2b5c4a9a88d1c19ab9b410174f3b893a83db4be4
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.File;
54 import java.io.FileInputStream;
55 import java.io.FileNotFoundException;
56 import java.io.InputStream;
57 import java.io.StringReader;
58 import java.net.MalformedURLException;
59 import java.net.URI;
60 import java.net.URISyntaxException;
61 import java.net.URL;
62 import java.security.Principal;
63 import java.util.Arrays;
64 import java.util.HashSet;
65 import java.util.Properties;
66
67 import junit.framework.TestCase;
68
69 import org.apache.log4j.BasicConfigurator;
70 import org.apache.log4j.Level;
71 import org.apache.log4j.Logger;
72 import org.apache.xerces.parsers.DOMParser;
73 import org.apache.xml.serialize.OutputFormat;
74 import org.apache.xml.serialize.XMLSerializer;
75 import org.xml.sax.EntityResolver;
76 import org.xml.sax.ErrorHandler;
77 import org.xml.sax.InputSource;
78 import org.xml.sax.SAXException;
79 import org.xml.sax.SAXParseException;
80
81 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
82 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
83 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
84
85 /**
86  * Validation suite for <code>Arp</code> processing.
87  * 
88  * @author Walter Hoehn(wassa@columbia.edu)
89  */
90
91 public class ArpTests extends TestCase {
92
93         private DOMParser parser = new DOMParser();
94         private String[] arpExamples =
95                 {
96                         "data/example1.xml",
97                         "data/example2.xml",
98                         "data/example3.xml",
99                         "data/example4.xml",
100                         "data/example5.xml",
101                         "data/example6.xml",
102                         "data/example7.xml",
103                         "data/example8.xml",
104                         "data/example9.xml",
105                         "data/example10.xml",
106                         "data/example11.xml",
107                         "data/example12.xml" };
108
109         public ArpTests(String name) {
110                 super(name);
111                 BasicConfigurator.resetConfiguration();
112                 BasicConfigurator.configure();
113                 Logger.getRootLogger().setLevel(Level.OFF);
114         }
115
116         public static void main(String[] args) {
117                 junit.textui.TestRunner.run(ArpTests.class);
118                 BasicConfigurator.configure();
119                 Logger.getRootLogger().setLevel(Level.OFF);
120         }
121
122         /**
123          * @see junit.framework.TestCase#setUp()
124          */
125         protected void setUp() throws Exception {
126                 super.setUp();
127                 try {
128                         parser.setFeature("http://xml.org/sax/features/validation", true);
129                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
130                         parser.setEntityResolver(new EntityResolver() {
131                                 public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
132
133                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
134                                                 InputStream stream;
135                                                 try {
136                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
137                                                         if (stream != null) {
138                                                                 return new InputSource(stream);
139                                                         }
140                                                         throw new SAXException("Could not load entity: Null input stream");
141                                                 } catch (FileNotFoundException e) {
142                                                         throw new SAXException("Could not load entity: " + e);
143                                                 }
144                                         } else {
145                                                 return null;
146                                         }
147                                 }
148                         });
149
150                         parser.setErrorHandler(new ErrorHandler() {
151                                 public void error(SAXParseException arg0) throws SAXException {
152                                         throw new SAXException("Error parsing xml file: " + arg0);
153                                 }
154                                 public void fatalError(SAXParseException arg0) throws SAXException {
155                                         throw new SAXException("Error parsing xml file: " + arg0);
156                                 }
157                                 public void warning(SAXParseException arg0) throws SAXException {
158                                         throw new SAXException("Error parsing xml file: " + arg0);
159                                 }
160                         });
161                 } catch (Exception e) {
162                         fail("Failed to setup xml parser: " + e);
163                 }
164
165         }
166
167         public void testArpMarshalling() {
168
169                 //Test ARP description
170                 try {
171                         InputStream inStream = new FileInputStream("data/arp1.xml");
172                         parser.parse(new InputSource(inStream));
173                         Arp arp1 = new Arp();
174                         arp1.marshall(parser.getDocument().getDocumentElement());
175                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
176
177                         //Test Rule description
178                         assertEquals(
179                                 "ARP Rule Description not marshalled properly",
180                                 arp1.getAllRules()[0].getDescription(),
181                                 "Example Rule Description.");
182                 } catch (Exception e) {
183                         fail("Failed to marshall ARP: " + e);
184                 }
185
186                 //Test case where ARP description does not exist
187                 try {
188                         InputStream inStream = new FileInputStream("data/arp2.xml");
189                         parser.parse(new InputSource(inStream));
190                         Arp arp2 = new Arp();
191                         arp2.marshall(parser.getDocument().getDocumentElement());
192                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
193
194                         //Test case where ARP Rule description does not exist   
195                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
196                 } catch (Exception e) {
197                         fail("Failed to marshall ARP.");
198                 }
199
200         }
201
202         public void testMatchingFunctions() {
203
204                 try {
205
206                         /*
207                          * Test Arp Engine function retrieval
208                          */
209
210                         //Lookup a function that doesn't exist
211                         MatchFunction noFunction =
212                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
213                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
214
215                         //Lookup some real functions
216                         MatchFunction exactSharFunction =
217                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
218                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
219                         MatchFunction resourceTreeFunction =
220                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
221                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
222                         MatchFunction regexFunction =
223                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
224                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
225
226                         /* 
227                          * Test the Exact SHAR function (requester)
228                          */
229
230                         assertTrue(
231                                 "Exact SHAR function: false negative",
232                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
233                         assertTrue(
234                                 "Exact SHAR function: false negative",
235                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
236                         assertTrue(
237                                 "Exact SHAR function: false negative",
238                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
239
240                         //Make sure we properly handle bad input
241                         try {
242                                 exactSharFunction.match(null, null);
243                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
244                         } catch (ArpException ie) {
245                                 //This is supposed to fail
246                         }
247
248                         /*
249                          * Test the Resource Tree function (resource)
250                          */
251
252                         URL requestURL1 = new URL("http://www.example.edu/test/");
253                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
254                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
255                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
256
257                         assertTrue(
258                                 "Resource Tree function: false negative",
259                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
260                         assertTrue(
261                                 "Resource Tree function: false positive",
262                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
263                         assertTrue(
264                                 "Resource Tree function: false negative",
265                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
266                         assertTrue(
267                                 "Resource Tree function: false positive",
268                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
269                         assertTrue(
270                                 "Resource Tree function: false negative",
271                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
272                         assertTrue(
273                                 "Resource Tree function: false negative",
274                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
275                         assertTrue(
276                                 "Resource Tree function: false negative",
277                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
278                         assertTrue(
279                                 "Resource Tree function: false positive",
280                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
281                         assertTrue(
282                                 "Resource Tree function: false negative",
283                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
284                         assertTrue(
285                                 "Resource Tree function: false negative",
286                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
287                         assertTrue(
288                                 "Resource Tree function: false negative",
289                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
290                         assertTrue(
291                                 "Resource Tree function: false positive",
292                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
293
294                         //Make sure we properly handle bad input
295                         try {
296                                 resourceTreeFunction.match(null, null);
297                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
298                         } catch (ArpException ie) {
299                                 //This is supposed to fail
300                         }
301                         try {
302                                 resourceTreeFunction.match("Test", "Test");
303                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
304                         } catch (ArpException ie) {
305                                 //This is supposed to fail
306                         }
307
308                         /*
309                          * Test the Regex function (requester & resource)
310                          */
311
312                         //Try requester regexes
313                         assertTrue(
314                                 "Regex function: false negative",
315                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
316                         assertTrue(
317                                 "Regex function: false negative",
318                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
319                         assertTrue(
320                                 "Regex function: false negative",
321                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
322                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
323                         assertTrue(
324                                 "Regex function: false positive",
325                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
326                         assertTrue(
327                                 "Regex function: false positive",
328                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
329                         assertTrue(
330                                 "Regex function: false positive",
331                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
332
333                         //Try resource regexes
334                         assertTrue(
335                                 "Regex function: false negative",
336                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
337                         assertTrue(
338                                 "Regex function: false negative",
339                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
340                         assertTrue(
341                                 "Regex function: false negative",
342                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
343                         assertTrue(
344                                 "Regex function: false negative",
345                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
346                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
347                         assertTrue(
348                                 "Regex function: false positive",
349                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
350                         assertTrue(
351                                 "Regex function: false positive",
352                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
353
354                         //Make sure we properly handle bad input
355                         try {
356                                 regexFunction.match(null, null);
357                                 fail("Regex function seems to take improper input without throwing an exception.");
358                         } catch (ArpException ie) {
359                                 //This is supposed to fail
360                         }
361
362                 } catch (ArpException e) {
363                         fail("Encountered a problem loading match function: " + e);
364                 } catch (URISyntaxException e) {
365                         fail("Unable to create URI from test string.");
366                 } catch (MalformedURLException e) {
367                         fail("Couldn't create test URLs: " + e);
368                 }
369
370         }
371
372         public void testRepositories() {
373
374                 /*
375                  * Test the Factory
376                  */
377
378                 //Make sure we fail if no Repository is specified
379                 Properties props = new Properties();
380                 try {
381                         ArpRepositoryFactory.getInstance(props);
382                 } catch (ArpRepositoryException e) {
383                         //This is supposed to fail
384                 }
385
386                 // Make sure we can create an Arp Repository
387                 props.setProperty(
388                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
389                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
390                 ArpRepository repository = null;
391                 try {
392                         repository = ArpRepositoryFactory.getInstance(props);
393                 } catch (ArpRepositoryException e) {
394                         fail("Failed to create memory-based Arp Repository" + e);
395                 }
396                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
397
398                 /*
399                  * Exercise the Memory Arp Repository
400                  */
401
402                 //Set/retrieve/remove a Site ARP
403                 Arp siteArp1 = new Arp();
404                 siteArp1.setDescription("Test Site Arp 1.");
405                 try {
406                         repository.update(siteArp1);
407                         assertEquals(
408                                 "Memory Repository does not store and retrieve Site ARPs properly.",
409                                 siteArp1,
410                                 repository.getSitePolicy());
411                         repository.remove(repository.getSitePolicy());
412                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
413                 } catch (ArpRepositoryException e) {
414                         fail("Error adding Site ARP to Memory Repository.");
415                 }
416
417                 //Set/retrieve/delete some user ARPs
418                 Arp userArp1 = new Arp();
419                 userArp1.setDescription("Broken User Arp 1.");
420                 try {
421                         repository.update(userArp1);
422                         assertTrue(
423                                 "Memory Repository does not store and retrieve User ARPs properly.",
424                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
425                 } catch (ArpRepositoryException e) {
426                         fail("Error adding User ARP to Memory Repository.");
427                 }
428
429                 Arp userArp2 = new Arp(new AuthNPrincipal("TestPrincipal"));
430                 userArp2.setDescription("Test User Arp 2.");
431                 try {
432                         repository.update(userArp2);
433                         assertEquals(
434                                 "Memory Repository does not store and retrieve User ARPs properly.",
435                                 userArp2,
436                                 repository.getUserPolicy(userArp2.getPrincipal()));
437                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
438                         assertNull(
439                                 "Memorty Repository does not properly delete User ARPs.",
440                                 repository.getUserPolicy(userArp2.getPrincipal()));
441                 } catch (ArpRepositoryException e) {
442                         fail("Error adding User ARP to Memory Repository.");
443                 }
444
445                 /*
446                  * Exercise the Memory Arp Repository
447                  */
448
449                 //create a repository
450                 props.setProperty(
451                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
452                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
453                 props.setProperty(
454                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
455                         new File("data/").toURI().toString());
456                 props.setProperty("edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL", "65535");
457                 repository = null;
458                 try {
459                         repository = ArpRepositoryFactory.getInstance(props);
460                 } catch (ArpRepositoryException e) {
461                         fail("Failed to create file-based Arp Repository" + e.getMessage());
462                 }
463                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
464
465                 try {
466                         Arp siteArp = repository.getSitePolicy();
467
468                         InputStream inStream = new FileInputStream("data/arp.site.xml");
469                         parser.parse(new InputSource(inStream));
470                         ByteArrayOutputStream directXML = new ByteArrayOutputStream();
471                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
472
473                         ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
474                         new XMLSerializer(processedXML, new OutputFormat()).serialize(siteArp.unmarshall());
475
476                         assertTrue(
477                                 "File-based ARP Repository did not return the correct site ARP.",
478                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
479                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
480
481                         Arp userArp = repository.getUserPolicy(new AuthNPrincipal("test"));
482
483                         inStream = new FileInputStream("data/arp.user.test.xml");
484                         parser.parse(new InputSource(inStream));
485                         directXML = new ByteArrayOutputStream();
486                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
487
488                         processedXML = new ByteArrayOutputStream();
489                         new XMLSerializer(processedXML, new OutputFormat()).serialize(userArp.unmarshall());
490
491                         assertTrue(
492                                 "File-based ARP Repository did not return the correct user ARP.",
493                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
494                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
495
496                         Arp[] allArps = repository.getAllPolicies(new AuthNPrincipal("test"));
497
498                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
499
500                 } catch (Exception e) {
501                         fail("Error retrieving ARP from Repository: " + e);
502                 }
503
504         }
505
506         public void testPossibleReleaseSetComputation() {
507                 Properties props = new Properties();
508                 props.setProperty(
509                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
510                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
511                 ArpRepository repository = null;
512                 try {
513                         repository = ArpRepositoryFactory.getInstance(props);
514                 } catch (ArpRepositoryException e) {
515                         fail("Failed to create memory-based Arp Repository" + e);
516                 }
517
518                 try {
519                         Principal principal1 = new AuthNPrincipal("TestPrincipal");
520                         URL url1 = new URL("http://www.example.edu/");
521                         URI[] list1 = { new URI("urn:mace:dir:attribute-def:eduPersonAffiliation")};
522                         URI[] list2 =
523                                 {
524                                         new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"),
525                                         new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName")};
526                         URI[] list3 = new URI[0];
527
528                         //Test with just a site ARP
529                         InputStream inStream = new FileInputStream("data/arp1.xml");
530                         parser.parse(new InputSource(inStream));
531                         Arp arp1 = new Arp();
532                         arp1.marshall(parser.getDocument().getDocumentElement());
533                         repository.update(arp1);
534                         ArpEngine engine = new ArpEngine(repository, props);
535                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
536                         assertEquals(
537                                 "Incorrectly computed possible release set (1).",
538                                 new HashSet(Arrays.asList(possibleAttributes)),
539                                 new HashSet(Arrays.asList(list1)));
540
541                         //Test with site and user ARPs
542                         inStream = new FileInputStream("data/arp7.xml");
543                         parser.parse(new InputSource(inStream));
544                         Arp arp7 = new Arp();
545                         arp7.setPrincipal(principal1);
546                         arp7.marshall(parser.getDocument().getDocumentElement());
547                         repository.update(arp7);
548                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
549                         assertEquals(
550                                 "Incorrectly computed possible release set (2).",
551                                 new HashSet(Arrays.asList(possibleAttributes)),
552                                 new HashSet(Arrays.asList(list2)));
553
554                         //Ensure that explicit denies on any value are not in the release set
555                         inStream = new FileInputStream("data/arp6.xml");
556                         parser.parse(new InputSource(inStream));
557                         Arp arp6 = new Arp();
558                         arp6.setPrincipal(principal1);
559                         arp6.marshall(parser.getDocument().getDocumentElement());
560                         repository.update(arp6);
561                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
562                         assertEquals(
563                                 "Incorrectly computed possible release set (3).",
564                                 new HashSet(Arrays.asList(possibleAttributes)),
565                                 new HashSet(Arrays.asList(list3)));
566
567                 } catch (Exception e) {
568                         e.printStackTrace();
569                         fail("Failed to marshall ARP: " + e);
570                 }
571
572         }
573
574         public void testArpApplication() {
575
576                 //Setup a test ARP repository
577                 Properties props = new Properties();
578                 props.setProperty(
579                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
580                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
581                 ArpRepository repository = null;
582                 try {
583                         repository = ArpRepositoryFactory.getInstance(props);
584                 } catch (ArpRepositoryException e) {
585                         fail("Failed to create memory-based Arp Repository" + e);
586                 }
587
588                 try {
589
590                         arpApplicationTest1(repository, props, parser);
591                         arpApplicationTest2(repository, props, parser);
592                         arpApplicationTest3(repository, props, parser);
593                         arpApplicationTest4(repository, props, parser);
594                         arpApplicationTest5(repository, props, parser);
595                         arpApplicationTest6(repository, props, parser);
596                         arpApplicationTest7(repository, props, parser);
597                         arpApplicationTest8(repository, props, parser);
598                         arpApplicationTest9(repository, props, parser);
599                         arpApplicationTest10(repository, props, parser);
600                         arpApplicationTest11(repository, props, parser);
601                         arpApplicationTest12(repository, props, parser);
602                         arpApplicationTest13(repository, props, parser);
603                         arpApplicationTest14(repository, props, parser);
604                         arpApplicationTest15(repository, props, parser);
605                         arpApplicationTest16(repository, props, parser);
606                         arpApplicationTest17(repository, props, parser);
607                         arpApplicationTest18(repository, props, parser);
608                         arpApplicationTest19(repository, props, parser);
609                         arpApplicationTest20(repository, props, parser);
610                         arpApplicationTest21(repository, props, parser);
611                         arpApplicationTest22(repository, props, parser);
612                         arpApplicationTest23(repository, props, parser);
613                         arpApplicationTest24(repository, props, parser);
614
615                 } catch (Exception e) {
616                         e.printStackTrace();
617                         fail("Failed to apply filter to ARPs: " + e);
618                 }
619         }
620
621         public void testRoundtripMarshalling() {
622
623                 try {
624                         for (int i = 0; i < arpExamples.length; i++) {
625
626                                 InputStream inStream = new FileInputStream(arpExamples[i]);
627                                 parser.parse(new InputSource(inStream));
628                                 ByteArrayOutputStream directXML = new ByteArrayOutputStream();
629                                 new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
630
631                                 Arp arp1 = new Arp();
632                                 arp1.marshall(parser.getDocument().getDocumentElement());
633
634                                 ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
635                                 new XMLSerializer(processedXML, new OutputFormat()).serialize(arp1.unmarshall());
636
637                                 assertTrue(
638                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
639                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
640                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
641                         }
642
643                 } catch (Exception e) {
644                         fail("Failed to marshall ARP: " + e);
645                 }
646
647         }
648         /**
649          * ARPs: A site ARP only
650          * Target: Any
651          * Attribute: Any value release,
652          */
653         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
654
655                 //Gather the Input
656                 String rawArp =
657                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
658                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
659                                 + "                     <Rule>"
660                                 + "                             <Target>"
661                                 + "                                     <AnyTarget/>"
662                                 + "                             </Target>"
663                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
664                                 + "                                     <AnyValue release=\"permit\"/>"
665                                 + "                             </Attribute>"
666                                 + "                     </Rule>"
667                                 + "     </AttributeReleasePolicy>";
668
669                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
670                 URL url1 = new URL("http://www.example.edu/");
671                 AAAttributeSet inputSet =
672                         new AAAttributeSet(
673                                 new AAAttribute(
674                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
675                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
676
677                 AAAttributeSet releaseSet =
678                         new AAAttributeSet(
679                                 new AAAttribute(
680                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
681                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
682
683                 //Setup the engine
684                 parser.parse(new InputSource(new StringReader(rawArp)));
685                 Arp siteArp = new Arp();
686                 siteArp.marshall(parser.getDocument().getDocumentElement());
687                 repository.update(siteArp);
688                 ArpEngine engine = new ArpEngine(repository, props);
689
690                 //Apply the ARP
691                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
692
693                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
694         }
695
696         /**
697          * ARPs: A site ARP only
698          * Target: Any
699          * Attribute: Any value release, implicit deny
700          */
701         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
702
703                 //Gather the Input
704                 String rawArp =
705                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
706                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
707                                 + "                     <Rule>"
708                                 + "                             <Target>"
709                                 + "                                     <AnyTarget/>"
710                                 + "                             </Target>"
711                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
712                                 + "                                     <AnyValue release=\"permit\"/>"
713                                 + "                             </Attribute>"
714                                 + "                     </Rule>"
715                                 + "     </AttributeReleasePolicy>";
716
717                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
718                 URL url1 = new URL("http://www.example.edu/");
719                 AAAttributeSet inputSet =
720                         new AAAttributeSet(
721                                 new AAAttribute[] {
722                                         new AAAttribute(
723                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
724                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
725                                         new AAAttribute(
726                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
727                                                 new Object[] { "mehoehn@example.edu" })
728                 });
729
730                 AAAttributeSet releaseSet =
731                         new AAAttributeSet(
732                                 new AAAttribute[] {
733                                          new AAAttribute(
734                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
735                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
736                 });
737
738                 //Setup the engine
739                 parser.parse(new InputSource(new StringReader(rawArp)));
740                 Arp siteArp = new Arp();
741                 siteArp.marshall(parser.getDocument().getDocumentElement());
742                 repository.update(siteArp);
743                 ArpEngine engine = new ArpEngine(repository, props);
744
745                 //Apply the ARP
746                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
747
748                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
749         }
750
751         /**
752          * ARPs: A site ARP only
753          * Target: Any
754          * Attribute: One value release
755          */
756         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
757
758                 //Gather the Input
759                 String rawArp =
760                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
761                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
762                                 + "                     <Rule>"
763                                 + "                             <Target>"
764                                 + "                                     <AnyTarget/>"
765                                 + "                             </Target>"
766                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
767                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
768                                 + "                             </Attribute>"
769                                 + "                     </Rule>"
770                                 + "     </AttributeReleasePolicy>";
771
772                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
773                 URL url1 = new URL("http://www.example.edu/");
774                 AAAttributeSet inputSet =
775                         new AAAttributeSet(
776                                 new AAAttribute(
777                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
778                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
779                 AAAttributeSet releaseSet =
780                         new AAAttributeSet(
781                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member@example.edu" }));
782
783                 //Setup the engine
784                 parser.parse(new InputSource(new StringReader(rawArp)));
785                 Arp siteArp = new Arp();
786                 siteArp.marshall(parser.getDocument().getDocumentElement());
787                 repository.update(siteArp);
788                 ArpEngine engine = new ArpEngine(repository, props);
789
790                 //Apply the ARP
791                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
792
793                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
794         }
795
796         /**
797          * ARPs: A site ARP only
798          * Target: Any
799          * Attribute: Any value except one release, canonical representation
800          */
801         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
802
803                 //Gather the Input
804                 String rawArp =
805                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
806                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
807                                 + "                     <Rule>"
808                                 + "                             <Target>"
809                                 + "                                     <AnyTarget/>"
810                                 + "                             </Target>"
811                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
812                                 + "                                     <AnyValue release=\"permit\"/>"
813                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
814                                 + "                             </Attribute>"
815                                 + "                     </Rule>"
816                                 + "     </AttributeReleasePolicy>";
817
818                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
819                 URL url1 = new URL("http://www.example.edu/");
820                 AAAttributeSet inputSet =
821                         new AAAttributeSet(
822                                 new AAAttribute(
823                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
824                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
825                 AAAttributeSet releaseSet =
826                         new AAAttributeSet(
827                                 new AAAttribute(
828                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
829                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
830
831                 //Setup the engine
832                 parser.parse(new InputSource(new StringReader(rawArp)));
833                 Arp siteArp = new Arp();
834                 siteArp.marshall(parser.getDocument().getDocumentElement());
835                 repository.update(siteArp);
836                 ArpEngine engine = new ArpEngine(repository, props);
837
838                 //Apply the ARP
839                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
840
841                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
842         }
843
844         /**
845          * ARPs: A site ARP only
846          * Target: Any
847          * Attribute: Any value except one release, expanded representation
848          */
849         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
850
851                 //Gather the Input
852                 String rawArp =
853                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
854                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
855                                 + "                     <Rule>"
856                                 + "                             <Target>"
857                                 + "                                     <AnyTarget/>"
858                                 + "                             </Target>"
859                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
860                                 + "                                     <AnyValue release=\"permit\"/>"
861                                 + "                             </Attribute>"
862                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
863                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
864                                 + "                             </Attribute>"
865                                 + "                     </Rule>"
866                                 + "     </AttributeReleasePolicy>";
867
868                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
869                 URL url1 = new URL("http://www.example.edu/");
870                 AAAttributeSet inputSet =
871                         new AAAttributeSet(
872                                 new AAAttribute(
873                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
874                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
875                 AAAttributeSet releaseSet =
876                         new AAAttributeSet(
877                                 new AAAttribute(
878                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
879                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
880
881                 //Setup the engine
882                 parser.parse(new InputSource(new StringReader(rawArp)));
883                 Arp siteArp = new Arp();
884                 siteArp.marshall(parser.getDocument().getDocumentElement());
885                 repository.update(siteArp);
886                 ArpEngine engine = new ArpEngine(repository, props);
887
888                 //Apply the ARP
889                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
890
891                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
892         }
893
894         /**
895          * ARPs: A site ARP only
896          * Target: Any
897          * Attribute: Any value except two release, expanded representation
898          */
899         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
900
901                 //Gather the Input
902                 String rawArp =
903                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
904                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
905                                 + "                     <Rule>"
906                                 + "                             <Target>"
907                                 + "                                     <AnyTarget/>"
908                                 + "                             </Target>"
909                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
910                                 + "                                     <AnyValue release=\"permit\"/>"
911                                 + "                             </Attribute>"
912                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
913                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
914                                 + "                             </Attribute>"
915                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
916                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
917                                 + "                             </Attribute>"
918                                 + "                     </Rule>"
919                                 + "     </AttributeReleasePolicy>";
920
921                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
922                 URL url1 = new URL("http://www.example.edu/");
923                 AAAttributeSet inputSet =
924                         new AAAttributeSet(
925                                 new AAAttribute(
926                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
927                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
928                 AAAttributeSet releaseSet =
929                         new AAAttributeSet(
930                                 new AAAttribute(
931                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
932                                         new Object[] { "employee@example.edu" }));
933
934                 //Setup the engine
935                 parser.parse(new InputSource(new StringReader(rawArp)));
936                 Arp siteArp = new Arp();
937                 siteArp.marshall(parser.getDocument().getDocumentElement());
938                 repository.update(siteArp);
939                 ArpEngine engine = new ArpEngine(repository, props);
940
941                 //Apply the ARP
942                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
943
944                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
945         }
946
947         /**
948          * ARPs: A site ARP only
949          * Target: Any
950          * Attribute: Two value release, canonical representation
951          */
952         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
953
954                 //Gather the Input
955                 String rawArp =
956                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
957                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
958                                 + "                     <Rule>"
959                                 + "                             <Target>"
960                                 + "                                     <AnyTarget/>"
961                                 + "                             </Target>"
962                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
963                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
964                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
965                                 + "                             </Attribute>"
966                                 + "                     </Rule>"
967                                 + "     </AttributeReleasePolicy>";
968
969                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
970                 URL url1 = new URL("http://www.example.edu/");
971                 AAAttributeSet inputSet =
972                         new AAAttributeSet(
973                                 new AAAttribute(
974                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
975                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
976                 AAAttributeSet releaseSet =
977                         new AAAttributeSet(
978                                 new AAAttribute(
979                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
980                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
981
982                 //Setup the engine
983                 parser.parse(new InputSource(new StringReader(rawArp)));
984                 Arp siteArp = new Arp();
985                 siteArp.marshall(parser.getDocument().getDocumentElement());
986                 repository.update(siteArp);
987                 ArpEngine engine = new ArpEngine(repository, props);
988
989                 //Apply the ARP
990                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
991
992                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
993         }
994
995         /**
996          * ARPs: A site ARP only
997          * Target: Any
998          * Attribute: Two value release, expanded representation
999          */
1000         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1001
1002                 //Gather the Input
1003                 String rawArp =
1004                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1005                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1006                                 + "                     <Rule>"
1007                                 + "                             <Target>"
1008                                 + "                                     <AnyTarget/>"
1009                                 + "                             </Target>"
1010                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1011                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1012                                 + "                             </Attribute>"
1013                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1014                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1015                                 + "                             </Attribute>"
1016                                 + "                     </Rule>"
1017                                 + "     </AttributeReleasePolicy>";
1018
1019                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1020                 URL url1 = new URL("http://www.example.edu/");
1021                 AAAttributeSet inputSet =
1022                         new AAAttributeSet(
1023                                 new AAAttribute(
1024                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1025                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1026                 AAAttributeSet releaseSet =
1027                         new AAAttributeSet(
1028                                 new AAAttribute(
1029                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1030                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1031
1032                 //Setup the engine
1033                 parser.parse(new InputSource(new StringReader(rawArp)));
1034                 Arp siteArp = new Arp();
1035                 siteArp.marshall(parser.getDocument().getDocumentElement());
1036                 repository.update(siteArp);
1037                 ArpEngine engine = new ArpEngine(repository, props);
1038
1039                 //Apply the ARP
1040                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1041
1042                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1043         }
1044
1045         /**
1046          * ARPs: A site ARP only
1047          * Target: Any
1048          * Attribute: Any value deny
1049          */
1050         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1051
1052                 //Gather the Input
1053                 String rawArp =
1054                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1055                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1056                                 + "                     <Rule>"
1057                                 + "                             <Target>"
1058                                 + "                                     <AnyTarget/>"
1059                                 + "                             </Target>"
1060                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1061                                 + "                                     <AnyValue release=\"deny\"/>"
1062                                 + "                             </Attribute>"
1063                                 + "                     </Rule>"
1064                                 + "     </AttributeReleasePolicy>";
1065
1066                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1067                 URL url1 = new URL("http://www.example.edu/");
1068                 AAAttributeSet inputSet =
1069                         new AAAttributeSet(
1070                                 new AAAttribute(
1071                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1072                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1073
1074                 //Setup the engine
1075                 parser.parse(new InputSource(new StringReader(rawArp)));
1076                 Arp siteArp = new Arp();
1077                 siteArp.marshall(parser.getDocument().getDocumentElement());
1078                 repository.update(siteArp);
1079                 ArpEngine engine = new ArpEngine(repository, props);
1080
1081                 //Apply the ARP
1082                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1083
1084                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1085         }
1086
1087         /**
1088          * ARPs: A site ARP only
1089          * Target: Any
1090          * Attribute: Any value deny trumps explicit permit expanded representation
1091          */
1092         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1093
1094                 //Gather the Input
1095                 String rawArp =
1096                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1097                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1098                                 + "                     <Rule>"
1099                                 + "                             <Target>"
1100                                 + "                                     <AnyTarget/>"
1101                                 + "                             </Target>"
1102                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1103                                 + "                                     <AnyValue release=\"deny\"/>"
1104                                 + "                             </Attribute>"
1105                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1106                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1107                                 + "                             </Attribute>"
1108                                 + "                     </Rule>"
1109                                 + "     </AttributeReleasePolicy>";
1110
1111                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1112                 URL url1 = new URL("http://www.example.edu/");
1113                 AAAttributeSet inputSet =
1114                         new AAAttributeSet(
1115                                 new AAAttribute(
1116                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1117                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1118
1119                 //Setup the engine
1120                 parser.parse(new InputSource(new StringReader(rawArp)));
1121                 Arp siteArp = new Arp();
1122                 siteArp.marshall(parser.getDocument().getDocumentElement());
1123                 repository.update(siteArp);
1124                 ArpEngine engine = new ArpEngine(repository, props);
1125
1126                 //Apply the ARP
1127                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1128
1129                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1130         }
1131
1132         /**
1133          * ARPs: A site ARP only
1134          * Target: Any
1135          * Attribute: Any value deny trumps explicit permit canonical representation
1136          */
1137         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1138
1139                 //Gather the Input
1140                 String rawArp =
1141                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1142                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1143                                 + "                     <Rule>"
1144                                 + "                             <Target>"
1145                                 + "                                     <AnyTarget/>"
1146                                 + "                             </Target>"
1147                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1148                                 + "                                     <AnyValue release=\"deny\"/>"
1149                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1150                                 + "                             </Attribute>"
1151                                 + "                     </Rule>"
1152                                 + "     </AttributeReleasePolicy>";
1153
1154                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1155                 URL url1 = new URL("http://www.example.edu/");
1156                 AAAttributeSet inputSet =
1157                         new AAAttributeSet(
1158                                 new AAAttribute(
1159                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1160                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1161
1162                 //Setup the engine
1163                 parser.parse(new InputSource(new StringReader(rawArp)));
1164                 Arp siteArp = new Arp();
1165                 siteArp.marshall(parser.getDocument().getDocumentElement());
1166                 repository.update(siteArp);
1167                 ArpEngine engine = new ArpEngine(repository, props);
1168
1169                 //Apply the ARP
1170                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1171
1172                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1173         }
1174
1175         /**
1176          * ARPs: A site ARP only
1177          * Target: Specific shar, Any Resource
1178          * Attribute: Any value release
1179          */
1180         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1181
1182                 //Gather the Input
1183                 String rawArp =
1184                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1185                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1186                                 + "                     <Rule>"
1187                                 + "                             <Target>"
1188                                 + "                                     <Requester>shar.example.edu</Requester>"
1189                                 + "                                     <AnyResource />"
1190                                 + "                             </Target>"
1191                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1192                                 + "                                     <AnyValue release=\"permit\"/>"
1193                                 + "                             </Attribute>"
1194                                 + "                     </Rule>"
1195                                 + "     </AttributeReleasePolicy>";
1196
1197                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1198                 URL url1 = new URL("http://www.example.edu/");
1199                 AAAttributeSet inputSet =
1200                         new AAAttributeSet(
1201                                 new AAAttribute(
1202                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1203                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1204                 AAAttributeSet releaseSet =
1205                         new AAAttributeSet(
1206                                 new AAAttribute(
1207                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1208                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1209
1210                 //Setup the engine
1211                 parser.parse(new InputSource(new StringReader(rawArp)));
1212                 Arp siteArp = new Arp();
1213                 siteArp.marshall(parser.getDocument().getDocumentElement());
1214                 repository.update(siteArp);
1215                 ArpEngine engine = new ArpEngine(repository, props);
1216
1217                 //Apply the ARP
1218                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1219
1220                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1221         }
1222
1223         /**
1224          * ARPs: A site ARP only
1225          * Target: Specific shar, Any Resource (another example)
1226          * Attribute: Any value release
1227          */
1228         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1229
1230                 //Gather the Input
1231                 String rawArp =
1232                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1233                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1234                                 + "                     <Rule>"
1235                                 + "                             <Target>"
1236                                 + "                                     <Requester>shar.example.edu</Requester>"
1237                                 + "                                     <AnyResource />"
1238                                 + "                             </Target>"
1239                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1240                                 + "                                     <AnyValue release=\"permit\"/>"
1241                                 + "                             </Attribute>"
1242                                 + "                     </Rule>"
1243                                 + "     </AttributeReleasePolicy>";
1244
1245                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1246                 URL url1 = new URL("https://foo.com/");
1247                 AAAttributeSet inputSet =
1248                         new AAAttributeSet(
1249                                 new AAAttribute(
1250                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1251                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1252                 AAAttributeSet releaseSet =
1253                         new AAAttributeSet(
1254                                 new AAAttribute(
1255                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1256                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1257
1258                 //Setup the engine
1259                 parser.parse(new InputSource(new StringReader(rawArp)));
1260                 Arp siteArp = new Arp();
1261                 siteArp.marshall(parser.getDocument().getDocumentElement());
1262                 repository.update(siteArp);
1263                 ArpEngine engine = new ArpEngine(repository, props);
1264
1265                 //Apply the ARP
1266                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1267
1268                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1269         }
1270
1271         /**
1272          * ARPs: A site ARP only
1273          * Target: Specific shar (no match), Any Resource
1274          * Attribute: Any value release
1275          */
1276         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1277
1278                 //Gather the Input
1279                 String rawArp =
1280                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1281                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1282                                 + "                     <Rule>"
1283                                 + "                             <Target>"
1284                                 + "                                     <Requester>shar.example.edu</Requester>"
1285                                 + "                                     <AnyResource />"
1286                                 + "                             </Target>"
1287                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1288                                 + "                                     <AnyValue release=\"permit\"/>"
1289                                 + "                             </Attribute>"
1290                                 + "                     </Rule>"
1291                                 + "     </AttributeReleasePolicy>";
1292
1293                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1294                 URL url1 = new URL("http://www.example.edu/");
1295                 AAAttributeSet inputSet =
1296                         new AAAttributeSet(
1297                                 new AAAttribute(
1298                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1299                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1300
1301                 //Setup the engine
1302                 parser.parse(new InputSource(new StringReader(rawArp)));
1303                 Arp siteArp = new Arp();
1304                 siteArp.marshall(parser.getDocument().getDocumentElement());
1305                 repository.update(siteArp);
1306                 ArpEngine engine = new ArpEngine(repository, props);
1307
1308                 //Apply the ARP
1309                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1310
1311                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1312         }
1313
1314         /**
1315          * ARPs: A site ARP only
1316          * Target: Specific shar, Specific resource
1317          * Attribute: Any value release
1318          */
1319         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1320
1321                 //Gather the Input
1322                 String rawArp =
1323                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1324                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1325                                 + "                     <Rule>"
1326                                 + "                             <Target>"
1327                                 + "                                     <Requester>shar.example.edu</Requester>"
1328                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1329                                 + "                             </Target>"
1330                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1331                                 + "                                     <AnyValue release=\"permit\"/>"
1332                                 + "                             </Attribute>"
1333                                 + "                     </Rule>"
1334                                 + "     </AttributeReleasePolicy>";
1335
1336                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1337                 URL url1 = new URL("http://www.example.edu/index.html");
1338                 AAAttributeSet inputSet =
1339                         new AAAttributeSet(
1340                                 new AAAttribute(
1341                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1342                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1343                 AAAttributeSet releaseSet =
1344                         new AAAttributeSet(
1345                                 new AAAttribute(
1346                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1347                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1348
1349                 //Setup the engine
1350                 parser.parse(new InputSource(new StringReader(rawArp)));
1351                 Arp siteArp = new Arp();
1352                 siteArp.marshall(parser.getDocument().getDocumentElement());
1353                 repository.update(siteArp);
1354                 ArpEngine engine = new ArpEngine(repository, props);
1355
1356                 //Apply the ARP
1357                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1358
1359                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1360         }
1361
1362         /**
1363          * ARPs: A site ARP only
1364          * Target: Specific shar, Specific resource (no match)
1365          * Attribute: Any value release
1366          */
1367         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1368
1369                 //Gather the Input
1370                 String rawArp =
1371                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1372                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1373                                 + "                     <Rule>"
1374                                 + "                             <Target>"
1375                                 + "                                     <Requester>shar.example.edu</Requester>"
1376                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1377                                 + "                             </Target>"
1378                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1379                                 + "                                     <AnyValue release=\"permit\"/>"
1380                                 + "                             </Attribute>"
1381                                 + "                     </Rule>"
1382                                 + "     </AttributeReleasePolicy>";
1383
1384                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1385                 URL url1 = new URL("https://www.example.edu/index.html");
1386                 AAAttributeSet inputSet =
1387                         new AAAttributeSet(
1388                                 new AAAttribute(
1389                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1390                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1391
1392                 //Setup the engine
1393                 parser.parse(new InputSource(new StringReader(rawArp)));
1394                 Arp siteArp = new Arp();
1395                 siteArp.marshall(parser.getDocument().getDocumentElement());
1396                 repository.update(siteArp);
1397                 ArpEngine engine = new ArpEngine(repository, props);
1398
1399                 //Apply the ARP
1400                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1401
1402                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1403         }
1404
1405         /**
1406          * ARPs: A site ARP only
1407          * Target: Multiple matching rules
1408          * Attribute: various
1409          */
1410         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1411
1412                 //Gather the Input
1413                 String rawArp =
1414                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1415                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1416                                 + "                     <Rule>"
1417                                 + "                             <Target>"
1418                                 + "                                     <AnyTarget />"
1419                                 + "                             </Target>"
1420                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1421                                 + "                                     <AnyValue release=\"permit\"/>"
1422                                 + "                             </Attribute>"
1423                                 + "                     </Rule>"
1424                                 + "                     <Rule>"
1425                                 + "                             <Target>"
1426                                 + "                                     <Requester>shar1.example.edu</Requester>"
1427                                 + "                                     <AnyResource />"
1428                                 + "                             </Target>"
1429                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1430                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1431                                 + "                             </Attribute>"
1432                                 + "                     </Rule>"
1433                                 + "                     <Rule>"
1434                                 + "                             <Target>"
1435                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1436                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1437                                 + "                             </Target>"
1438                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1439                                 + "                                     <AnyValue release=\"permit\"/>"
1440                                 + "                             </Attribute>"
1441                                 + "                     </Rule>"
1442                                 + "     </AttributeReleasePolicy>";
1443
1444                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1445                 URL url1 = new URL("https://www.example.edu/index.html");
1446                 AAAttributeSet inputSet =
1447                         new AAAttributeSet(
1448                                 new AAAttribute[] {
1449                                         new AAAttribute(
1450                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1451                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1452                                         new AAAttribute(
1453                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1454                                                 new Object[] { "wassa@columbia.edu" })
1455                 });
1456
1457                 AAAttributeSet releaseSet =
1458                         new AAAttributeSet(
1459                                 new AAAttribute[] {
1460                                         new AAAttribute(
1461                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1462                                                 new Object[] { "wassa@columbia.edu" }),
1463                                         new AAAttribute(
1464                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1465                                                 new Object[] { "member@example.edu" })
1466                 });
1467
1468                 //Setup the engine
1469                 parser.parse(new InputSource(new StringReader(rawArp)));
1470                 Arp siteArp = new Arp();
1471                 siteArp.marshall(parser.getDocument().getDocumentElement());
1472                 repository.update(siteArp);
1473                 ArpEngine engine = new ArpEngine(repository, props);
1474
1475                 //Apply the ARP
1476                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1477
1478                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1479         }
1480
1481         /**
1482          * ARPs: A site ARP only
1483          * Target: Any
1484          * Attribute: Any value release of two attributes in one rule
1485          */
1486         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1487
1488                 //Gather the Input
1489                 String rawArp =
1490                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1491                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1492                                 + "                     <Rule>"
1493                                 + "                             <Target>"
1494                                 + "                                     <AnyTarget/>"
1495                                 + "                             </Target>"
1496                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1497                                 + "                                     <AnyValue release=\"permit\"/>"
1498                                 + "                             </Attribute>"
1499                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1500                                 + "                                     <AnyValue release=\"permit\"/>"
1501                                 + "                             </Attribute>"
1502                                 + "                     </Rule>"
1503                                 + "     </AttributeReleasePolicy>";
1504
1505                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1506                 URL url1 = new URL("http://www.example.edu/");
1507                 AAAttributeSet inputSet =
1508                         new AAAttributeSet(
1509                                 new AAAttribute[] {
1510                                         new AAAttribute(
1511                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1512                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1513                                         new AAAttribute(
1514                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1515                                                 new Object[] { "mehoehn@example.edu" })
1516                 });
1517
1518                 AAAttributeSet releaseSet =
1519                         new AAAttributeSet(
1520                                 new AAAttribute[] {
1521                                         new AAAttribute(
1522                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1523                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1524                                         new AAAttribute(
1525                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1526                                                 new Object[] { "mehoehn@example.edu" })
1527                 });
1528
1529                 //Setup the engine
1530                 parser.parse(new InputSource(new StringReader(rawArp)));
1531                 Arp siteArp = new Arp();
1532                 siteArp.marshall(parser.getDocument().getDocumentElement());
1533                 repository.update(siteArp);
1534                 ArpEngine engine = new ArpEngine(repository, props);
1535
1536                 //Apply the ARP
1537                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1538
1539                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1540         }
1541
1542         /**
1543          * ARPs: A user ARP only
1544          * Target: Any
1545          * Attribute: Any value release,
1546          */
1547         void arpApplicationTest19(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1548
1549                 //Gather the Input
1550                 String rawArp =
1551                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1552                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1553                                 + "                     <Rule>"
1554                                 + "                             <Target>"
1555                                 + "                                     <AnyTarget/>"
1556                                 + "                             </Target>"
1557                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1558                                 + "                                     <AnyValue release=\"permit\"/>"
1559                                 + "                             </Attribute>"
1560                                 + "                     </Rule>"
1561                                 + "     </AttributeReleasePolicy>";
1562
1563                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1564                 URL url1 = new URL("http://www.example.edu/");
1565                 AAAttributeSet inputSet =
1566                         new AAAttributeSet(
1567                                 new AAAttribute(
1568                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1569                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1570                 AAAttributeSet releaseSet =
1571                         new AAAttributeSet(
1572                                 new AAAttribute(
1573                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1574                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1575
1576                 //Setup the engine
1577                 parser.parse(new InputSource(new StringReader(rawArp)));
1578                 Arp userArp = new Arp();
1579                 userArp.setPrincipal(principal1);
1580                 userArp.marshall(parser.getDocument().getDocumentElement());
1581                 repository.update(userArp);
1582                 ArpEngine engine = new ArpEngine(repository, props);
1583
1584                 //Apply the ARP
1585                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1586
1587                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1588         }
1589
1590         /**
1591          * ARPs: A site ARP and user ARP
1592          * Target: various
1593          * Attribute: various combinations
1594          */
1595         void arpApplicationTest20(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1596
1597                 //Gather the Input
1598                 String rawSiteArp =
1599                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1600                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1601                                 + "                     <Rule>"
1602                                 + "                             <Target>"
1603                                 + "                                     <AnyTarget/>"
1604                                 + "                             </Target>"
1605                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1606                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1607                                 + "                             </Attribute>"
1608                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1609                                 + "                                     <AnyValue release=\"permit\" />"
1610                                 + "                             </Attribute>"
1611                                 + "                     </Rule>"
1612                                 + "                     <Rule>"
1613                                 + "                             <Target>"
1614                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1615                                 + "                                     <AnyResource />"
1616                                 + "                             </Target>"
1617                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1618                                 + "                                     <AnyValue release=\"permit\"/>"
1619                                 + "                             </Attribute>"
1620                                 + "                     </Rule>"
1621                                 + "                     <Rule>"
1622                                 + "                             <Target>"
1623                                 + "                                     <Requester>www.example.edu</Requester>"
1624                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1625                                 + "                             </Target>"
1626                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1627                                 + "                                     <AnyValue release=\"permit\"/>"
1628                                 + "                             </Attribute>"
1629                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1630                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1631                                 + "                             </Attribute>"
1632                                 + "                     </Rule>"
1633                                 + "                     <Rule>"
1634                                 + "                             <Target>"
1635                                 + "                                     <Requester>www.external.com</Requester>"
1636                                 + "                                     <Resource>http://www.external.com/</Resource>"
1637                                 + "                             </Target>"
1638                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1639                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1640                                 + "                             </Attribute>"
1641                                 + "                     </Rule>"
1642                                 + "     </AttributeReleasePolicy>";
1643
1644                 String rawUserArp =
1645                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1646                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1647                                 + "                     <Rule>"
1648                                 + "                             <Target>"
1649                                 + "                                     <AnyTarget/>"
1650                                 + "                             </Target>"
1651                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1652                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1653                                 + "                             </Attribute>"
1654                                 + "                     </Rule>"
1655                                 + "                     <Rule>"
1656                                 + "                             <Target>"
1657                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1658                                 + "                                     <AnyResource />"
1659                                 + "                             </Target>"
1660                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1661                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1662                                 + "                             </Attribute>"
1663                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1664                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1665                                 + "                             </Attribute>"
1666                                 + "                     </Rule>"
1667                                 + "     </AttributeReleasePolicy>";
1668
1669                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1670                 URL url1 = new URL("http://www.example.edu/test/index.html");
1671
1672                 AAAttributeSet inputSet =
1673                         new AAAttributeSet(
1674                                 new AAAttribute[] {
1675                                         new AAAttribute(
1676                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1677                                                 new Object[] {
1678                                                         "urn:example:lovesIceCream",
1679                                                         "urn:example:poorlyDressed",
1680                                                         "urn:example:contract:113455",
1681                                                         "urn:example:contract:4657483" }),
1682                                         new AAAttribute(
1683                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1684                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1685                                         new AAAttribute(
1686                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1687                                                 new Object[] { "wassa@example.edu" }),
1688                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1689                 });
1690
1691                 AAAttributeSet releaseSet =
1692                         new AAAttributeSet(
1693                                 new AAAttribute[] {
1694                                         new AAAttribute(
1695                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1696                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1697                                         new AAAttribute(
1698                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1699                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1700                                         new AAAttribute(
1701                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1702                                                 new Object[] { "wassa@example.edu" }),
1703                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1704                 });
1705
1706                 //Add the site ARP
1707                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1708                 Arp siteArp = new Arp();
1709                 siteArp.marshall(parser.getDocument().getDocumentElement());
1710                 repository.update(siteArp);
1711
1712                 //Add the user ARP
1713                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1714                 Arp userArp = new Arp();
1715                 userArp.setPrincipal(principal1);
1716                 userArp.marshall(parser.getDocument().getDocumentElement());
1717                 repository.update(userArp);
1718
1719                 ArpEngine engine = new ArpEngine(repository, props);
1720
1721                 //Apply the ARP
1722                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1723
1724                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1725         }
1726
1727         /**
1728          * ARPs: A site ARP and user ARP
1729          * Target: various
1730          * Attribute: various combinations (same ARPs as 20, different requester)
1731          */
1732         void arpApplicationTest21(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1733
1734                 //Gather the Input
1735                 String rawSiteArp =
1736                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1737                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1738                                 + "                     <Rule>"
1739                                 + "                             <Target>"
1740                                 + "                                     <AnyTarget/>"
1741                                 + "                             </Target>"
1742                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1743                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1744                                 + "                             </Attribute>"
1745                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1746                                 + "                                     <AnyValue release=\"permit\" />"
1747                                 + "                             </Attribute>"
1748                                 + "                     </Rule>"
1749                                 + "                     <Rule>"
1750                                 + "                             <Target>"
1751                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1752                                 + "                                     <AnyResource />"
1753                                 + "                             </Target>"
1754                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1755                                 + "                                     <AnyValue release=\"permit\"/>"
1756                                 + "                             </Attribute>"
1757                                 + "                     </Rule>"
1758                                 + "                     <Rule>"
1759                                 + "                             <Target>"
1760                                 + "                                     <Requester>www.example.edu</Requester>"
1761                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1762                                 + "                             </Target>"
1763                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1764                                 + "                                     <AnyValue release=\"permit\"/>"
1765                                 + "                             </Attribute>"
1766                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1767                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1768                                 + "                             </Attribute>"
1769                                 + "                     </Rule>"
1770                                 + "                     <Rule>"
1771                                 + "                             <Target>"
1772                                 + "                                     <Requester>www.external.com</Requester>"
1773                                 + "                                     <Resource>http://www.external.com/</Resource>"
1774                                 + "                             </Target>"
1775                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1776                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1777                                 + "                             </Attribute>"
1778                                 + "                     </Rule>"
1779                                 + "     </AttributeReleasePolicy>";
1780
1781                 String rawUserArp =
1782                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1783                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1784                                 + "                     <Rule>"
1785                                 + "                             <Target>"
1786                                 + "                                     <AnyTarget/>"
1787                                 + "                             </Target>"
1788                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1789                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1790                                 + "                             </Attribute>"
1791                                 + "                     </Rule>"
1792                                 + "                     <Rule>"
1793                                 + "                             <Target>"
1794                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1795                                 + "                                     <AnyResource />"
1796                                 + "                             </Target>"
1797                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1798                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1799                                 + "                             </Attribute>"
1800                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1801                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1802                                 + "                             </Attribute>"
1803                                 + "                     </Rule>"
1804                                 + "     </AttributeReleasePolicy>";
1805
1806                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1807                 URL url1 = new URL("http://www.external.com/");
1808
1809                 AAAttributeSet inputSet =
1810                         new AAAttributeSet(
1811                                 new AAAttribute[] {
1812                                         new AAAttribute(
1813                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1814                                                 new Object[] {
1815                                                         "urn:example:lovesIceCream",
1816                                                         "urn:example:poorlyDressed",
1817                                                         "urn:example:contract:113455",
1818                                                         "urn:example:contract:4657483" }),
1819                                         new AAAttribute(
1820                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1821                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1822                                         new AAAttribute(
1823                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1824                                                 new Object[] { "wassa@example.edu" }),
1825                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1826                 });
1827
1828                 AAAttributeSet releaseSet =
1829                         new AAAttributeSet(
1830                                 new AAAttribute[] {
1831                                         new AAAttribute(
1832                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1833                                                 new Object[] { "urn:example:contract:113455" }),
1834                                         new AAAttribute(
1835                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1836                                                 new Object[] { "member@example.edu" }),
1837                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1838                 });
1839
1840                 //Add the site ARP
1841                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1842                 Arp siteArp = new Arp();
1843                 siteArp.marshall(parser.getDocument().getDocumentElement());
1844                 repository.update(siteArp);
1845
1846                 //Add the user ARP
1847                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1848                 Arp userArp = new Arp();
1849                 userArp.setPrincipal(principal1);
1850                 userArp.marshall(parser.getDocument().getDocumentElement());
1851                 repository.update(userArp);
1852
1853                 ArpEngine engine = new ArpEngine(repository, props);
1854
1855                 //Apply the ARP
1856                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1857
1858                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1859         }
1860         /**
1861          * ARPs: A site ARP only
1862          * Target: Specific shar, Specific resource
1863          * Attribute: Release values by regex
1864          */
1865         void arpApplicationTest22(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1866
1867                 //Gather the Input
1868                 String rawArp =
1869                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1870                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1871                                 + "                     <Rule>"
1872                                 + "                             <Target>"
1873                                 + "                                     <Requester>shar.example.edu</Requester>"
1874                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1875                                 + "                             </Target>"
1876                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1877                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1878                                 + "                             </Attribute>"
1879                                 + "                     </Rule>"
1880                                 + "     </AttributeReleasePolicy>";
1881
1882                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1883                 URL url1 = new URL("http://www.example.edu/index.html");
1884                 AAAttributeSet inputSet =
1885                         new AAAttributeSet(
1886                                 new AAAttribute(
1887                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1888                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1889                 AAAttributeSet releaseSet =
1890                         new AAAttributeSet(
1891                                 new AAAttribute(
1892                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1893                                         new Object[] { "urn:x:adagio", "urn:x:awol" }));
1894
1895                 //Setup the engine
1896                 parser.parse(new InputSource(new StringReader(rawArp)));
1897                 Arp siteArp = new Arp();
1898                 siteArp.marshall(parser.getDocument().getDocumentElement());
1899                 repository.update(siteArp);
1900                 ArpEngine engine = new ArpEngine(repository, props);
1901
1902                 //Apply the ARP
1903                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1904
1905                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1906         }
1907         /**
1908          * ARPs: A site ARP only
1909          * Target: Specific shar, Specific resource
1910          * Attribute: Deny specific values by regex
1911          */
1912         void arpApplicationTest23(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1913
1914                 //Gather the Input
1915                 String rawArp =
1916                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1917                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1918                                 + "                     <Rule>"
1919                                 + "                             <Target>"
1920                                 + "                                     <Requester>shar.example.edu</Requester>"
1921                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1922                                 + "                             </Target>"
1923                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1924                                 + "                                     <AnyValue release=\"permit\" />"
1925                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1926                                 + "                             </Attribute>"
1927                                 + "                     </Rule>"
1928                                 + "     </AttributeReleasePolicy>";
1929
1930                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1931                 URL url1 = new URL("http://www.example.edu/index.html");
1932                 AAAttributeSet inputSet =
1933                         new AAAttributeSet(
1934                                 new AAAttribute(
1935                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1936                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1937                 AAAttributeSet releaseSet =
1938                         new AAAttributeSet(
1939                                 new AAAttribute(
1940                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1941                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar" }));
1942
1943                 //Setup the engine
1944                 parser.parse(new InputSource(new StringReader(rawArp)));
1945                 Arp siteArp = new Arp();
1946                 siteArp.marshall(parser.getDocument().getDocumentElement());
1947                 repository.update(siteArp);
1948                 ArpEngine engine = new ArpEngine(repository, props);
1949
1950                 //Apply the ARP
1951                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1952
1953                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1954         }
1955         
1956         /**
1957          * ARPs: A site ARP only
1958          * Target: Specific shar, Specific resource
1959          * Attribute: No matches on specific values should yield no attribute
1960          */
1961         void arpApplicationTest24(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1962
1963                 //Gather the Input
1964                 String rawArp =
1965                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1966                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1967                                 + "                     <Rule>"
1968                                 + "                             <Target>"
1969                                 + "                                     <Requester>shar.example.edu</Requester>"
1970                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1971                                 + "                             </Target>"
1972                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1973                                 + "                                     <AnyValue release=\"permit\" />"
1974                                 + "                             </Attribute>"
1975                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1976                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>"
1977                                 + "                             </Attribute>"
1978                                 + "                     </Rule>"
1979                                 + "     </AttributeReleasePolicy>";
1980
1981                 Principal principal1 = new AuthNPrincipal("Test2Principal");
1982                 URL url1 = new URL("http://www.example.edu/index.html");
1983                 AAAttributeSet inputSet =
1984                         new AAAttributeSet(
1985                                 new AAAttribute[] {
1986                                         new AAAttribute(
1987                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1988                                                 new Object[] { "urn:x:bar", "urn:x:adagio"}),
1989                                         new AAAttribute(
1990                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1991                                                 new Object[] { "member" })
1992                 });
1993                 AAAttributeSet releaseSet =
1994                         new AAAttributeSet(
1995                                 new AAAttribute(
1996                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1997                                         new Object[] { "member" }));
1998
1999                 //Setup the engine
2000                 parser.parse(new InputSource(new StringReader(rawArp)));
2001                 Arp siteArp = new Arp();
2002                 siteArp.marshall(parser.getDocument().getDocumentElement());
2003                 repository.update(siteArp);
2004                 ArpEngine engine = new ArpEngine(repository, props);
2005
2006                 //Apply the ARP
2007                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2008
2009                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
2010         }
2011
2012 }