1097ac24f8813e10c3683305fe0a15a15f37e0e1
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.File;
54 import java.io.FileInputStream;
55 import java.io.FileNotFoundException;
56 import java.io.InputStream;
57 import java.io.StringReader;
58 import java.net.MalformedURLException;
59 import java.net.URI;
60 import java.net.URISyntaxException;
61 import java.net.URL;
62 import java.security.Principal;
63 import java.util.Arrays;
64 import java.util.HashSet;
65
66 import javax.xml.parsers.DocumentBuilderFactory;
67 import javax.xml.parsers.ParserConfigurationException;
68
69 import junit.framework.TestCase;
70
71 import org.apache.log4j.BasicConfigurator;
72 import org.apache.log4j.Level;
73 import org.apache.log4j.Logger;
74 import org.apache.xerces.parsers.DOMParser;
75 import org.apache.xml.serialize.OutputFormat;
76 import org.apache.xml.serialize.XMLSerializer;
77 import org.w3c.dom.Document;
78 import org.w3c.dom.Element;
79 import org.w3c.dom.Text;
80 import org.xml.sax.EntityResolver;
81 import org.xml.sax.ErrorHandler;
82 import org.xml.sax.InputSource;
83 import org.xml.sax.SAXException;
84 import org.xml.sax.SAXParseException;
85
86 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
87 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
88 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
89 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
90
91 /**
92  * Validation suite for <code>Arp</code> processing.
93  * 
94  * @author Walter Hoehn(wassa@columbia.edu)
95  */
96
97 public class ArpTests extends TestCase {
98
99         private DOMParser parser = new DOMParser();
100         Element memoryRepositoryElement;
101         private String[] arpExamples =
102                 {
103                         "data/example1.xml",
104                         "data/example2.xml",
105                         "data/example3.xml",
106                         "data/example4.xml",
107                         "data/example5.xml",
108                         "data/example6.xml",
109                         "data/example7.xml",
110                         "data/example8.xml",
111                         "data/example9.xml",
112                         "data/example10.xml",
113                         "data/example11.xml",
114                         "data/example12.xml" };
115
116         public ArpTests(String name) {
117                 super(name);
118                 BasicConfigurator.resetConfiguration();
119                 BasicConfigurator.configure();
120                 Logger.getRootLogger().setLevel(Level.OFF);
121         }
122
123         public static void main(String[] args) {
124                 junit.textui.TestRunner.run(ArpTests.class);
125                 BasicConfigurator.configure();
126                 Logger.getRootLogger().setLevel(Level.OFF);
127         }
128
129         /**
130          * @see junit.framework.TestCase#setUp()
131          */
132         protected void setUp() throws Exception {
133                 super.setUp();
134
135                 // Setup an xml parser
136                 try {
137                         parser.setFeature("http://xml.org/sax/features/validation", true);
138                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
139                         parser.setEntityResolver(new EntityResolver() {
140                                 public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
141
142                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
143                                                 InputStream stream;
144                                                 try {
145                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
146                                                         if (stream != null) {
147                                                                 return new InputSource(stream);
148                                                         }
149                                                         throw new SAXException("Could not load entity: Null input stream");
150                                                 } catch (FileNotFoundException e) {
151                                                         throw new SAXException("Could not load entity: " + e);
152                                                 }
153                                         } else {
154                                                 return null;
155                                         }
156                                 }
157                         });
158
159                         parser.setErrorHandler(new ErrorHandler() {
160                                 public void error(SAXParseException arg0) throws SAXException {
161                                         throw new SAXException("Error parsing xml file: " + arg0);
162                                 }
163                                 public void fatalError(SAXParseException arg0) throws SAXException {
164                                         throw new SAXException("Error parsing xml file: " + arg0);
165                                 }
166                                 public void warning(SAXParseException arg0) throws SAXException {
167                                         throw new SAXException("Error parsing xml file: " + arg0);
168                                 }
169                         });
170                 } catch (Exception e) {
171                         fail("Failed to setup xml parser: " + e);
172                 }
173
174                 //Setup a dummy xml config for a Memory-based repository
175                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
176                 docFactory.setNamespaceAware(true);
177                 Document placeHolder;
178                 try {
179                         placeHolder = docFactory.newDocumentBuilder().newDocument();
180
181                         memoryRepositoryElement =
182                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
183                         memoryRepositoryElement.setAttributeNS(
184                                 ShibbolethOriginConfig.originConfigNamespace,
185                                 "implementation",
186                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
187                 } catch (ParserConfigurationException e) {
188                         fail("Failed to create memory-based Arp Repository configuration" + e);
189                 }
190         }
191
192         public void testArpMarshalling() {
193
194                 //Test ARP description
195                 try {
196                         InputStream inStream = new FileInputStream("data/arp1.xml");
197                         parser.parse(new InputSource(inStream));
198                         Arp arp1 = new Arp();
199                         arp1.marshall(parser.getDocument().getDocumentElement());
200                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
201
202                         //Test Rule description
203                         assertEquals(
204                                 "ARP Rule Description not marshalled properly",
205                                 arp1.getAllRules()[0].getDescription(),
206                                 "Example Rule Description.");
207                 } catch (Exception e) {
208                         fail("Failed to marshall ARP: " + e);
209                 }
210
211                 //Test case where ARP description does not exist
212                 try {
213                         InputStream inStream = new FileInputStream("data/arp2.xml");
214                         parser.parse(new InputSource(inStream));
215                         Arp arp2 = new Arp();
216                         arp2.marshall(parser.getDocument().getDocumentElement());
217                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
218
219                         //Test case where ARP Rule description does not exist   
220                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
221                 } catch (Exception e) {
222                         fail("Failed to marshall ARP.");
223                 }
224
225         }
226
227         public void testMatchingFunctions() {
228
229                 try {
230
231                         /*
232                          * Test Arp Engine function retrieval
233                          */
234
235                         //Lookup a function that doesn't exist
236                         MatchFunction noFunction =
237                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
238                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
239
240                         //Lookup some real functions
241                         MatchFunction stringMatch =
242                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"));
243                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
244                         MatchFunction stringValue =
245                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"));
246                         assertNotNull("ArpEngine did not properly load the String Value function.", stringValue);
247                         MatchFunction exactSharFunction =
248                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
249                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
250                         MatchFunction resourceTreeFunction =
251                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
252                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
253                         MatchFunction regexFunction =
254                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
255                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
256                         MatchFunction regexNotFunction =
257                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
258                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
259                         MatchFunction stringNotFunction =
260                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
261                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
262
263                         /* 
264                          * Test the Exact SHAR function (requester)
265                          */
266
267                         assertTrue(
268                                 "Exact SHAR function: false negative",
269                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
270                         assertTrue(
271                                 "Exact SHAR function: false positive",
272                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
273                         assertTrue(
274                                 "Exact SHAR function: false positive",
275                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
276
277                         //Make sure we properly handle bad input
278                         try {
279                                 exactSharFunction.match(null, null);
280                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
281                         } catch (ArpException ie) {
282                                 //This is supposed to fail
283                         }
284
285                         /*
286                          * Test the Resource Tree function (resource)
287                          */
288
289                         URL requestURL1 = new URL("http://www.example.edu/test/");
290                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
291                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
292                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
293
294                         assertTrue(
295                                 "Resource Tree function: false negative",
296                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
297                         assertTrue(
298                                 "Resource Tree function: false positive",
299                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
300                         assertTrue(
301                                 "Resource Tree function: false negative",
302                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
303                         assertTrue(
304                                 "Resource Tree function: false positive",
305                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
306                         assertTrue(
307                                 "Resource Tree function: false negative",
308                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
309                         assertTrue(
310                                 "Resource Tree function: false negative",
311                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
312                         assertTrue(
313                                 "Resource Tree function: false negative",
314                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
315                         assertTrue(
316                                 "Resource Tree function: false positive",
317                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
318                         assertTrue(
319                                 "Resource Tree function: false negative",
320                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
321                         assertTrue(
322                                 "Resource Tree function: false negative",
323                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
324                         assertTrue(
325                                 "Resource Tree function: false negative",
326                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
327                         assertTrue(
328                                 "Resource Tree function: false positive",
329                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
330
331                         //Make sure we properly handle bad input
332                         try {
333                                 resourceTreeFunction.match(null, null);
334                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
335                         } catch (ArpException ie) {
336                                 //This is supposed to fail
337                         }
338                         try {
339                                 resourceTreeFunction.match("Test", "Test");
340                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
341                         } catch (ArpException ie) {
342                                 //This is supposed to fail
343                         }
344
345                         /*
346                          * Test the Regex function (requester & resource)
347                          */
348
349                         //Try requester regexes
350                         assertTrue(
351                                 "Regex function: false negative",
352                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
353                         assertTrue(
354                                 "Regex function: false negative",
355                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
356                         assertTrue(
357                                 "Regex function: false negative",
358                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
359                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
360                         assertTrue(
361                                 "Regex function: false positive",
362                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
363                         assertTrue(
364                                 "Regex function: false positive",
365                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
366                         assertTrue(
367                                 "Regex function: false positive",
368                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
369
370                         //Try resource regexes
371                         assertTrue(
372                                 "Regex function: false negative",
373                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
374                         assertTrue(
375                                 "Regex function: false negative",
376                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
377                         assertTrue(
378                                 "Regex function: false negative",
379                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
380                         assertTrue(
381                                 "Regex function: false negative",
382                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
383                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
384                         assertTrue(
385                                 "Regex function: false positive",
386                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
387                         assertTrue(
388                                 "Regex function: false positive",
389                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
390
391                         //Make sure we properly handle bad input
392                         try {
393                                 regexFunction.match(null, null);
394                                 fail("Regex function seems to take improper input without throwing an exception.");
395                         } catch (ArpException ie) {
396                                 //This is supposed to fail
397                         }
398                         
399                         // Test the StringNotMatch function
400                         assertFalse(
401                                         "StringNotMatch function: false positive",
402                                         stringNotFunction.match("foo", "foo"));
403                         assertTrue(
404                                         "StringNotMatch function: false negative",
405                                         stringNotFunction.match("foo", "bar"));
406                         //Make sure we properly handle bad input
407                         try {
408                                 stringNotFunction.match(null, null);
409                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
410                         } catch (ArpException ie) {
411                                 //This is supposed to fail
412                         }
413                         
414                         //Test the RegexNotMatch function
415                         
416                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
417                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
418                         
419                         // Make sure we properly handle bad input
420                         try {
421                                 regexNotFunction.match(null, null);
422                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
423                         } catch (ArpException ie) {
424                                 //This is supposed to fail
425                         }
426                         
427                         
428                         
429                         
430                         
431
432                 } catch (ArpException e) {
433                         fail("Encountered a problem loading match function: " + e);
434                 } catch (URISyntaxException e) {
435                         fail("Unable to create URI from test string.");
436                 } catch (MalformedURLException e) {
437                         fail("Couldn't create test URLs: " + e);
438                 }
439
440         }
441
442         public void testRepositories() {
443
444                 /*
445                  * Test the Factory
446                  */
447
448                 //Make sure we fail if an unavailable Repository implementation is specified
449                 ArpRepository repository = null;
450
451                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
452                 docFactory.setNamespaceAware(true);
453                 Document placeHolder;
454                 try {
455                         placeHolder = docFactory.newDocumentBuilder().newDocument();
456
457                         Element repositoryElement =
458                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
459                         repositoryElement.setAttributeNS(
460                                 ShibbolethOriginConfig.originConfigNamespace,
461                                 "implementation",
462                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
463
464                         ArpRepositoryFactory.getInstance(repositoryElement);
465
466                 } catch (ParserConfigurationException e) {
467                         fail("Failed to create bogus Arp Repository configuration" + e);
468
469                 } catch (ArpRepositoryException e) {
470                         //This is supposed to fail
471                 }
472
473                 // Make sure we can create an Arp Repository
474                 repository = null;
475                 try {
476                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
477                 } catch (ArpRepositoryException e) {
478                         fail("Failed to create memory-based Arp Repository" + e);
479                 }
480                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
481
482                 /*
483                  * Exercise the Memory Arp Repository
484                  */
485
486                 //Set/retrieve/remove a Site ARP
487                 Arp siteArp1 = new Arp();
488                 siteArp1.setDescription("Test Site Arp 1.");
489                 try {
490                         repository.update(siteArp1);
491                         assertEquals(
492                                 "Memory Repository does not store and retrieve Site ARPs properly.",
493                                 siteArp1,
494                                 repository.getSitePolicy());
495                         repository.remove(repository.getSitePolicy());
496                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
497                 } catch (ArpRepositoryException e) {
498                         fail("Error adding Site ARP to Memory Repository.");
499                 }
500
501                 //Set/retrieve/delete some user ARPs
502                 Arp userArp1 = new Arp();
503                 userArp1.setDescription("Broken User Arp 1.");
504                 try {
505                         repository.update(userArp1);
506                         assertTrue(
507                                 "Memory Repository does not store and retrieve User ARPs properly.",
508                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
509                 } catch (ArpRepositoryException e) {
510                         fail("Error adding User ARP to Memory Repository.");
511                 }
512
513                 Arp userArp2 = new Arp(new AuthNPrincipal("TestPrincipal"));
514                 userArp2.setDescription("Test User Arp 2.");
515                 try {
516                         repository.update(userArp2);
517                         assertEquals(
518                                 "Memory Repository does not store and retrieve User ARPs properly.",
519                                 userArp2,
520                                 repository.getUserPolicy(userArp2.getPrincipal()));
521                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
522                         assertNull(
523                                 "Memorty Repository does not properly delete User ARPs.",
524                                 repository.getUserPolicy(userArp2.getPrincipal()));
525                 } catch (ArpRepositoryException e) {
526                         fail("Error adding User ARP to Memory Repository.");
527                 }
528
529                 //create a repository
530                 repository = null;
531
532                 try {
533                         placeHolder = docFactory.newDocumentBuilder().newDocument();
534
535                         Element repositoryElement =
536                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
537                         repositoryElement.setAttributeNS(
538                                 ShibbolethOriginConfig.originConfigNamespace,
539                                 "implementation",
540                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
541                         repositoryElement.setAttributeNS(ShibbolethOriginConfig.originConfigNamespace, "arpTTL", "65535");
542
543                         Element path = placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "Path");
544                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
545                         path.appendChild(text);
546
547                         repositoryElement.appendChild(path);
548
549                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
550
551                 } catch (ArpRepositoryException e) {
552                         fail("Failed to create file-based Arp Repository" + e);
553                 } catch (ParserConfigurationException e) {
554                         fail("Failed to create file-based Arp Repository configuration" + e);
555                 }
556
557                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
558
559                 try {
560                         Arp siteArp = repository.getSitePolicy();
561
562                         InputStream inStream = new FileInputStream("data/arp.site.xml");
563                         parser.parse(new InputSource(inStream));
564                         ByteArrayOutputStream directXML = new ByteArrayOutputStream();
565                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
566
567                         ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
568                         new XMLSerializer(processedXML, new OutputFormat()).serialize(siteArp.unmarshall());
569
570                         assertTrue(
571                                 "File-based ARP Repository did not return the correct site ARP.",
572                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
573                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
574
575                         Arp userArp = repository.getUserPolicy(new AuthNPrincipal("test"));
576
577                         inStream = new FileInputStream("data/arp.user.test.xml");
578                         parser.parse(new InputSource(inStream));
579                         directXML = new ByteArrayOutputStream();
580                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
581
582                         processedXML = new ByteArrayOutputStream();
583                         new XMLSerializer(processedXML, new OutputFormat()).serialize(userArp.unmarshall());
584
585                         assertTrue(
586                                 "File-based ARP Repository did not return the correct user ARP.",
587                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
588                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
589
590                         Arp[] allArps = repository.getAllPolicies(new AuthNPrincipal("test"));
591
592                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
593
594                 } catch (Exception e) {
595                         fail("Error retrieving ARP from Repository: " + e);
596                 }
597
598         }
599
600         public void testPossibleReleaseSetComputation() {
601
602                 ArpRepository repository = null;
603                 try {
604                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
605                 } catch (ArpRepositoryException e) {
606                         fail("Failed to create memory-based Arp Repository" + e);
607                 }
608
609                 try {
610                         Principal principal1 = new AuthNPrincipal("TestPrincipal");
611                         URL url1 = new URL("http://www.example.edu/");
612                         URI[] list1 = { new URI("urn:mace:dir:attribute-def:eduPersonAffiliation")};
613                         URI[] list2 =
614                                 {
615                                         new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"),
616                                         new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName")};
617                         URI[] list3 = new URI[0];
618
619                         //Test with just a site ARP
620                         InputStream inStream = new FileInputStream("data/arp1.xml");
621                         parser.parse(new InputSource(inStream));
622                         Arp arp1 = new Arp();
623                         arp1.marshall(parser.getDocument().getDocumentElement());
624                         repository.update(arp1);
625                         ArpEngine engine = new ArpEngine(repository);
626                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
627                         assertEquals(
628                                 "Incorrectly computed possible release set (1).",
629                                 new HashSet(Arrays.asList(possibleAttributes)),
630                                 new HashSet(Arrays.asList(list1)));
631
632                         //Test with site and user ARPs
633                         inStream = new FileInputStream("data/arp7.xml");
634                         parser.parse(new InputSource(inStream));
635                         Arp arp7 = new Arp();
636                         arp7.setPrincipal(principal1);
637                         arp7.marshall(parser.getDocument().getDocumentElement());
638                         repository.update(arp7);
639                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
640                         assertEquals(
641                                 "Incorrectly computed possible release set (2).",
642                                 new HashSet(Arrays.asList(possibleAttributes)),
643                                 new HashSet(Arrays.asList(list2)));
644
645                         //Ensure that explicit denies on any value are not in the release set
646                         inStream = new FileInputStream("data/arp6.xml");
647                         parser.parse(new InputSource(inStream));
648                         Arp arp6 = new Arp();
649                         arp6.setPrincipal(principal1);
650                         arp6.marshall(parser.getDocument().getDocumentElement());
651                         repository.update(arp6);
652                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
653                         assertEquals(
654                                 "Incorrectly computed possible release set (3).",
655                                 new HashSet(Arrays.asList(possibleAttributes)),
656                                 new HashSet(Arrays.asList(list3)));
657
658                 } catch (Exception e) {
659                         e.printStackTrace();
660                         fail("Failed to marshall ARP: " + e);
661                 }
662
663         }
664
665         public void testArpApplication() {
666
667                 //Construct an engine with a memory-based repository
668                 ArpRepository repository = null;
669                 try {
670                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
671
672                 } catch (ArpRepositoryException e) {
673                         fail("Failed to create memory-based Arp Repository" + e);
674                 }
675
676                 try {
677
678                         arpApplicationTest1(repository, parser);
679                         arpApplicationTest2(repository, parser);
680                         arpApplicationTest3(repository, parser);
681                         arpApplicationTest4(repository, parser);
682                         arpApplicationTest5(repository, parser);
683                         arpApplicationTest6(repository, parser);
684                         arpApplicationTest7(repository, parser);
685                         arpApplicationTest8(repository, parser);
686                         arpApplicationTest9(repository, parser);
687                         arpApplicationTest10(repository, parser);
688                         arpApplicationTest11(repository, parser);
689                         arpApplicationTest12(repository, parser);
690                         arpApplicationTest13(repository, parser);
691                         arpApplicationTest14(repository, parser);
692                         arpApplicationTest15(repository, parser);
693                         arpApplicationTest16(repository, parser);
694                         arpApplicationTest17(repository, parser);
695                         arpApplicationTest18(repository, parser);
696                         arpApplicationTest19(repository, parser);
697                         arpApplicationTest20(repository, parser);
698                         arpApplicationTest21(repository, parser);
699                         arpApplicationTest22(repository, parser);
700                         arpApplicationTest23(repository, parser);
701                         arpApplicationTest24(repository, parser);
702
703                 } catch (Exception e) {
704                         e.printStackTrace();
705                         fail("Failed to apply filter to ARPs: " + e);
706                 }
707         }
708
709         public void testRoundtripMarshalling() {
710
711                 try {
712                         for (int i = 0; i < arpExamples.length; i++) {
713
714                                 InputStream inStream = new FileInputStream(arpExamples[i]);
715                                 parser.parse(new InputSource(inStream));
716                                 ByteArrayOutputStream directXML = new ByteArrayOutputStream();
717                                 new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
718
719                                 Arp arp1 = new Arp();
720                                 arp1.marshall(parser.getDocument().getDocumentElement());
721
722                                 ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
723                                 new XMLSerializer(processedXML, new OutputFormat()).serialize(arp1.unmarshall());
724
725                                 assertTrue(
726                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
727                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
728                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
729                         }
730
731                 } catch (Exception e) {
732                         fail("Failed to marshall ARP: " + e);
733                 }
734
735         }
736         /**
737          * ARPs: A site ARP only
738          * Target: Any
739          * Attribute: Any value release,
740          */
741         void arpApplicationTest1(ArpRepository repository, DOMParser parser) throws Exception {
742
743                 //Gather the Input
744                 String rawArp =
745                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
746                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
747                                 + "                     <Rule>"
748                                 + "                             <Target>"
749                                 + "                                     <AnyTarget/>"
750                                 + "                             </Target>"
751                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
752                                 + "                                     <AnyValue release=\"permit\"/>"
753                                 + "                             </Attribute>"
754                                 + "                     </Rule>"
755                                 + "     </AttributeReleasePolicy>";
756
757                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
758                 URL url1 = new URL("http://www.example.edu/");
759                 AAAttributeSet inputSet =
760                         new AAAttributeSet(
761                                 new AAAttribute(
762                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
763                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
764
765                 AAAttributeSet releaseSet =
766                         new AAAttributeSet(
767                                 new AAAttribute(
768                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
769                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
770
771                 //Setup the engine
772                 parser.parse(new InputSource(new StringReader(rawArp)));
773                 Arp siteArp = new Arp();
774                 siteArp.marshall(parser.getDocument().getDocumentElement());
775                 repository.update(siteArp);
776                 ArpEngine engine = new ArpEngine(repository);
777
778                 //Apply the ARP
779                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
780
781                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
782         }
783
784         /**
785          * ARPs: A site ARP only
786          * Target: Any
787          * Attribute: Any value release, implicit deny
788          */
789         void arpApplicationTest2(ArpRepository repository, DOMParser parser) throws Exception {
790
791                 //Gather the Input
792                 String rawArp =
793                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
794                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
795                                 + "                     <Rule>"
796                                 + "                             <Target>"
797                                 + "                                     <AnyTarget/>"
798                                 + "                             </Target>"
799                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
800                                 + "                                     <AnyValue release=\"permit\"/>"
801                                 + "                             </Attribute>"
802                                 + "                     </Rule>"
803                                 + "     </AttributeReleasePolicy>";
804
805                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
806                 URL url1 = new URL("http://www.example.edu/");
807                 AAAttributeSet inputSet =
808                         new AAAttributeSet(
809                                 new AAAttribute[] {
810                                         new AAAttribute(
811                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
812                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
813                                         new AAAttribute(
814                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
815                                                 new Object[] { "mehoehn@example.edu" })
816                 });
817
818                 AAAttributeSet releaseSet =
819                         new AAAttributeSet(
820                                 new AAAttribute[] {
821                                          new AAAttribute(
822                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
823                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
824                 });
825
826                 //Setup the engine
827                 parser.parse(new InputSource(new StringReader(rawArp)));
828                 Arp siteArp = new Arp();
829                 siteArp.marshall(parser.getDocument().getDocumentElement());
830                 repository.update(siteArp);
831                 ArpEngine engine = new ArpEngine(repository);
832
833                 //Apply the ARP
834                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
835
836                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
837         }
838
839         /**
840          * ARPs: A site ARP only
841          * Target: Any
842          * Attribute: One value release
843          */
844         void arpApplicationTest3(ArpRepository repository, DOMParser parser) throws Exception {
845
846                 //Gather the Input
847                 String rawArp =
848                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
849                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
850                                 + "                     <Rule>"
851                                 + "                             <Target>"
852                                 + "                                     <AnyTarget/>"
853                                 + "                             </Target>"
854                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
855                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
856                                 + "                             </Attribute>"
857                                 + "                     </Rule>"
858                                 + "     </AttributeReleasePolicy>";
859
860                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
861                 URL url1 = new URL("http://www.example.edu/");
862                 AAAttributeSet inputSet =
863                         new AAAttributeSet(
864                                 new AAAttribute(
865                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
866                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
867                 AAAttributeSet releaseSet =
868                         new AAAttributeSet(
869                                 new AAAttribute(
870                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
871                                         new Object[] { "member@example.edu" }));
872
873                 //Setup the engine
874                 parser.parse(new InputSource(new StringReader(rawArp)));
875                 Arp siteArp = new Arp();
876                 siteArp.marshall(parser.getDocument().getDocumentElement());
877                 repository.update(siteArp);
878                 ArpEngine engine = new ArpEngine(repository);
879
880                 //Apply the ARP
881                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
882
883                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
884         }
885
886         /**
887          * ARPs: A site ARP only
888          * Target: Any
889          * Attribute: Any value except one release, canonical representation
890          */
891         void arpApplicationTest4(ArpRepository repository, DOMParser parser) throws Exception {
892
893                 //Gather the Input
894                 String rawArp =
895                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
896                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
897                                 + "                     <Rule>"
898                                 + "                             <Target>"
899                                 + "                                     <AnyTarget/>"
900                                 + "                             </Target>"
901                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
902                                 + "                                     <AnyValue release=\"permit\"/>"
903                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
904                                 + "                             </Attribute>"
905                                 + "                     </Rule>"
906                                 + "     </AttributeReleasePolicy>";
907
908                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
909                 URL url1 = new URL("http://www.example.edu/");
910                 AAAttributeSet inputSet =
911                         new AAAttributeSet(
912                                 new AAAttribute(
913                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
914                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
915                 AAAttributeSet releaseSet =
916                         new AAAttributeSet(
917                                 new AAAttribute(
918                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
919                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
920
921                 //Setup the engine
922                 parser.parse(new InputSource(new StringReader(rawArp)));
923                 Arp siteArp = new Arp();
924                 siteArp.marshall(parser.getDocument().getDocumentElement());
925                 repository.update(siteArp);
926                 ArpEngine engine = new ArpEngine(repository);
927
928                 //Apply the ARP
929                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
930
931                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
932         }
933
934         /**
935          * ARPs: A site ARP only
936          * Target: Any
937          * Attribute: Any value except one release, expanded representation
938          */
939         void arpApplicationTest5(ArpRepository repository, DOMParser parser) throws Exception {
940
941                 //Gather the Input
942                 String rawArp =
943                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
944                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
945                                 + "                     <Rule>"
946                                 + "                             <Target>"
947                                 + "                                     <AnyTarget/>"
948                                 + "                             </Target>"
949                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
950                                 + "                                     <AnyValue release=\"permit\"/>"
951                                 + "                             </Attribute>"
952                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
953                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
954                                 + "                             </Attribute>"
955                                 + "                     </Rule>"
956                                 + "     </AttributeReleasePolicy>";
957
958                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
959                 URL url1 = new URL("http://www.example.edu/");
960                 AAAttributeSet inputSet =
961                         new AAAttributeSet(
962                                 new AAAttribute(
963                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
964                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
965                 AAAttributeSet releaseSet =
966                         new AAAttributeSet(
967                                 new AAAttribute(
968                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
969                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
970
971                 //Setup the engine
972                 parser.parse(new InputSource(new StringReader(rawArp)));
973                 Arp siteArp = new Arp();
974                 siteArp.marshall(parser.getDocument().getDocumentElement());
975                 repository.update(siteArp);
976                 ArpEngine engine = new ArpEngine(repository);
977
978                 //Apply the ARP
979                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
980
981                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
982         }
983
984         /**
985          * ARPs: A site ARP only
986          * Target: Any
987          * Attribute: Any value except two release, expanded representation
988          */
989         void arpApplicationTest6(ArpRepository repository, DOMParser parser) throws Exception {
990
991                 //Gather the Input
992                 String rawArp =
993                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
994                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
995                                 + "                     <Rule>"
996                                 + "                             <Target>"
997                                 + "                                     <AnyTarget/>"
998                                 + "                             </Target>"
999                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1000                                 + "                                     <AnyValue release=\"permit\"/>"
1001                                 + "                             </Attribute>"
1002                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1003                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
1004                                 + "                             </Attribute>"
1005                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1006                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1007                                 + "                             </Attribute>"
1008                                 + "                     </Rule>"
1009                                 + "     </AttributeReleasePolicy>";
1010
1011                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1012                 URL url1 = new URL("http://www.example.edu/");
1013                 AAAttributeSet inputSet =
1014                         new AAAttributeSet(
1015                                 new AAAttribute(
1016                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1017                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1018                 AAAttributeSet releaseSet =
1019                         new AAAttributeSet(
1020                                 new AAAttribute(
1021                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1022                                         new Object[] { "employee@example.edu" }));
1023
1024                 //Setup the engine
1025                 parser.parse(new InputSource(new StringReader(rawArp)));
1026                 Arp siteArp = new Arp();
1027                 siteArp.marshall(parser.getDocument().getDocumentElement());
1028                 repository.update(siteArp);
1029                 ArpEngine engine = new ArpEngine(repository);
1030
1031                 //Apply the ARP
1032                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1033
1034                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
1035         }
1036
1037         /**
1038          * ARPs: A site ARP only
1039          * Target: Any
1040          * Attribute: Two value release, canonical representation
1041          */
1042         void arpApplicationTest7(ArpRepository repository, DOMParser parser) throws Exception {
1043
1044                 //Gather the Input
1045                 String rawArp =
1046                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1047                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1048                                 + "                     <Rule>"
1049                                 + "                             <Target>"
1050                                 + "                                     <AnyTarget/>"
1051                                 + "                             </Target>"
1052                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1053                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1054                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1055                                 + "                             </Attribute>"
1056                                 + "                     </Rule>"
1057                                 + "     </AttributeReleasePolicy>";
1058
1059                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1060                 URL url1 = new URL("http://www.example.edu/");
1061                 AAAttributeSet inputSet =
1062                         new AAAttributeSet(
1063                                 new AAAttribute(
1064                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1065                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1066                 AAAttributeSet releaseSet =
1067                         new AAAttributeSet(
1068                                 new AAAttribute(
1069                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1070                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1071
1072                 //Setup the engine
1073                 parser.parse(new InputSource(new StringReader(rawArp)));
1074                 Arp siteArp = new Arp();
1075                 siteArp.marshall(parser.getDocument().getDocumentElement());
1076                 repository.update(siteArp);
1077                 ArpEngine engine = new ArpEngine(repository);
1078
1079                 //Apply the ARP
1080                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1081
1082                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
1083         }
1084
1085         /**
1086          * ARPs: A site ARP only
1087          * Target: Any
1088          * Attribute: Two value release, expanded representation
1089          */
1090         void arpApplicationTest8(ArpRepository repository, DOMParser parser) throws Exception {
1091
1092                 //Gather the Input
1093                 String rawArp =
1094                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1095                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1096                                 + "                     <Rule>"
1097                                 + "                             <Target>"
1098                                 + "                                     <AnyTarget/>"
1099                                 + "                             </Target>"
1100                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1101                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1102                                 + "                             </Attribute>"
1103                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1104                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1105                                 + "                             </Attribute>"
1106                                 + "                     </Rule>"
1107                                 + "     </AttributeReleasePolicy>";
1108
1109                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1110                 URL url1 = new URL("http://www.example.edu/");
1111                 AAAttributeSet inputSet =
1112                         new AAAttributeSet(
1113                                 new AAAttribute(
1114                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1115                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1116                 AAAttributeSet releaseSet =
1117                         new AAAttributeSet(
1118                                 new AAAttribute(
1119                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1120                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1121
1122                 //Setup the engine
1123                 parser.parse(new InputSource(new StringReader(rawArp)));
1124                 Arp siteArp = new Arp();
1125                 siteArp.marshall(parser.getDocument().getDocumentElement());
1126                 repository.update(siteArp);
1127                 ArpEngine engine = new ArpEngine(repository);
1128
1129                 //Apply the ARP
1130                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1131
1132                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1133         }
1134
1135         /**
1136          * ARPs: A site ARP only
1137          * Target: Any
1138          * Attribute: Any value deny
1139          */
1140         void arpApplicationTest9(ArpRepository repository, DOMParser parser) throws Exception {
1141
1142                 //Gather the Input
1143                 String rawArp =
1144                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1145                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1146                                 + "                     <Rule>"
1147                                 + "                             <Target>"
1148                                 + "                                     <AnyTarget/>"
1149                                 + "                             </Target>"
1150                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1151                                 + "                                     <AnyValue release=\"deny\"/>"
1152                                 + "                             </Attribute>"
1153                                 + "                     </Rule>"
1154                                 + "     </AttributeReleasePolicy>";
1155
1156                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1157                 URL url1 = new URL("http://www.example.edu/");
1158                 AAAttributeSet inputSet =
1159                         new AAAttributeSet(
1160                                 new AAAttribute(
1161                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1162                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1163
1164                 //Setup the engine
1165                 parser.parse(new InputSource(new StringReader(rawArp)));
1166                 Arp siteArp = new Arp();
1167                 siteArp.marshall(parser.getDocument().getDocumentElement());
1168                 repository.update(siteArp);
1169                 ArpEngine engine = new ArpEngine(repository);
1170
1171                 //Apply the ARP
1172                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1173
1174                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1175         }
1176
1177         /**
1178          * ARPs: A site ARP only
1179          * Target: Any
1180          * Attribute: Any value deny trumps explicit permit expanded representation
1181          */
1182         void arpApplicationTest10(ArpRepository repository, DOMParser parser) throws Exception {
1183
1184                 //Gather the Input
1185                 String rawArp =
1186                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1187                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1188                                 + "                     <Rule>"
1189                                 + "                             <Target>"
1190                                 + "                                     <AnyTarget/>"
1191                                 + "                             </Target>"
1192                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1193                                 + "                                     <AnyValue release=\"deny\"/>"
1194                                 + "                             </Attribute>"
1195                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1196                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1197                                 + "                             </Attribute>"
1198                                 + "                     </Rule>"
1199                                 + "     </AttributeReleasePolicy>";
1200
1201                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1202                 URL url1 = new URL("http://www.example.edu/");
1203                 AAAttributeSet inputSet =
1204                         new AAAttributeSet(
1205                                 new AAAttribute(
1206                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1207                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1208
1209                 //Setup the engine
1210                 parser.parse(new InputSource(new StringReader(rawArp)));
1211                 Arp siteArp = new Arp();
1212                 siteArp.marshall(parser.getDocument().getDocumentElement());
1213                 repository.update(siteArp);
1214                 ArpEngine engine = new ArpEngine(repository);
1215
1216                 //Apply the ARP
1217                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1218
1219                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1220         }
1221
1222         /**
1223          * ARPs: A site ARP only
1224          * Target: Any
1225          * Attribute: Any value deny trumps explicit permit canonical representation
1226          */
1227         void arpApplicationTest11(ArpRepository repository, DOMParser parser) throws Exception {
1228
1229                 //Gather the Input
1230                 String rawArp =
1231                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1232                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1233                                 + "                     <Rule>"
1234                                 + "                             <Target>"
1235                                 + "                                     <AnyTarget/>"
1236                                 + "                             </Target>"
1237                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1238                                 + "                                     <AnyValue release=\"deny\"/>"
1239                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1240                                 + "                             </Attribute>"
1241                                 + "                     </Rule>"
1242                                 + "     </AttributeReleasePolicy>";
1243
1244                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1245                 URL url1 = new URL("http://www.example.edu/");
1246                 AAAttributeSet inputSet =
1247                         new AAAttributeSet(
1248                                 new AAAttribute(
1249                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1250                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1251
1252                 //Setup the engine
1253                 parser.parse(new InputSource(new StringReader(rawArp)));
1254                 Arp siteArp = new Arp();
1255                 siteArp.marshall(parser.getDocument().getDocumentElement());
1256                 repository.update(siteArp);
1257                 ArpEngine engine = new ArpEngine(repository);
1258
1259                 //Apply the ARP
1260                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1261
1262                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1263         }
1264
1265         /**
1266          * ARPs: A site ARP only
1267          * Target: Specific shar, Any Resource
1268          * Attribute: Any value release
1269          */
1270         void arpApplicationTest12(ArpRepository repository, DOMParser parser) throws Exception {
1271
1272                 //Gather the Input
1273                 String rawArp =
1274                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1275                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1276                                 + "                     <Rule>"
1277                                 + "                             <Target>"
1278                                 + "                                     <Requester>shar.example.edu</Requester>"
1279                                 + "                                     <AnyResource />"
1280                                 + "                             </Target>"
1281                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1282                                 + "                                     <AnyValue release=\"permit\"/>"
1283                                 + "                             </Attribute>"
1284                                 + "                     </Rule>"
1285                                 + "     </AttributeReleasePolicy>";
1286
1287                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1288                 URL url1 = new URL("http://www.example.edu/");
1289                 AAAttributeSet inputSet =
1290                         new AAAttributeSet(
1291                                 new AAAttribute(
1292                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1293                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1294                 AAAttributeSet releaseSet =
1295                         new AAAttributeSet(
1296                                 new AAAttribute(
1297                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1298                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1299
1300                 //Setup the engine
1301                 parser.parse(new InputSource(new StringReader(rawArp)));
1302                 Arp siteArp = new Arp();
1303                 siteArp.marshall(parser.getDocument().getDocumentElement());
1304                 repository.update(siteArp);
1305                 ArpEngine engine = new ArpEngine(repository);
1306
1307                 //Apply the ARP
1308                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1309
1310                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1311         }
1312
1313         /**
1314          * ARPs: A site ARP only
1315          * Target: Specific shar, Any Resource (another example)
1316          * Attribute: Any value release
1317          */
1318         void arpApplicationTest13(ArpRepository repository, DOMParser parser) throws Exception {
1319
1320                 //Gather the Input
1321                 String rawArp =
1322                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1323                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1324                                 + "                     <Rule>"
1325                                 + "                             <Target>"
1326                                 + "                                     <Requester>shar.example.edu</Requester>"
1327                                 + "                                     <AnyResource />"
1328                                 + "                             </Target>"
1329                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1330                                 + "                                     <AnyValue release=\"permit\"/>"
1331                                 + "                             </Attribute>"
1332                                 + "                     </Rule>"
1333                                 + "     </AttributeReleasePolicy>";
1334
1335                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1336                 URL url1 = new URL("https://foo.com/");
1337                 AAAttributeSet inputSet =
1338                         new AAAttributeSet(
1339                                 new AAAttribute(
1340                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1341                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1342                 AAAttributeSet releaseSet =
1343                         new AAAttributeSet(
1344                                 new AAAttribute(
1345                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1346                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1347
1348                 //Setup the engine
1349                 parser.parse(new InputSource(new StringReader(rawArp)));
1350                 Arp siteArp = new Arp();
1351                 siteArp.marshall(parser.getDocument().getDocumentElement());
1352                 repository.update(siteArp);
1353                 ArpEngine engine = new ArpEngine(repository);
1354
1355                 //Apply the ARP
1356                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1357
1358                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1359         }
1360
1361         /**
1362          * ARPs: A site ARP only
1363          * Target: Specific shar (no match), Any Resource
1364          * Attribute: Any value release
1365          */
1366         void arpApplicationTest14(ArpRepository repository, DOMParser parser) throws Exception {
1367
1368                 //Gather the Input
1369                 String rawArp =
1370                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1371                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1372                                 + "                     <Rule>"
1373                                 + "                             <Target>"
1374                                 + "                                     <Requester>shar.example.edu</Requester>"
1375                                 + "                                     <AnyResource />"
1376                                 + "                             </Target>"
1377                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1378                                 + "                                     <AnyValue release=\"permit\"/>"
1379                                 + "                             </Attribute>"
1380                                 + "                     </Rule>"
1381                                 + "     </AttributeReleasePolicy>";
1382
1383                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1384                 URL url1 = new URL("http://www.example.edu/");
1385                 AAAttributeSet inputSet =
1386                         new AAAttributeSet(
1387                                 new AAAttribute(
1388                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1389                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1390
1391                 //Setup the engine
1392                 parser.parse(new InputSource(new StringReader(rawArp)));
1393                 Arp siteArp = new Arp();
1394                 siteArp.marshall(parser.getDocument().getDocumentElement());
1395                 repository.update(siteArp);
1396                 ArpEngine engine = new ArpEngine(repository);
1397
1398                 //Apply the ARP
1399                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1400
1401                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1402         }
1403
1404         /**
1405          * ARPs: A site ARP only
1406          * Target: Specific shar, Specific resource
1407          * Attribute: Any value release
1408          */
1409         void arpApplicationTest15(ArpRepository repository, DOMParser parser) throws Exception {
1410
1411                 //Gather the Input
1412                 String rawArp =
1413                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1414                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1415                                 + "                     <Rule>"
1416                                 + "                             <Target>"
1417                                 + "                                     <Requester>shar.example.edu</Requester>"
1418                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1419                                 + "                             </Target>"
1420                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1421                                 + "                                     <AnyValue release=\"permit\"/>"
1422                                 + "                             </Attribute>"
1423                                 + "                     </Rule>"
1424                                 + "     </AttributeReleasePolicy>";
1425
1426                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1427                 URL url1 = new URL("http://www.example.edu/index.html");
1428                 AAAttributeSet inputSet =
1429                         new AAAttributeSet(
1430                                 new AAAttribute(
1431                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1432                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1433                 AAAttributeSet releaseSet =
1434                         new AAAttributeSet(
1435                                 new AAAttribute(
1436                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1437                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1438
1439                 //Setup the engine
1440                 parser.parse(new InputSource(new StringReader(rawArp)));
1441                 Arp siteArp = new Arp();
1442                 siteArp.marshall(parser.getDocument().getDocumentElement());
1443                 repository.update(siteArp);
1444                 ArpEngine engine = new ArpEngine(repository);
1445
1446                 //Apply the ARP
1447                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1448
1449                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1450         }
1451
1452         /**
1453          * ARPs: A site ARP only
1454          * Target: Specific shar, Specific resource (no match)
1455          * Attribute: Any value release
1456          */
1457         void arpApplicationTest16(ArpRepository repository, DOMParser parser) throws Exception {
1458
1459                 //Gather the Input
1460                 String rawArp =
1461                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1462                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1463                                 + "                     <Rule>"
1464                                 + "                             <Target>"
1465                                 + "                                     <Requester>shar.example.edu</Requester>"
1466                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1467                                 + "                             </Target>"
1468                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1469                                 + "                                     <AnyValue release=\"permit\"/>"
1470                                 + "                             </Attribute>"
1471                                 + "                     </Rule>"
1472                                 + "     </AttributeReleasePolicy>";
1473
1474                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1475                 URL url1 = new URL("https://www.example.edu/index.html");
1476                 AAAttributeSet inputSet =
1477                         new AAAttributeSet(
1478                                 new AAAttribute(
1479                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1480                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1481
1482                 //Setup the engine
1483                 parser.parse(new InputSource(new StringReader(rawArp)));
1484                 Arp siteArp = new Arp();
1485                 siteArp.marshall(parser.getDocument().getDocumentElement());
1486                 repository.update(siteArp);
1487                 ArpEngine engine = new ArpEngine(repository);
1488
1489                 //Apply the ARP
1490                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1491
1492                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1493         }
1494
1495         /**
1496          * ARPs: A site ARP only
1497          * Target: Multiple matching rules
1498          * Attribute: various
1499          */
1500         void arpApplicationTest17(ArpRepository repository, DOMParser parser) throws Exception {
1501
1502                 //Gather the Input
1503                 String rawArp =
1504                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1505                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1506                                 + "                     <Rule>"
1507                                 + "                             <Target>"
1508                                 + "                                     <AnyTarget />"
1509                                 + "                             </Target>"
1510                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1511                                 + "                                     <AnyValue release=\"permit\"/>"
1512                                 + "                             </Attribute>"
1513                                 + "                     </Rule>"
1514                                 + "                     <Rule>"
1515                                 + "                             <Target>"
1516                                 + "                                     <Requester>shar1.example.edu</Requester>"
1517                                 + "                                     <AnyResource />"
1518                                 + "                             </Target>"
1519                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1520                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1521                                 + "                             </Attribute>"
1522                                 + "                     </Rule>"
1523                                 + "                     <Rule>"
1524                                 + "                             <Target>"
1525                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1526                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1527                                 + "                             </Target>"
1528                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1529                                 + "                                     <AnyValue release=\"permit\"/>"
1530                                 + "                             </Attribute>"
1531                                 + "                     </Rule>"
1532                                 + "     </AttributeReleasePolicy>";
1533
1534                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1535                 URL url1 = new URL("https://www.example.edu/index.html");
1536                 AAAttributeSet inputSet =
1537                         new AAAttributeSet(
1538                                 new AAAttribute[] {
1539                                         new AAAttribute(
1540                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1541                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1542                                         new AAAttribute(
1543                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1544                                                 new Object[] { "wassa@columbia.edu" })
1545                 });
1546
1547                 AAAttributeSet releaseSet =
1548                         new AAAttributeSet(
1549                                 new AAAttribute[] {
1550                                         new AAAttribute(
1551                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1552                                                 new Object[] { "wassa@columbia.edu" }),
1553                                         new AAAttribute(
1554                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1555                                                 new Object[] { "member@example.edu" })
1556                 });
1557
1558                 //Setup the engine
1559                 parser.parse(new InputSource(new StringReader(rawArp)));
1560                 Arp siteArp = new Arp();
1561                 siteArp.marshall(parser.getDocument().getDocumentElement());
1562                 repository.update(siteArp);
1563                 ArpEngine engine = new ArpEngine(repository);
1564
1565                 //Apply the ARP
1566                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1567
1568                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1569         }
1570
1571         /**
1572          * ARPs: A site ARP only
1573          * Target: Any
1574          * Attribute: Any value release of two attributes in one rule
1575          */
1576         void arpApplicationTest18(ArpRepository repository, DOMParser parser) throws Exception {
1577
1578                 //Gather the Input
1579                 String rawArp =
1580                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1581                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1582                                 + "                     <Rule>"
1583                                 + "                             <Target>"
1584                                 + "                                     <AnyTarget/>"
1585                                 + "                             </Target>"
1586                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1587                                 + "                                     <AnyValue release=\"permit\"/>"
1588                                 + "                             </Attribute>"
1589                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1590                                 + "                                     <AnyValue release=\"permit\"/>"
1591                                 + "                             </Attribute>"
1592                                 + "                     </Rule>"
1593                                 + "     </AttributeReleasePolicy>";
1594
1595                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1596                 URL url1 = new URL("http://www.example.edu/");
1597                 AAAttributeSet inputSet =
1598                         new AAAttributeSet(
1599                                 new AAAttribute[] {
1600                                         new AAAttribute(
1601                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1602                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1603                                         new AAAttribute(
1604                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1605                                                 new Object[] { "mehoehn@example.edu" })
1606                 });
1607
1608                 AAAttributeSet releaseSet =
1609                         new AAAttributeSet(
1610                                 new AAAttribute[] {
1611                                         new AAAttribute(
1612                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1613                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1614                                         new AAAttribute(
1615                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1616                                                 new Object[] { "mehoehn@example.edu" })
1617                 });
1618
1619                 //Setup the engine
1620                 parser.parse(new InputSource(new StringReader(rawArp)));
1621                 Arp siteArp = new Arp();
1622                 siteArp.marshall(parser.getDocument().getDocumentElement());
1623                 repository.update(siteArp);
1624                 ArpEngine engine = new ArpEngine(repository);
1625
1626                 //Apply the ARP
1627                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1628
1629                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1630         }
1631
1632         /**
1633          * ARPs: A user ARP only
1634          * Target: Any
1635          * Attribute: Any value release,
1636          */
1637         void arpApplicationTest19(ArpRepository repository, DOMParser parser) throws Exception {
1638
1639                 //Gather the Input
1640                 String rawArp =
1641                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1642                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1643                                 + "                     <Rule>"
1644                                 + "                             <Target>"
1645                                 + "                                     <AnyTarget/>"
1646                                 + "                             </Target>"
1647                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1648                                 + "                                     <AnyValue release=\"permit\"/>"
1649                                 + "                             </Attribute>"
1650                                 + "                     </Rule>"
1651                                 + "     </AttributeReleasePolicy>";
1652
1653                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1654                 URL url1 = new URL("http://www.example.edu/");
1655                 AAAttributeSet inputSet =
1656                         new AAAttributeSet(
1657                                 new AAAttribute(
1658                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1659                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1660                 AAAttributeSet releaseSet =
1661                         new AAAttributeSet(
1662                                 new AAAttribute(
1663                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1664                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1665
1666                 //Setup the engine
1667                 parser.parse(new InputSource(new StringReader(rawArp)));
1668                 Arp userArp = new Arp();
1669                 userArp.setPrincipal(principal1);
1670                 userArp.marshall(parser.getDocument().getDocumentElement());
1671                 repository.update(userArp);
1672                 ArpEngine engine = new ArpEngine(repository);
1673
1674                 //Apply the ARP
1675                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1676
1677                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1678         }
1679
1680         /**
1681          * ARPs: A site ARP and user ARP
1682          * Target: various
1683          * Attribute: various combinations
1684          */
1685         void arpApplicationTest20(ArpRepository repository, DOMParser parser) throws Exception {
1686
1687                 //Gather the Input
1688                 String rawSiteArp =
1689                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1690                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1691                                 + "                     <Rule>"
1692                                 + "                             <Target>"
1693                                 + "                                     <AnyTarget/>"
1694                                 + "                             </Target>"
1695                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1696                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1697                                 + "                             </Attribute>"
1698                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1699                                 + "                                     <AnyValue release=\"permit\" />"
1700                                 + "                             </Attribute>"
1701                                 + "                     </Rule>"
1702                                 + "                     <Rule>"
1703                                 + "                             <Target>"
1704                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1705                                 + "                                     <AnyResource />"
1706                                 + "                             </Target>"
1707                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1708                                 + "                                     <AnyValue release=\"permit\"/>"
1709                                 + "                             </Attribute>"
1710                                 + "                     </Rule>"
1711                                 + "                     <Rule>"
1712                                 + "                             <Target>"
1713                                 + "                                     <Requester>www.example.edu</Requester>"
1714                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1715                                 + "                             </Target>"
1716                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1717                                 + "                                     <AnyValue release=\"permit\"/>"
1718                                 + "                             </Attribute>"
1719                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1720                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1721                                 + "                             </Attribute>"
1722                                 + "                     </Rule>"
1723                                 + "                     <Rule>"
1724                                 + "                             <Target>"
1725                                 + "                                     <Requester>www.external.com</Requester>"
1726                                 + "                                     <Resource>http://www.external.com/</Resource>"
1727                                 + "                             </Target>"
1728                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1729                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1730                                 + "                             </Attribute>"
1731                                 + "                     </Rule>"
1732                                 + "     </AttributeReleasePolicy>";
1733
1734                 String rawUserArp =
1735                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1736                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1737                                 + "                     <Rule>"
1738                                 + "                             <Target>"
1739                                 + "                                     <AnyTarget/>"
1740                                 + "                             </Target>"
1741                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1742                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1743                                 + "                             </Attribute>"
1744                                 + "                     </Rule>"
1745                                 + "                     <Rule>"
1746                                 + "                             <Target>"
1747                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1748                                 + "                                     <AnyResource />"
1749                                 + "                             </Target>"
1750                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1751                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1752                                 + "                             </Attribute>"
1753                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1754                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1755                                 + "                             </Attribute>"
1756                                 + "                     </Rule>"
1757                                 + "     </AttributeReleasePolicy>";
1758
1759                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1760                 URL url1 = new URL("http://www.example.edu/test/index.html");
1761
1762                 AAAttributeSet inputSet =
1763                         new AAAttributeSet(
1764                                 new AAAttribute[] {
1765                                         new AAAttribute(
1766                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1767                                                 new Object[] {
1768                                                         "urn:example:lovesIceCream",
1769                                                         "urn:example:poorlyDressed",
1770                                                         "urn:example:contract:113455",
1771                                                         "urn:example:contract:4657483" }),
1772                                         new AAAttribute(
1773                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1774                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1775                                         new AAAttribute(
1776                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1777                                                 new Object[] { "wassa@example.edu" }),
1778                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1779                 });
1780
1781                 AAAttributeSet releaseSet =
1782                         new AAAttributeSet(
1783                                 new AAAttribute[] {
1784                                         new AAAttribute(
1785                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1786                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1787                                         new AAAttribute(
1788                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1789                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1790                                         new AAAttribute(
1791                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1792                                                 new Object[] { "wassa@example.edu" }),
1793                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1794                 });
1795
1796                 //Add the site ARP
1797                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1798                 Arp siteArp = new Arp();
1799                 siteArp.marshall(parser.getDocument().getDocumentElement());
1800                 repository.update(siteArp);
1801
1802                 //Add the user ARP
1803                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1804                 Arp userArp = new Arp();
1805                 userArp.setPrincipal(principal1);
1806                 userArp.marshall(parser.getDocument().getDocumentElement());
1807                 repository.update(userArp);
1808
1809                 ArpEngine engine = new ArpEngine(repository);
1810
1811                 //Apply the ARP
1812                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1813
1814                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1815         }
1816
1817         /**
1818          * ARPs: A site ARP and user ARP
1819          * Target: various
1820          * Attribute: various combinations (same ARPs as 20, different requester)
1821          */
1822         void arpApplicationTest21(ArpRepository repository, DOMParser parser) throws Exception {
1823
1824                 //Gather the Input
1825                 String rawSiteArp =
1826                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1827                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1828                                 + "                     <Rule>"
1829                                 + "                             <Target>"
1830                                 + "                                     <AnyTarget/>"
1831                                 + "                             </Target>"
1832                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1833                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1834                                 + "                             </Attribute>"
1835                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1836                                 + "                                     <AnyValue release=\"permit\" />"
1837                                 + "                             </Attribute>"
1838                                 + "                     </Rule>"
1839                                 + "                     <Rule>"
1840                                 + "                             <Target>"
1841                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1842                                 + "                                     <AnyResource />"
1843                                 + "                             </Target>"
1844                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1845                                 + "                                     <AnyValue release=\"permit\"/>"
1846                                 + "                             </Attribute>"
1847                                 + "                     </Rule>"
1848                                 + "                     <Rule>"
1849                                 + "                             <Target>"
1850                                 + "                                     <Requester>www.example.edu</Requester>"
1851                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1852                                 + "                             </Target>"
1853                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1854                                 + "                                     <AnyValue release=\"permit\"/>"
1855                                 + "                             </Attribute>"
1856                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1857                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1858                                 + "                             </Attribute>"
1859                                 + "                     </Rule>"
1860                                 + "                     <Rule>"
1861                                 + "                             <Target>"
1862                                 + "                                     <Requester>www.external.com</Requester>"
1863                                 + "                                     <Resource>http://www.external.com/</Resource>"
1864                                 + "                             </Target>"
1865                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1866                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1867                                 + "                             </Attribute>"
1868                                 + "                     </Rule>"
1869                                 + "     </AttributeReleasePolicy>";
1870
1871                 String rawUserArp =
1872                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1873                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1874                                 + "                     <Rule>"
1875                                 + "                             <Target>"
1876                                 + "                                     <AnyTarget/>"
1877                                 + "                             </Target>"
1878                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1879                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1880                                 + "                             </Attribute>"
1881                                 + "                     </Rule>"
1882                                 + "                     <Rule>"
1883                                 + "                             <Target>"
1884                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1885                                 + "                                     <AnyResource />"
1886                                 + "                             </Target>"
1887                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1888                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1889                                 + "                             </Attribute>"
1890                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1891                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1892                                 + "                             </Attribute>"
1893                                 + "                     </Rule>"
1894                                 + "     </AttributeReleasePolicy>";
1895
1896                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1897                 URL url1 = new URL("http://www.external.com/");
1898
1899                 AAAttributeSet inputSet =
1900                         new AAAttributeSet(
1901                                 new AAAttribute[] {
1902                                         new AAAttribute(
1903                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1904                                                 new Object[] {
1905                                                         "urn:example:lovesIceCream",
1906                                                         "urn:example:poorlyDressed",
1907                                                         "urn:example:contract:113455",
1908                                                         "urn:example:contract:4657483" }),
1909                                         new AAAttribute(
1910                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1911                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1912                                         new AAAttribute(
1913                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1914                                                 new Object[] { "wassa@example.edu" }),
1915                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1916                 });
1917
1918                 AAAttributeSet releaseSet =
1919                         new AAAttributeSet(
1920                                 new AAAttribute[] {
1921                                         new AAAttribute(
1922                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1923                                                 new Object[] { "urn:example:contract:113455" }),
1924                                         new AAAttribute(
1925                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1926                                                 new Object[] { "member@example.edu" }),
1927                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1928                 });
1929
1930                 //Add the site ARP
1931                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1932                 Arp siteArp = new Arp();
1933                 siteArp.marshall(parser.getDocument().getDocumentElement());
1934                 repository.update(siteArp);
1935
1936                 //Add the user ARP
1937                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1938                 Arp userArp = new Arp();
1939                 userArp.setPrincipal(principal1);
1940                 userArp.marshall(parser.getDocument().getDocumentElement());
1941                 repository.update(userArp);
1942
1943                 ArpEngine engine = new ArpEngine(repository);
1944
1945                 //Apply the ARP
1946                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1947
1948                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1949         }
1950         /**
1951          * ARPs: A site ARP only
1952          * Target: Specific shar, Specific resource
1953          * Attribute: Release values by regex
1954          */
1955         void arpApplicationTest22(ArpRepository repository, DOMParser parser) throws Exception {
1956
1957                 //Gather the Input
1958                 String rawArp =
1959                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1960                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1961                                 + "                     <Rule>"
1962                                 + "                             <Target>"
1963                                 + "                                     <Requester>shar.example.edu</Requester>"
1964                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1965                                 + "                             </Target>"
1966                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1967                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1968                                 + "                             </Attribute>"
1969                                 + "                     </Rule>"
1970                                 + "     </AttributeReleasePolicy>";
1971
1972                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1973                 URL url1 = new URL("http://www.example.edu/index.html");
1974                 AAAttributeSet inputSet =
1975                         new AAAttributeSet(
1976                                 new AAAttribute(
1977                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1978                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1979                 AAAttributeSet releaseSet =
1980                         new AAAttributeSet(
1981                                 new AAAttribute(
1982                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1983                                         new Object[] { "urn:x:adagio", "urn:x:awol" }));
1984
1985                 //Setup the engine
1986                 parser.parse(new InputSource(new StringReader(rawArp)));
1987                 Arp siteArp = new Arp();
1988                 siteArp.marshall(parser.getDocument().getDocumentElement());
1989                 repository.update(siteArp);
1990                 ArpEngine engine = new ArpEngine(repository);
1991
1992                 //Apply the ARP
1993                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1994
1995                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1996         }
1997         /**
1998          * ARPs: A site ARP only
1999          * Target: Specific shar, Specific resource
2000          * Attribute: Deny specific values by regex
2001          */
2002         void arpApplicationTest23(ArpRepository repository, DOMParser parser) throws Exception {
2003
2004                 //Gather the Input
2005                 String rawArp =
2006                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
2007                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
2008                                 + "                     <Rule>"
2009                                 + "                             <Target>"
2010                                 + "                                     <Requester>shar.example.edu</Requester>"
2011                                 + "                                     <Resource>http://www.example.edu/</Resource>"
2012                                 + "                             </Target>"
2013                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
2014                                 + "                                     <AnyValue release=\"permit\" />"
2015                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
2016                                 + "                             </Attribute>"
2017                                 + "                     </Rule>"
2018                                 + "     </AttributeReleasePolicy>";
2019
2020                 Principal principal1 = new AuthNPrincipal("Test2Principal");
2021                 URL url1 = new URL("http://www.example.edu/index.html");
2022                 AAAttributeSet inputSet =
2023                         new AAAttributeSet(
2024                                 new AAAttribute(
2025                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
2026                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
2027                 AAAttributeSet releaseSet =
2028                         new AAAttributeSet(
2029                                 new AAAttribute(
2030                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
2031                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar" }));
2032
2033                 //Setup the engine
2034                 parser.parse(new InputSource(new StringReader(rawArp)));
2035                 Arp siteArp = new Arp();
2036                 siteArp.marshall(parser.getDocument().getDocumentElement());
2037                 repository.update(siteArp);
2038                 ArpEngine engine = new ArpEngine(repository);
2039
2040                 //Apply the ARP
2041                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2042
2043                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
2044         }
2045
2046         /**
2047          * ARPs: A site ARP only
2048          * Target: Specific shar, Specific resource
2049          * Attribute: No matches on specific values should yield no attribute
2050          */
2051         void arpApplicationTest24(ArpRepository repository, DOMParser parser) throws Exception {
2052
2053                 //Gather the Input
2054                 String rawArp =
2055                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
2056                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
2057                                 + "                     <Rule>"
2058                                 + "                             <Target>"
2059                                 + "                                     <Requester>shar.example.edu</Requester>"
2060                                 + "                                     <Resource>http://www.example.edu/</Resource>"
2061                                 + "                             </Target>"
2062                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
2063                                 + "                                     <AnyValue release=\"permit\" />"
2064                                 + "                             </Attribute>"
2065                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
2066                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>"
2067                                 + "                             </Attribute>"
2068                                 + "                     </Rule>"
2069                                 + "     </AttributeReleasePolicy>";
2070
2071                 Principal principal1 = new AuthNPrincipal("Test2Principal");
2072                 URL url1 = new URL("http://www.example.edu/index.html");
2073                 AAAttributeSet inputSet =
2074                         new AAAttributeSet(
2075                                 new AAAttribute[] {
2076                                         new AAAttribute(
2077                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
2078                                                 new Object[] { "urn:x:bar", "urn:x:adagio" }),
2079                                         new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" })
2080                 });
2081                 AAAttributeSet releaseSet =
2082                         new AAAttributeSet(
2083                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" }));
2084
2085                 //Setup the engine
2086                 parser.parse(new InputSource(new StringReader(rawArp)));
2087                 Arp siteArp = new Arp();
2088                 siteArp.marshall(parser.getDocument().getDocumentElement());
2089                 repository.update(siteArp);
2090                 ArpEngine engine = new ArpEngine(repository);
2091
2092                 //Apply the ARP
2093                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2094
2095                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
2096         }
2097
2098 }