElement());
410                         repository.update(arp1);
411                         ArpEngine engine = new ArpEngine(repository, props);
412                         URI[] possibleAttributes =
413                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
414                         assertTrue(
415                                 "Incorrectly computed possible release set.",
416                                 Arrays.equals(possibleAttributes, list1));
417
418                         //Test with site and user ARPs
419                         inStream = new FileInputStream("test/arp7.xml");
420                         parser.parse(new InputSource(inStream));
421                         Arp arp7 = new Arp();
422                         arp7.setPrincipal(principal1);
423                         arp7.marshall(parser.getDocument().getDocumentElement());
424                         repository.update(arp7);
425                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
426                         assertTrue(
427                                 "Incorrectly computed possible release set.",
428                                 Arrays.equals(possibleAttributes, list2));
429
430                         //Ensure that explicit denies on any value are not in the release set
431                         inStream = new FileInputStream("test/arp6.xml");
432                         parser.parse(new InputSource(inStream));
433                         Arp arp6 = new Arp();
434                         arp6.setPrincipal(principal1);
435                         arp6.marshall(parser.getDocument().getDocumentElement());
436                         repository.update(arp6);
437                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
438                         assertTrue(
439                                 "Incorrectly computed possible release set.",
440                                 Arrays.equals(possibleAttributes, list3));
441
442                 } catch (Exception e) {
443                         e.printStackTrace();
444                         fail("Failed to marshall ARP: " + e);
445                 }
446
447         }
448
449         public void testArpApplication() {
450
451                 //Setup a test ARP repository
452                 Properties props = new Properties();
453                 props.setProperty(
454                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
455                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
456                 ArpRepository repository = null;
457                 try {
458                         repository = ArpRepositoryFactory.getInstance(props);
459                 } catch (ArpRepositoryException e) {
460                         fail("Failed to create memory-based Arp Repository" + e);
461                 }
462
463                 DOMParser parser = new DOMParser();
464                 try {
465
466                         arpApplicationTest1(repository, props, parser);
467                         arpApplicationTest2(repository, props, parser);
468                         arpApplicationTest3(repository, props, parser);
469                         arpApplicationTest4(repository, props, parser);
470                         arpApplicationTest5(repository, props, parser);
471                         arpApplicationTest6(repository, props, parser);
472                         arpApplicationTest7(repository, props, parser);
473                         arpApplicationTest8(repository, props, parser);
474                         arpApplicationTest9(repository, props, parser);
475                         arpApplicationTest10(repository, props, parser);
476                         arpApplicationTest11(repository, props, parser);
477                         arpApplicationTest12(repository, props, parser);
478                         arpApplicationTest13(repository, props, parser);
479                         arpApplicationTest14(repository, props, parser);
480                         arpApplicationTest15(repository, props, parser);
481                         arpApplicationTest16(repository, props, parser);
482                         arpApplicationTest17(repository, props, parser);
483                         arpApplicationTest18(repository, props, parser);
484
485                 } catch (Exception e) {
486                         e.printStackTrace();
487                         fail("Failed to apply ARPs: " + e);
488                 }
489         }
490         /**
491          * ARPs: A site ARP only
492          * Target: Any
493          * Attribute: Any value release,
494          */
495         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
496
497                 //Gather the Input
498                 String rawArp =
499                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
500                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
501                                 + "                     <Rule>"
502                                 + "                             <Target>"
503                                 + "                                     <AnyTarget/>"
504                                 + "                             </Target>"
505                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
506                                 + "                                     <AnyValue release=\"permit\"/>"
507                                 + "                             </Attribute>"
508                                 + "                     </Rule>"
509                                 + "     </AttributeReleasePolicy>";
510
511                 Principal principal1 = new AAPrincipal("TestPrincipal");
512                 URL url1 = new URL("http://www.example.edu/");
513                 TestAttribute testAttribute =
514                         new TestAttribute(
515                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
516                                 new Object[] { "member@example.edu", "faculty@example.edu" });
517
518                 //Setup the engine
519                 parser.parse(new InputSource(new StringReader(rawArp)));
520                 Arp siteArp = new Arp();
521                 siteArp.marshall(parser.getDocument().getDocumentElement());
522                 repository.update(siteArp);
523                 ArpEngine engine = new ArpEngine(repository, props);
524
525                 //Apply the ARP
526                 ArpAttribute[] releaseAttributes =
527                         engine.filterAttributes(
528                                 new ArpAttribute[] { testAttribute },
529                                 principal1,
530                                 "shar.example.edu",
531                                 url1);
532
533                 assertEquals(
534                         "ARP application test 1: ARP not applied as expected.",
535                         new HashSet(Arrays.asList(releaseAttributes)),
536                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
537         }
538
539         /**
540          * ARPs: A site ARP only
541          * Target: Any
542          * Attribute: Any value release, implicit deny
543          */
544         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
545
546                 //Gather the Input
547                 String rawArp =
548                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
549                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
550                                 + "                     <Rule>"
551                                 + "                             <Target>"
552                                 + "                                     <AnyTarget/>"
553                                 + "                             </Target>"
554                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
555                                 + "                                     <AnyValue release=\"permit\"/>"
556                                 + "                             </Attribute>"
557                                 + "                     </Rule>"
558                                 + "     </AttributeReleasePolicy>";
559
560                 Principal principal1 = new AAPrincipal("TestPrincipal");
561                 URL url1 = new URL("http://www.example.edu/");
562                 TestAttribute testAttribute1 =
563                         new TestAttribute(
564                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
565                                 new Object[] { "member@example.edu", "faculty@example.edu" });
566                 TestAttribute testAttribute2 =
567                         new TestAttribute(
568                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
569                                 new Object[] { "mehoehn@example.edu" });
570
571                 //Setup the engine
572                 parser.parse(new InputSource(new StringReader(rawArp)));
573                 Arp siteArp = new Arp();
574                 siteArp.marshall(parser.getDocument().getDocumentElement());
575                 repository.update(siteArp);
576                 ArpEngine engine = new ArpEngine(repository, props);
577
578                 //Apply the ARP
579                 ArpAttribute[] releaseAttributes =
580                         engine.filterAttributes(
581                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
582                                 principal1,
583                                 "shar.example.edu",
584                                 url1);
585
586                 assertEquals(
587                         "ARP application test 2: ARP not applied as expected.",
588                         new HashSet(Arrays.asList(releaseAttributes)),
589                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1 })));
590         }
591
592         /**
593          * ARPs: A site ARP only
594          * Target: Any
595          * Attribute: One value release
596          */
597         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
598
599                 //Gather the Input
600                 String rawArp =
601                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
602                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
603                                 + "                     <Rule>"
604                                 + "                             <Target>"
605                                 + "                                     <AnyTarget/>"
606                                 + "                             </Target>"
607                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
608                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
609                                 + "                             </Attribute>"
610                                 + "                     </Rule>"
611                                 + "     </AttributeReleasePolicy>";
612
613                 Principal principal1 = new AAPrincipal("TestPrincipal");
614                 URL url1 = new URL("http://www.example.edu/");
615                 TestAttribute testAttribute =
616                         new TestAttribute(
617                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
618                                 new Object[] { "member@example.edu", "faculty@example.edu" });
619                 TestAttribute filteredAttribute =
620                         new TestAttribute(
621                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
622                                 new Object[] { "member@example.edu" });
623
624                 //Setup the engine
625                 parser.parse(new InputSource(new StringReader(rawArp)));
626                 Arp siteArp = new Arp();
627                 siteArp.marshall(parser.getDocument().getDocumentElement());
628                 repository.update(siteArp);
629                 ArpEngine engine = new ArpEngine(repository, props);
630
631                 //Apply the ARP
632                 ArpAttribute[] releaseAttributes =
633                         engine.filterAttributes(
634                                 new ArpAttribute[] { testAttribute },
635                                 principal1,
636                                 "shar.example.edu",
637                                 url1);
638
639                 assertEquals(
640                         "ARP application test 3: ARP not applied as expected.",
641                         new HashSet(Arrays.asList(releaseAttributes)),
642                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
643         }
644
645         /**
646          * ARPs: A site ARP only
647          * Target: Any
648          * Attribute: Any value except one release, canonical representation
649          */
650         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
651
652                 //Gather the Input
653                 String rawArp =
654                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
655                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
656                                 + "                     <Rule>"
657                                 + "                             <Target>"
658                                 + "                                     <AnyTarget/>"
659                                 + "                             </Target>"
660                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
661                                 + "                                     <AnyValue release=\"permit\"/>"
662                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
663                                 + "                             </Attribute>"
664                                 + "                     </Rule>"
665                                 + "     </AttributeReleasePolicy>";
666
667                 Principal principal1 = new AAPrincipal("TestPrincipal");
668                 URL url1 = new URL("http://www.example.edu/");
669                 TestAttribute testAttribute =
670                         new TestAttribute(
671                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
672                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" });
673                 TestAttribute filteredAttribute =
674                         new TestAttribute(
675                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
676                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
677
678                 //Setup the engine
679                 parser.parse(new InputSource(new StringReader(rawArp)));
680                 Arp siteArp = new Arp();
681                 siteArp.marshall(parser.getDocument().getDocumentElement());
682                 repository.update(siteArp);
683                 ArpEngine engine = new ArpEngine(repository, props);
684
685                 //Apply the ARP
686                 ArpAttribute[] releaseAttributes =
687                         engine.filterAttributes(
688                                 new ArpAttribute[] { testAttribute },
689                                 principal1,
690                                 "shar.example.edu",
691                                 url1);
692
693                 assertEquals(
694                         "ARP application test 4: ARP not applied as expected.",
695                         new HashSet(Arrays.asList(releaseAttributes)),
696                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
697         }
698
699         /**
700          * ARPs: A site ARP only
701          * Target: Any
702          * Attribute: Any value except one release, expanded representation
703          */
704         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
705
706                 //Gather the Input
707                 String rawArp =
708                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
709                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
710                                 + "                     <Rule>"
711                                 + "                             <Target>"
712                                 + "                                     <AnyTarget/>"
713                                 + "                             </Target>"
714                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
715                                 + "                                     <AnyValue release=\"permit\"/>"
716                                 + "                             </Attribute>"
717                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
718                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
719                                 + "                             </Attribute>"
720                                 + "                     </Rule>"
721                                 + "     </AttributeReleasePolicy>";
722
723                 Principal principal1 = new AAPrincipal("TestPrincipal");
724                 URL url1 = new URL("http://www.example.edu/");
725                 TestAttribute testAttribute =
726                         new TestAttribute(
727                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
728                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" });
729                 TestAttribute filteredAttribute =
730                         new TestAttribute(
731                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
732                                 new Object[] { "faculty@example.edu", "employee@example.edu" });
733
734                 //Setup the engine
735                 parser.parse(new InputSource(new StringReader(rawArp)));
736                 Arp siteArp = new Arp();
737                 siteArp.marshall(parser.getDocument().getDocumentElement());
738                 repository.update(siteArp);
739                 ArpEngine engine = new ArpEngine(repository, props);
740
741                 //Apply the ARP
742                 ArpAttribute[] releaseAttributes =
743                         engine.filterAttributes(
744                                 new ArpAttribute[] { testAttribute },
745                                 principal1,
746                                 "shar.example.edu",
747                                 url1);
748
749                 assertEquals(
750                         "ARP application test 5: ARP not applied as expected.",
751                         new HashSet(Arrays.asList(releaseAttributes)),
752                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
753         }
754
755         /**
756          * ARPs: A site ARP only
757          * Target: Any
758          * Attribute: Any value except two release, expanded representation
759          */
760         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
761
762                 //Gather the Input
763                 String rawArp =
764                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
765                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
766                                 + "                     <Rule>"
767                                 + "                             <Target>"
768                                 + "                                     <AnyTarget/>"
769                                 + "                             </Target>"
770                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
771                                 + "                                     <AnyValue release=\"permit\"/>"
772                                 + "                             </Attribute>"
773                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
774                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
775                                 + "                             </Attribute>"
776                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
777                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
778                                 + "                             </Attribute>"
779                                 + "                     </Rule>"
780                                 + "     </AttributeReleasePolicy>";
781
782                 Principal principal1 = new AAPrincipal("TestPrincipal");
783                 URL url1 = new URL("http://www.example.edu/");
784                 TestAttribute testAttribute =
785                         new TestAttribute(
786                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
787                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" });
788                 TestAttribute filteredAttribute =
789                         new TestAttribute(
790                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
791                                 new Object[] { "employee@example.edu" });
792
793                 //Setup the engine
794                 parser.parse(new InputSource(new StringReader(rawArp)));
795                 Arp siteArp = new Arp();
796                 siteArp.marshall(parser.getDocument().getDocumentElement());
797                 repository.update(siteArp);
798                 ArpEngine engine = new ArpEngine(repository, props);
799
800                 //Apply the ARP
801                 ArpAttribute[] releaseAttributes =
802                         engine.filterAttributes(
803                                 new ArpAttribute[] { testAttribute },
804                                 principal1,
805                                 "shar.example.edu",
806                                 url1);
807
808                 assertEquals(
809                         "ARP application test 6: ARP not applied as expected.",
810                         new HashSet(Arrays.asList(releaseAttributes)),
811                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
812         }
813
814         /**
815          * ARPs: A site ARP only
816          * Target: Any
817          * Attribute: Two value release, canonical representation
818          */
819         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
820
821                 //Gather the Input
822                 String rawArp =
823                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
824                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
825                                 + "                     <Rule>"
826                                 + "                             <Target>"
827                                 + "                                     <AnyTarget/>"
828                                 + "                             </Target>"
829                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
830                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
831                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
832                                 + "                             </Attribute>"
833                                 + "                     </Rule>"
834                                 + "     </AttributeReleasePolicy>";
835
836                 Principal principal1 = new AAPrincipal("TestPrincipal");
837                 URL url1 = new URL("http://www.example.edu/");
838                 TestAttribute testAttribute =
839                         new TestAttribute(
840                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
841                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" });
842                 TestAttribute filteredAttribute =
843                         new TestAttribute(
844                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
845                                 new Object[] { "member@example.edu", "faculty@example.edu" });
846
847                 //Setup the engine
848                 parser.parse(new InputSource(new StringReader(rawArp)));
849                 Arp siteArp = new Arp();
850                 siteArp.marshall(parser.getDocument().getDocumentElement());
851                 repository.update(siteArp);
852                 ArpEngine engine = new ArpEngine(repository, props);
853
854                 //Apply the ARP
855                 ArpAttribute[] releaseAttributes =
856                         engine.filterAttributes(
857                                 new ArpAttribute[] { testAttribute },
858                                 principal1,
859                                 "shar.example.edu",
860                                 url1);
861
862                 assertEquals(
863                         "ARP application test 3: ARP not applied as expected.",
864                         new HashSet(Arrays.asList(releaseAttributes)),
865                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
866         }
867
868         /**
869          * ARPs: A site ARP only
870          * Target: Any
871          * Attribute: Two value release, expanded representation
872          */
873         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
874
875                 //Gather the Input
876                 String rawArp =
877                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
878                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
879                                 + "                     <Rule>"
880                                 + "                             <Target>"
881                                 + "                                     <AnyTarget/>"
882                                 + "                             </Target>"
883                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
884                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
885                                 + "                             </Attribute>"
886                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
887                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
888                                 + "                             </Attribute>"
889                                 + "                     </Rule>"
890                                 + "     </AttributeReleasePolicy>";
891
892                 Principal principal1 = new AAPrincipal("TestPrincipal");
893                 URL url1 = new URL("http://www.example.edu/");
894                 TestAttribute testAttribute =
895                         new TestAttribute(
896                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
897                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" });
898                 TestAttribute filteredAttribute =
899                         new TestAttribute(
900                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
901                                 new Object[] { "member@example.edu", "faculty@example.edu" });
902
903                 //Setup the engine
904                 parser.parse(new InputSource(new StringReader(rawArp)));
905                 Arp siteArp = new Arp();
906                 siteArp.marshall(parser.getDocument().getDocumentElement());
907                 repository.update(siteArp);
908                 ArpEngine engine = new ArpEngine(repository, props);
909
910                 //Apply the ARP
911                 ArpAttribute[] releaseAttributes =
912                         engine.filterAttributes(
913                                 new ArpAttribute[] { testAttribute },
914                                 principal1,
915                                 "shar.example.edu",
916                                 url1);
917
918                 assertEquals(
919                         "ARP application test 8: ARP not applied as expected.",
920                         new HashSet(Arrays.asList(releaseAttributes)),
921                         new HashSet(Arrays.asList(new ArpAttribute[] { filteredAttribute })));
922         }
923
924         /**
925          * ARPs: A site ARP only
926          * Target: Any
927          * Attribute: Any value deny
928          */
929         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
930
931                 //Gather the Input
932                 String rawArp =
933                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
934                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
935                                 + "                     <Rule>"
936                                 + "                             <Target>"
937                                 + "                                     <AnyTarget/>"
938                                 + "                             </Target>"
939                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
940                                 + "                                     <AnyValue release=\"deny\"/>"
941                                 + "                             </Attribute>"
942                                 + "                     </Rule>"
943                                 + "     </AttributeReleasePolicy>";
944
945                 Principal principal1 = new AAPrincipal("TestPrincipal");
946                 URL url1 = new URL("http://www.example.edu/");
947                 TestAttribute testAttribute =
948                         new TestAttribute(
949                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
950                                 new Object[] { "member@example.edu", "faculty@example.edu" });
951
952                 //Setup the engine
953                 parser.parse(new InputSource(new StringReader(rawArp)));
954                 Arp siteArp = new Arp();
955                 siteArp.marshall(parser.getDocument().getDocumentElement());
956                 repository.update(siteArp);
957                 ArpEngine engine = new ArpEngine(repository, props);
958
959                 //Apply the ARP
960                 ArpAttribute[] releaseAttributes =
961                         engine.filterAttributes(
962                                 new ArpAttribute[] { testAttribute },
963                                 principal1,
964                                 "shar.example.edu",
965                                 url1);
966
967                 assertEquals(
968                         "ARP application test 9: ARP not applied as expected.",
969                         new HashSet(Arrays.asList(releaseAttributes)),
970                         new HashSet(Arrays.asList(new ArpAttribute[0])));
971         }
972
973         /**
974          * ARPs: A site ARP only
975          * Target: Any
976          * Attribute: Any value deny trumps explicit permit expanded representation
977          */
978         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser)
979                 throws Exception {
980
981                 //Gather the Input
982                 String rawArp =
983                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
984                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
985                                 + "                     <Rule>"
986                                 + "                             <Target>"
987                                 + "                                     <AnyTarget/>"
988                                 + "                             </Target>"
989                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
990                                 + "                                     <AnyValue release=\"deny\"/>"
991                                 + "                             </Attribute>"
992                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
993                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
994                                 + "                             </Attribute>"
995                                 + "                     </Rule>"
996                                 + "     </AttributeReleasePolicy>";
997
998                 Principal principal1 = new AAPrincipal("TestPrincipal");
999                 URL url1 = new URL("http://www.example.edu/");
1000                 TestAttribute testAttribute =
1001                         new TestAttribute(
1002                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1003                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1004
1005                 //Setup the engine
1006                 parser.parse(new InputSource(new StringReader(rawArp)));
1007                 Arp siteArp = new Arp();
1008                 siteArp.marshall(parser.getDocument().getDocumentElement());
1009                 repository.update(siteArp);
1010                 ArpEngine engine = new ArpEngine(repository, props);
1011
1012                 //Apply the ARP
1013                 ArpAttribute[] releaseAttributes =
1014                         engine.filterAttributes(
1015                                 new ArpAttribute[] { testAttribute },
1016                                 principal1,
1017                                 "shar.example.edu",
1018                                 url1);
1019
1020                 assertEquals(
1021                         "ARP application test 10: ARP not applied as expected.",
1022                         new HashSet(Arrays.asList(releaseAttributes)),
1023                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1024         }
1025
1026         /**
1027          * ARPs: A site ARP only
1028          * Target: Any
1029          * Attribute: Any value deny trumps explicit permit canonical representation
1030          */
1031         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser)
1032                 throws Exception {
1033
1034                 //Gather the Input
1035                 String rawArp =
1036                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1037                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1038                                 + "                     <Rule>"
1039                                 + "                             <Target>"
1040                                 + "                                     <AnyTarget/>"
1041                                 + "                             </Target>"
1042                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1043                                 + "                                     <AnyValue release=\"deny\"/>"
1044                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1045                                 + "                             </Attribute>"
1046                                 + "                     </Rule>"
1047                                 + "     </AttributeReleasePolicy>";
1048
1049                 Principal principal1 = new AAPrincipal("TestPrincipal");
1050                 URL url1 = new URL("http://www.example.edu/");
1051                 TestAttribute testAttribute =
1052                         new TestAttribute(
1053                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1054                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1055
1056                 //Setup the engine
1057                 parser.parse(new InputSource(new StringReader(rawArp)));
1058                 Arp siteArp = new Arp();
1059                 siteArp.marshall(parser.getDocument().getDocumentElement());
1060                 repository.update(siteArp);
1061                 ArpEngine engine = new ArpEngine(repository, props);
1062
1063                 //Apply the ARP
1064                 ArpAttribute[] releaseAttributes =
1065                         engine.filterAttributes(
1066                                 new ArpAttribute[] { testAttribute },
1067                                 principal1,
1068                                 "shar.example.edu",
1069                                 url1);
1070
1071                 assertEquals(
1072                         "ARP application test 11: ARP not applied as expected.",
1073                         new HashSet(Arrays.asList(releaseAttributes)),
1074                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1075         }
1076
1077         /**
1078          * ARPs: A site ARP only
1079          * Target: Specific shar, Any Resource
1080          * Attribute: Any value release
1081          */
1082         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser)
1083                 throws Exception {
1084
1085                 //Gather the Input
1086                 String rawArp =
1087                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1088                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1089                                 + "                     <Rule>"
1090                                 + "                             <Target>"
1091                                 + "                                     <Requester>shar.example.edu</Requester>"
1092                                 + "                                     <AnyResource />"
1093                                 + "                             </Target>"
1094                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1095                                 + "                                     <AnyValue release=\"permit\"/>"
1096                                 + "                             </Attribute>"
1097                                 + "                     </Rule>"
1098                                 + "     </AttributeReleasePolicy>";
1099
1100                 Principal principal1 = new AAPrincipal("TestPrincipal");
1101                 URL url1 = new URL("http://www.example.edu/");
1102                 TestAttribute testAttribute =
1103                         new TestAttribute(
1104                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1105                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1106
1107                 //Setup the engine
1108                 parser.parse(new InputSource(new StringReader(rawArp)));
1109                 Arp siteArp = new Arp();
1110                 siteArp.marshall(parser.getDocument().getDocumentElement());
1111                 repository.update(siteArp);
1112                 ArpEngine engine = new ArpEngine(repository, props);
1113
1114                 //Apply the ARP
1115                 ArpAttribute[] releaseAttributes =
1116                         engine.filterAttributes(
1117                                 new ArpAttribute[] { testAttribute },
1118                                 principal1,
1119                                 "shar.example.edu",
1120                                 url1);
1121
1122                 assertEquals(
1123                         "ARP application test 12: ARP not applied as expected.",
1124                         new HashSet(Arrays.asList(releaseAttributes)),
1125                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1126         }
1127
1128         /**
1129          * ARPs: A site ARP only
1130          * Target: Specific shar, Any Resource (another example)
1131          * Attribute: Any value release
1132          */
1133         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser)
1134                 throws Exception {
1135
1136                 //Gather the Input
1137                 String rawArp =
1138                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1139                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1140                                 + "                     <Rule>"
1141                                 + "                             <Target>"
1142                                 + "                                     <Requester>shar.example.edu</Requester>"
1143                                 + "                                     <AnyResource />"
1144                                 + "                             </Target>"
1145                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1146                                 + "                                     <AnyValue release=\"permit\"/>"
1147                                 + "                             </Attribute>"
1148                                 + "                     </Rule>"
1149                                 + "     </AttributeReleasePolicy>";
1150
1151                 Principal principal1 = new AAPrincipal("TestPrincipal");
1152                 URL url1 = new URL("https://foo.com/");
1153                 TestAttribute testAttribute =
1154                         new TestAttribute(
1155                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1156                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1157
1158                 //Setup the engine
1159                 parser.parse(new InputSource(new StringReader(rawArp)));
1160                 Arp siteArp = new Arp();
1161                 siteArp.marshall(parser.getDocument().getDocumentElement());
1162                 repository.update(siteArp);
1163                 ArpEngine engine = new ArpEngine(repository, props);
1164
1165                 //Apply the ARP
1166                 ArpAttribute[] releaseAttributes =
1167                         engine.filterAttributes(
1168                                 new ArpAttribute[] { testAttribute },
1169                                 principal1,
1170                                 "shar.example.edu",
1171                                 url1);
1172
1173                 assertEquals(
1174                         "ARP application test 13: ARP not applied as expected.",
1175                         new HashSet(Arrays.asList(releaseAttributes)),
1176                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1177         }
1178
1179         /**
1180          * ARPs: A site ARP only
1181          * Target: Specific shar (no match), Any Resource
1182          * Attribute: Any value release
1183          */
1184         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser)
1185                 throws Exception {
1186
1187                 //Gather the Input
1188                 String rawArp =
1189                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1190                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1191                                 + "                     <Rule>"
1192                                 + "                             <Target>"
1193                                 + "                                     <Requester>shar.example.edu</Requester>"
1194                                 + "                                     <AnyResource />"
1195                                 + "                             </Target>"
1196                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1197                                 + "                                     <AnyValue release=\"permit\"/>"
1198                                 + "                             </Attribute>"
1199                                 + "                     </Rule>"
1200                                 + "     </AttributeReleasePolicy>";
1201
1202                 Principal principal1 = new AAPrincipal("TestPrincipal");
1203                 URL url1 = new URL("http://www.example.edu/");
1204                 TestAttribute testAttribute =
1205                         new TestAttribute(
1206                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1207                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1208
1209                 //Setup the engine
1210                 parser.parse(new InputSource(new StringReader(rawArp)));
1211                 Arp siteArp = new Arp();
1212                 siteArp.marshall(parser.getDocument().getDocumentElement());
1213                 repository.update(siteArp);
1214                 ArpEngine engine = new ArpEngine(repository, props);
1215
1216                 //Apply the ARP
1217                 ArpAttribute[] releaseAttributes =
1218                         engine.filterAttributes(
1219                                 new ArpAttribute[] { testAttribute },
1220                                 principal1,
1221                                 "www.example.edu",
1222                                 url1);
1223
1224                 assertEquals(
1225                         "ARP application test 14: ARP not applied as expected.",
1226                         new HashSet(Arrays.asList(releaseAttributes)),
1227                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1228         }
1229
1230         /**
1231          * ARPs: A site ARP only
1232          * Target: Specific shar, Specific resource
1233          * Attribute: Any value release
1234          */
1235         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser)
1236                 throws Exception {
1237
1238                 //Gather the Input
1239                 String rawArp =
1240                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1241                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1242                                 + "                     <Rule>"
1243                                 + "                             <Target>"
1244                                 + "                                     <Requester>shar.example.edu</Requester>"
1245                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1246                                 + "                             </Target>"
1247                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1248                                 + "                                     <AnyValue release=\"permit\"/>"
1249                                 + "                             </Attribute>"
1250                                 + "                     </Rule>"
1251                                 + "     </AttributeReleasePolicy>";
1252
1253                 Principal principal1 = new AAPrincipal("TestPrincipal");
1254                 URL url1 = new URL("http://www.example.edu/index.html");
1255                 TestAttribute testAttribute =
1256                         new TestAttribute(
1257                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1258                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1259
1260                 //Setup the engine
1261                 parser.parse(new InputSource(new StringReader(rawArp)));
1262                 Arp siteArp = new Arp();
1263                 siteArp.marshall(parser.getDocument().getDocumentElement());
1264                 repository.update(siteArp);
1265                 ArpEngine engine = new ArpEngine(repository, props);
1266
1267                 //Apply the ARP
1268                 ArpAttribute[] releaseAttributes =
1269                         engine.filterAttributes(
1270                                 new ArpAttribute[] { testAttribute },
1271                                 principal1,
1272                                 "shar.example.edu",
1273                                 url1);
1274
1275                 assertEquals(
1276                         "ARP application test 15: ARP not applied as expected.",
1277                         new HashSet(Arrays.asList(releaseAttributes)),
1278                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute })));
1279         }
1280
1281         /**
1282          * ARPs: A site ARP only
1283          * Target: Specific shar, Specific resource (no match)
1284          * Attribute: Any value release
1285          */
1286         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser)
1287                 throws Exception {
1288
1289                 //Gather the Input
1290                 String rawArp =
1291                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1292                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1293                                 + "                     <Rule>"
1294                                 + "                             <Target>"
1295                                 + "                                     <Requester>shar.example.edu</Requester>"
1296                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1297                                 + "                             </Target>"
1298                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1299                                 + "                                     <AnyValue release=\"permit\"/>"
1300                                 + "                             </Attribute>"
1301                                 + "                     </Rule>"
1302                                 + "     </AttributeReleasePolicy>";
1303
1304                 Principal principal1 = new AAPrincipal("TestPrincipal");
1305                 URL url1 = new URL("https://www.example.edu/index.html");
1306                 TestAttribute testAttribute =
1307                         new TestAttribute(
1308                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1309                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1310
1311                 //Setup the engine
1312                 parser.parse(new InputSource(new StringReader(rawArp)));
1313                 Arp siteArp = new Arp();
1314                 siteArp.marshall(parser.getDocument().getDocumentElement());
1315                 repository.update(siteArp);
1316                 ArpEngine engine = new ArpEngine(repository, props);
1317
1318                 //Apply the ARP
1319                 ArpAttribute[] releaseAttributes =
1320                         engine.filterAttributes(
1321                                 new ArpAttribute[] { testAttribute },
1322                                 principal1,
1323                                 "shar.example.edu",
1324                                 url1);
1325
1326                 assertEquals(
1327                         "ARP application test 16: ARP not applied as expected.",
1328                         new HashSet(Arrays.asList(releaseAttributes)),
1329                         new HashSet(Arrays.asList(new ArpAttribute[0])));
1330         }
1331
1332         /**
1333          * ARPs: A site ARP only
1334          * Target: Multiple matching rules
1335          * Attribute: various
1336          */
1337         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser)
1338                 throws Exception {
1339
1340                 //Gather the Input
1341                 String rawArp =
1342                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1343                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1344                                 + "                     <Rule>"
1345                                 + "                             <Target>"
1346                                 + "                                     <AnyTarget />"
1347                                 + "                             </Target>"
1348                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1349                                 + "                                     <AnyValue release=\"permit\"/>"
1350                                 + "                             </Attribute>"
1351                                 + "                     </Rule>"
1352                                 + "                     <Rule>"
1353                                 + "                             <Target>"
1354                                 + "                                     <Requester>shar1.example.edu</Requester>"
1355                                 + "                                     <AnyResource />"
1356                                 + "                             </Target>"
1357                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1358                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1359                                 + "                             </Attribute>"
1360                                 + "                     </Rule>"
1361                                 + "                     <Rule>"
1362                                 + "                             <Target>"
1363                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1364                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1365                                 + "                             </Target>"
1366                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1367                                 + "                                     <AnyValue release=\"permit\"/>"
1368                                 + "                             </Attribute>"
1369                                 + "                     </Rule>"
1370                                 + "     </AttributeReleasePolicy>";
1371
1372                 Principal principal1 = new AAPrincipal("TestPrincipal");
1373                 URL url1 = new URL("https://www.example.edu/index.html");
1374                 TestAttribute testAttribute1 =
1375                         new TestAttribute(
1376                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1377                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1378                 TestAttribute testAttribute2 =
1379                         new TestAttribute(
1380                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1381                                 new Object[] { "wassa@columbia.edu" });
1382                 TestAttribute filteredAttribute1 =
1383                         new TestAttribute(
1384                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1385                                 new Object[] { "member@example.edu" });
1386
1387                 //Setup the engine
1388                 parser.parse(new InputSource(new StringReader(rawArp)));
1389                 Arp siteArp = new Arp();
1390                 siteArp.marshall(parser.getDocument().getDocumentElement());
1391                 repository.update(siteArp);
1392                 ArpEngine engine = new ArpEngine(repository, props);
1393
1394                 //Apply the ARP
1395                 ArpAttribute[] releaseAttributes =
1396                         engine.filterAttributes(
1397                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1398                                 principal1,
1399                                 "shar1.example.edu",
1400                                 url1);
1401
1402                 assertEquals(
1403                         "ARP application test 17: ARP not applied as expected.",
1404                         new HashSet(Arrays.asList(releaseAttributes)),
1405                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute2, filteredAttribute1 } )));
1406         }
1407         
1408         /**
1409          * ARPs: A site ARP only
1410          * Target: Any
1411          * Attribute: Any value release of two attributes in one rule
1412          */
1413         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1414
1415                 //Gather the Input
1416                 String rawArp =
1417                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1418                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:noNamespaceSchemaLocation=\"ARP.xsd\">"
1419                                 + "                     <Rule>"
1420                                 + "                             <Target>"
1421                                 + "                                     <AnyTarget/>"
1422                                 + "                             </Target>"
1423                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1424                                 + "                                     <AnyValue release=\"permit\"/>"
1425                                 + "                             </Attribute>"
1426                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1427                                 + "                                     <AnyValue release=\"permit\"/>"
1428                                 + "                             </Attribute>"
1429                                 + "                     </Rule>"
1430                                 + "     </AttributeReleasePolicy>";
1431
1432                 Principal principal1 = new AAPrincipal("TestPrincipal");
1433                 URL url1 = new URL("http://www.example.edu/");
1434                 TestAttribute testAttribute1 =
1435                         new TestAttribute(
1436                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1437                                 new Object[] { "member@example.edu", "faculty@example.edu" });
1438                 TestAttribute testAttribute2 =
1439                         new TestAttribute(
1440                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1441                                 new Object[] { "mehoehn@example.edu" });
1442
1443                 //Setup the engine
1444                 parser.parse(new InputSource(new StringReader(rawArp)));
1445                 Arp siteArp = new Arp();
1446                 siteArp.marshall(parser.getDocument().getDocumentElement());
1447                 repository.update(siteArp);
1448                 ArpEngine engine = new ArpEngine(repository, props);
1449
1450                 //Apply the ARP
1451                 ArpAttribute[] releaseAttributes =
1452                         engine.filterAttributes(
1453                                 new ArpAttribute[] { testAttribute1, testAttribute2 },
1454                                 principal1,
1455                                 "shar.example.edu",
1456                                 url1);
1457
1458                 assertEquals(
1459                         "ARP application test 18: ARP not applied as expected.",
1460                         new HashSet(Arrays.asList(releaseAttributes)),
1461                         new HashSet(Arrays.asList(new ArpAttribute[] { testAttribute1, testAttribute2 })));
1462         }
1463
1464
1465         
1466
1467
1468         public class TestAttribute implements ArpAttribute {
1469                 private String name;
1470                 private Object[] values;
1471
1472                 public TestAttribute(String name, Object[] values) {
1473                         this.name = name;
1474                         this.values = values;
1475                 }
1476
1477                 /**
1478                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getName()
1479                  */
1480                 public String getName() {
1481                         return name;
1482                 }
1483
1484                 /**
1485                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#getValues()
1486                  */
1487                 public Object[] getValues() {
1488                         return values;
1489                 }
1490
1491                 /**
1492                  * @see edu.internet2.middleware.shibboleth.aa.arp.ArpAttribute#setValues(Object[])
1493                  */
1494                 public void setValues(Object[] values) {
1495                         this.values = values;
1496                 }
1497
1498                 /**
1499                  * @see java.lang.Object#equals(Object)
1500                  */
1501                 public boolean equals(Object object) {
1502                         if (!(object instanceof TestAttribute)) {
1503                                 return false;
1504                         }
1505                         return (new HashSet(Arrays.asList(values))).equals(
1506                                 new HashSet(Arrays.asList(((TestAttribute) object).getValues())));
1507                 }
1508
1509                 /**
1510                 * @see java.lang.Object#hashCode()
1511                 */
1512                 public int hashCode() {
1513                         int code = 0;
1514                         for (int i = 0; i < values.length; i++) {
1515                                 code += values[i].hashCode();
1516                         }
1517                         return name.hashCode() + code;
1518                 }
1519
1520         }
1521
1522 }