Added code to compute potential release sets. This can be used to avoid resolving...
[java-idp.git] / src / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.FileInputStream;
53 import java.io.InputStream;
54 import java.net.MalformedURLException;
55 import java.net.URI;
56 import java.net.URISyntaxException;
57 import java.net.URL;
58 import java.security.Principal;
59 import java.util.Arrays;
60 import java.util.Properties;
61
62 import junit.framework.TestCase;
63
64 import org.apache.log4j.BasicConfigurator;
65 import org.apache.xerces.parsers.DOMParser;
66 import org.xml.sax.InputSource;
67
68 /**
69  * Validation suite for <code>Arp</code> processing.
70  * 
71  * @ author Walter Hoehn(wassa@columbia.edu)
72  */
73
74 public class ArpTests extends TestCase {
75
76         public ArpTests(String name) {
77                 super(name);
78                 BasicConfigurator.configure();
79         }
80
81         public static void main(String[] args) {
82                 junit.textui.TestRunner.run(ArpTests.class);
83                 BasicConfigurator.configure();
84         }
85         
86
87
88         public void testArpMarshalling() {
89
90                 //Test ARP description
91                 try {
92                         InputStream inStream = new FileInputStream("test/arp1.xml");
93                         DOMParser parser = new DOMParser();
94                         parser.parse(new InputSource(inStream));
95                         Arp arp1 = new Arp();
96                         arp1.marshall(parser.getDocument().getDocumentElement());
97                         assertEquals(
98                                 "ARP Description not marshalled properly",
99                                 arp1.getDescription(),
100                                 "Simplest possible ARP.");
101
102                         //Test Rule description
103                         assertEquals(
104                                 "ARP Rule Description not marshalled properly",
105                                 arp1.getAllRules()[0].getDescription(),
106                                 "Example Rule Description.");
107                 } catch (Exception e) {
108                         fail("Failed to marshall ARP: " + e);
109                 }
110
111                 //Test case where ARP description does not exist
112                 try {
113                         InputStream inStream = new FileInputStream("test/arp2.xml");
114                         DOMParser parser = new DOMParser();
115                         parser.parse(new InputSource(inStream));
116                         Arp arp2 = new Arp();
117                         arp2.marshall(parser.getDocument().getDocumentElement());
118                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
119
120                         //Test case where ARP Rule description does not exist   
121                         assertNull(
122                                 "ARP Rule Description not marshalled properly",
123                                 arp2.getAllRules()[0].getDescription());
124                 } catch (Exception e) {
125                         fail("Failed to marshall ARP.");
126                 }
127
128         }
129
130         public void testMatchingFunctions() {
131
132                 try {
133
134                         /*
135                          * Test Arp Engine function retrieval
136                          */
137
138                         //Lookup a function that doesn't exist
139                         MatchFunction noFunction =
140                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
141                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
142
143                         //Lookup some real functions
144                         MatchFunction exactSharFunction =
145                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
146                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
147                         MatchFunction resourceTreeFunction =
148                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
149                         assertNotNull(
150                                 "ArpEngine did not properly load the Resource Tree SHAR function.",
151                                 resourceTreeFunction);
152                         MatchFunction regexFunction =
153                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
154                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
155
156                         /* 
157                          * Test the Exact SHAR function (requester)
158                          */
159
160                         assertTrue(
161                                 "Exact SHAR function: false negative",
162                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
163                         assertTrue(
164                                 "Exact SHAR function: false negative",
165                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
166                         assertTrue(
167                                 "Exact SHAR function: false negative",
168                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
169
170                         //Make sure we properly handle bad input
171                         try {
172                                 exactSharFunction.match(null, null);
173                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
174                         } catch (ArpException ie) {
175                                 //This is supposed to fail
176                         }
177
178                         /*
179                          * Test the Resource Tree function (resource)
180                          */
181
182                         URL requestURL1 = new URL("http://www.example.edu/test/");
183                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
184                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
185                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
186
187                         assertTrue(
188                                 "Resource Tree function: false negative",
189                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
190                         assertTrue(
191                                 "Resource Tree function: false positive",
192                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
193                         assertTrue(
194                                 "Resource Tree function: false negative",
195                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
196                         assertTrue(
197                                 "Resource Tree function: false positive",
198                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
199                         assertTrue(
200                                 "Resource Tree function: false negative",
201                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
202                         assertTrue(
203                                 "Resource Tree function: false negative",
204                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
205                         assertTrue(
206                                 "Resource Tree function: false negative",
207                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
208                         assertTrue(
209                                 "Resource Tree function: false positive",
210                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
211                         assertTrue(
212                                 "Resource Tree function: false negative",
213                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
214                         assertTrue(
215                                 "Resource Tree function: false negative",
216                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
217                         assertTrue(
218                                 "Resource Tree function: false negative",
219                                 resourceTreeFunction.match(
220                                         "http://www.example.edu/test2/index.html?test1=test1",
221                                         requestURL4));
222                         assertTrue(
223                                 "Resource Tree function: false positive",
224                                 !resourceTreeFunction.match(
225                                         "http://www.example.edu/test2/index.html?test1=test1",
226                                         requestURL3));
227
228                         //Make sure we properly handle bad input
229                         try {
230                                 resourceTreeFunction.match(null, null);
231                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
232                         } catch (ArpException ie) {
233                                 //This is supposed to fail
234                         }
235                         try {
236                                 resourceTreeFunction.match("Test", "Test");
237                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
238                         } catch (ArpException ie) {
239                                 //This is supposed to fail
240                         }
241
242                         /*
243                          * Test the Regex function (requester & resource)
244                          */
245
246                         //Try requester regexes
247                         assertTrue(
248                                 "Regex function: false negative",
249                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
250                         assertTrue(
251                                 "Regex function: false negative",
252                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
253                         assertTrue(
254                                 "Regex function: false negative",
255                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
256                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
257                         assertTrue(
258                                 "Regex function: false positive",
259                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
260                         assertTrue(
261                                 "Regex function: false positive",
262                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
263                         assertTrue(
264                                 "Regex function: false positive",
265                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
266
267                         //Try resource regexes
268                         assertTrue(
269                                 "Regex function: false negative",
270                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
271                         assertTrue(
272                                 "Regex function: false negative",
273                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
274                         assertTrue(
275                                 "Regex function: false negative",
276                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
277                         assertTrue(
278                                 "Regex function: false negative",
279                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
280                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
281                         assertTrue(
282                                 "Regex function: false positive",
283                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
284                         assertTrue(
285                                 "Regex function: false positive",
286                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
287
288                         //Make sure we properly handle bad input
289                         try {
290                                 regexFunction.match(null, null);
291                                 fail("Regex function seems to take improper input without throwing an exception.");
292                         } catch (ArpException ie) {
293                                 //This is supposed to fail
294                         }
295
296                 } catch (ArpException e) {
297                         fail("Encountered a problem loading match function: " + e);
298                 } catch (URISyntaxException e) {
299                         fail("Unable to create URI from test string.");
300                 } catch (MalformedURLException e) {
301                         fail("Couldn't create test URLs: " + e);
302                 }
303
304         }
305
306         public void testRepositories() {
307
308                 /*
309                  * Test the Factory
310                  */
311
312                 //Make sure we fail if no Repository is specified
313                 Properties props = new Properties();
314                 try {
315                         ArpRepositoryFactory.getInstance(props);
316                 } catch (ArpRepositoryException e) {
317                         //This is supposed to fail
318                 }
319
320                 // Make sure we can create an Arp Repository
321                 props.setProperty(
322                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
323                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
324                 ArpRepository repository = null;
325                 try {
326                         repository = ArpRepositoryFactory.getInstance(props);
327                 } catch (ArpRepositoryException e) {
328                         fail("Failed to create memory-based Arp Repository" + e);
329                 }
330                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
331
332                 /*
333                  * Exercise the Memory Arp Repository
334                  */
335
336                 //Set/retrieve/remove a Site ARP
337                 Arp siteArp1 = new Arp();
338                 siteArp1.setDescription("Test Site Arp 1.");
339                 try {
340                         repository.update(siteArp1);
341                         assertEquals(
342                                 "Memory Repository does not store and retrieve Site ARPs properly.",
343                                 siteArp1,
344                                 repository.getSitePolicy());
345                         repository.remove(repository.getSitePolicy());
346                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
347                 } catch (ArpRepositoryException e) {
348                         fail("Error adding Site ARP to Memory Repository.");
349                 }
350
351                 //Set/retrieve/delete some user ARPs
352                 Arp userArp1 = new Arp();
353                 userArp1.setDescription("Broken User Arp 1.");
354                 try {
355                         repository.update(userArp1);
356                         assertTrue(
357                                 "Memory Repository does not store and retrieve User ARPs properly.",
358                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
359                 } catch (ArpRepositoryException e) {
360                         fail("Error adding User ARP to Memory Repository.");
361                 }
362
363                 Arp userArp2 = new Arp(new AAPrincipal("TestPrincipal"));
364                 userArp2.setDescription("Test User Arp 2.");
365                 try {
366                         repository.update(userArp2);
367                         assertEquals(
368                                 "Memory Repository does not store and retrieve User ARPs properly.",
369                                 userArp2,
370                                 repository.getUserPolicy(userArp2.getPrincipal()));
371                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
372                         assertNull(
373                                 "Memorty Repository does not properly delete User ARPs.",
374                                 repository.getUserPolicy(userArp2.getPrincipal()));
375                 } catch (ArpRepositoryException e) {
376                         fail("Error adding User ARP to Memory Repository.");
377                 }
378
379         }
380
381         public void testPossibleReleaseSetComputation() {
382                 Properties props = new Properties();
383                 props.setProperty(
384                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
385                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
386                 ArpRepository repository = null;
387                 try {
388                         repository = ArpRepositoryFactory.getInstance(props);
389                 } catch (ArpRepositoryException e) {
390                         fail("Failed to create memory-based Arp Repository" + e);
391                 }
392
393                 try {
394                         Principal principal1 = new AAPrincipal("TestPrincipal");
395                         URL url1 = new URL("http://www.example.edu/");
396                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
397                         URI[] list2 =
398                                 {
399                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
400                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
401                                         
402                         //Test with just a site ARP
403                         InputStream inStream = new FileInputStream("test/arp1.xml");
404                         DOMParser parser = new DOMParser();
405                         parser.parse(new InputSource(inStream));
406                         Arp arp1 = new Arp();
407                         arp1.marshall(parser.getDocument().getDocumentElement());
408                         repository.update(arp1);
409                         ArpEngine engine = new ArpEngine(repository, props);
410                         URI[] possibleAttributes =
411                                 engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
412                         assertTrue("Incorrectly computed possible release set.", Arrays.equals(possibleAttributes, list1));
413
414                         //Test with site and user ARPs
415                         inStream = new FileInputStream("test/arp7.xml");
416                         parser.parse(new InputSource(inStream));
417                         Arp arp7 = new Arp();
418                         arp7.setPrincipal(principal1);
419                         arp7.marshall(parser.getDocument().getDocumentElement());
420                         repository.update(arp7);
421                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
422                         assertTrue("Incorrectly computed possible release set.", Arrays.equals(possibleAttributes, list2));
423                 } catch (Exception e) {
424                         e.printStackTrace();
425                         fail("Failed to marshall ARP: " + e);
426                 }
427
428         }
429
430 }