0a4ac39da98164f4f9b06ca51e117ef0e633a866
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.File;
54 import java.io.FileInputStream;
55 import java.io.FileNotFoundException;
56 import java.io.InputStream;
57 import java.io.StringReader;
58 import java.net.MalformedURLException;
59 import java.net.URI;
60 import java.net.URISyntaxException;
61 import java.net.URL;
62 import java.security.Principal;
63 import java.util.Arrays;
64 import java.util.HashSet;
65
66 import javax.xml.parsers.DocumentBuilderFactory;
67 import javax.xml.parsers.ParserConfigurationException;
68
69 import junit.framework.TestCase;
70
71 import org.apache.log4j.BasicConfigurator;
72 import org.apache.log4j.Level;
73 import org.apache.log4j.Logger;
74 import org.apache.xerces.parsers.DOMParser;
75 import org.apache.xml.serialize.OutputFormat;
76 import org.apache.xml.serialize.XMLSerializer;
77 import org.w3c.dom.Document;
78 import org.w3c.dom.Element;
79 import org.w3c.dom.Text;
80 import org.xml.sax.EntityResolver;
81 import org.xml.sax.ErrorHandler;
82 import org.xml.sax.InputSource;
83 import org.xml.sax.SAXException;
84 import org.xml.sax.SAXParseException;
85
86 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
87 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
88 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
89 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
90
91 /**
92  * Validation suite for <code>Arp</code> processing.
93  * 
94  * @author Walter Hoehn(wassa@columbia.edu)
95  */
96
97 public class ArpTests extends TestCase {
98
99         private DOMParser parser = new DOMParser();
100         Element memoryRepositoryElement;
101         private String[] arpExamples =
102                 {
103                         "data/example1.xml",
104                         "data/example2.xml",
105                         "data/example3.xml",
106                         "data/example4.xml",
107                         "data/example5.xml",
108                         "data/example6.xml",
109                         "data/example7.xml",
110                         "data/example8.xml",
111                         "data/example9.xml",
112                         "data/example10.xml",
113                         "data/example11.xml",
114                         "data/example12.xml" };
115
116         public ArpTests(String name) {
117                 super(name);
118                 BasicConfigurator.resetConfiguration();
119                 BasicConfigurator.configure();
120                 Logger.getRootLogger().setLevel(Level.OFF);
121         }
122
123         public static void main(String[] args) {
124                 junit.textui.TestRunner.run(ArpTests.class);
125                 BasicConfigurator.configure();
126                 Logger.getRootLogger().setLevel(Level.OFF);
127         }
128
129         /**
130          * @see junit.framework.TestCase#setUp()
131          */
132         protected void setUp() throws Exception {
133                 super.setUp();
134
135                 // Setup an xml parser
136                 try {
137                         parser.setFeature("http://xml.org/sax/features/validation", true);
138                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
139                         parser.setEntityResolver(new EntityResolver() {
140                                 public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
141
142                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
143                                                 InputStream stream;
144                                                 try {
145                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
146                                                         if (stream != null) {
147                                                                 return new InputSource(stream);
148                                                         }
149                                                         throw new SAXException("Could not load entity: Null input stream");
150                                                 } catch (FileNotFoundException e) {
151                                                         throw new SAXException("Could not load entity: " + e);
152                                                 }
153                                         } else {
154                                                 return null;
155                                         }
156                                 }
157                         });
158
159                         parser.setErrorHandler(new ErrorHandler() {
160                                 public void error(SAXParseException arg0) throws SAXException {
161                                         throw new SAXException("Error parsing xml file: " + arg0);
162                                 }
163                                 public void fatalError(SAXParseException arg0) throws SAXException {
164                                         throw new SAXException("Error parsing xml file: " + arg0);
165                                 }
166                                 public void warning(SAXParseException arg0) throws SAXException {
167                                         throw new SAXException("Error parsing xml file: " + arg0);
168                                 }
169                         });
170                 } catch (Exception e) {
171                         fail("Failed to setup xml parser: " + e);
172                 }
173
174                 //Setup a dummy xml config for a Memory-based repository
175                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
176                 docFactory.setNamespaceAware(true);
177                 Document placeHolder;
178                 try {
179                         placeHolder = docFactory.newDocumentBuilder().newDocument();
180
181                         memoryRepositoryElement =
182                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
183                         memoryRepositoryElement.setAttributeNS(
184                                 ShibbolethOriginConfig.originConfigNamespace,
185                                 "implementation",
186                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
187                 } catch (ParserConfigurationException e) {
188                         fail("Failed to create memory-based Arp Repository configuration" + e);
189                 }
190         }
191
192         public void testArpMarshalling() {
193
194                 //Test ARP description
195                 try {
196                         InputStream inStream = new FileInputStream("data/arp1.xml");
197                         parser.parse(new InputSource(inStream));
198                         Arp arp1 = new Arp();
199                         arp1.marshall(parser.getDocument().getDocumentElement());
200                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
201
202                         //Test Rule description
203                         assertEquals(
204                                 "ARP Rule Description not marshalled properly",
205                                 arp1.getAllRules()[0].getDescription(),
206                                 "Example Rule Description.");
207                 } catch (Exception e) {
208                         fail("Failed to marshall ARP: " + e);
209                 }
210
211                 //Test case where ARP description does not exist
212                 try {
213                         InputStream inStream = new FileInputStream("data/arp2.xml");
214                         parser.parse(new InputSource(inStream));
215                         Arp arp2 = new Arp();
216                         arp2.marshall(parser.getDocument().getDocumentElement());
217                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
218
219                         //Test case where ARP Rule description does not exist   
220                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
221                 } catch (Exception e) {
222                         fail("Failed to marshall ARP.");
223                 }
224
225         }
226
227         public void testMatchingFunctions() {
228
229                 try {
230
231                         /*
232                          * Test Arp Engine function retrieval
233                          */
234
235                         //Lookup a function that doesn't exist
236                         MatchFunction noFunction =
237                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
238                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
239
240                         //Lookup some real functions
241                         MatchFunction exactSharFunction =
242                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
243                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
244                         MatchFunction resourceTreeFunction =
245                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
246                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
247                         MatchFunction regexFunction =
248                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
249                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
250
251                         /* 
252                          * Test the Exact SHAR function (requester)
253                          */
254
255                         assertTrue(
256                                 "Exact SHAR function: false negative",
257                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
258                         assertTrue(
259                                 "Exact SHAR function: false positive",
260                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
261                         assertTrue(
262                                 "Exact SHAR function: false positive",
263                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
264
265                         //Make sure we properly handle bad input
266                         try {
267                                 exactSharFunction.match(null, null);
268                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
269                         } catch (ArpException ie) {
270                                 //This is supposed to fail
271                         }
272
273                         /*
274                          * Test the Resource Tree function (resource)
275                          */
276
277                         URL requestURL1 = new URL("http://www.example.edu/test/");
278                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
279                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
280                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
281
282                         assertTrue(
283                                 "Resource Tree function: false negative",
284                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
285                         assertTrue(
286                                 "Resource Tree function: false positive",
287                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
288                         assertTrue(
289                                 "Resource Tree function: false negative",
290                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
291                         assertTrue(
292                                 "Resource Tree function: false positive",
293                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
294                         assertTrue(
295                                 "Resource Tree function: false negative",
296                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
297                         assertTrue(
298                                 "Resource Tree function: false negative",
299                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
300                         assertTrue(
301                                 "Resource Tree function: false negative",
302                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
303                         assertTrue(
304                                 "Resource Tree function: false positive",
305                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
306                         assertTrue(
307                                 "Resource Tree function: false negative",
308                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
309                         assertTrue(
310                                 "Resource Tree function: false negative",
311                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
312                         assertTrue(
313                                 "Resource Tree function: false negative",
314                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
315                         assertTrue(
316                                 "Resource Tree function: false positive",
317                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
318
319                         //Make sure we properly handle bad input
320                         try {
321                                 resourceTreeFunction.match(null, null);
322                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
323                         } catch (ArpException ie) {
324                                 //This is supposed to fail
325                         }
326                         try {
327                                 resourceTreeFunction.match("Test", "Test");
328                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
329                         } catch (ArpException ie) {
330                                 //This is supposed to fail
331                         }
332
333                         /*
334                          * Test the Regex function (requester & resource)
335                          */
336
337                         //Try requester regexes
338                         assertTrue(
339                                 "Regex function: false negative",
340                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
341                         assertTrue(
342                                 "Regex function: false negative",
343                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
344                         assertTrue(
345                                 "Regex function: false negative",
346                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
347                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
348                         assertTrue(
349                                 "Regex function: false positive",
350                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
351                         assertTrue(
352                                 "Regex function: false positive",
353                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
354                         assertTrue(
355                                 "Regex function: false positive",
356                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
357
358                         //Try resource regexes
359                         assertTrue(
360                                 "Regex function: false negative",
361                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
362                         assertTrue(
363                                 "Regex function: false negative",
364                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
365                         assertTrue(
366                                 "Regex function: false negative",
367                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
368                         assertTrue(
369                                 "Regex function: false negative",
370                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
371                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
372                         assertTrue(
373                                 "Regex function: false positive",
374                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
375                         assertTrue(
376                                 "Regex function: false positive",
377                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
378
379                         //Make sure we properly handle bad input
380                         try {
381                                 regexFunction.match(null, null);
382                                 fail("Regex function seems to take improper input without throwing an exception.");
383                         } catch (ArpException ie) {
384                                 //This is supposed to fail
385                         }
386
387                 } catch (ArpException e) {
388                         fail("Encountered a problem loading match function: " + e);
389                 } catch (URISyntaxException e) {
390                         fail("Unable to create URI from test string.");
391                 } catch (MalformedURLException e) {
392                         fail("Couldn't create test URLs: " + e);
393                 }
394
395         }
396
397         public void testRepositories() {
398
399                 /*
400                  * Test the Factory
401                  */
402
403                 //Make sure we fail if an unavailable Repository implementation is specified
404                 ArpRepository repository = null;
405
406                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
407                 docFactory.setNamespaceAware(true);
408                 Document placeHolder;
409                 try {
410                         placeHolder = docFactory.newDocumentBuilder().newDocument();
411
412                         Element repositoryElement =
413                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
414                         repositoryElement.setAttributeNS(
415                                 ShibbolethOriginConfig.originConfigNamespace,
416                                 "implementation",
417                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
418
419                         ArpRepositoryFactory.getInstance(repositoryElement);
420
421                 } catch (ParserConfigurationException e) {
422                         fail("Failed to create bogus Arp Repository configuration" + e);
423
424                 } catch (ArpRepositoryException e) {
425                         //This is supposed to fail
426                 }
427
428                 // Make sure we can create an Arp Repository
429                 repository = null;
430                 try {
431                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
432                 } catch (ArpRepositoryException e) {
433                         fail("Failed to create memory-based Arp Repository" + e);
434                 }
435                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
436
437                 /*
438                  * Exercise the Memory Arp Repository
439                  */
440
441                 //Set/retrieve/remove a Site ARP
442                 Arp siteArp1 = new Arp();
443                 siteArp1.setDescription("Test Site Arp 1.");
444                 try {
445                         repository.update(siteArp1);
446                         assertEquals(
447                                 "Memory Repository does not store and retrieve Site ARPs properly.",
448                                 siteArp1,
449                                 repository.getSitePolicy());
450                         repository.remove(repository.getSitePolicy());
451                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
452                 } catch (ArpRepositoryException e) {
453                         fail("Error adding Site ARP to Memory Repository.");
454                 }
455
456                 //Set/retrieve/delete some user ARPs
457                 Arp userArp1 = new Arp();
458                 userArp1.setDescription("Broken User Arp 1.");
459                 try {
460                         repository.update(userArp1);
461                         assertTrue(
462                                 "Memory Repository does not store and retrieve User ARPs properly.",
463                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
464                 } catch (ArpRepositoryException e) {
465                         fail("Error adding User ARP to Memory Repository.");
466                 }
467
468                 Arp userArp2 = new Arp(new AuthNPrincipal("TestPrincipal"));
469                 userArp2.setDescription("Test User Arp 2.");
470                 try {
471                         repository.update(userArp2);
472                         assertEquals(
473                                 "Memory Repository does not store and retrieve User ARPs properly.",
474                                 userArp2,
475                                 repository.getUserPolicy(userArp2.getPrincipal()));
476                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
477                         assertNull(
478                                 "Memorty Repository does not properly delete User ARPs.",
479                                 repository.getUserPolicy(userArp2.getPrincipal()));
480                 } catch (ArpRepositoryException e) {
481                         fail("Error adding User ARP to Memory Repository.");
482                 }
483
484                 //create a repository
485                 repository = null;
486
487                 try {
488                         placeHolder = docFactory.newDocumentBuilder().newDocument();
489
490                         Element repositoryElement =
491                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
492                         repositoryElement.setAttributeNS(
493                                 ShibbolethOriginConfig.originConfigNamespace,
494                                 "implementation",
495                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
496                         repositoryElement.setAttributeNS(ShibbolethOriginConfig.originConfigNamespace, "arpTTL", "65535");
497
498                         Element path = placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "Path");
499                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
500                         path.appendChild(text);
501
502                         repositoryElement.appendChild(path);
503
504                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
505
506                 } catch (ArpRepositoryException e) {
507                         fail("Failed to create file-based Arp Repository" + e);
508                 } catch (ParserConfigurationException e) {
509                         fail("Failed to create file-based Arp Repository configuration" + e);
510                 }
511
512                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
513
514                 try {
515                         Arp siteArp = repository.getSitePolicy();
516
517                         InputStream inStream = new FileInputStream("data/arp.site.xml");
518                         parser.parse(new InputSource(inStream));
519                         ByteArrayOutputStream directXML = new ByteArrayOutputStream();
520                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
521
522                         ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
523                         new XMLSerializer(processedXML, new OutputFormat()).serialize(siteArp.unmarshall());
524
525                         assertTrue(
526                                 "File-based ARP Repository did not return the correct site ARP.",
527                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
528                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
529
530                         Arp userArp = repository.getUserPolicy(new AuthNPrincipal("test"));
531
532                         inStream = new FileInputStream("data/arp.user.test.xml");
533                         parser.parse(new InputSource(inStream));
534                         directXML = new ByteArrayOutputStream();
535                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
536
537                         processedXML = new ByteArrayOutputStream();
538                         new XMLSerializer(processedXML, new OutputFormat()).serialize(userArp.unmarshall());
539
540                         assertTrue(
541                                 "File-based ARP Repository did not return the correct user ARP.",
542                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
543                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
544
545                         Arp[] allArps = repository.getAllPolicies(new AuthNPrincipal("test"));
546
547                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
548
549                 } catch (Exception e) {
550                         fail("Error retrieving ARP from Repository: " + e);
551                 }
552
553         }
554
555         public void testPossibleReleaseSetComputation() {
556
557                 ArpRepository repository = null;
558                 try {
559                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
560                 } catch (ArpRepositoryException e) {
561                         fail("Failed to create memory-based Arp Repository" + e);
562                 }
563
564                 try {
565                         Principal principal1 = new AuthNPrincipal("TestPrincipal");
566                         URL url1 = new URL("http://www.example.edu/");
567                         URI[] list1 = { new URI("urn:mace:dir:attribute-def:eduPersonAffiliation")};
568                         URI[] list2 =
569                                 {
570                                         new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"),
571                                         new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName")};
572                         URI[] list3 = new URI[0];
573
574                         //Test with just a site ARP
575                         InputStream inStream = new FileInputStream("data/arp1.xml");
576                         parser.parse(new InputSource(inStream));
577                         Arp arp1 = new Arp();
578                         arp1.marshall(parser.getDocument().getDocumentElement());
579                         repository.update(arp1);
580                         ArpEngine engine = new ArpEngine(repository);
581                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
582                         assertEquals(
583                                 "Incorrectly computed possible release set (1).",
584                                 new HashSet(Arrays.asList(possibleAttributes)),
585                                 new HashSet(Arrays.asList(list1)));
586
587                         //Test with site and user ARPs
588                         inStream = new FileInputStream("data/arp7.xml");
589                         parser.parse(new InputSource(inStream));
590                         Arp arp7 = new Arp();
591                         arp7.setPrincipal(principal1);
592                         arp7.marshall(parser.getDocument().getDocumentElement());
593                         repository.update(arp7);
594                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
595                         assertEquals(
596                                 "Incorrectly computed possible release set (2).",
597                                 new HashSet(Arrays.asList(possibleAttributes)),
598                                 new HashSet(Arrays.asList(list2)));
599
600                         //Ensure that explicit denies on any value are not in the release set
601                         inStream = new FileInputStream("data/arp6.xml");
602                         parser.parse(new InputSource(inStream));
603                         Arp arp6 = new Arp();
604                         arp6.setPrincipal(principal1);
605                         arp6.marshall(parser.getDocument().getDocumentElement());
606                         repository.update(arp6);
607                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
608                         assertEquals(
609                                 "Incorrectly computed possible release set (3).",
610                                 new HashSet(Arrays.asList(possibleAttributes)),
611                                 new HashSet(Arrays.asList(list3)));
612
613                 } catch (Exception e) {
614                         e.printStackTrace();
615                         fail("Failed to marshall ARP: " + e);
616                 }
617
618         }
619
620         public void testArpApplication() {
621
622                 //Construct an engine with a memory-based repository
623                 ArpRepository repository = null;
624                 try {
625                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
626
627                 } catch (ArpRepositoryException e) {
628                         fail("Failed to create memory-based Arp Repository" + e);
629                 }
630
631                 try {
632
633                         arpApplicationTest1(repository, parser);
634                         arpApplicationTest2(repository, parser);
635                         arpApplicationTest3(repository, parser);
636                         arpApplicationTest4(repository, parser);
637                         arpApplicationTest5(repository, parser);
638                         arpApplicationTest6(repository, parser);
639                         arpApplicationTest7(repository, parser);
640                         arpApplicationTest8(repository, parser);
641                         arpApplicationTest9(repository, parser);
642                         arpApplicationTest10(repository, parser);
643                         arpApplicationTest11(repository, parser);
644                         arpApplicationTest12(repository, parser);
645                         arpApplicationTest13(repository, parser);
646                         arpApplicationTest14(repository, parser);
647                         arpApplicationTest15(repository, parser);
648                         arpApplicationTest16(repository, parser);
649                         arpApplicationTest17(repository, parser);
650                         arpApplicationTest18(repository, parser);
651                         arpApplicationTest19(repository, parser);
652                         arpApplicationTest20(repository, parser);
653                         arpApplicationTest21(repository, parser);
654                         arpApplicationTest22(repository, parser);
655                         arpApplicationTest23(repository, parser);
656                         arpApplicationTest24(repository, parser);
657
658                 } catch (Exception e) {
659                         e.printStackTrace();
660                         fail("Failed to apply filter to ARPs: " + e);
661                 }
662         }
663
664         public void testRoundtripMarshalling() {
665
666                 try {
667                         for (int i = 0; i < arpExamples.length; i++) {
668
669                                 InputStream inStream = new FileInputStream(arpExamples[i]);
670                                 parser.parse(new InputSource(inStream));
671                                 ByteArrayOutputStream directXML = new ByteArrayOutputStream();
672                                 new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
673
674                                 Arp arp1 = new Arp();
675                                 arp1.marshall(parser.getDocument().getDocumentElement());
676
677                                 ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
678                                 new XMLSerializer(processedXML, new OutputFormat()).serialize(arp1.unmarshall());
679
680                                 assertTrue(
681                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
682                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
683                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
684                         }
685
686                 } catch (Exception e) {
687                         fail("Failed to marshall ARP: " + e);
688                 }
689
690         }
691         /**
692          * ARPs: A site ARP only
693          * Target: Any
694          * Attribute: Any value release,
695          */
696         void arpApplicationTest1(ArpRepository repository, DOMParser parser) throws Exception {
697
698                 //Gather the Input
699                 String rawArp =
700                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
701                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
702                                 + "                     <Rule>"
703                                 + "                             <Target>"
704                                 + "                                     <AnyTarget/>"
705                                 + "                             </Target>"
706                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
707                                 + "                                     <AnyValue release=\"permit\"/>"
708                                 + "                             </Attribute>"
709                                 + "                     </Rule>"
710                                 + "     </AttributeReleasePolicy>";
711
712                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
713                 URL url1 = new URL("http://www.example.edu/");
714                 AAAttributeSet inputSet =
715                         new AAAttributeSet(
716                                 new AAAttribute(
717                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
718                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
719
720                 AAAttributeSet releaseSet =
721                         new AAAttributeSet(
722                                 new AAAttribute(
723                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
724                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
725
726                 //Setup the engine
727                 parser.parse(new InputSource(new StringReader(rawArp)));
728                 Arp siteArp = new Arp();
729                 siteArp.marshall(parser.getDocument().getDocumentElement());
730                 repository.update(siteArp);
731                 ArpEngine engine = new ArpEngine(repository);
732
733                 //Apply the ARP
734                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
735
736                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
737         }
738
739         /**
740          * ARPs: A site ARP only
741          * Target: Any
742          * Attribute: Any value release, implicit deny
743          */
744         void arpApplicationTest2(ArpRepository repository, DOMParser parser) throws Exception {
745
746                 //Gather the Input
747                 String rawArp =
748                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
749                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
750                                 + "                     <Rule>"
751                                 + "                             <Target>"
752                                 + "                                     <AnyTarget/>"
753                                 + "                             </Target>"
754                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
755                                 + "                                     <AnyValue release=\"permit\"/>"
756                                 + "                             </Attribute>"
757                                 + "                     </Rule>"
758                                 + "     </AttributeReleasePolicy>";
759
760                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
761                 URL url1 = new URL("http://www.example.edu/");
762                 AAAttributeSet inputSet =
763                         new AAAttributeSet(
764                                 new AAAttribute[] {
765                                         new AAAttribute(
766                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
767                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
768                                         new AAAttribute(
769                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
770                                                 new Object[] { "mehoehn@example.edu" })
771                 });
772
773                 AAAttributeSet releaseSet =
774                         new AAAttributeSet(
775                                 new AAAttribute[] {
776                                          new AAAttribute(
777                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
778                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
779                 });
780
781                 //Setup the engine
782                 parser.parse(new InputSource(new StringReader(rawArp)));
783                 Arp siteArp = new Arp();
784                 siteArp.marshall(parser.getDocument().getDocumentElement());
785                 repository.update(siteArp);
786                 ArpEngine engine = new ArpEngine(repository);
787
788                 //Apply the ARP
789                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
790
791                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
792         }
793
794         /**
795          * ARPs: A site ARP only
796          * Target: Any
797          * Attribute: One value release
798          */
799         void arpApplicationTest3(ArpRepository repository, DOMParser parser) throws Exception {
800
801                 //Gather the Input
802                 String rawArp =
803                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
804                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
805                                 + "                     <Rule>"
806                                 + "                             <Target>"
807                                 + "                                     <AnyTarget/>"
808                                 + "                             </Target>"
809                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
810                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
811                                 + "                             </Attribute>"
812                                 + "                     </Rule>"
813                                 + "     </AttributeReleasePolicy>";
814
815                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
816                 URL url1 = new URL("http://www.example.edu/");
817                 AAAttributeSet inputSet =
818                         new AAAttributeSet(
819                                 new AAAttribute(
820                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
821                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
822                 AAAttributeSet releaseSet =
823                         new AAAttributeSet(
824                                 new AAAttribute(
825                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
826                                         new Object[] { "member@example.edu" }));
827
828                 //Setup the engine
829                 parser.parse(new InputSource(new StringReader(rawArp)));
830                 Arp siteArp = new Arp();
831                 siteArp.marshall(parser.getDocument().getDocumentElement());
832                 repository.update(siteArp);
833                 ArpEngine engine = new ArpEngine(repository);
834
835                 //Apply the ARP
836                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
837
838                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
839         }
840
841         /**
842          * ARPs: A site ARP only
843          * Target: Any
844          * Attribute: Any value except one release, canonical representation
845          */
846         void arpApplicationTest4(ArpRepository repository, DOMParser parser) throws Exception {
847
848                 //Gather the Input
849                 String rawArp =
850                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
851                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
852                                 + "                     <Rule>"
853                                 + "                             <Target>"
854                                 + "                                     <AnyTarget/>"
855                                 + "                             </Target>"
856                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
857                                 + "                                     <AnyValue release=\"permit\"/>"
858                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
859                                 + "                             </Attribute>"
860                                 + "                     </Rule>"
861                                 + "     </AttributeReleasePolicy>";
862
863                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
864                 URL url1 = new URL("http://www.example.edu/");
865                 AAAttributeSet inputSet =
866                         new AAAttributeSet(
867                                 new AAAttribute(
868                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
869                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
870                 AAAttributeSet releaseSet =
871                         new AAAttributeSet(
872                                 new AAAttribute(
873                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
874                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
875
876                 //Setup the engine
877                 parser.parse(new InputSource(new StringReader(rawArp)));
878                 Arp siteArp = new Arp();
879                 siteArp.marshall(parser.getDocument().getDocumentElement());
880                 repository.update(siteArp);
881                 ArpEngine engine = new ArpEngine(repository);
882
883                 //Apply the ARP
884                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
885
886                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
887         }
888
889         /**
890          * ARPs: A site ARP only
891          * Target: Any
892          * Attribute: Any value except one release, expanded representation
893          */
894         void arpApplicationTest5(ArpRepository repository, DOMParser parser) throws Exception {
895
896                 //Gather the Input
897                 String rawArp =
898                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
899                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
900                                 + "                     <Rule>"
901                                 + "                             <Target>"
902                                 + "                                     <AnyTarget/>"
903                                 + "                             </Target>"
904                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
905                                 + "                                     <AnyValue release=\"permit\"/>"
906                                 + "                             </Attribute>"
907                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
908                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
909                                 + "                             </Attribute>"
910                                 + "                     </Rule>"
911                                 + "     </AttributeReleasePolicy>";
912
913                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
914                 URL url1 = new URL("http://www.example.edu/");
915                 AAAttributeSet inputSet =
916                         new AAAttributeSet(
917                                 new AAAttribute(
918                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
919                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
920                 AAAttributeSet releaseSet =
921                         new AAAttributeSet(
922                                 new AAAttribute(
923                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
924                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
925
926                 //Setup the engine
927                 parser.parse(new InputSource(new StringReader(rawArp)));
928                 Arp siteArp = new Arp();
929                 siteArp.marshall(parser.getDocument().getDocumentElement());
930                 repository.update(siteArp);
931                 ArpEngine engine = new ArpEngine(repository);
932
933                 //Apply the ARP
934                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
935
936                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
937         }
938
939         /**
940          * ARPs: A site ARP only
941          * Target: Any
942          * Attribute: Any value except two release, expanded representation
943          */
944         void arpApplicationTest6(ArpRepository repository, DOMParser parser) throws Exception {
945
946                 //Gather the Input
947                 String rawArp =
948                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
949                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
950                                 + "                     <Rule>"
951                                 + "                             <Target>"
952                                 + "                                     <AnyTarget/>"
953                                 + "                             </Target>"
954                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
955                                 + "                                     <AnyValue release=\"permit\"/>"
956                                 + "                             </Attribute>"
957                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
958                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
959                                 + "                             </Attribute>"
960                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
961                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
962                                 + "                             </Attribute>"
963                                 + "                     </Rule>"
964                                 + "     </AttributeReleasePolicy>";
965
966                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
967                 URL url1 = new URL("http://www.example.edu/");
968                 AAAttributeSet inputSet =
969                         new AAAttributeSet(
970                                 new AAAttribute(
971                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
972                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
973                 AAAttributeSet releaseSet =
974                         new AAAttributeSet(
975                                 new AAAttribute(
976                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
977                                         new Object[] { "employee@example.edu" }));
978
979                 //Setup the engine
980                 parser.parse(new InputSource(new StringReader(rawArp)));
981                 Arp siteArp = new Arp();
982                 siteArp.marshall(parser.getDocument().getDocumentElement());
983                 repository.update(siteArp);
984                 ArpEngine engine = new ArpEngine(repository);
985
986                 //Apply the ARP
987                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
988
989                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
990         }
991
992         /**
993          * ARPs: A site ARP only
994          * Target: Any
995          * Attribute: Two value release, canonical representation
996          */
997         void arpApplicationTest7(ArpRepository repository, DOMParser parser) throws Exception {
998
999                 //Gather the Input
1000                 String rawArp =
1001                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1002                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1003                                 + "                     <Rule>"
1004                                 + "                             <Target>"
1005                                 + "                                     <AnyTarget/>"
1006                                 + "                             </Target>"
1007                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1008                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1009                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1010                                 + "                             </Attribute>"
1011                                 + "                     </Rule>"
1012                                 + "     </AttributeReleasePolicy>";
1013
1014                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1015                 URL url1 = new URL("http://www.example.edu/");
1016                 AAAttributeSet inputSet =
1017                         new AAAttributeSet(
1018                                 new AAAttribute(
1019                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1020                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1021                 AAAttributeSet releaseSet =
1022                         new AAAttributeSet(
1023                                 new AAAttribute(
1024                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1025                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1026
1027                 //Setup the engine
1028                 parser.parse(new InputSource(new StringReader(rawArp)));
1029                 Arp siteArp = new Arp();
1030                 siteArp.marshall(parser.getDocument().getDocumentElement());
1031                 repository.update(siteArp);
1032                 ArpEngine engine = new ArpEngine(repository);
1033
1034                 //Apply the ARP
1035                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1036
1037                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
1038         }
1039
1040         /**
1041          * ARPs: A site ARP only
1042          * Target: Any
1043          * Attribute: Two value release, expanded representation
1044          */
1045         void arpApplicationTest8(ArpRepository repository, DOMParser parser) throws Exception {
1046
1047                 //Gather the Input
1048                 String rawArp =
1049                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1050                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1051                                 + "                     <Rule>"
1052                                 + "                             <Target>"
1053                                 + "                                     <AnyTarget/>"
1054                                 + "                             </Target>"
1055                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1056                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1057                                 + "                             </Attribute>"
1058                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1059                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1060                                 + "                             </Attribute>"
1061                                 + "                     </Rule>"
1062                                 + "     </AttributeReleasePolicy>";
1063
1064                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1065                 URL url1 = new URL("http://www.example.edu/");
1066                 AAAttributeSet inputSet =
1067                         new AAAttributeSet(
1068                                 new AAAttribute(
1069                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1070                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1071                 AAAttributeSet releaseSet =
1072                         new AAAttributeSet(
1073                                 new AAAttribute(
1074                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1075                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1076
1077                 //Setup the engine
1078                 parser.parse(new InputSource(new StringReader(rawArp)));
1079                 Arp siteArp = new Arp();
1080                 siteArp.marshall(parser.getDocument().getDocumentElement());
1081                 repository.update(siteArp);
1082                 ArpEngine engine = new ArpEngine(repository);
1083
1084                 //Apply the ARP
1085                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1086
1087                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1088         }
1089
1090         /**
1091          * ARPs: A site ARP only
1092          * Target: Any
1093          * Attribute: Any value deny
1094          */
1095         void arpApplicationTest9(ArpRepository repository, DOMParser parser) throws Exception {
1096
1097                 //Gather the Input
1098                 String rawArp =
1099                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1100                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1101                                 + "                     <Rule>"
1102                                 + "                             <Target>"
1103                                 + "                                     <AnyTarget/>"
1104                                 + "                             </Target>"
1105                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1106                                 + "                                     <AnyValue release=\"deny\"/>"
1107                                 + "                             </Attribute>"
1108                                 + "                     </Rule>"
1109                                 + "     </AttributeReleasePolicy>";
1110
1111                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1112                 URL url1 = new URL("http://www.example.edu/");
1113                 AAAttributeSet inputSet =
1114                         new AAAttributeSet(
1115                                 new AAAttribute(
1116                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1117                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1118
1119                 //Setup the engine
1120                 parser.parse(new InputSource(new StringReader(rawArp)));
1121                 Arp siteArp = new Arp();
1122                 siteArp.marshall(parser.getDocument().getDocumentElement());
1123                 repository.update(siteArp);
1124                 ArpEngine engine = new ArpEngine(repository);
1125
1126                 //Apply the ARP
1127                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1128
1129                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1130         }
1131
1132         /**
1133          * ARPs: A site ARP only
1134          * Target: Any
1135          * Attribute: Any value deny trumps explicit permit expanded representation
1136          */
1137         void arpApplicationTest10(ArpRepository repository, DOMParser parser) throws Exception {
1138
1139                 //Gather the Input
1140                 String rawArp =
1141                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1142                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1143                                 + "                     <Rule>"
1144                                 + "                             <Target>"
1145                                 + "                                     <AnyTarget/>"
1146                                 + "                             </Target>"
1147                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1148                                 + "                                     <AnyValue release=\"deny\"/>"
1149                                 + "                             </Attribute>"
1150                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1151                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1152                                 + "                             </Attribute>"
1153                                 + "                     </Rule>"
1154                                 + "     </AttributeReleasePolicy>";
1155
1156                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1157                 URL url1 = new URL("http://www.example.edu/");
1158                 AAAttributeSet inputSet =
1159                         new AAAttributeSet(
1160                                 new AAAttribute(
1161                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1162                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1163
1164                 //Setup the engine
1165                 parser.parse(new InputSource(new StringReader(rawArp)));
1166                 Arp siteArp = new Arp();
1167                 siteArp.marshall(parser.getDocument().getDocumentElement());
1168                 repository.update(siteArp);
1169                 ArpEngine engine = new ArpEngine(repository);
1170
1171                 //Apply the ARP
1172                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1173
1174                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1175         }
1176
1177         /**
1178          * ARPs: A site ARP only
1179          * Target: Any
1180          * Attribute: Any value deny trumps explicit permit canonical representation
1181          */
1182         void arpApplicationTest11(ArpRepository repository, DOMParser parser) throws Exception {
1183
1184                 //Gather the Input
1185                 String rawArp =
1186                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1187                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1188                                 + "                     <Rule>"
1189                                 + "                             <Target>"
1190                                 + "                                     <AnyTarget/>"
1191                                 + "                             </Target>"
1192                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1193                                 + "                                     <AnyValue release=\"deny\"/>"
1194                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1195                                 + "                             </Attribute>"
1196                                 + "                     </Rule>"
1197                                 + "     </AttributeReleasePolicy>";
1198
1199                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1200                 URL url1 = new URL("http://www.example.edu/");
1201                 AAAttributeSet inputSet =
1202                         new AAAttributeSet(
1203                                 new AAAttribute(
1204                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1205                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1206
1207                 //Setup the engine
1208                 parser.parse(new InputSource(new StringReader(rawArp)));
1209                 Arp siteArp = new Arp();
1210                 siteArp.marshall(parser.getDocument().getDocumentElement());
1211                 repository.update(siteArp);
1212                 ArpEngine engine = new ArpEngine(repository);
1213
1214                 //Apply the ARP
1215                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1216
1217                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1218         }
1219
1220         /**
1221          * ARPs: A site ARP only
1222          * Target: Specific shar, Any Resource
1223          * Attribute: Any value release
1224          */
1225         void arpApplicationTest12(ArpRepository repository, DOMParser parser) throws Exception {
1226
1227                 //Gather the Input
1228                 String rawArp =
1229                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1230                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1231                                 + "                     <Rule>"
1232                                 + "                             <Target>"
1233                                 + "                                     <Requester>shar.example.edu</Requester>"
1234                                 + "                                     <AnyResource />"
1235                                 + "                             </Target>"
1236                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1237                                 + "                                     <AnyValue release=\"permit\"/>"
1238                                 + "                             </Attribute>"
1239                                 + "                     </Rule>"
1240                                 + "     </AttributeReleasePolicy>";
1241
1242                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1243                 URL url1 = new URL("http://www.example.edu/");
1244                 AAAttributeSet inputSet =
1245                         new AAAttributeSet(
1246                                 new AAAttribute(
1247                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1248                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1249                 AAAttributeSet releaseSet =
1250                         new AAAttributeSet(
1251                                 new AAAttribute(
1252                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1253                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1254
1255                 //Setup the engine
1256                 parser.parse(new InputSource(new StringReader(rawArp)));
1257                 Arp siteArp = new Arp();
1258                 siteArp.marshall(parser.getDocument().getDocumentElement());
1259                 repository.update(siteArp);
1260                 ArpEngine engine = new ArpEngine(repository);
1261
1262                 //Apply the ARP
1263                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1264
1265                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1266         }
1267
1268         /**
1269          * ARPs: A site ARP only
1270          * Target: Specific shar, Any Resource (another example)
1271          * Attribute: Any value release
1272          */
1273         void arpApplicationTest13(ArpRepository repository, DOMParser parser) throws Exception {
1274
1275                 //Gather the Input
1276                 String rawArp =
1277                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1278                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1279                                 + "                     <Rule>"
1280                                 + "                             <Target>"
1281                                 + "                                     <Requester>shar.example.edu</Requester>"
1282                                 + "                                     <AnyResource />"
1283                                 + "                             </Target>"
1284                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1285                                 + "                                     <AnyValue release=\"permit\"/>"
1286                                 + "                             </Attribute>"
1287                                 + "                     </Rule>"
1288                                 + "     </AttributeReleasePolicy>";
1289
1290                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1291                 URL url1 = new URL("https://foo.com/");
1292                 AAAttributeSet inputSet =
1293                         new AAAttributeSet(
1294                                 new AAAttribute(
1295                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1296                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1297                 AAAttributeSet releaseSet =
1298                         new AAAttributeSet(
1299                                 new AAAttribute(
1300                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1301                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1302
1303                 //Setup the engine
1304                 parser.parse(new InputSource(new StringReader(rawArp)));
1305                 Arp siteArp = new Arp();
1306                 siteArp.marshall(parser.getDocument().getDocumentElement());
1307                 repository.update(siteArp);
1308                 ArpEngine engine = new ArpEngine(repository);
1309
1310                 //Apply the ARP
1311                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1312
1313                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1314         }
1315
1316         /**
1317          * ARPs: A site ARP only
1318          * Target: Specific shar (no match), Any Resource
1319          * Attribute: Any value release
1320          */
1321         void arpApplicationTest14(ArpRepository repository, DOMParser parser) throws Exception {
1322
1323                 //Gather the Input
1324                 String rawArp =
1325                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1326                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1327                                 + "                     <Rule>"
1328                                 + "                             <Target>"
1329                                 + "                                     <Requester>shar.example.edu</Requester>"
1330                                 + "                                     <AnyResource />"
1331                                 + "                             </Target>"
1332                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1333                                 + "                                     <AnyValue release=\"permit\"/>"
1334                                 + "                             </Attribute>"
1335                                 + "                     </Rule>"
1336                                 + "     </AttributeReleasePolicy>";
1337
1338                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1339                 URL url1 = new URL("http://www.example.edu/");
1340                 AAAttributeSet inputSet =
1341                         new AAAttributeSet(
1342                                 new AAAttribute(
1343                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1344                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1345
1346                 //Setup the engine
1347                 parser.parse(new InputSource(new StringReader(rawArp)));
1348                 Arp siteArp = new Arp();
1349                 siteArp.marshall(parser.getDocument().getDocumentElement());
1350                 repository.update(siteArp);
1351                 ArpEngine engine = new ArpEngine(repository);
1352
1353                 //Apply the ARP
1354                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1355
1356                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1357         }
1358
1359         /**
1360          * ARPs: A site ARP only
1361          * Target: Specific shar, Specific resource
1362          * Attribute: Any value release
1363          */
1364         void arpApplicationTest15(ArpRepository repository, DOMParser parser) throws Exception {
1365
1366                 //Gather the Input
1367                 String rawArp =
1368                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1369                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1370                                 + "                     <Rule>"
1371                                 + "                             <Target>"
1372                                 + "                                     <Requester>shar.example.edu</Requester>"
1373                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1374                                 + "                             </Target>"
1375                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1376                                 + "                                     <AnyValue release=\"permit\"/>"
1377                                 + "                             </Attribute>"
1378                                 + "                     </Rule>"
1379                                 + "     </AttributeReleasePolicy>";
1380
1381                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1382                 URL url1 = new URL("http://www.example.edu/index.html");
1383                 AAAttributeSet inputSet =
1384                         new AAAttributeSet(
1385                                 new AAAttribute(
1386                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1387                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1388                 AAAttributeSet releaseSet =
1389                         new AAAttributeSet(
1390                                 new AAAttribute(
1391                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1392                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1393
1394                 //Setup the engine
1395                 parser.parse(new InputSource(new StringReader(rawArp)));
1396                 Arp siteArp = new Arp();
1397                 siteArp.marshall(parser.getDocument().getDocumentElement());
1398                 repository.update(siteArp);
1399                 ArpEngine engine = new ArpEngine(repository);
1400
1401                 //Apply the ARP
1402                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1403
1404                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1405         }
1406
1407         /**
1408          * ARPs: A site ARP only
1409          * Target: Specific shar, Specific resource (no match)
1410          * Attribute: Any value release
1411          */
1412         void arpApplicationTest16(ArpRepository repository, DOMParser parser) throws Exception {
1413
1414                 //Gather the Input
1415                 String rawArp =
1416                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1417                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1418                                 + "                     <Rule>"
1419                                 + "                             <Target>"
1420                                 + "                                     <Requester>shar.example.edu</Requester>"
1421                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1422                                 + "                             </Target>"
1423                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1424                                 + "                                     <AnyValue release=\"permit\"/>"
1425                                 + "                             </Attribute>"
1426                                 + "                     </Rule>"
1427                                 + "     </AttributeReleasePolicy>";
1428
1429                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1430                 URL url1 = new URL("https://www.example.edu/index.html");
1431                 AAAttributeSet inputSet =
1432                         new AAAttributeSet(
1433                                 new AAAttribute(
1434                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1435                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1436
1437                 //Setup the engine
1438                 parser.parse(new InputSource(new StringReader(rawArp)));
1439                 Arp siteArp = new Arp();
1440                 siteArp.marshall(parser.getDocument().getDocumentElement());
1441                 repository.update(siteArp);
1442                 ArpEngine engine = new ArpEngine(repository);
1443
1444                 //Apply the ARP
1445                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1446
1447                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1448         }
1449
1450         /**
1451          * ARPs: A site ARP only
1452          * Target: Multiple matching rules
1453          * Attribute: various
1454          */
1455         void arpApplicationTest17(ArpRepository repository, DOMParser parser) throws Exception {
1456
1457                 //Gather the Input
1458                 String rawArp =
1459                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1460                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1461                                 + "                     <Rule>"
1462                                 + "                             <Target>"
1463                                 + "                                     <AnyTarget />"
1464                                 + "                             </Target>"
1465                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1466                                 + "                                     <AnyValue release=\"permit\"/>"
1467                                 + "                             </Attribute>"
1468                                 + "                     </Rule>"
1469                                 + "                     <Rule>"
1470                                 + "                             <Target>"
1471                                 + "                                     <Requester>shar1.example.edu</Requester>"
1472                                 + "                                     <AnyResource />"
1473                                 + "                             </Target>"
1474                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1475                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1476                                 + "                             </Attribute>"
1477                                 + "                     </Rule>"
1478                                 + "                     <Rule>"
1479                                 + "                             <Target>"
1480                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1481                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1482                                 + "                             </Target>"
1483                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1484                                 + "                                     <AnyValue release=\"permit\"/>"
1485                                 + "                             </Attribute>"
1486                                 + "                     </Rule>"
1487                                 + "     </AttributeReleasePolicy>";
1488
1489                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1490                 URL url1 = new URL("https://www.example.edu/index.html");
1491                 AAAttributeSet inputSet =
1492                         new AAAttributeSet(
1493                                 new AAAttribute[] {
1494                                         new AAAttribute(
1495                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1496                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1497                                         new AAAttribute(
1498                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1499                                                 new Object[] { "wassa@columbia.edu" })
1500                 });
1501
1502                 AAAttributeSet releaseSet =
1503                         new AAAttributeSet(
1504                                 new AAAttribute[] {
1505                                         new AAAttribute(
1506                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1507                                                 new Object[] { "wassa@columbia.edu" }),
1508                                         new AAAttribute(
1509                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1510                                                 new Object[] { "member@example.edu" })
1511                 });
1512
1513                 //Setup the engine
1514                 parser.parse(new InputSource(new StringReader(rawArp)));
1515                 Arp siteArp = new Arp();
1516                 siteArp.marshall(parser.getDocument().getDocumentElement());
1517                 repository.update(siteArp);
1518                 ArpEngine engine = new ArpEngine(repository);
1519
1520                 //Apply the ARP
1521                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1522
1523                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1524         }
1525
1526         /**
1527          * ARPs: A site ARP only
1528          * Target: Any
1529          * Attribute: Any value release of two attributes in one rule
1530          */
1531         void arpApplicationTest18(ArpRepository repository, DOMParser parser) throws Exception {
1532
1533                 //Gather the Input
1534                 String rawArp =
1535                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1536                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1537                                 + "                     <Rule>"
1538                                 + "                             <Target>"
1539                                 + "                                     <AnyTarget/>"
1540                                 + "                             </Target>"
1541                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1542                                 + "                                     <AnyValue release=\"permit\"/>"
1543                                 + "                             </Attribute>"
1544                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1545                                 + "                                     <AnyValue release=\"permit\"/>"
1546                                 + "                             </Attribute>"
1547                                 + "                     </Rule>"
1548                                 + "     </AttributeReleasePolicy>";
1549
1550                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1551                 URL url1 = new URL("http://www.example.edu/");
1552                 AAAttributeSet inputSet =
1553                         new AAAttributeSet(
1554                                 new AAAttribute[] {
1555                                         new AAAttribute(
1556                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1557                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1558                                         new AAAttribute(
1559                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1560                                                 new Object[] { "mehoehn@example.edu" })
1561                 });
1562
1563                 AAAttributeSet releaseSet =
1564                         new AAAttributeSet(
1565                                 new AAAttribute[] {
1566                                         new AAAttribute(
1567                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1568                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1569                                         new AAAttribute(
1570                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1571                                                 new Object[] { "mehoehn@example.edu" })
1572                 });
1573
1574                 //Setup the engine
1575                 parser.parse(new InputSource(new StringReader(rawArp)));
1576                 Arp siteArp = new Arp();
1577                 siteArp.marshall(parser.getDocument().getDocumentElement());
1578                 repository.update(siteArp);
1579                 ArpEngine engine = new ArpEngine(repository);
1580
1581                 //Apply the ARP
1582                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1583
1584                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1585         }
1586
1587         /**
1588          * ARPs: A user ARP only
1589          * Target: Any
1590          * Attribute: Any value release,
1591          */
1592         void arpApplicationTest19(ArpRepository repository, DOMParser parser) throws Exception {
1593
1594                 //Gather the Input
1595                 String rawArp =
1596                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1597                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1598                                 + "                     <Rule>"
1599                                 + "                             <Target>"
1600                                 + "                                     <AnyTarget/>"
1601                                 + "                             </Target>"
1602                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1603                                 + "                                     <AnyValue release=\"permit\"/>"
1604                                 + "                             </Attribute>"
1605                                 + "                     </Rule>"
1606                                 + "     </AttributeReleasePolicy>";
1607
1608                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1609                 URL url1 = new URL("http://www.example.edu/");
1610                 AAAttributeSet inputSet =
1611                         new AAAttributeSet(
1612                                 new AAAttribute(
1613                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1614                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1615                 AAAttributeSet releaseSet =
1616                         new AAAttributeSet(
1617                                 new AAAttribute(
1618                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1619                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1620
1621                 //Setup the engine
1622                 parser.parse(new InputSource(new StringReader(rawArp)));
1623                 Arp userArp = new Arp();
1624                 userArp.setPrincipal(principal1);
1625                 userArp.marshall(parser.getDocument().getDocumentElement());
1626                 repository.update(userArp);
1627                 ArpEngine engine = new ArpEngine(repository);
1628
1629                 //Apply the ARP
1630                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1631
1632                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1633         }
1634
1635         /**
1636          * ARPs: A site ARP and user ARP
1637          * Target: various
1638          * Attribute: various combinations
1639          */
1640         void arpApplicationTest20(ArpRepository repository, DOMParser parser) throws Exception {
1641
1642                 //Gather the Input
1643                 String rawSiteArp =
1644                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1645                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1646                                 + "                     <Rule>"
1647                                 + "                             <Target>"
1648                                 + "                                     <AnyTarget/>"
1649                                 + "                             </Target>"
1650                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1651                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1652                                 + "                             </Attribute>"
1653                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1654                                 + "                                     <AnyValue release=\"permit\" />"
1655                                 + "                             </Attribute>"
1656                                 + "                     </Rule>"
1657                                 + "                     <Rule>"
1658                                 + "                             <Target>"
1659                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1660                                 + "                                     <AnyResource />"
1661                                 + "                             </Target>"
1662                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1663                                 + "                                     <AnyValue release=\"permit\"/>"
1664                                 + "                             </Attribute>"
1665                                 + "                     </Rule>"
1666                                 + "                     <Rule>"
1667                                 + "                             <Target>"
1668                                 + "                                     <Requester>www.example.edu</Requester>"
1669                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1670                                 + "                             </Target>"
1671                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1672                                 + "                                     <AnyValue release=\"permit\"/>"
1673                                 + "                             </Attribute>"
1674                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1675                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1676                                 + "                             </Attribute>"
1677                                 + "                     </Rule>"
1678                                 + "                     <Rule>"
1679                                 + "                             <Target>"
1680                                 + "                                     <Requester>www.external.com</Requester>"
1681                                 + "                                     <Resource>http://www.external.com/</Resource>"
1682                                 + "                             </Target>"
1683                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1684                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1685                                 + "                             </Attribute>"
1686                                 + "                     </Rule>"
1687                                 + "     </AttributeReleasePolicy>";
1688
1689                 String rawUserArp =
1690                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1691                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1692                                 + "                     <Rule>"
1693                                 + "                             <Target>"
1694                                 + "                                     <AnyTarget/>"
1695                                 + "                             </Target>"
1696                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1697                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1698                                 + "                             </Attribute>"
1699                                 + "                     </Rule>"
1700                                 + "                     <Rule>"
1701                                 + "                             <Target>"
1702                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1703                                 + "                                     <AnyResource />"
1704                                 + "                             </Target>"
1705                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1706                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1707                                 + "                             </Attribute>"
1708                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1709                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1710                                 + "                             </Attribute>"
1711                                 + "                     </Rule>"
1712                                 + "     </AttributeReleasePolicy>";
1713
1714                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1715                 URL url1 = new URL("http://www.example.edu/test/index.html");
1716
1717                 AAAttributeSet inputSet =
1718                         new AAAttributeSet(
1719                                 new AAAttribute[] {
1720                                         new AAAttribute(
1721                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1722                                                 new Object[] {
1723                                                         "urn:example:lovesIceCream",
1724                                                         "urn:example:poorlyDressed",
1725                                                         "urn:example:contract:113455",
1726                                                         "urn:example:contract:4657483" }),
1727                                         new AAAttribute(
1728                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1729                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1730                                         new AAAttribute(
1731                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1732                                                 new Object[] { "wassa@example.edu" }),
1733                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1734                 });
1735
1736                 AAAttributeSet releaseSet =
1737                         new AAAttributeSet(
1738                                 new AAAttribute[] {
1739                                         new AAAttribute(
1740                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1741                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1742                                         new AAAttribute(
1743                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1744                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1745                                         new AAAttribute(
1746                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1747                                                 new Object[] { "wassa@example.edu" }),
1748                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1749                 });
1750
1751                 //Add the site ARP
1752                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1753                 Arp siteArp = new Arp();
1754                 siteArp.marshall(parser.getDocument().getDocumentElement());
1755                 repository.update(siteArp);
1756
1757                 //Add the user ARP
1758                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1759                 Arp userArp = new Arp();
1760                 userArp.setPrincipal(principal1);
1761                 userArp.marshall(parser.getDocument().getDocumentElement());
1762                 repository.update(userArp);
1763
1764                 ArpEngine engine = new ArpEngine(repository);
1765
1766                 //Apply the ARP
1767                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1768
1769                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1770         }
1771
1772         /**
1773          * ARPs: A site ARP and user ARP
1774          * Target: various
1775          * Attribute: various combinations (same ARPs as 20, different requester)
1776          */
1777         void arpApplicationTest21(ArpRepository repository, DOMParser parser) throws Exception {
1778
1779                 //Gather the Input
1780                 String rawSiteArp =
1781                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1782                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1783                                 + "                     <Rule>"
1784                                 + "                             <Target>"
1785                                 + "                                     <AnyTarget/>"
1786                                 + "                             </Target>"
1787                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1788                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1789                                 + "                             </Attribute>"
1790                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1791                                 + "                                     <AnyValue release=\"permit\" />"
1792                                 + "                             </Attribute>"
1793                                 + "                     </Rule>"
1794                                 + "                     <Rule>"
1795                                 + "                             <Target>"
1796                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1797                                 + "                                     <AnyResource />"
1798                                 + "                             </Target>"
1799                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1800                                 + "                                     <AnyValue release=\"permit\"/>"
1801                                 + "                             </Attribute>"
1802                                 + "                     </Rule>"
1803                                 + "                     <Rule>"
1804                                 + "                             <Target>"
1805                                 + "                                     <Requester>www.example.edu</Requester>"
1806                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1807                                 + "                             </Target>"
1808                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1809                                 + "                                     <AnyValue release=\"permit\"/>"
1810                                 + "                             </Attribute>"
1811                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1812                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1813                                 + "                             </Attribute>"
1814                                 + "                     </Rule>"
1815                                 + "                     <Rule>"
1816                                 + "                             <Target>"
1817                                 + "                                     <Requester>www.external.com</Requester>"
1818                                 + "                                     <Resource>http://www.external.com/</Resource>"
1819                                 + "                             </Target>"
1820                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1821                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1822                                 + "                             </Attribute>"
1823                                 + "                     </Rule>"
1824                                 + "     </AttributeReleasePolicy>";
1825
1826                 String rawUserArp =
1827                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1828                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1829                                 + "                     <Rule>"
1830                                 + "                             <Target>"
1831                                 + "                                     <AnyTarget/>"
1832                                 + "                             </Target>"
1833                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1834                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1835                                 + "                             </Attribute>"
1836                                 + "                     </Rule>"
1837                                 + "                     <Rule>"
1838                                 + "                             <Target>"
1839                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1840                                 + "                                     <AnyResource />"
1841                                 + "                             </Target>"
1842                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1843                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1844                                 + "                             </Attribute>"
1845                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1846                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1847                                 + "                             </Attribute>"
1848                                 + "                     </Rule>"
1849                                 + "     </AttributeReleasePolicy>";
1850
1851                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1852                 URL url1 = new URL("http://www.external.com/");
1853
1854                 AAAttributeSet inputSet =
1855                         new AAAttributeSet(
1856                                 new AAAttribute[] {
1857                                         new AAAttribute(
1858                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1859                                                 new Object[] {
1860                                                         "urn:example:lovesIceCream",
1861                                                         "urn:example:poorlyDressed",
1862                                                         "urn:example:contract:113455",
1863                                                         "urn:example:contract:4657483" }),
1864                                         new AAAttribute(
1865                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1866                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1867                                         new AAAttribute(
1868                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1869                                                 new Object[] { "wassa@example.edu" }),
1870                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1871                 });
1872
1873                 AAAttributeSet releaseSet =
1874                         new AAAttributeSet(
1875                                 new AAAttribute[] {
1876                                         new AAAttribute(
1877                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1878                                                 new Object[] { "urn:example:contract:113455" }),
1879                                         new AAAttribute(
1880                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1881                                                 new Object[] { "member@example.edu" }),
1882                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1883                 });
1884
1885                 //Add the site ARP
1886                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1887                 Arp siteArp = new Arp();
1888                 siteArp.marshall(parser.getDocument().getDocumentElement());
1889                 repository.update(siteArp);
1890
1891                 //Add the user ARP
1892                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1893                 Arp userArp = new Arp();
1894                 userArp.setPrincipal(principal1);
1895                 userArp.marshall(parser.getDocument().getDocumentElement());
1896                 repository.update(userArp);
1897
1898                 ArpEngine engine = new ArpEngine(repository);
1899
1900                 //Apply the ARP
1901                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1902
1903                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1904         }
1905         /**
1906          * ARPs: A site ARP only
1907          * Target: Specific shar, Specific resource
1908          * Attribute: Release values by regex
1909          */
1910         void arpApplicationTest22(ArpRepository repository, DOMParser parser) throws Exception {
1911
1912                 //Gather the Input
1913                 String rawArp =
1914                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1915                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1916                                 + "                     <Rule>"
1917                                 + "                             <Target>"
1918                                 + "                                     <Requester>shar.example.edu</Requester>"
1919                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1920                                 + "                             </Target>"
1921                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1922                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1923                                 + "                             </Attribute>"
1924                                 + "                     </Rule>"
1925                                 + "     </AttributeReleasePolicy>";
1926
1927                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1928                 URL url1 = new URL("http://www.example.edu/index.html");
1929                 AAAttributeSet inputSet =
1930                         new AAAttributeSet(
1931                                 new AAAttribute(
1932                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1933                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1934                 AAAttributeSet releaseSet =
1935                         new AAAttributeSet(
1936                                 new AAAttribute(
1937                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1938                                         new Object[] { "urn:x:adagio", "urn:x:awol" }));
1939
1940                 //Setup the engine
1941                 parser.parse(new InputSource(new StringReader(rawArp)));
1942                 Arp siteArp = new Arp();
1943                 siteArp.marshall(parser.getDocument().getDocumentElement());
1944                 repository.update(siteArp);
1945                 ArpEngine engine = new ArpEngine(repository);
1946
1947                 //Apply the ARP
1948                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1949
1950                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1951         }
1952         /**
1953          * ARPs: A site ARP only
1954          * Target: Specific shar, Specific resource
1955          * Attribute: Deny specific values by regex
1956          */
1957         void arpApplicationTest23(ArpRepository repository, DOMParser parser) throws Exception {
1958
1959                 //Gather the Input
1960                 String rawArp =
1961                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1962                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1963                                 + "                     <Rule>"
1964                                 + "                             <Target>"
1965                                 + "                                     <Requester>shar.example.edu</Requester>"
1966                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1967                                 + "                             </Target>"
1968                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1969                                 + "                                     <AnyValue release=\"permit\" />"
1970                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1971                                 + "                             </Attribute>"
1972                                 + "                     </Rule>"
1973                                 + "     </AttributeReleasePolicy>";
1974
1975                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1976                 URL url1 = new URL("http://www.example.edu/index.html");
1977                 AAAttributeSet inputSet =
1978                         new AAAttributeSet(
1979                                 new AAAttribute(
1980                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1981                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1982                 AAAttributeSet releaseSet =
1983                         new AAAttributeSet(
1984                                 new AAAttribute(
1985                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1986                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar" }));
1987
1988                 //Setup the engine
1989                 parser.parse(new InputSource(new StringReader(rawArp)));
1990                 Arp siteArp = new Arp();
1991                 siteArp.marshall(parser.getDocument().getDocumentElement());
1992                 repository.update(siteArp);
1993                 ArpEngine engine = new ArpEngine(repository);
1994
1995                 //Apply the ARP
1996                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1997
1998                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1999         }
2000
2001         /**
2002          * ARPs: A site ARP only
2003          * Target: Specific shar, Specific resource
2004          * Attribute: No matches on specific values should yield no attribute
2005          */
2006         void arpApplicationTest24(ArpRepository repository, DOMParser parser) throws Exception {
2007
2008                 //Gather the Input
2009                 String rawArp =
2010                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
2011                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
2012                                 + "                     <Rule>"
2013                                 + "                             <Target>"
2014                                 + "                                     <Requester>shar.example.edu</Requester>"
2015                                 + "                                     <Resource>http://www.example.edu/</Resource>"
2016                                 + "                             </Target>"
2017                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
2018                                 + "                                     <AnyValue release=\"permit\" />"
2019                                 + "                             </Attribute>"
2020                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
2021                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>"
2022                                 + "                             </Attribute>"
2023                                 + "                     </Rule>"
2024                                 + "     </AttributeReleasePolicy>";
2025
2026                 Principal principal1 = new AuthNPrincipal("Test2Principal");
2027                 URL url1 = new URL("http://www.example.edu/index.html");
2028                 AAAttributeSet inputSet =
2029                         new AAAttributeSet(
2030                                 new AAAttribute[] {
2031                                         new AAAttribute(
2032                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
2033                                                 new Object[] { "urn:x:bar", "urn:x:adagio" }),
2034                                         new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" })
2035                 });
2036                 AAAttributeSet releaseSet =
2037                         new AAAttributeSet(
2038                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" }));
2039
2040                 //Setup the engine
2041                 parser.parse(new InputSource(new StringReader(rawArp)));
2042                 Arp siteArp = new Arp();
2043                 siteArp.marshall(parser.getDocument().getDocumentElement());
2044                 repository.update(siteArp);
2045                 ArpEngine engine = new ArpEngine(repository);
2046
2047                 //Apply the ARP
2048                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2049
2050                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
2051         }
2052
2053 }