Fixed eclipse config to work with new XML libs.
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.File;
54 import java.io.FileInputStream;
55 import java.io.FileNotFoundException;
56 import java.io.InputStream;
57 import java.io.StringReader;
58 import java.net.MalformedURLException;
59 import java.net.URI;
60 import java.net.URISyntaxException;
61 import java.net.URL;
62 import java.security.Principal;
63 import java.util.Arrays;
64 import java.util.HashSet;
65
66 import javax.xml.parsers.DocumentBuilderFactory;
67 import javax.xml.parsers.ParserConfigurationException;
68
69 import junit.framework.TestCase;
70
71 import org.apache.log4j.BasicConfigurator;
72 import org.apache.log4j.Level;
73 import org.apache.log4j.Logger;
74 import org.w3c.dom.Document;
75 import org.w3c.dom.Element;
76 import org.w3c.dom.Text;
77 import org.xml.sax.EntityResolver;
78 import org.xml.sax.ErrorHandler;
79 import org.xml.sax.InputSource;
80 import org.xml.sax.SAXException;
81 import org.xml.sax.SAXParseException;
82
83 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
84 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
85 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
86 import edu.internet2.middleware.shibboleth.common.ShibbolethOriginConfig;
87 import edu.internet2.middleware.shibboleth.xml.Parser;
88
89 /**
90  * Validation suite for <code>Arp</code> processing.
91  * 
92  * @author Walter Hoehn(wassa@columbia.edu)
93  */
94
95 public class ArpTests extends TestCase {
96
97         private Parser.DOMParser parser = new Parser.DOMParser(true);
98         Element memoryRepositoryElement;
99         private String[] arpExamples =
100                 {
101                         "data/example1.xml",
102                         "data/example2.xml",
103                         "data/example3.xml",
104                         "data/example4.xml",
105                         "data/example5.xml",
106                         "data/example6.xml",
107                         "data/example7.xml",
108                         "data/example8.xml",
109                         "data/example9.xml",
110                         "data/example10.xml",
111                         "data/example11.xml",
112                         "data/example12.xml" };
113
114         public ArpTests(String name) {
115                 super(name);
116                 BasicConfigurator.resetConfiguration();
117                 BasicConfigurator.configure();
118                 Logger.getRootLogger().setLevel(Level.OFF);
119         }
120
121         public static void main(String[] args) {
122                 junit.textui.TestRunner.run(ArpTests.class);
123                 BasicConfigurator.configure();
124                 Logger.getRootLogger().setLevel(Level.OFF);
125         }
126
127         /**
128          * @see junit.framework.TestCase#setUp()
129          */
130         protected void setUp() throws Exception {
131                 super.setUp();
132
133                 // Setup an xml parser
134
135                 //Setup a dummy xml config for a Memory-based repository
136                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
137                 docFactory.setNamespaceAware(true);
138                 Document placeHolder;
139                 try {
140                         placeHolder = docFactory.newDocumentBuilder().newDocument();
141
142                         memoryRepositoryElement =
143                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
144                         memoryRepositoryElement.setAttributeNS(
145                                 ShibbolethOriginConfig.originConfigNamespace,
146                                 "implementation",
147                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
148                 } catch (ParserConfigurationException e) {
149                         fail("Failed to create memory-based Arp Repository configuration" + e);
150                 }
151         }
152
153         public void testArpMarshalling() {
154
155                 //Test ARP description
156                 try {
157                         InputStream inStream = new FileInputStream("data/arp1.xml");
158                         parser.parse(new InputSource(inStream));
159                         Arp arp1 = new Arp();
160                         arp1.marshall(parser.getDocument().getDocumentElement());
161                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
162
163                         //Test Rule description
164                         assertEquals(
165                                 "ARP Rule Description not marshalled properly",
166                                 arp1.getAllRules()[0].getDescription(),
167                                 "Example Rule Description.");
168                 } catch (Exception e) {
169                         fail("Failed to marshall ARP: " + e);
170                 }
171
172                 //Test case where ARP description does not exist
173                 try {
174                         InputStream inStream = new FileInputStream("data/arp2.xml");
175                         parser.parse(new InputSource(inStream));
176                         Arp arp2 = new Arp();
177                         arp2.marshall(parser.getDocument().getDocumentElement());
178                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
179
180                         //Test case where ARP Rule description does not exist   
181                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
182                 } catch (Exception e) {
183                         fail("Failed to marshall ARP.");
184                 }
185
186         }
187
188         public void testMatchingFunctions() {
189
190                 try {
191
192                         /*
193                          * Test Arp Engine function retrieval
194                          */
195
196                         //Lookup a function that doesn't exist
197                         MatchFunction noFunction =
198                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
199                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
200
201                         //Lookup some real functions
202                         MatchFunction stringMatch =
203                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"));
204                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
205                         MatchFunction stringValue =
206                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"));
207                         assertNotNull("ArpEngine did not properly load the String Value function.", stringValue);
208                         MatchFunction exactSharFunction =
209                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
210                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
211                         MatchFunction resourceTreeFunction =
212                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
213                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
214                         MatchFunction regexFunction =
215                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
216                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
217                         MatchFunction regexNotFunction =
218                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
219                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
220                         MatchFunction stringNotFunction =
221                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
222                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
223
224                         /* 
225                          * Test the Exact SHAR function (requester)
226                          */
227
228                         assertTrue(
229                                 "Exact SHAR function: false negative",
230                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
231                         assertTrue(
232                                 "Exact SHAR function: false positive",
233                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
234                         assertTrue(
235                                 "Exact SHAR function: false positive",
236                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
237
238                         //Make sure we properly handle bad input
239                         try {
240                                 exactSharFunction.match(null, null);
241                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
242                         } catch (ArpException ie) {
243                                 //This is supposed to fail
244                         }
245
246                         /*
247                          * Test the Resource Tree function (resource)
248                          */
249
250                         URL requestURL1 = new URL("http://www.example.edu/test/");
251                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
252                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
253                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
254
255                         assertTrue(
256                                 "Resource Tree function: false negative",
257                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
258                         assertTrue(
259                                 "Resource Tree function: false positive",
260                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
261                         assertTrue(
262                                 "Resource Tree function: false negative",
263                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
264                         assertTrue(
265                                 "Resource Tree function: false positive",
266                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
267                         assertTrue(
268                                 "Resource Tree function: false negative",
269                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
270                         assertTrue(
271                                 "Resource Tree function: false negative",
272                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
273                         assertTrue(
274                                 "Resource Tree function: false negative",
275                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
276                         assertTrue(
277                                 "Resource Tree function: false positive",
278                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
279                         assertTrue(
280                                 "Resource Tree function: false negative",
281                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
282                         assertTrue(
283                                 "Resource Tree function: false negative",
284                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
285                         assertTrue(
286                                 "Resource Tree function: false negative",
287                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
288                         assertTrue(
289                                 "Resource Tree function: false positive",
290                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
291
292                         //Make sure we properly handle bad input
293                         try {
294                                 resourceTreeFunction.match(null, null);
295                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
296                         } catch (ArpException ie) {
297                                 //This is supposed to fail
298                         }
299                         try {
300                                 resourceTreeFunction.match("Test", "Test");
301                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
302                         } catch (ArpException ie) {
303                                 //This is supposed to fail
304                         }
305
306                         /*
307                          * Test the Regex function (requester & resource)
308                          */
309
310                         //Try requester regexes
311                         assertTrue(
312                                 "Regex function: false negative",
313                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
314                         assertTrue(
315                                 "Regex function: false negative",
316                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
317                         assertTrue(
318                                 "Regex function: false negative",
319                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
320                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
321                         assertTrue(
322                                 "Regex function: false positive",
323                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
324                         assertTrue(
325                                 "Regex function: false positive",
326                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
327                         assertTrue(
328                                 "Regex function: false positive",
329                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
330
331                         //Try resource regexes
332                         assertTrue(
333                                 "Regex function: false negative",
334                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
335                         assertTrue(
336                                 "Regex function: false negative",
337                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
338                         assertTrue(
339                                 "Regex function: false negative",
340                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
341                         assertTrue(
342                                 "Regex function: false negative",
343                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
344                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
345                         assertTrue(
346                                 "Regex function: false positive",
347                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
348                         assertTrue(
349                                 "Regex function: false positive",
350                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
351
352                         //Make sure we properly handle bad input
353                         try {
354                                 regexFunction.match(null, null);
355                                 fail("Regex function seems to take improper input without throwing an exception.");
356                         } catch (ArpException ie) {
357                                 //This is supposed to fail
358                         }
359                         
360                         // Test the StringNotMatch function
361                         assertFalse(
362                                         "StringNotMatch function: false positive",
363                                         stringNotFunction.match("foo", "foo"));
364                         assertTrue(
365                                         "StringNotMatch function: false negative",
366                                         stringNotFunction.match("foo", "bar"));
367                         //Make sure we properly handle bad input
368                         try {
369                                 stringNotFunction.match(null, null);
370                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
371                         } catch (ArpException ie) {
372                                 //This is supposed to fail
373                         }
374                         
375                         //Test the RegexNotMatch function
376                         
377                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
378                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
379                         
380                         // Make sure we properly handle bad input
381                         try {
382                                 regexNotFunction.match(null, null);
383                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
384                         } catch (ArpException ie) {
385                                 //This is supposed to fail
386                         }
387                         
388                         
389                         
390                         
391                         
392
393                 } catch (ArpException e) {
394                         fail("Encountered a problem loading match function: " + e);
395                 } catch (URISyntaxException e) {
396                         fail("Unable to create URI from test string.");
397                 } catch (MalformedURLException e) {
398                         fail("Couldn't create test URLs: " + e);
399                 }
400
401         }
402
403         public void testRepositories() {
404
405                 /*
406                  * Test the Factory
407                  */
408
409                 //Make sure we fail if an unavailable Repository implementation is specified
410                 ArpRepository repository = null;
411
412                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
413                 docFactory.setNamespaceAware(true);
414                 Document placeHolder;
415                 try {
416                         placeHolder = docFactory.newDocumentBuilder().newDocument();
417
418                         Element repositoryElement =
419                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
420                         repositoryElement.setAttributeNS(
421                                 ShibbolethOriginConfig.originConfigNamespace,
422                                 "implementation",
423                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
424
425                         ArpRepositoryFactory.getInstance(repositoryElement);
426
427                 } catch (ParserConfigurationException e) {
428                         fail("Failed to create bogus Arp Repository configuration" + e);
429
430                 } catch (ArpRepositoryException e) {
431                         //This is supposed to fail
432                 }
433
434                 // Make sure we can create an Arp Repository
435                 repository = null;
436                 try {
437                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
438                 } catch (ArpRepositoryException e) {
439                         fail("Failed to create memory-based Arp Repository" + e);
440                 }
441                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
442
443                 /*
444                  * Exercise the Memory Arp Repository
445                  */
446
447                 //Set/retrieve/remove a Site ARP
448                 Arp siteArp1 = new Arp();
449                 siteArp1.setDescription("Test Site Arp 1.");
450                 try {
451                         repository.update(siteArp1);
452                         assertEquals(
453                                 "Memory Repository does not store and retrieve Site ARPs properly.",
454                                 siteArp1,
455                                 repository.getSitePolicy());
456                         repository.remove(repository.getSitePolicy());
457                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
458                 } catch (ArpRepositoryException e) {
459                         fail("Error adding Site ARP to Memory Repository.");
460                 }
461
462                 //Set/retrieve/delete some user ARPs
463                 Arp userArp1 = new Arp();
464                 userArp1.setDescription("Broken User Arp 1.");
465                 try {
466                         repository.update(userArp1);
467                         assertTrue(
468                                 "Memory Repository does not store and retrieve User ARPs properly.",
469                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
470                 } catch (ArpRepositoryException e) {
471                         fail("Error adding User ARP to Memory Repository.");
472                 }
473
474                 Arp userArp2 = new Arp(new AuthNPrincipal("TestPrincipal"));
475                 userArp2.setDescription("Test User Arp 2.");
476                 try {
477                         repository.update(userArp2);
478                         assertEquals(
479                                 "Memory Repository does not store and retrieve User ARPs properly.",
480                                 userArp2,
481                                 repository.getUserPolicy(userArp2.getPrincipal()));
482                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
483                         assertNull(
484                                 "Memorty Repository does not properly delete User ARPs.",
485                                 repository.getUserPolicy(userArp2.getPrincipal()));
486                 } catch (ArpRepositoryException e) {
487                         fail("Error adding User ARP to Memory Repository.");
488                 }
489
490                 //create a repository
491                 repository = null;
492
493                 try {
494                         placeHolder = docFactory.newDocumentBuilder().newDocument();
495
496                         Element repositoryElement =
497                                 placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "ArpRepository");
498                         repositoryElement.setAttributeNS(
499                                 ShibbolethOriginConfig.originConfigNamespace,
500                                 "implementation",
501                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
502                         repositoryElement.setAttributeNS(ShibbolethOriginConfig.originConfigNamespace, "arpTTL", "65535");
503
504                         Element path = placeHolder.createElementNS(ShibbolethOriginConfig.originConfigNamespace, "Path");
505                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
506                         path.appendChild(text);
507
508                         repositoryElement.appendChild(path);
509
510                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
511
512                 } catch (ArpRepositoryException e) {
513                         fail("Failed to create file-based Arp Repository" + e);
514                 } catch (ParserConfigurationException e) {
515                         fail("Failed to create file-based Arp Repository configuration" + e);
516                 }
517
518                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
519
520                 try {
521                         Arp siteArp = repository.getSitePolicy();
522
523                         InputStream inStream = new FileInputStream("data/arp.site.xml");
524                         parser.parse(new InputSource(inStream));
525                         String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
526
527                         String processedXML = Parser.serialize(siteArp.unmarshall());
528
529                         assertTrue(
530                                 "File-based ARP Repository did not return the correct site ARP.",
531                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
532                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
533
534                         Arp userArp = repository.getUserPolicy(new AuthNPrincipal("test"));
535
536                         inStream = new FileInputStream("data/arp.user.test.xml");
537                         parser.parse(new InputSource(inStream));
538                         directXML = Parser.serialize(parser.getDocument().getDocumentElement());
539
540                         processedXML = Parser.serialize(userArp.unmarshall());
541
542                         assertTrue(
543                                 "File-based ARP Repository did not return the correct user ARP.",
544                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
545                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
546
547                         Arp[] allArps = repository.getAllPolicies(new AuthNPrincipal("test"));
548
549                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
550
551                 } catch (Exception e) {
552                         fail("Error retrieving ARP from Repository: " + e);
553                 }
554
555         }
556
557         public void testPossibleReleaseSetComputation() {
558
559                 ArpRepository repository = null;
560                 try {
561                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
562                 } catch (ArpRepositoryException e) {
563                         fail("Failed to create memory-based Arp Repository" + e);
564                 }
565
566                 try {
567                         Principal principal1 = new AuthNPrincipal("TestPrincipal");
568                         URL url1 = new URL("http://www.example.edu/");
569                         URI[] list1 = { new URI("urn:mace:dir:attribute-def:eduPersonAffiliation")};
570                         URI[] list2 =
571                                 {
572                                         new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"),
573                                         new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName")};
574                         URI[] list3 = new URI[0];
575
576                         //Test with just a site ARP
577                         InputStream inStream = new FileInputStream("data/arp1.xml");
578                         parser.parse(new InputSource(inStream));
579                         Arp arp1 = new Arp();
580                         arp1.marshall(parser.getDocument().getDocumentElement());
581                         repository.update(arp1);
582                         ArpEngine engine = new ArpEngine(repository);
583                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
584                         assertEquals(
585                                 "Incorrectly computed possible release set (1).",
586                                 new HashSet(Arrays.asList(possibleAttributes)),
587                                 new HashSet(Arrays.asList(list1)));
588
589                         //Test with site and user ARPs
590                         inStream = new FileInputStream("data/arp7.xml");
591                         parser.parse(new InputSource(inStream));
592                         Arp arp7 = new Arp();
593                         arp7.setPrincipal(principal1);
594                         arp7.marshall(parser.getDocument().getDocumentElement());
595                         repository.update(arp7);
596                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
597                         assertEquals(
598                                 "Incorrectly computed possible release set (2).",
599                                 new HashSet(Arrays.asList(possibleAttributes)),
600                                 new HashSet(Arrays.asList(list2)));
601
602                         //Ensure that explicit denies on any value are not in the release set
603                         inStream = new FileInputStream("data/arp6.xml");
604                         parser.parse(new InputSource(inStream));
605                         Arp arp6 = new Arp();
606                         arp6.setPrincipal(principal1);
607                         arp6.marshall(parser.getDocument().getDocumentElement());
608                         repository.update(arp6);
609                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
610                         assertEquals(
611                                 "Incorrectly computed possible release set (3).",
612                                 new HashSet(Arrays.asList(possibleAttributes)),
613                                 new HashSet(Arrays.asList(list3)));
614
615                 } catch (Exception e) {
616                         e.printStackTrace();
617                         fail("Failed to marshall ARP: " + e);
618                 }
619
620         }
621
622         public void testArpApplication() {
623
624                 //Construct an engine with a memory-based repository
625                 ArpRepository repository = null;
626                 try {
627                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
628
629                 } catch (ArpRepositoryException e) {
630                         fail("Failed to create memory-based Arp Repository" + e);
631                 }
632
633                 try {
634
635                         arpApplicationTest1(repository, parser);
636                         arpApplicationTest2(repository, parser);
637                         arpApplicationTest3(repository, parser);
638                         arpApplicationTest4(repository, parser);
639                         arpApplicationTest5(repository, parser);
640                         arpApplicationTest6(repository, parser);
641                         arpApplicationTest7(repository, parser);
642                         arpApplicationTest8(repository, parser);
643                         arpApplicationTest9(repository, parser);
644                         arpApplicationTest10(repository, parser);
645                         arpApplicationTest11(repository, parser);
646                         arpApplicationTest12(repository, parser);
647                         arpApplicationTest13(repository, parser);
648                         arpApplicationTest14(repository, parser);
649                         arpApplicationTest15(repository, parser);
650                         arpApplicationTest16(repository, parser);
651                         arpApplicationTest17(repository, parser);
652                         arpApplicationTest18(repository, parser);
653                         arpApplicationTest19(repository, parser);
654                         arpApplicationTest20(repository, parser);
655                         arpApplicationTest21(repository, parser);
656                         arpApplicationTest22(repository, parser);
657                         arpApplicationTest23(repository, parser);
658                         arpApplicationTest24(repository, parser);
659
660                 } catch (Exception e) {
661                         e.printStackTrace();
662                         fail("Failed to apply filter to ARPs: " + e);
663                 }
664         }
665
666         public void testRoundtripMarshalling() {
667
668                 try {
669                         for (int i = 0; i < arpExamples.length; i++) {
670
671                                 InputStream inStream = new FileInputStream(arpExamples[i]);
672                                 parser.parse(new InputSource(inStream));
673                                 String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
674
675                                 Arp arp1 = new Arp();
676                                 arp1.marshall(parser.getDocument().getDocumentElement());
677
678                                 String processedXML = Parser.serialize(arp1.unmarshall());
679
680                                 assertTrue(
681                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
682                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
683                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
684                         }
685
686                 } catch (Exception e) {
687                         fail("Failed to marshall ARP: " + e);
688                 }
689
690         }
691         /**
692          * ARPs: A site ARP only
693          * Target: Any
694          * Attribute: Any value release,
695          */
696         void arpApplicationTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
697
698                 //Gather the Input
699                 String rawArp =
700                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
701                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
702                                 + "                     <Rule>"
703                                 + "                             <Target>"
704                                 + "                                     <AnyTarget/>"
705                                 + "                             </Target>"
706                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
707                                 + "                                     <AnyValue release=\"permit\"/>"
708                                 + "                             </Attribute>"
709                                 + "                     </Rule>"
710                                 + "     </AttributeReleasePolicy>";
711
712                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
713                 URL url1 = new URL("http://www.example.edu/");
714                 AAAttributeSet inputSet =
715                         new AAAttributeSet(
716                                 new AAAttribute(
717                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
718                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
719
720                 AAAttributeSet releaseSet =
721                         new AAAttributeSet(
722                                 new AAAttribute(
723                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
724                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
725
726                 //Setup the engine
727                 parser.parse(new InputSource(new StringReader(rawArp)));
728                 Arp siteArp = new Arp();
729                 siteArp.marshall(parser.getDocument().getDocumentElement());
730                 repository.update(siteArp);
731                 ArpEngine engine = new ArpEngine(repository);
732
733                 //Apply the ARP
734                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
735
736                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
737         }
738
739         /**
740          * ARPs: A site ARP only
741          * Target: Any
742          * Attribute: Any value release, implicit deny
743          */
744         void arpApplicationTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
745
746                 //Gather the Input
747                 String rawArp =
748                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
749                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
750                                 + "                     <Rule>"
751                                 + "                             <Target>"
752                                 + "                                     <AnyTarget/>"
753                                 + "                             </Target>"
754                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
755                                 + "                                     <AnyValue release=\"permit\"/>"
756                                 + "                             </Attribute>"
757                                 + "                     </Rule>"
758                                 + "     </AttributeReleasePolicy>";
759
760                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
761                 URL url1 = new URL("http://www.example.edu/");
762                 AAAttributeSet inputSet =
763                         new AAAttributeSet(
764                                 new AAAttribute[] {
765                                         new AAAttribute(
766                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
767                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
768                                         new AAAttribute(
769                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
770                                                 new Object[] { "mehoehn@example.edu" })
771                 });
772
773                 AAAttributeSet releaseSet =
774                         new AAAttributeSet(
775                                 new AAAttribute[] {
776                                          new AAAttribute(
777                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
778                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
779                 });
780
781                 //Setup the engine
782                 parser.parse(new InputSource(new StringReader(rawArp)));
783                 Arp siteArp = new Arp();
784                 siteArp.marshall(parser.getDocument().getDocumentElement());
785                 repository.update(siteArp);
786                 ArpEngine engine = new ArpEngine(repository);
787
788                 //Apply the ARP
789                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
790
791                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
792         }
793
794         /**
795          * ARPs: A site ARP only
796          * Target: Any
797          * Attribute: One value release
798          */
799         void arpApplicationTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
800
801                 //Gather the Input
802                 String rawArp =
803                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
804                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
805                                 + "                     <Rule>"
806                                 + "                             <Target>"
807                                 + "                                     <AnyTarget/>"
808                                 + "                             </Target>"
809                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
810                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
811                                 + "                             </Attribute>"
812                                 + "                     </Rule>"
813                                 + "     </AttributeReleasePolicy>";
814
815                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
816                 URL url1 = new URL("http://www.example.edu/");
817                 AAAttributeSet inputSet =
818                         new AAAttributeSet(
819                                 new AAAttribute(
820                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
821                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
822                 AAAttributeSet releaseSet =
823                         new AAAttributeSet(
824                                 new AAAttribute(
825                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
826                                         new Object[] { "member@example.edu" }));
827
828                 //Setup the engine
829                 parser.parse(new InputSource(new StringReader(rawArp)));
830                 Arp siteArp = new Arp();
831                 siteArp.marshall(parser.getDocument().getDocumentElement());
832                 repository.update(siteArp);
833                 ArpEngine engine = new ArpEngine(repository);
834
835                 //Apply the ARP
836                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
837
838                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
839         }
840
841         /**
842          * ARPs: A site ARP only
843          * Target: Any
844          * Attribute: Any value except one release, canonical representation
845          */
846         void arpApplicationTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
847
848                 //Gather the Input
849                 String rawArp =
850                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
851                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
852                                 + "                     <Rule>"
853                                 + "                             <Target>"
854                                 + "                                     <AnyTarget/>"
855                                 + "                             </Target>"
856                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
857                                 + "                                     <AnyValue release=\"permit\"/>"
858                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
859                                 + "                             </Attribute>"
860                                 + "                     </Rule>"
861                                 + "     </AttributeReleasePolicy>";
862
863                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
864                 URL url1 = new URL("http://www.example.edu/");
865                 AAAttributeSet inputSet =
866                         new AAAttributeSet(
867                                 new AAAttribute(
868                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
869                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
870                 AAAttributeSet releaseSet =
871                         new AAAttributeSet(
872                                 new AAAttribute(
873                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
874                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
875
876                 //Setup the engine
877                 parser.parse(new InputSource(new StringReader(rawArp)));
878                 Arp siteArp = new Arp();
879                 siteArp.marshall(parser.getDocument().getDocumentElement());
880                 repository.update(siteArp);
881                 ArpEngine engine = new ArpEngine(repository);
882
883                 //Apply the ARP
884                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
885
886                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
887         }
888
889         /**
890          * ARPs: A site ARP only
891          * Target: Any
892          * Attribute: Any value except one release, expanded representation
893          */
894         void arpApplicationTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
895
896                 //Gather the Input
897                 String rawArp =
898                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
899                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
900                                 + "                     <Rule>"
901                                 + "                             <Target>"
902                                 + "                                     <AnyTarget/>"
903                                 + "                             </Target>"
904                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
905                                 + "                                     <AnyValue release=\"permit\"/>"
906                                 + "                             </Attribute>"
907                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
908                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
909                                 + "                             </Attribute>"
910                                 + "                     </Rule>"
911                                 + "     </AttributeReleasePolicy>";
912
913                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
914                 URL url1 = new URL("http://www.example.edu/");
915                 AAAttributeSet inputSet =
916                         new AAAttributeSet(
917                                 new AAAttribute(
918                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
919                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
920                 AAAttributeSet releaseSet =
921                         new AAAttributeSet(
922                                 new AAAttribute(
923                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
924                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
925
926                 //Setup the engine
927                 parser.parse(new InputSource(new StringReader(rawArp)));
928                 Arp siteArp = new Arp();
929                 siteArp.marshall(parser.getDocument().getDocumentElement());
930                 repository.update(siteArp);
931                 ArpEngine engine = new ArpEngine(repository);
932
933                 //Apply the ARP
934                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
935
936                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
937         }
938
939         /**
940          * ARPs: A site ARP only
941          * Target: Any
942          * Attribute: Any value except two release, expanded representation
943          */
944         void arpApplicationTest6(ArpRepository repository, Parser.DOMParser parser) throws Exception {
945
946                 //Gather the Input
947                 String rawArp =
948                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
949                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
950                                 + "                     <Rule>"
951                                 + "                             <Target>"
952                                 + "                                     <AnyTarget/>"
953                                 + "                             </Target>"
954                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
955                                 + "                                     <AnyValue release=\"permit\"/>"
956                                 + "                             </Attribute>"
957                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
958                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
959                                 + "                             </Attribute>"
960                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
961                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
962                                 + "                             </Attribute>"
963                                 + "                     </Rule>"
964                                 + "     </AttributeReleasePolicy>";
965
966                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
967                 URL url1 = new URL("http://www.example.edu/");
968                 AAAttributeSet inputSet =
969                         new AAAttributeSet(
970                                 new AAAttribute(
971                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
972                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
973                 AAAttributeSet releaseSet =
974                         new AAAttributeSet(
975                                 new AAAttribute(
976                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
977                                         new Object[] { "employee@example.edu" }));
978
979                 //Setup the engine
980                 parser.parse(new InputSource(new StringReader(rawArp)));
981                 Arp siteArp = new Arp();
982                 siteArp.marshall(parser.getDocument().getDocumentElement());
983                 repository.update(siteArp);
984                 ArpEngine engine = new ArpEngine(repository);
985
986                 //Apply the ARP
987                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
988
989                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
990         }
991
992         /**
993          * ARPs: A site ARP only
994          * Target: Any
995          * Attribute: Two value release, canonical representation
996          */
997         void arpApplicationTest7(ArpRepository repository, Parser.DOMParser parser) throws Exception {
998
999                 //Gather the Input
1000                 String rawArp =
1001                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1002                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1003                                 + "                     <Rule>"
1004                                 + "                             <Target>"
1005                                 + "                                     <AnyTarget/>"
1006                                 + "                             </Target>"
1007                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1008                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1009                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1010                                 + "                             </Attribute>"
1011                                 + "                     </Rule>"
1012                                 + "     </AttributeReleasePolicy>";
1013
1014                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1015                 URL url1 = new URL("http://www.example.edu/");
1016                 AAAttributeSet inputSet =
1017                         new AAAttributeSet(
1018                                 new AAAttribute(
1019                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1020                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1021                 AAAttributeSet releaseSet =
1022                         new AAAttributeSet(
1023                                 new AAAttribute(
1024                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1025                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1026
1027                 //Setup the engine
1028                 parser.parse(new InputSource(new StringReader(rawArp)));
1029                 Arp siteArp = new Arp();
1030                 siteArp.marshall(parser.getDocument().getDocumentElement());
1031                 repository.update(siteArp);
1032                 ArpEngine engine = new ArpEngine(repository);
1033
1034                 //Apply the ARP
1035                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1036
1037                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
1038         }
1039
1040         /**
1041          * ARPs: A site ARP only
1042          * Target: Any
1043          * Attribute: Two value release, expanded representation
1044          */
1045         void arpApplicationTest8(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1046
1047                 //Gather the Input
1048                 String rawArp =
1049                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1050                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1051                                 + "                     <Rule>"
1052                                 + "                             <Target>"
1053                                 + "                                     <AnyTarget/>"
1054                                 + "                             </Target>"
1055                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1056                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1057                                 + "                             </Attribute>"
1058                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1059                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1060                                 + "                             </Attribute>"
1061                                 + "                     </Rule>"
1062                                 + "     </AttributeReleasePolicy>";
1063
1064                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1065                 URL url1 = new URL("http://www.example.edu/");
1066                 AAAttributeSet inputSet =
1067                         new AAAttributeSet(
1068                                 new AAAttribute(
1069                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1070                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1071                 AAAttributeSet releaseSet =
1072                         new AAAttributeSet(
1073                                 new AAAttribute(
1074                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1075                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1076
1077                 //Setup the engine
1078                 parser.parse(new InputSource(new StringReader(rawArp)));
1079                 Arp siteArp = new Arp();
1080                 siteArp.marshall(parser.getDocument().getDocumentElement());
1081                 repository.update(siteArp);
1082                 ArpEngine engine = new ArpEngine(repository);
1083
1084                 //Apply the ARP
1085                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1086
1087                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1088         }
1089
1090         /**
1091          * ARPs: A site ARP only
1092          * Target: Any
1093          * Attribute: Any value deny
1094          */
1095         void arpApplicationTest9(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1096
1097                 //Gather the Input
1098                 String rawArp =
1099                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1100                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1101                                 + "                     <Rule>"
1102                                 + "                             <Target>"
1103                                 + "                                     <AnyTarget/>"
1104                                 + "                             </Target>"
1105                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1106                                 + "                                     <AnyValue release=\"deny\"/>"
1107                                 + "                             </Attribute>"
1108                                 + "                     </Rule>"
1109                                 + "     </AttributeReleasePolicy>";
1110
1111                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1112                 URL url1 = new URL("http://www.example.edu/");
1113                 AAAttributeSet inputSet =
1114                         new AAAttributeSet(
1115                                 new AAAttribute(
1116                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1117                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1118
1119                 //Setup the engine
1120                 parser.parse(new InputSource(new StringReader(rawArp)));
1121                 Arp siteArp = new Arp();
1122                 siteArp.marshall(parser.getDocument().getDocumentElement());
1123                 repository.update(siteArp);
1124                 ArpEngine engine = new ArpEngine(repository);
1125
1126                 //Apply the ARP
1127                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1128
1129                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1130         }
1131
1132         /**
1133          * ARPs: A site ARP only
1134          * Target: Any
1135          * Attribute: Any value deny trumps explicit permit expanded representation
1136          */
1137         void arpApplicationTest10(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1138
1139                 //Gather the Input
1140                 String rawArp =
1141                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1142                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1143                                 + "                     <Rule>"
1144                                 + "                             <Target>"
1145                                 + "                                     <AnyTarget/>"
1146                                 + "                             </Target>"
1147                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1148                                 + "                                     <AnyValue release=\"deny\"/>"
1149                                 + "                             </Attribute>"
1150                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1151                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1152                                 + "                             </Attribute>"
1153                                 + "                     </Rule>"
1154                                 + "     </AttributeReleasePolicy>";
1155
1156                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1157                 URL url1 = new URL("http://www.example.edu/");
1158                 AAAttributeSet inputSet =
1159                         new AAAttributeSet(
1160                                 new AAAttribute(
1161                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1162                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1163
1164                 //Setup the engine
1165                 parser.parse(new InputSource(new StringReader(rawArp)));
1166                 Arp siteArp = new Arp();
1167                 siteArp.marshall(parser.getDocument().getDocumentElement());
1168                 repository.update(siteArp);
1169                 ArpEngine engine = new ArpEngine(repository);
1170
1171                 //Apply the ARP
1172                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1173
1174                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1175         }
1176
1177         /**
1178          * ARPs: A site ARP only
1179          * Target: Any
1180          * Attribute: Any value deny trumps explicit permit canonical representation
1181          */
1182         void arpApplicationTest11(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1183
1184                 //Gather the Input
1185                 String rawArp =
1186                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1187                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1188                                 + "                     <Rule>"
1189                                 + "                             <Target>"
1190                                 + "                                     <AnyTarget/>"
1191                                 + "                             </Target>"
1192                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1193                                 + "                                     <AnyValue release=\"deny\"/>"
1194                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1195                                 + "                             </Attribute>"
1196                                 + "                     </Rule>"
1197                                 + "     </AttributeReleasePolicy>";
1198
1199                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1200                 URL url1 = new URL("http://www.example.edu/");
1201                 AAAttributeSet inputSet =
1202                         new AAAttributeSet(
1203                                 new AAAttribute(
1204                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1205                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1206
1207                 //Setup the engine
1208                 parser.parse(new InputSource(new StringReader(rawArp)));
1209                 Arp siteArp = new Arp();
1210                 siteArp.marshall(parser.getDocument().getDocumentElement());
1211                 repository.update(siteArp);
1212                 ArpEngine engine = new ArpEngine(repository);
1213
1214                 //Apply the ARP
1215                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1216
1217                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1218         }
1219
1220         /**
1221          * ARPs: A site ARP only
1222          * Target: Specific shar, Any Resource
1223          * Attribute: Any value release
1224          */
1225         void arpApplicationTest12(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1226
1227                 //Gather the Input
1228                 String rawArp =
1229                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1230                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1231                                 + "                     <Rule>"
1232                                 + "                             <Target>"
1233                                 + "                                     <Requester>shar.example.edu</Requester>"
1234                                 + "                                     <AnyResource />"
1235                                 + "                             </Target>"
1236                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1237                                 + "                                     <AnyValue release=\"permit\"/>"
1238                                 + "                             </Attribute>"
1239                                 + "                     </Rule>"
1240                                 + "     </AttributeReleasePolicy>";
1241
1242                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1243                 URL url1 = new URL("http://www.example.edu/");
1244                 AAAttributeSet inputSet =
1245                         new AAAttributeSet(
1246                                 new AAAttribute(
1247                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1248                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1249                 AAAttributeSet releaseSet =
1250                         new AAAttributeSet(
1251                                 new AAAttribute(
1252                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1253                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1254
1255                 //Setup the engine
1256                 parser.parse(new InputSource(new StringReader(rawArp)));
1257                 Arp siteArp = new Arp();
1258                 siteArp.marshall(parser.getDocument().getDocumentElement());
1259                 repository.update(siteArp);
1260                 ArpEngine engine = new ArpEngine(repository);
1261
1262                 //Apply the ARP
1263                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1264
1265                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1266         }
1267
1268         /**
1269          * ARPs: A site ARP only
1270          * Target: Specific shar, Any Resource (another example)
1271          * Attribute: Any value release
1272          */
1273         void arpApplicationTest13(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1274
1275                 //Gather the Input
1276                 String rawArp =
1277                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1278                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1279                                 + "                     <Rule>"
1280                                 + "                             <Target>"
1281                                 + "                                     <Requester>shar.example.edu</Requester>"
1282                                 + "                                     <AnyResource />"
1283                                 + "                             </Target>"
1284                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1285                                 + "                                     <AnyValue release=\"permit\"/>"
1286                                 + "                             </Attribute>"
1287                                 + "                     </Rule>"
1288                                 + "     </AttributeReleasePolicy>";
1289
1290                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1291                 URL url1 = new URL("https://foo.com/");
1292                 AAAttributeSet inputSet =
1293                         new AAAttributeSet(
1294                                 new AAAttribute(
1295                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1296                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1297                 AAAttributeSet releaseSet =
1298                         new AAAttributeSet(
1299                                 new AAAttribute(
1300                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1301                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1302
1303                 //Setup the engine
1304                 parser.parse(new InputSource(new StringReader(rawArp)));
1305                 Arp siteArp = new Arp();
1306                 siteArp.marshall(parser.getDocument().getDocumentElement());
1307                 repository.update(siteArp);
1308                 ArpEngine engine = new ArpEngine(repository);
1309
1310                 //Apply the ARP
1311                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1312
1313                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1314         }
1315
1316         /**
1317          * ARPs: A site ARP only
1318          * Target: Specific shar (no match), Any Resource
1319          * Attribute: Any value release
1320          */
1321         void arpApplicationTest14(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1322
1323                 //Gather the Input
1324                 String rawArp =
1325                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1326                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1327                                 + "                     <Rule>"
1328                                 + "                             <Target>"
1329                                 + "                                     <Requester>shar.example.edu</Requester>"
1330                                 + "                                     <AnyResource />"
1331                                 + "                             </Target>"
1332                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1333                                 + "                                     <AnyValue release=\"permit\"/>"
1334                                 + "                             </Attribute>"
1335                                 + "                     </Rule>"
1336                                 + "     </AttributeReleasePolicy>";
1337
1338                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1339                 URL url1 = new URL("http://www.example.edu/");
1340                 AAAttributeSet inputSet =
1341                         new AAAttributeSet(
1342                                 new AAAttribute(
1343                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1344                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1345
1346                 //Setup the engine
1347                 parser.parse(new InputSource(new StringReader(rawArp)));
1348                 Arp siteArp = new Arp();
1349                 siteArp.marshall(parser.getDocument().getDocumentElement());
1350                 repository.update(siteArp);
1351                 ArpEngine engine = new ArpEngine(repository);
1352
1353                 //Apply the ARP
1354                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1355
1356                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1357         }
1358
1359         /**
1360          * ARPs: A site ARP only
1361          * Target: Specific shar, Specific resource
1362          * Attribute: Any value release
1363          */
1364         void arpApplicationTest15(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1365
1366                 //Gather the Input
1367                 String rawArp =
1368                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1369                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1370                                 + "                     <Rule>"
1371                                 + "                             <Target>"
1372                                 + "                                     <Requester>shar.example.edu</Requester>"
1373                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1374                                 + "                             </Target>"
1375                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1376                                 + "                                     <AnyValue release=\"permit\"/>"
1377                                 + "                             </Attribute>"
1378                                 + "                     </Rule>"
1379                                 + "     </AttributeReleasePolicy>";
1380
1381                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1382                 URL url1 = new URL("http://www.example.edu/index.html");
1383                 AAAttributeSet inputSet =
1384                         new AAAttributeSet(
1385                                 new AAAttribute(
1386                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1387                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1388                 AAAttributeSet releaseSet =
1389                         new AAAttributeSet(
1390                                 new AAAttribute(
1391                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1392                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1393
1394                 //Setup the engine
1395                 parser.parse(new InputSource(new StringReader(rawArp)));
1396                 Arp siteArp = new Arp();
1397                 siteArp.marshall(parser.getDocument().getDocumentElement());
1398                 repository.update(siteArp);
1399                 ArpEngine engine = new ArpEngine(repository);
1400
1401                 //Apply the ARP
1402                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1403
1404                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1405         }
1406
1407         /**
1408          * ARPs: A site ARP only
1409          * Target: Specific shar, Specific resource (no match)
1410          * Attribute: Any value release
1411          */
1412         void arpApplicationTest16(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1413
1414                 //Gather the Input
1415                 String rawArp =
1416                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1417                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1418                                 + "                     <Rule>"
1419                                 + "                             <Target>"
1420                                 + "                                     <Requester>shar.example.edu</Requester>"
1421                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1422                                 + "                             </Target>"
1423                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1424                                 + "                                     <AnyValue release=\"permit\"/>"
1425                                 + "                             </Attribute>"
1426                                 + "                     </Rule>"
1427                                 + "     </AttributeReleasePolicy>";
1428
1429                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1430                 URL url1 = new URL("https://www.example.edu/index.html");
1431                 AAAttributeSet inputSet =
1432                         new AAAttributeSet(
1433                                 new AAAttribute(
1434                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1435                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1436
1437                 //Setup the engine
1438                 parser.parse(new InputSource(new StringReader(rawArp)));
1439                 Arp siteArp = new Arp();
1440                 siteArp.marshall(parser.getDocument().getDocumentElement());
1441                 repository.update(siteArp);
1442                 ArpEngine engine = new ArpEngine(repository);
1443
1444                 //Apply the ARP
1445                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1446
1447                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1448         }
1449
1450         /**
1451          * ARPs: A site ARP only
1452          * Target: Multiple matching rules
1453          * Attribute: various
1454          */
1455         void arpApplicationTest17(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1456
1457                 //Gather the Input
1458                 String rawArp =
1459                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1460                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1461                                 + "                     <Rule>"
1462                                 + "                             <Target>"
1463                                 + "                                     <AnyTarget />"
1464                                 + "                             </Target>"
1465                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1466                                 + "                                     <AnyValue release=\"permit\"/>"
1467                                 + "                             </Attribute>"
1468                                 + "                     </Rule>"
1469                                 + "                     <Rule>"
1470                                 + "                             <Target>"
1471                                 + "                                     <Requester>shar1.example.edu</Requester>"
1472                                 + "                                     <AnyResource />"
1473                                 + "                             </Target>"
1474                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1475                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1476                                 + "                             </Attribute>"
1477                                 + "                     </Rule>"
1478                                 + "                     <Rule>"
1479                                 + "                             <Target>"
1480                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1481                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1482                                 + "                             </Target>"
1483                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1484                                 + "                                     <AnyValue release=\"permit\"/>"
1485                                 + "                             </Attribute>"
1486                                 + "                     </Rule>"
1487                                 + "     </AttributeReleasePolicy>";
1488
1489                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1490                 URL url1 = new URL("https://www.example.edu/index.html");
1491                 AAAttributeSet inputSet =
1492                         new AAAttributeSet(
1493                                 new AAAttribute[] {
1494                                         new AAAttribute(
1495                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1496                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1497                                         new AAAttribute(
1498                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1499                                                 new Object[] { "wassa@columbia.edu" })
1500                 });
1501
1502                 AAAttributeSet releaseSet =
1503                         new AAAttributeSet(
1504                                 new AAAttribute[] {
1505                                         new AAAttribute(
1506                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1507                                                 new Object[] { "wassa@columbia.edu" }),
1508                                         new AAAttribute(
1509                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1510                                                 new Object[] { "member@example.edu" })
1511                 });
1512
1513                 //Setup the engine
1514                 parser.parse(new InputSource(new StringReader(rawArp)));
1515                 Arp siteArp = new Arp();
1516                 siteArp.marshall(parser.getDocument().getDocumentElement());
1517                 repository.update(siteArp);
1518                 ArpEngine engine = new ArpEngine(repository);
1519
1520                 //Apply the ARP
1521                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1522
1523                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1524         }
1525
1526         /**
1527          * ARPs: A site ARP only
1528          * Target: Any
1529          * Attribute: Any value release of two attributes in one rule
1530          */
1531         void arpApplicationTest18(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1532
1533                 //Gather the Input
1534                 String rawArp =
1535                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1536                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1537                                 + "                     <Rule>"
1538                                 + "                             <Target>"
1539                                 + "                                     <AnyTarget/>"
1540                                 + "                             </Target>"
1541                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1542                                 + "                                     <AnyValue release=\"permit\"/>"
1543                                 + "                             </Attribute>"
1544                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1545                                 + "                                     <AnyValue release=\"permit\"/>"
1546                                 + "                             </Attribute>"
1547                                 + "                     </Rule>"
1548                                 + "     </AttributeReleasePolicy>";
1549
1550                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1551                 URL url1 = new URL("http://www.example.edu/");
1552                 AAAttributeSet inputSet =
1553                         new AAAttributeSet(
1554                                 new AAAttribute[] {
1555                                         new AAAttribute(
1556                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1557                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1558                                         new AAAttribute(
1559                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1560                                                 new Object[] { "mehoehn@example.edu" })
1561                 });
1562
1563                 AAAttributeSet releaseSet =
1564                         new AAAttributeSet(
1565                                 new AAAttribute[] {
1566                                         new AAAttribute(
1567                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1568                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1569                                         new AAAttribute(
1570                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1571                                                 new Object[] { "mehoehn@example.edu" })
1572                 });
1573
1574                 //Setup the engine
1575                 parser.parse(new InputSource(new StringReader(rawArp)));
1576                 Arp siteArp = new Arp();
1577                 siteArp.marshall(parser.getDocument().getDocumentElement());
1578                 repository.update(siteArp);
1579                 ArpEngine engine = new ArpEngine(repository);
1580
1581                 //Apply the ARP
1582                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1583
1584                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1585         }
1586
1587         /**
1588          * ARPs: A user ARP only
1589          * Target: Any
1590          * Attribute: Any value release,
1591          */
1592         void arpApplicationTest19(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1593
1594                 //Gather the Input
1595                 String rawArp =
1596                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1597                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1598                                 + "                     <Rule>"
1599                                 + "                             <Target>"
1600                                 + "                                     <AnyTarget/>"
1601                                 + "                             </Target>"
1602                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1603                                 + "                                     <AnyValue release=\"permit\"/>"
1604                                 + "                             </Attribute>"
1605                                 + "                     </Rule>"
1606                                 + "     </AttributeReleasePolicy>";
1607
1608                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1609                 URL url1 = new URL("http://www.example.edu/");
1610                 AAAttributeSet inputSet =
1611                         new AAAttributeSet(
1612                                 new AAAttribute(
1613                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1614                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1615                 AAAttributeSet releaseSet =
1616                         new AAAttributeSet(
1617                                 new AAAttribute(
1618                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1619                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1620
1621                 //Setup the engine
1622                 parser.parse(new InputSource(new StringReader(rawArp)));
1623                 Arp userArp = new Arp();
1624                 userArp.setPrincipal(principal1);
1625                 userArp.marshall(parser.getDocument().getDocumentElement());
1626                 repository.update(userArp);
1627                 ArpEngine engine = new ArpEngine(repository);
1628
1629                 //Apply the ARP
1630                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1631
1632                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1633         }
1634
1635         /**
1636          * ARPs: A site ARP and user ARP
1637          * Target: various
1638          * Attribute: various combinations
1639          */
1640         void arpApplicationTest20(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1641
1642                 //Gather the Input
1643                 String rawSiteArp =
1644                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1645                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1646                                 + "                     <Rule>"
1647                                 + "                             <Target>"
1648                                 + "                                     <AnyTarget/>"
1649                                 + "                             </Target>"
1650                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1651                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1652                                 + "                             </Attribute>"
1653                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1654                                 + "                                     <AnyValue release=\"permit\" />"
1655                                 + "                             </Attribute>"
1656                                 + "                     </Rule>"
1657                                 + "                     <Rule>"
1658                                 + "                             <Target>"
1659                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1660                                 + "                                     <AnyResource />"
1661                                 + "                             </Target>"
1662                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1663                                 + "                                     <AnyValue release=\"permit\"/>"
1664                                 + "                             </Attribute>"
1665                                 + "                     </Rule>"
1666                                 + "                     <Rule>"
1667                                 + "                             <Target>"
1668                                 + "                                     <Requester>www.example.edu</Requester>"
1669                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1670                                 + "                             </Target>"
1671                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1672                                 + "                                     <AnyValue release=\"permit\"/>"
1673                                 + "                             </Attribute>"
1674                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1675                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1676                                 + "                             </Attribute>"
1677                                 + "                     </Rule>"
1678                                 + "                     <Rule>"
1679                                 + "                             <Target>"
1680                                 + "                                     <Requester>www.external.com</Requester>"
1681                                 + "                                     <Resource>http://www.external.com/</Resource>"
1682                                 + "                             </Target>"
1683                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1684                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1685                                 + "                             </Attribute>"
1686                                 + "                     </Rule>"
1687                                 + "     </AttributeReleasePolicy>";
1688
1689                 String rawUserArp =
1690                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1691                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1692                                 + "                     <Rule>"
1693                                 + "                             <Target>"
1694                                 + "                                     <AnyTarget/>"
1695                                 + "                             </Target>"
1696                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1697                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1698                                 + "                             </Attribute>"
1699                                 + "                     </Rule>"
1700                                 + "                     <Rule>"
1701                                 + "                             <Target>"
1702                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1703                                 + "                                     <AnyResource />"
1704                                 + "                             </Target>"
1705                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1706                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1707                                 + "                             </Attribute>"
1708                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1709                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1710                                 + "                             </Attribute>"
1711                                 + "                     </Rule>"
1712                                 + "     </AttributeReleasePolicy>";
1713
1714                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1715                 URL url1 = new URL("http://www.example.edu/test/index.html");
1716
1717                 AAAttributeSet inputSet =
1718                         new AAAttributeSet(
1719                                 new AAAttribute[] {
1720                                         new AAAttribute(
1721                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1722                                                 new Object[] {
1723                                                         "urn:example:lovesIceCream",
1724                                                         "urn:example:poorlyDressed",
1725                                                         "urn:example:contract:113455",
1726                                                         "urn:example:contract:4657483" }),
1727                                         new AAAttribute(
1728                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1729                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1730                                         new AAAttribute(
1731                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1732                                                 new Object[] { "wassa@example.edu" }),
1733                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1734                 });
1735
1736                 AAAttributeSet releaseSet =
1737                         new AAAttributeSet(
1738                                 new AAAttribute[] {
1739                                         new AAAttribute(
1740                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1741                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1742                                         new AAAttribute(
1743                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1744                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1745                                         new AAAttribute(
1746                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1747                                                 new Object[] { "wassa@example.edu" }),
1748                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1749                 });
1750
1751                 //Add the site ARP
1752                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1753                 Arp siteArp = new Arp();
1754                 siteArp.marshall(parser.getDocument().getDocumentElement());
1755                 repository.update(siteArp);
1756
1757                 //Add the user ARP
1758                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1759                 Arp userArp = new Arp();
1760                 userArp.setPrincipal(principal1);
1761                 userArp.marshall(parser.getDocument().getDocumentElement());
1762                 repository.update(userArp);
1763
1764                 ArpEngine engine = new ArpEngine(repository);
1765
1766                 //Apply the ARP
1767                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1768
1769                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1770         }
1771
1772         /**
1773          * ARPs: A site ARP and user ARP
1774          * Target: various
1775          * Attribute: various combinations (same ARPs as 20, different requester)
1776          */
1777         void arpApplicationTest21(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1778
1779                 //Gather the Input
1780                 String rawSiteArp =
1781                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1782                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1783                                 + "                     <Rule>"
1784                                 + "                             <Target>"
1785                                 + "                                     <AnyTarget/>"
1786                                 + "                             </Target>"
1787                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1788                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1789                                 + "                             </Attribute>"
1790                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1791                                 + "                                     <AnyValue release=\"permit\" />"
1792                                 + "                             </Attribute>"
1793                                 + "                     </Rule>"
1794                                 + "                     <Rule>"
1795                                 + "                             <Target>"
1796                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1797                                 + "                                     <AnyResource />"
1798                                 + "                             </Target>"
1799                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1800                                 + "                                     <AnyValue release=\"permit\"/>"
1801                                 + "                             </Attribute>"
1802                                 + "                     </Rule>"
1803                                 + "                     <Rule>"
1804                                 + "                             <Target>"
1805                                 + "                                     <Requester>www.example.edu</Requester>"
1806                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1807                                 + "                             </Target>"
1808                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1809                                 + "                                     <AnyValue release=\"permit\"/>"
1810                                 + "                             </Attribute>"
1811                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1812                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1813                                 + "                             </Attribute>"
1814                                 + "                     </Rule>"
1815                                 + "                     <Rule>"
1816                                 + "                             <Target>"
1817                                 + "                                     <Requester>www.external.com</Requester>"
1818                                 + "                                     <Resource>http://www.external.com/</Resource>"
1819                                 + "                             </Target>"
1820                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1821                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1822                                 + "                             </Attribute>"
1823                                 + "                     </Rule>"
1824                                 + "     </AttributeReleasePolicy>";
1825
1826                 String rawUserArp =
1827                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1828                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1829                                 + "                     <Rule>"
1830                                 + "                             <Target>"
1831                                 + "                                     <AnyTarget/>"
1832                                 + "                             </Target>"
1833                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1834                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1835                                 + "                             </Attribute>"
1836                                 + "                     </Rule>"
1837                                 + "                     <Rule>"
1838                                 + "                             <Target>"
1839                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1840                                 + "                                     <AnyResource />"
1841                                 + "                             </Target>"
1842                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1843                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1844                                 + "                             </Attribute>"
1845                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1846                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1847                                 + "                             </Attribute>"
1848                                 + "                     </Rule>"
1849                                 + "     </AttributeReleasePolicy>";
1850
1851                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1852                 URL url1 = new URL("http://www.external.com/");
1853
1854                 AAAttributeSet inputSet =
1855                         new AAAttributeSet(
1856                                 new AAAttribute[] {
1857                                         new AAAttribute(
1858                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1859                                                 new Object[] {
1860                                                         "urn:example:lovesIceCream",
1861                                                         "urn:example:poorlyDressed",
1862                                                         "urn:example:contract:113455",
1863                                                         "urn:example:contract:4657483" }),
1864                                         new AAAttribute(
1865                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1866                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1867                                         new AAAttribute(
1868                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1869                                                 new Object[] { "wassa@example.edu" }),
1870                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1871                 });
1872
1873                 AAAttributeSet releaseSet =
1874                         new AAAttributeSet(
1875                                 new AAAttribute[] {
1876                                         new AAAttribute(
1877                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1878                                                 new Object[] { "urn:example:contract:113455" }),
1879                                         new AAAttribute(
1880                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1881                                                 new Object[] { "member@example.edu" }),
1882                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1883                 });
1884
1885                 //Add the site ARP
1886                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1887                 Arp siteArp = new Arp();
1888                 siteArp.marshall(parser.getDocument().getDocumentElement());
1889                 repository.update(siteArp);
1890
1891                 //Add the user ARP
1892                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1893                 Arp userArp = new Arp();
1894                 userArp.setPrincipal(principal1);
1895                 userArp.marshall(parser.getDocument().getDocumentElement());
1896                 repository.update(userArp);
1897
1898                 ArpEngine engine = new ArpEngine(repository);
1899
1900                 //Apply the ARP
1901                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1902
1903                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1904         }
1905         /**
1906          * ARPs: A site ARP only
1907          * Target: Specific shar, Specific resource
1908          * Attribute: Release values by regex
1909          */
1910         void arpApplicationTest22(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1911
1912                 //Gather the Input
1913                 String rawArp =
1914                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1915                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1916                                 + "                     <Rule>"
1917                                 + "                             <Target>"
1918                                 + "                                     <Requester>shar.example.edu</Requester>"
1919                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1920                                 + "                             </Target>"
1921                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1922                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1923                                 + "                             </Attribute>"
1924                                 + "                     </Rule>"
1925                                 + "     </AttributeReleasePolicy>";
1926
1927                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1928                 URL url1 = new URL("http://www.example.edu/index.html");
1929                 AAAttributeSet inputSet =
1930                         new AAAttributeSet(
1931                                 new AAAttribute(
1932                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1933                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1934                 AAAttributeSet releaseSet =
1935                         new AAAttributeSet(
1936                                 new AAAttribute(
1937                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1938                                         new Object[] { "urn:x:adagio", "urn:x:awol" }));
1939
1940                 //Setup the engine
1941                 parser.parse(new InputSource(new StringReader(rawArp)));
1942                 Arp siteArp = new Arp();
1943                 siteArp.marshall(parser.getDocument().getDocumentElement());
1944                 repository.update(siteArp);
1945                 ArpEngine engine = new ArpEngine(repository);
1946
1947                 //Apply the ARP
1948                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1949
1950                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1951         }
1952         /**
1953          * ARPs: A site ARP only
1954          * Target: Specific shar, Specific resource
1955          * Attribute: Deny specific values by regex
1956          */
1957         void arpApplicationTest23(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1958
1959                 //Gather the Input
1960                 String rawArp =
1961                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1962                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1963                                 + "                     <Rule>"
1964                                 + "                             <Target>"
1965                                 + "                                     <Requester>shar.example.edu</Requester>"
1966                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1967                                 + "                             </Target>"
1968                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1969                                 + "                                     <AnyValue release=\"permit\" />"
1970                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1971                                 + "                             </Attribute>"
1972                                 + "                     </Rule>"
1973                                 + "     </AttributeReleasePolicy>";
1974
1975                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1976                 URL url1 = new URL("http://www.example.edu/index.html");
1977                 AAAttributeSet inputSet =
1978                         new AAAttributeSet(
1979                                 new AAAttribute(
1980                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1981                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1982                 AAAttributeSet releaseSet =
1983                         new AAAttributeSet(
1984                                 new AAAttribute(
1985                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1986                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar" }));
1987
1988                 //Setup the engine
1989                 parser.parse(new InputSource(new StringReader(rawArp)));
1990                 Arp siteArp = new Arp();
1991                 siteArp.marshall(parser.getDocument().getDocumentElement());
1992                 repository.update(siteArp);
1993                 ArpEngine engine = new ArpEngine(repository);
1994
1995                 //Apply the ARP
1996                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1997
1998                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1999         }
2000
2001         /**
2002          * ARPs: A site ARP only
2003          * Target: Specific shar, Specific resource
2004          * Attribute: No matches on specific values should yield no attribute
2005          */
2006         void arpApplicationTest24(ArpRepository repository, Parser.DOMParser parser) throws Exception {
2007
2008                 //Gather the Input
2009                 String rawArp =
2010                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
2011                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
2012                                 + "                     <Rule>"
2013                                 + "                             <Target>"
2014                                 + "                                     <Requester>shar.example.edu</Requester>"
2015                                 + "                                     <Resource>http://www.example.edu/</Resource>"
2016                                 + "                             </Target>"
2017                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
2018                                 + "                                     <AnyValue release=\"permit\" />"
2019                                 + "                             </Attribute>"
2020                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
2021                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>"
2022                                 + "                             </Attribute>"
2023                                 + "                     </Rule>"
2024                                 + "     </AttributeReleasePolicy>";
2025
2026                 Principal principal1 = new AuthNPrincipal("Test2Principal");
2027                 URL url1 = new URL("http://www.example.edu/index.html");
2028                 AAAttributeSet inputSet =
2029                         new AAAttributeSet(
2030                                 new AAAttribute[] {
2031                                         new AAAttribute(
2032                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
2033                                                 new Object[] { "urn:x:bar", "urn:x:adagio" }),
2034                                         new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" })
2035                 });
2036                 AAAttributeSet releaseSet =
2037                         new AAAttributeSet(
2038                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" }));
2039
2040                 //Setup the engine
2041                 parser.parse(new InputSource(new StringReader(rawArp)));
2042                 Arp siteArp = new Arp();
2043                 siteArp.marshall(parser.getDocument().getDocumentElement());
2044                 repository.update(siteArp);
2045                 ArpEngine engine = new ArpEngine(repository);
2046
2047                 //Apply the ARP
2048                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2049
2050                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
2051         }
2052
2053 }