use the new session manager interface
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /*
2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package edu.internet2.middleware.shibboleth.aa.arp;
18
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.io.InputStream;
22 import java.io.StringReader;
23 import java.io.StringWriter;
24 import java.net.URI;
25 import java.net.URISyntaxException;
26 import java.security.Principal;
27 import java.util.ArrayList;
28 import java.util.Arrays;
29 import java.util.Collection;
30 import java.util.HashSet;
31 import java.util.Set;
32
33 import javax.xml.parsers.DocumentBuilderFactory;
34 import javax.xml.parsers.ParserConfigurationException;
35 import javax.xml.transform.OutputKeys;
36 import javax.xml.transform.Transformer;
37 import javax.xml.transform.TransformerFactory;
38 import javax.xml.transform.dom.DOMSource;
39 import javax.xml.transform.stream.StreamResult;
40
41 import junit.framework.TestCase;
42
43 import org.apache.log4j.BasicConfigurator;
44 import org.apache.log4j.Level;
45 import org.apache.log4j.Logger;
46 import org.w3c.dom.Document;
47 import org.w3c.dom.Element;
48 import org.w3c.dom.Text;
49 import org.xml.sax.InputSource;
50
51 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
52 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
53 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
54
55
56 /**
57  * Validation suite for <code>Arp</code> processing.
58  * 
59  * @author Walter Hoehn(wassa@memphis.edu)
60  */
61
62 public class ArpTests extends TestCase {
63
64         Element memoryRepositoryElement;
65         private String[] arpExamples = {"data/example1.xml", "data/example2.xml", "data/example3.xml", "data/example4.xml",
66                         "data/example5.xml", "data/example6.xml", "data/example7.xml", "data/example8.xml", "data/example9.xml",
67                         "data/example10.xml", "data/example11.xml", "data/example12.xml", "data/example13.xml"};
68
69         public ArpTests(String name) {
70
71                 super(name);
72                 BasicConfigurator.resetConfiguration();
73                 BasicConfigurator.configure();
74                 Logger.getRootLogger().setLevel(Level.OFF);
75         }
76
77         public static void main(String[] args) {
78
79                 junit.textui.TestRunner.run(ArpTests.class);
80                 BasicConfigurator.configure();
81                 Logger.getRootLogger().setLevel(Level.OFF);
82         }
83
84         /**
85          * @see junit.framework.TestCase#setUp()
86          */
87         protected void setUp() throws Exception {
88
89                 super.setUp();
90
91                 // Setup an xml parser
92
93                 // Setup a dummy xml config for a Memory-based repository
94                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
95                 docFactory.setNamespaceAware(true);
96                 Document placeHolder;
97                 try {
98                         placeHolder = docFactory.newDocumentBuilder().newDocument();
99
100                         memoryRepositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
101                         memoryRepositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
102                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
103                 } catch (ParserConfigurationException e) {
104                         fail("Failed to create memory-based Arp Repository configuration" + e);
105                 }
106         }
107
108         public void testArpMarshalling() {
109
110                 // Test ARP description
111                 try {
112                         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
113                         factory.setValidating(false);
114                         factory.setNamespaceAware(true);
115                         Document doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp1.xml")));
116                         
117                         Arp arp1 = new Arp();
118                         arp1.marshall(doc.getDocumentElement());
119                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
120
121                         // Test Rule description
122                         assertEquals("ARP Rule Description not marshalled properly", arp1.getAllRules().iterator().next()
123                                         .getDescription(), "Example Rule Description.");
124                 } catch (Exception e) {
125                         fail("Failed to marshall ARP: " + e);
126                 }
127
128                 // Test case where ARP description does not exist
129                 try {
130                         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
131                         factory.setValidating(false);
132                         factory.setNamespaceAware(true);
133                         Document doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp2.xml")));
134                         
135                         Arp arp2 = new Arp();
136                         arp2.marshall(doc.getDocumentElement());
137                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
138
139                         // Test case where ARP Rule description does not exist
140                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules().iterator().next()
141                                         .getDescription());
142                 } catch (Exception e) {
143                         fail("Failed to marshall ARP.");
144                 }
145
146         }
147
148         public void testMatchingFunctions() {
149
150                 try {
151
152                         /*
153                          * Test Arp Engine function retrieval
154                          */
155
156                         // Lookup a function that doesn't exist
157                         MatchFunction noFunction = ArpEngine.lookupMatchFunction(new URI(
158                                         "urn:mace:shibboleth:arp:matchFunction:dummy"));
159                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
160
161                         // Lookup some real functions
162                         MatchFunction stringMatch = ArpEngine.lookupMatchFunction(new URI(
163                                         "urn:mace:shibboleth:arp:matchFunction:stringMatch"));
164                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
165
166                         MatchFunction regexFunction = ArpEngine.lookupMatchFunction(new URI(
167                                         "urn:mace:shibboleth:arp:matchFunction:regexMatch"));
168                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
169
170                         MatchFunction regexNotFunction = ArpEngine.lookupMatchFunction(new URI(
171                                         "urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
172                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
173
174                         MatchFunction stringNotFunction = ArpEngine.lookupMatchFunction(new URI(
175                                         "urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
176                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
177
178                         /*
179                          * Test the Regex function (requester & resource)
180                          */
181
182                         // Try requester regexes
183                         assertTrue("Regex function: false negative", regexFunction.match("^shar\\.example\\.edu$",
184                                         "shar.example.edu"));
185                         assertTrue("Regex function: false negative", regexFunction
186                                         .match("^.*\\.example\\.edu$", "shar.example.edu"));
187                         assertTrue("Regex function: false negative", regexFunction.match("^shar[1-9]?\\.example\\.edu$",
188                                         "shar1.example.edu"));
189                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
190                         assertTrue("Regex function: false positive", !regexFunction.match("^shar[1-9]\\.example\\.edu$",
191                                         "shar.example.edu"));
192                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
193                                         "www.example.edu"));
194                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
195                                         "www.example.com"));
196
197                         // Make sure we properly handle bad input
198                         try {
199                                 regexFunction.match(null, null);
200                                 fail("Regex function seems to take improper input without throwing an exception.");
201                         } catch (ArpException ie) {
202                                 // This is supposed to fail
203                         }
204
205                         // Test the StringNotMatch function
206                         assertFalse("StringNotMatch function: false positive", stringNotFunction.match("foo", "foo"));
207                         assertTrue("StringNotMatch function: false negative", stringNotFunction.match("foo", "bar"));
208                         // Make sure we properly handle bad input
209                         try {
210                                 stringNotFunction.match(null, null);
211                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
212                         } catch (ArpException ie) {
213                                 // This is supposed to fail
214                         }
215
216                         // Test the RegexNotMatch function
217
218                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
219                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
220
221                         // Make sure we properly handle bad input
222                         try {
223                                 regexNotFunction.match(null, null);
224                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
225                         } catch (ArpException ie) {
226                                 // This is supposed to fail
227                         }
228
229                 } catch (ArpException e) {
230                         fail("Encountered a problem loading match function: " + e);
231                 } catch (URISyntaxException e) {
232                         fail("Unable to create URI from test string.");
233                 }
234
235         }
236
237         public void testRepositories() {
238
239                 /*
240                  * Test the Factory
241                  */
242
243                 // Make sure we fail if an unavailable Repository implementation is specified
244                 ArpRepository repository = null;
245
246                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
247                 docFactory.setNamespaceAware(true);
248                 Document placeHolder;
249                 try {
250                         placeHolder = docFactory.newDocumentBuilder().newDocument();
251
252                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
253                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
254                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
255
256                         ArpRepositoryFactory.getInstance(repositoryElement);
257
258                 } catch (ParserConfigurationException e) {
259                         fail("Failed to create bogus Arp Repository configuration" + e);
260
261                 } catch (ArpRepositoryException e) {
262                         // This is supposed to fail
263                 }
264
265                 // Make sure we can create an Arp Repository
266                 repository = null;
267                 try {
268                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
269                 } catch (ArpRepositoryException e) {
270                         fail("Failed to create memory-based Arp Repository" + e);
271                 }
272                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
273
274                 /*
275                  * Exercise the Memory Arp Repository
276                  */
277
278                 // Set/retrieve/remove a Site ARP
279                 Arp siteArp1 = new Arp();
280                 siteArp1.setDescription("Test Site Arp 1.");
281                 try {
282                         repository.update(siteArp1);
283                         assertEquals("Memory Repository does not store and retrieve Site ARPs properly.", siteArp1, repository
284                                         .getSitePolicy());
285                         repository.remove(repository.getSitePolicy());
286                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
287                 } catch (ArpRepositoryException e) {
288                         fail("Error adding Site ARP to Memory Repository.");
289                 }
290
291                 // Set/retrieve/delete some user ARPs
292                 Arp userArp1 = new Arp();
293                 userArp1.setDescription("Broken User Arp 1.");
294                 try {
295                         repository.update(userArp1);
296                         assertTrue("Memory Repository does not store and retrieve User ARPs properly.", (!userArp1
297                                         .equals(repository.getUserPolicy(userArp1.getPrincipal()))));
298                 } catch (ArpRepositoryException e) {
299                         fail("Error adding User ARP to Memory Repository.");
300                 }
301
302                 Arp userArp2 = new Arp(new LocalPrincipal("TestPrincipal"));
303                 userArp2.setDescription("Test User Arp 2.");
304                 try {
305                         repository.update(userArp2);
306                         assertEquals("Memory Repository does not store and retrieve User ARPs properly.", userArp2, repository
307                                         .getUserPolicy(userArp2.getPrincipal()));
308                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
309                         assertNull("Memorty Repository does not properly delete User ARPs.", repository.getUserPolicy(userArp2
310                                         .getPrincipal()));
311                 } catch (ArpRepositoryException e) {
312                         fail("Error adding User ARP to Memory Repository.");
313                 }
314
315                 // create a repository
316                 repository = null;
317
318                 try {
319                         placeHolder = docFactory.newDocumentBuilder().newDocument();
320
321                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
322                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
323                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
324                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "arpTTL", "65535");
325
326                         Element path = placeHolder.createElementNS(IdPConfig.configNameSpace, "Path");
327                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
328                         path.appendChild(text);
329
330                         repositoryElement.appendChild(path);
331
332                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
333
334                 } catch (ArpRepositoryException e) {
335                         fail("Failed to create file-based Arp Repository" + e);
336                 } catch (ParserConfigurationException e) {
337                         fail("Failed to create file-based Arp Repository configuration" + e);
338                 }
339
340                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
341
342                 try {
343                         
344                         // Load ARP directly from a file and serialize it to a string
345                         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
346                         factory.setValidating(false);
347                         factory.setNamespaceAware(true);
348                         Document doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp.site.xml")));                   
349                         
350                         TransformerFactory tFactory = TransformerFactory.newInstance();
351                         Transformer transformer = tFactory.newTransformer();
352                         transformer.setOutputProperty(OutputKeys.INDENT, "no");
353                         
354                         StringWriter stringWriter = new StringWriter();
355                         StreamResult result = new StreamResult(stringWriter);
356                         DOMSource source = new DOMSource(doc);
357                         transformer.transform(source, result);
358                         String directXML = stringWriter.toString();
359
360                         // Load ARP through the repository and serialize it to a string
361                         Arp siteArp = repository.getSitePolicy();
362                         stringWriter = new StringWriter();
363                         result = new StreamResult(stringWriter);
364                         source = new DOMSource(siteArp.unmarshall());
365                         transformer.transform(source, result);
366                         String processedXML  = stringWriter.toString();
367                         
368                         // Compare the results
369                         assertTrue("File-based ARP Repository did not return the correct site ARP.", directXML.toString()
370                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
371
372                         
373
374                         // Load ARP directly from a file and serialize it to a string           
375                         doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp.user.test.xml")));               
376                         stringWriter = new StringWriter();
377                         result = new StreamResult(stringWriter);
378                         source = new DOMSource(doc);
379                         transformer.transform(source, result);
380                         directXML = stringWriter.toString();
381
382                         // Load ARP through the repository and serialize it to a string
383                         Arp userArp = repository.getUserPolicy(new LocalPrincipal("test"));
384                         stringWriter = new StringWriter();
385                         result = new StreamResult(stringWriter);
386                         source = new DOMSource(userArp.unmarshall());
387                         transformer.transform(source, result);
388                         processedXML  = stringWriter.toString();
389
390                         // Compare the reults
391                         assertTrue("File-based ARP Repository did not return the correct user ARP.", directXML.toString()
392                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
393
394                         Arp[] allArps = repository.getAllPolicies(new LocalPrincipal("test"));
395
396                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
397
398                 } catch (Exception e) {
399                         fail("Error retrieving ARP from Repository: " + e);
400                 }
401
402         }
403
404         public void testPossibleReleaseSetComputation() {
405
406                 ArpRepository repository = null;
407                 try {
408                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
409                 } catch (ArpRepositoryException e) {
410                         fail("Failed to create memory-based Arp Repository" + e);
411                 }
412
413                 try {
414                         Principal principal1 = new LocalPrincipal("TestPrincipal");
415
416                         Set<URI> list1 = new HashSet<URI>();
417                         list1.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
418
419                         Set<URI> list2 = new HashSet<URI>();
420                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
421                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName"));
422
423                         Set<URI> list3 = new HashSet<URI>();
424
425                         // Test with just a site ARP
426                         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
427                         factory.setValidating(false);
428                         factory.setNamespaceAware(true);
429                         Document doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp1.xml")));
430                         
431                         Arp arp1 = new Arp();
432                         arp1.marshall(doc.getDocumentElement());
433                         repository.update(arp1);
434                         ArpEngine engine = new ArpEngine(repository);
435                         Set<URI> possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
436                         assertEquals("Incorrectly computed possible release set (1).", possibleAttributes, list1);
437
438                         // Test with site and user ARPs
439                         doc = factory.newDocumentBuilder().parse(new InputSource( new FileInputStream("data/arp7.xml")));
440                         Arp arp7 = new Arp();
441                         arp7.setPrincipal(principal1);
442                         arp7.marshall(doc.getDocumentElement());
443                         repository.update(arp7);
444                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
445                         assertEquals("Incorrectly computed possible release set (2).", possibleAttributes, list2);
446
447                         // Ensure that explicit denies on any value are not in the release set
448                         doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream("data/arp6.xml")));
449                         Arp arp6 = new Arp();
450                         arp6.setPrincipal(principal1);
451                         arp6.marshall(doc.getDocumentElement());
452                         repository.update(arp6);
453                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
454                         assertEquals("Incorrectly computed possible release set (3).", possibleAttributes, list3);
455
456                 } catch (Exception e) {
457                         e.printStackTrace();
458                         fail("Failed to marshall ARP: " + e);
459                 }
460
461         }
462
463         public void testArpApplication() {
464
465                 // Construct an engine with a memory-based repository
466                 ArpRepository repository = null;
467                 try {
468                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
469
470                 } catch (ArpRepositoryException e) {
471                         fail("Failed to create memory-based Arp Repository" + e);
472                 }
473
474                 try {
475                         
476                         arpApplicationTest1(repository);
477                         arpApplicationTest2(repository);
478                         arpApplicationTest3(repository);
479                         arpApplicationTest4(repository);
480                         arpApplicationTest5(repository);
481                         arpApplicationTest6(repository);
482                         arpApplicationTest7(repository);
483                         arpApplicationTest8(repository);
484                         arpApplicationTest9(repository);
485                         arpApplicationTest10(repository);
486                         arpApplicationTest11(repository);
487                         arpApplicationTest12(repository);
488                         arpApplicationTest13(repository);
489                         arpApplicationTest14(repository);
490                         arpApplicationTest15(repository);
491                         arpApplicationTest17(repository);
492                         arpApplicationTest18(repository);
493                         arpApplicationTest19(repository);
494                         arpApplicationTest20(repository);
495                         arpApplicationTest21(repository);
496                         arpApplicationTest22(repository);
497                         arpApplicationTest23(repository);
498                         arpApplicationTest24(repository);
499                          
500                 } catch (Exception e) {
501                         e.printStackTrace();
502                         fail("Failed to apply filter to ARPs: " + e);
503                 }
504         }
505
506         public void testRoundtripMarshalling() {
507
508                 try {
509                         for (int i = 0; i < arpExamples.length; i++) {
510
511                                 // Pull in a DOM and serialize it
512                                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
513                                 factory.setValidating(false);
514                                 factory.setNamespaceAware(true);
515                                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream(arpExamples[i])));
516         
517                                 TransformerFactory tFactory = TransformerFactory.newInstance();
518                                 Transformer transformer = tFactory.newTransformer();
519                                 transformer.setOutputProperty(OutputKeys.INDENT, "yes");
520                                 
521                                 StringWriter stringWriter = new StringWriter();
522                                 StreamResult result = new StreamResult(stringWriter);
523                                 DOMSource source = new DOMSource(doc);
524                                 transformer.transform(source, result);
525                                 String directXML = stringWriter.toString();
526                 
527                                 // Construct an ARP and then serialize it
528                                 doc = factory.newDocumentBuilder().parse(new InputSource(new FileInputStream(arpExamples[i])));
529                                 Arp arp1 = new Arp();
530                                 arp1.marshall(doc.getDocumentElement());
531                                 stringWriter = new StringWriter();
532                                 result = new StreamResult(stringWriter);
533                                 source = new DOMSource(arp1.unmarshall());
534                                 transformer.transform(source, result);
535                                 String processedXML  = stringWriter.toString();
536                                 
537                                 // Compare
538                                 assertEquals("Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")", directXML
539                                                 .toString().replaceAll(">[\t\r\n ]+<", "><"), processedXML.toString().replaceAll(
540                                                 ">[\t\r\n ]+<", "><"));
541                         }
542
543                 } catch (Exception e) {
544                         e.printStackTrace();
545                         fail("Failed to marshall ARP: " + e);
546                 }
547
548         }
549         /**
550          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Most basic test.
551          */
552         void arpApplicationTest1(ArpRepository repository) throws Exception {
553
554                 // Gather the Input
555                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
556                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
557                                 + "                     <Rule>" 
558                                 + "                             <Target>" 
559                                 + "                                     <AnyTarget/>" 
560                                 + "                             </Target>"
561                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
562                                 + "                                     <AnyValue release=\"permit\"/>" 
563                                 + "                             </Attribute>" 
564                                 + "                     </Rule>"
565                                 + "     </AttributeReleasePolicy>";
566
567                 Principal principal1 = new LocalPrincipal("TestPrincipal");
568                 
569                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
570                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
571                                                 "faculty@example.edu"})));
572
573                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
574                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
575                                                 "faculty@example.edu"}));
576
577                 // Setup the engine
578                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
579                 factory.setValidating(false);
580                 factory.setNamespaceAware(true);
581                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
582                 
583                 Arp siteArp = new Arp();
584                 siteArp.marshall(doc.getDocumentElement());
585                 repository.update(siteArp);
586                 ArpEngine engine = new ArpEngine(repository);
587
588                 // Apply the ARP
589                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
590
591                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
592         }
593
594
595         /**
596          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Test implicit deny of other attributes.
597          */
598         void arpApplicationTest2(ArpRepository repository) throws Exception {
599
600                 // Gather the Input
601                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
602                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
603                                 + "                     <Rule>" 
604                                 + "                             <Target>" 
605                                 + "                                     <AnyTarget/>" 
606                                 + "                             </Target>"
607                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
608                                 + "                                     <AnyValue release=\"permit\"/>" 
609                                 + "                             </Attribute>" 
610                                 + "                     </Rule>"
611                                 + "     </AttributeReleasePolicy>";
612
613                 Principal principal1 = new LocalPrincipal("TestPrincipal");
614                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
615                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
616                                                 "faculty@example.edu"}),
617                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
618                                                 new Object[]{"mehoehn@example.edu"})}));
619
620                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{new AAAttribute(
621                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
622                                                 "faculty@example.edu"})});
623
624                 // Setup the engine
625                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
626                 factory.setValidating(false);
627                 factory.setNamespaceAware(true);
628                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
629                 
630                 Arp siteArp = new Arp();
631                 siteArp.marshall(doc.getDocumentElement());
632                 repository.update(siteArp);
633                 ArpEngine engine = new ArpEngine(repository);
634
635                 // Apply the ARP
636                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
637
638                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
639         }
640
641         /**
642          * ARPs: A site ARP only Target: Single Attribute: Single value release
643          */
644         void arpApplicationTest3(ArpRepository repository) throws Exception {
645
646                 // Gather the Input
647                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
648                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
649                                 + "                     <Rule>" 
650                                 + "                             <Target>" 
651                                 + "                                     <AnyTarget/>" 
652                                 + "                             </Target>"
653                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
654                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
655                                 + "                             </Attribute>" 
656                                 + "                     </Rule>"
657                                 + "     </AttributeReleasePolicy>";
658
659                 Principal principal1 = new LocalPrincipal("TestPrincipal");
660                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
661                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
662                                                 "faculty@example.edu"})));
663                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
664                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}));
665
666                 // Setup the engine
667                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
668                 factory.setValidating(false);
669                 factory.setNamespaceAware(true);
670                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
671                 
672                 Arp siteArp = new Arp();
673                 siteArp.marshall(doc.getDocumentElement());
674                 repository.update(siteArp);
675                 ArpEngine engine = new ArpEngine(repository);
676
677                 // Apply the ARP
678                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
679
680                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
681         }
682
683         /**
684          * ARPs: A site ARP only Target: Single Attribute: Any value except one release, canonical representation
685          */
686         void arpApplicationTest4(ArpRepository repository) throws Exception {
687
688                 // Gather the Input
689                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
690                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
691                                 + "                     <Rule>"
692                                 + "                             <Target>" 
693                                 + "                                     <AnyTarget/>" 
694                                 + "                             </Target>"
695                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
696                                 + "                                     <AnyValue release=\"permit\"/>" 
697                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
698                                 + "                             </Attribute>" 
699                                 + "                     </Rule>" 
700                                 + "     </AttributeReleasePolicy>";
701
702                 Principal principal1 = new LocalPrincipal("TestPrincipal");
703                 
704                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
705                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
706                                                 "faculty@example.edu", "employee@example.edu"})));
707                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
708                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
709                                                 "employee@example.edu"}));
710
711                 // Setup the engine
712                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
713                 factory.setValidating(false);
714                 factory.setNamespaceAware(true);
715                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
716                 
717                 Arp siteArp = new Arp();
718                 siteArp.marshall(doc.getDocumentElement());
719                 repository.update(siteArp);
720                 ArpEngine engine = new ArpEngine(repository);
721
722                 // Apply the ARP
723                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
724
725                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
726         }
727
728         /**
729          * ARPs: A site ARP any Target: Single Attribute: Any value except one release, expanded representation
730          */
731         void arpApplicationTest5(ArpRepository repository) throws Exception {
732
733                 // Gather the Input
734                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
735                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
736                                 + "                     <Rule>" 
737                                 + "                             <Target>" 
738                                 + "                                     <AnyTarget/>" 
739                                 + "                             </Target>"
740                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
741                                 + "                                     <AnyValue release=\"permit\"/>" 
742                                 + "                             </Attribute>"
743                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
744                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
745                                 + "                             </Attribute>" 
746                                 + "                     </Rule>"
747                                 + "     </AttributeReleasePolicy>";
748
749                 Principal principal1 = new LocalPrincipal("TestPrincipal");
750         
751                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
752                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
753                                                 "faculty@example.edu", "employee@example.edu"})));
754                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
755                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
756                                                 "employee@example.edu"}));
757
758                 // Setup the engine
759                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
760                 factory.setValidating(false);
761                 factory.setNamespaceAware(true);
762                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
763                 
764                 Arp siteArp = new Arp();
765                 siteArp.marshall(doc.getDocumentElement());
766                 repository.update(siteArp);
767                 ArpEngine engine = new ArpEngine(repository);
768
769                 // Apply the ARP
770                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
771
772                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
773         }
774
775         /**
776          * ARPs: A site ARP any Target: Single Attribute: Any value except two release, expanded representation
777          */
778         void arpApplicationTest6(ArpRepository repository) throws Exception {
779
780                 // Gather the Input
781                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
782                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
783                                 + "                     <Rule>" 
784                                 + "                             <Target>" 
785                                 + "                                     <AnyTarget/>" 
786                                 + "                             </Target>"
787                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
788                                 + "                                     <AnyValue release=\"permit\"/>" 
789                                 + "                             </Attribute>"
790                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
791                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
792                                 + "                             </Attribute>"
793                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
794                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
795                                 + "                             </Attribute>" 
796                                 + "                     </Rule>"
797                                 + "     </AttributeReleasePolicy>";
798
799                 Principal principal1 = new LocalPrincipal("TestPrincipal");
800                 
801                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
802                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
803                                                 "faculty@example.edu", "employee@example.edu"})));
804                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
805                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"employee@example.edu"}));
806
807                 // Setup the engine
808                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
809                 factory.setValidating(false);
810                 factory.setNamespaceAware(true);
811                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
812                 
813                 Arp siteArp = new Arp();
814                 siteArp.marshall(doc.getDocumentElement());
815                 repository.update(siteArp);
816                 ArpEngine engine = new ArpEngine(repository);
817
818                 // Apply the ARP
819                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
820
821                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
822         }
823
824         /**
825          * ARPs: A site ARP any Target: Single Attribute: Two value release, canonical representation
826          */
827         void arpApplicationTest7(ArpRepository repository) throws Exception {
828
829                 // Gather the Input
830                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
831                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
832                                 + "                     <Rule>" 
833                                 + "                             <Target>" 
834                                 + "                                     <AnyTarget/>" 
835                                 + "                             </Target>"
836                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
837                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
838                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
839                                 + "                             </Attribute>" 
840                                 + "                     </Rule>"
841                                 + "     </AttributeReleasePolicy>";
842
843                 Principal principal1 = new LocalPrincipal("TestPrincipal");
844
845                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
846                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
847                                                 "faculty@example.edu", "employee@example.edu"})));
848                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
849                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
850                                                 "faculty@example.edu"}));
851
852                 // Setup the engine
853                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
854                 factory.setValidating(false);
855                 factory.setNamespaceAware(true);
856                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
857                 
858                 Arp siteArp = new Arp();
859                 siteArp.marshall(doc.getDocumentElement());
860                 repository.update(siteArp);
861                 ArpEngine engine = new ArpEngine(repository);
862
863                 // Apply the ARP
864                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
865
866                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
867         }
868
869         /**
870          * ARPs: A site ARP any Target: Single Attribute: Two value release, expanded representation
871          */
872         void arpApplicationTest8(ArpRepository repository) throws Exception {
873
874                 // Gather the Input
875                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
876                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
877                                 + "                     <Rule>" 
878                                 + "                             <Target>" 
879                                 + "                                     <AnyTarget/>" 
880                                 + "                             </Target>"
881                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
882                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
883                                 + "                             </Attribute>"
884                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
885                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
886                                 + "                             </Attribute>" 
887                                 + "                     </Rule>"
888                                 + "     </AttributeReleasePolicy>";
889
890                 Principal principal1 = new LocalPrincipal("TestPrincipal");
891
892                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
893                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
894                                                 "faculty@example.edu", "employee@example.edu"})));
895                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
896                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
897                                                 "faculty@example.edu"}));
898
899                 // Setup the engine
900                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
901                 factory.setValidating(false);
902                 factory.setNamespaceAware(true);
903                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
904                 
905                 Arp siteArp = new Arp();
906                 siteArp.marshall(doc.getDocumentElement());
907                 repository.update(siteArp);
908                 ArpEngine engine = new ArpEngine(repository);
909
910                 // Apply the ARP
911                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
912
913                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
914         }
915
916         /**
917          * ARPs: A site ARP any Target: Single Attribute: Any value deny
918          */
919         void arpApplicationTest9(ArpRepository repository) throws Exception {
920
921                 // Gather the Input
922                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
923                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
924                                 + "                     <Rule>" 
925                                 + "                             <Target>" 
926                                 + "                                     <AnyTarget/>" 
927                                 + "                             </Target>"
928                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
929                                 + "                                     <AnyValue release=\"deny\"/>" 
930                                 + "                             </Attribute>" 
931                                 + "                     </Rule>"
932                                 + "     </AttributeReleasePolicy>";
933
934                 Principal principal1 = new LocalPrincipal("TestPrincipal");
935
936                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
937                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
938                                                 "faculty@example.edu"})));
939
940                 // Setup the engine
941                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
942                 factory.setValidating(false);
943                 factory.setNamespaceAware(true);
944                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
945                 
946                 Arp siteArp = new Arp();
947                 siteArp.marshall(doc.getDocumentElement());
948                 repository.update(siteArp);
949                 ArpEngine engine = new ArpEngine(repository);
950
951                 // Apply the ARP
952                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
953
954                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
955         }
956
957         /**
958          * ARPs: A site ARP any Target: Single Attribute: Any value deny trumps explicit permit expanded representation
959          */
960         void arpApplicationTest10(ArpRepository repository) throws Exception {
961
962                 // Gather the Input
963                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
964                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
965                                 + "                     <Rule>" 
966                                 + "                             <Target>" 
967                                 + "                                     <AnyTarget/>" 
968                                 + "                             </Target>"
969                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
970                                 + "                                     <AnyValue release=\"deny\"/>" 
971                                 + "                             </Attribute>"
972                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
973                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
974                                 + "                             </Attribute>" 
975                                 + "                     </Rule>"
976                                 + "     </AttributeReleasePolicy>";
977
978                 Principal principal1 = new LocalPrincipal("TestPrincipal");
979
980                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
981                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
982                                                 "faculty@example.edu"})));
983
984                 // Setup the engine
985                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
986                 factory.setValidating(false);
987                 factory.setNamespaceAware(true);
988                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
989                 
990                 Arp siteArp = new Arp();
991                 siteArp.marshall(doc.getDocumentElement());
992                 repository.update(siteArp);
993                 ArpEngine engine = new ArpEngine(repository);
994
995                 // Apply the ARP
996                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
997
998                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
999         }
1000         /**
1001          * ARPs: A site ARP any Target: single Attribute: Any value deny trumps explicit permit canonical representation
1002          */
1003         void arpApplicationTest11(ArpRepository repository) throws Exception {
1004
1005                 // Gather the Input
1006                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1007                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1008                                 + "                     <Rule>" 
1009                                 + "                             <Target>" 
1010                                 + "                                     <AnyTarget/>" 
1011                                 + "                             </Target>"
1012                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1013                                 + "                                     <AnyValue release=\"deny\"/>" 
1014                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1015                                 + "                             </Attribute>" 
1016                                 + "                     </Rule>" 
1017                                 + "     </AttributeReleasePolicy>";
1018
1019                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1020
1021                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1022                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1023                                                 "faculty@example.edu"})));
1024
1025                 // Setup the engine
1026                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1027                 factory.setValidating(false);
1028                 factory.setNamespaceAware(true);
1029                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1030                 
1031                 Arp siteArp = new Arp();
1032                 siteArp.marshall(doc.getDocumentElement());
1033                 repository.update(siteArp);
1034                 ArpEngine engine = new ArpEngine(repository);
1035
1036                 // Apply the ARP
1037                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1038
1039                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1040         }
1041
1042         /**
1043          * ARPs: Test release to a specific requester
1044          */
1045         void arpApplicationTest12(ArpRepository repository) throws Exception {
1046
1047                 // Gather the Input
1048                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1049                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1050                                 + "                     <Rule>" 
1051                                 + "                             <Target>" 
1052                                 + "                                     <Requester>shar.example.edu</Requester>"
1053                                 + "                             </Target>"
1054                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1055                                 + "                                     <AnyValue release=\"permit\"/>" 
1056                                 + "                             </Attribute>" 
1057                                 + "                     </Rule>"
1058                                 + "     </AttributeReleasePolicy>";
1059
1060                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1061
1062                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1063                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1064                                                 "faculty@example.edu"})));
1065                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1066                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1067                                                 "faculty@example.edu"}));
1068
1069                 // Setup the engine
1070                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1071                 factory.setValidating(false);
1072                 factory.setNamespaceAware(true);
1073                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1074                 
1075                 Arp siteArp = new Arp();
1076                 siteArp.marshall(doc.getDocumentElement());
1077                 repository.update(siteArp);
1078                 ArpEngine engine = new ArpEngine(repository);
1079
1080                 // Apply the ARP
1081                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1082
1083                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1084         }
1085         /**
1086          * ARPs: Test release to multiple specific requesters
1087          */
1088         void arpApplicationTest13(ArpRepository repository) throws Exception {
1089
1090                 // Gather the Input
1091                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1092                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1093                                 + "                     <Rule>" 
1094                                 + "                             <Target>" 
1095                                 + "                                     <Requester>shar.example.edu</Requester>"
1096                                 + "                                     <Requester>http://foo.example.edu</Requester>"
1097                                 + "                             </Target>"
1098                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1099                                 + "                                     <AnyValue release=\"permit\"/>" 
1100                                 + "                             </Attribute>" 
1101                                 + "                     </Rule>"
1102                                 + "     </AttributeReleasePolicy>";
1103
1104                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1105
1106                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1107                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1108                                                 "faculty@example.edu"})));
1109                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1110                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1111                                                 "faculty@example.edu"}));
1112
1113                 // Setup the engine
1114                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1115                 factory.setValidating(false);
1116                 factory.setNamespaceAware(true);
1117                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1118                 
1119                 Arp siteArp = new Arp();
1120                 siteArp.marshall(doc.getDocumentElement());
1121                 repository.update(siteArp);
1122                 ArpEngine engine = new ArpEngine(repository);
1123
1124                 // Apply the ARP
1125                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1126
1127                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1128                 
1129                 // Try for the 2nd requester
1130                 inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1131                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1132                                                 "faculty@example.edu"})));
1133                 
1134                 engine.filterAttributes(inputSet, principal1, "http://foo.example.edu");
1135                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1136         }
1137
1138         /**
1139          * ARPs: Specific requester (no match)
1140          */
1141         void arpApplicationTest14(ArpRepository repository) throws Exception {
1142
1143                 // Gather the Input
1144                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1145                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1146                                 + "                     <Rule>" 
1147                                 + "                             <Target>" 
1148                                 + "                                     <Requester>shar.example.edu</Requester>"
1149                                 + "                             </Target>"
1150                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1151                                 + "                                     <AnyValue release=\"permit\"/>" 
1152                                 + "                             </Attribute>" 
1153                                 + "                     </Rule>"
1154                                 + "     </AttributeReleasePolicy>";
1155
1156                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1157
1158                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1159                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1160                                                 "faculty@example.edu"})));
1161
1162                 // Setup the engine
1163                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1164                 factory.setValidating(false);
1165                 factory.setNamespaceAware(true);
1166                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1167                 
1168                 Arp siteArp = new Arp();
1169                 siteArp.marshall(doc.getDocumentElement());
1170                 repository.update(siteArp);
1171                 ArpEngine engine = new ArpEngine(repository);
1172
1173                 // Apply the ARP
1174                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1175
1176                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1177         }
1178         /**
1179          * ARPs: Multiple specific requesters (no match)
1180          */
1181         void arpApplicationTest15(ArpRepository repository) throws Exception {
1182
1183                 // Gather the Input
1184                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1185                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1186                                 + "                     <Rule>" 
1187                                 + "                             <Target>" 
1188                                 + "                                     <Requester>shar.example.edu</Requester>"
1189                                 + "                                     <Requester>http://foo.example.edu</Requester>"
1190                                 + "                             </Target>"
1191                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1192                                 + "                                     <AnyValue release=\"permit\"/>" 
1193                                 + "                             </Attribute>" 
1194                                 + "                     </Rule>"
1195                                 + "     </AttributeReleasePolicy>";
1196
1197                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1198
1199                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1200                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1201                                                 "faculty@example.edu"})));
1202
1203                 // Setup the engine
1204                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1205                 factory.setValidating(false);
1206                 factory.setNamespaceAware(true);
1207                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1208                 
1209                 Arp siteArp = new Arp();
1210                 siteArp.marshall(doc.getDocumentElement());
1211                 repository.update(siteArp);
1212                 ArpEngine engine = new ArpEngine(repository);
1213
1214                 // Apply the ARP
1215                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1216
1217                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1218         }
1219
1220         /**
1221          * ARPs: A site ARP only Target: Multiple matching rules Attribute: various
1222          */
1223         void arpApplicationTest17(ArpRepository repository) throws Exception {
1224
1225                 // Gather the Input
1226                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1227                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1228                                 + "                     <Rule>"
1229                                 + "                             <Target>"
1230                                 + "                                     <AnyTarget />"
1231                                 + "                             </Target>"
1232                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1233                                 + "                                     <AnyValue release=\"permit\"/>"
1234                                 + "                             </Attribute>"
1235                                 + "                     </Rule>"
1236                                 + "                     <Rule>"
1237                                 + "                             <Target>"
1238                                 + "                                     <Requester>shar1.example.edu</Requester>"
1239                                 + "                             </Target>"
1240                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1241                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1242                                 + "                             </Attribute>"
1243                                 + "                     </Rule>"
1244                                 + "                     <Rule>"
1245                                 + "                             <Target>"
1246                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1247                                 + "                             </Target>" 
1248                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1249                                 + "                                     <AnyValue release=\"permit\"/>" 
1250                                 + "                             </Attribute>" 
1251                                 + "                     </Rule>"
1252                                 + "     </AttributeReleasePolicy>";
1253
1254                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1255                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1256                                 .asList(new AAAttribute[]{
1257                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1258                                                                 "member@example.edu", "faculty@example.edu"}),
1259                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1260                                                                 new Object[]{"wassa@columbia.edu"})}));
1261
1262                 Collection<AAAttribute> releaseSet = Arrays
1263                                 .asList(new AAAttribute[]{
1264                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation",
1265                                                                 new Object[]{"member@example.edu"}),
1266                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1267                                                                 new Object[]{"wassa@columbia.edu"})});
1268
1269                 // Setup the engine
1270                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1271                 factory.setValidating(false);
1272                 factory.setNamespaceAware(true);
1273                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1274                 
1275                 Arp siteArp = new Arp();
1276                 siteArp.marshall(doc.getDocumentElement());
1277                 repository.update(siteArp);
1278                 ArpEngine engine = new ArpEngine(repository);
1279
1280                 // Apply the ARP
1281                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu");
1282
1283                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1284         }
1285
1286         /**
1287          * ARPs: A site ARP any Target: Any Attribute: Any value release of two attributes in one rule
1288          */
1289         void arpApplicationTest18(ArpRepository repository) throws Exception {
1290
1291                 // Gather the Input
1292                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1293                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1294                                 + "                     <Rule>" 
1295                                 + "                             <Target>" 
1296                                 + "                                     <AnyTarget/>" 
1297                                 + "                             </Target>"
1298                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1299                                 + "                                     <AnyValue release=\"permit\"/>" 
1300                                 + "                             </Attribute>"
1301                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1302                                 + "                                     <AnyValue release=\"permit\"/>" 
1303                                 + "                             </Attribute>" 
1304                                 + "                     </Rule>"
1305                                 + "     </AttributeReleasePolicy>";
1306
1307                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1308
1309                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1310                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1311                                                 "faculty@example.edu"}),
1312                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1313                                                 new Object[]{"mehoehn@example.edu"})}));
1314
1315                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1316                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1317                                                 "faculty@example.edu"}),
1318                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1319                                                 new Object[]{"mehoehn@example.edu"})});
1320
1321                 // Setup the engine
1322                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1323                 factory.setValidating(false);
1324                 factory.setNamespaceAware(true);
1325                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1326                 
1327                 Arp siteArp = new Arp();
1328                 siteArp.marshall(doc.getDocumentElement());
1329                 repository.update(siteArp);
1330                 ArpEngine engine = new ArpEngine(repository);
1331
1332                 // Apply the ARP
1333                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1334
1335                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1336         }
1337
1338         /**
1339          * ARPs: A user ARP any Target: Single Attribute: Any value release,
1340          */
1341         void arpApplicationTest19(ArpRepository repository) throws Exception {
1342
1343                 // Gather the Input
1344                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1345                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1346                                 + "                     <Rule>" 
1347                                 + "                             <Target>" 
1348                                 + "                                     <AnyTarget/>" 
1349                                 + "                             </Target>"
1350                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1351                                 + "                                     <AnyValue release=\"permit\"/>" 
1352                                 + "                             </Attribute>" 
1353                                 + "                     </Rule>"
1354                                 + "     </AttributeReleasePolicy>";
1355
1356                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1357
1358                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1359                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1360                                                 "faculty@example.edu"})));
1361                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1362                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1363                                                 "faculty@example.edu"}));
1364
1365                 // Setup the engine
1366                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1367                 factory.setValidating(false);
1368                 factory.setNamespaceAware(true);
1369                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1370                 
1371                 Arp userArp = new Arp();
1372                 userArp.setPrincipal(principal1);
1373                 userArp.marshall(doc.getDocumentElement());
1374                 repository.update(userArp);
1375                 ArpEngine engine = new ArpEngine(repository);
1376
1377                 // Apply the ARP
1378                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1379
1380                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1381         }
1382
1383         /**
1384          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations
1385          */
1386         void arpApplicationTest20(ArpRepository repository) throws Exception {
1387
1388                 // Gather the Input
1389                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1390                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1391                                 + "                     <Rule>"
1392                                 + "                             <Target>"
1393                                 + "                                     <AnyTarget/>"
1394                                 + "                             </Target>"
1395                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1396                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1397                                 + "                             </Attribute>"
1398                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1399                                 + "                                     <AnyValue release=\"permit\" />"
1400                                 + "                             </Attribute>"
1401                                 + "                     </Rule>"
1402                                 + "                     <Rule>"
1403                                 + "                             <Target>"
1404                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1405                                 + "                             </Target>"
1406                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1407                                 + "                                     <AnyValue release=\"permit\"/>" 
1408                                 + "                             </Attribute>" 
1409                                 + "                     </Rule>" 
1410                                 + "                     <Rule>"
1411                                 + "                             <Target>" 
1412                                 + "                                     <Requester>www.example.edu</Requester>"
1413                                 + "                             </Target>"
1414                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1415                                 + "                                     <AnyValue release=\"permit\"/>" 
1416                                 + "                             </Attribute>"
1417                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1418                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1419                                 + "                             </Attribute>"
1420                                 + "                     </Rule>" 
1421                                 + "                     <Rule>" 
1422                                 + "                             <Target>" 
1423                                 + "                                     <Requester>www.external.com</Requester>"
1424                                 + "                             </Target>"
1425                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1426                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1427                                 + "                             </Attribute>"
1428                                 + "                     </Rule>" 
1429                                 + "     </AttributeReleasePolicy>";
1430
1431                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1432                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1433                                 + "                     <Rule>"
1434                                 + "                             <Target>"
1435                                 + "                                     <AnyTarget/>"
1436                                 + "                             </Target>"
1437                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1438                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1439                                 + "                             </Attribute>"
1440                                 + "                     </Rule>"
1441                                 + "                     <Rule>"
1442                                 + "                             <Target>"
1443                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1444                                 + "                             </Target>"
1445                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1446                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1447                                 + "                             </Attribute>"
1448                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1449                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1450                                 + "                             </Attribute>"
1451                                 + "                     </Rule>" 
1452                                 + "     </AttributeReleasePolicy>";
1453
1454                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1455
1456                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1457                                 .asList(new AAAttribute[]{
1458                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1459                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1460                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1461                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1462                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1463                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1464                                                                 new Object[]{"wassa@example.edu"}),
1465                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1466
1467                 Collection<AAAttribute> releaseSet = Arrays
1468                                 .asList(new AAAttribute[]{
1469                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1470                                                                 "urn:example:lovesIceCream", "urn:example:contract:4657483"}),
1471                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1472                                                                 "member@example.edu", "employee@example.edu"}),
1473                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1474                                                                 new Object[]{"wassa@example.edu"}),
1475                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1476
1477                 // Add the site ARP
1478                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1479                 factory.setValidating(false);
1480                 factory.setNamespaceAware(true);
1481                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawSiteArp)));
1482                 Arp siteArp = new Arp();
1483                 siteArp.marshall(doc.getDocumentElement());
1484                 repository.update(siteArp);
1485
1486                 // Add the user ARP
1487                 doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawUserArp)));
1488                 Arp userArp = new Arp();
1489                 userArp.setPrincipal(principal1);
1490                 userArp.marshall(doc.getDocumentElement());
1491                 repository.update(userArp);
1492
1493                 ArpEngine engine = new ArpEngine(repository);
1494
1495                 // Apply the ARP
1496                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1497
1498                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1499         }
1500         /**
1501          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations (same ARPs as 20, different
1502          * requester)
1503          */
1504         void arpApplicationTest21(ArpRepository repository) throws Exception {
1505
1506                 // Gather the Input
1507                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1508                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1509                                 + "                     <Rule>"
1510                                 + "                             <Target>"
1511                                 + "                                     <AnyTarget/>"
1512                                 + "                             </Target>"
1513                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1514                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1515                                 + "                             </Attribute>"
1516                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1517                                 + "                                     <AnyValue release=\"permit\" />"
1518                                 + "                             </Attribute>"
1519                                 + "                     </Rule>"
1520                                 + "                     <Rule>"
1521                                 + "                             <Target>"
1522                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1523                                 + "                             </Target>"
1524                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1525                                 + "                                     <AnyValue release=\"permit\"/>" 
1526                                 + "                             </Attribute>" 
1527                                 + "                     </Rule>" 
1528                                 + "                     <Rule>"
1529                                 + "                             <Target>" 
1530                                 + "                                     <Requester>www.example.edu</Requester>"
1531                                 + "                             </Target>"
1532                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1533                                 + "                                     <AnyValue release=\"permit\"/>" 
1534                                 + "                             </Attribute>"
1535                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1536                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1537                                 + "                             </Attribute>"
1538                                 + "                     </Rule>" 
1539                                 + "                     <Rule>" 
1540                                 + "                             <Target>" 
1541                                 + "                                     <Requester>www.external.com</Requester>"
1542                                 + "                             </Target>"
1543                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1544                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1545                                 + "                             </Attribute>"
1546                                 + "                     </Rule>" 
1547                                 + "     </AttributeReleasePolicy>";
1548
1549                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1550                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1551                                 + "                     <Rule>"
1552                                 + "                             <Target>"
1553                                 + "                                     <AnyTarget/>"
1554                                 + "                             </Target>"
1555                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1556                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1557                                 + "                             </Attribute>"
1558                                 + "                     </Rule>"
1559                                 + "                     <Rule>"
1560                                 + "                             <Target>"
1561                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>" 
1562                                 + "                             </Target>"
1563                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1564                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1565                                 + "                             </Attribute>"
1566                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1567                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1568                                 + "                             </Attribute>"
1569                                 + "                     </Rule>" 
1570                                 + "     </AttributeReleasePolicy>";
1571
1572                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1573
1574                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1575                                 .asList(new AAAttribute[]{
1576                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1577                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1578                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1579                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1580                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1581                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1582                                                                 new Object[]{"wassa@example.edu"}),
1583                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1584
1585                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1586                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement",
1587                                                 new Object[]{"urn:example:contract:113455"}),
1588                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}),
1589                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1590
1591                 // Add the site ARP
1592                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1593                 factory.setValidating(false);
1594                 factory.setNamespaceAware(true);
1595                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawSiteArp)));
1596                 Arp siteArp = new Arp();
1597                 siteArp.marshall(doc.getDocumentElement());
1598                 repository.update(siteArp);
1599
1600                 // Add the user ARP
1601                 doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawUserArp)));
1602                 Arp userArp = new Arp();
1603                 userArp.setPrincipal(principal1);
1604                 userArp.marshall(doc.getDocumentElement());
1605                 repository.update(userArp);
1606
1607                 ArpEngine engine = new ArpEngine(repository);
1608
1609                 // Apply the ARP
1610                 engine.filterAttributes(inputSet, principal1, "www.external.com");
1611
1612                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1613         }
1614
1615         /**
1616          * ARPs: A site ARP any Target: Specific requester: Release values by regex
1617          */
1618         void arpApplicationTest22(ArpRepository repository) throws Exception {
1619
1620                 // Gather the Input
1621                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1622                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1623                                 + "                     <Rule>"
1624                                 + "                             <Target>"
1625                                 + "                                     <Requester>shar.example.edu</Requester>"
1626                                 + "                             </Target>"
1627                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1628                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1629                                 + "                             </Attribute>"
1630                                 + "                     </Rule>" 
1631                                 + "     </AttributeReleasePolicy>";
1632
1633                 Principal principal1 = new LocalPrincipal("Test2Principal");
1634
1635                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1636                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1637                                                 "urn:x:adagio", "urn:x:awol"})));
1638                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1639                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:adagio", "urn:x:awol"}));
1640
1641                 // Setup the engine
1642                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1643                 factory.setValidating(false);
1644                 factory.setNamespaceAware(true);
1645                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1646                 
1647                 Arp siteArp = new Arp();
1648                 siteArp.marshall(doc.getDocumentElement());
1649                 repository.update(siteArp);
1650                 ArpEngine engine = new ArpEngine(repository);
1651
1652                 // Apply the ARP
1653                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1654
1655                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1656         }
1657
1658         /**
1659          * ARPs: A site ARP any Target: Specific shar, Attribute: Deny specific values by regex
1660          */
1661         void arpApplicationTest23(ArpRepository repository) throws Exception {
1662
1663                 // Gather the Input
1664                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1665                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1666                                 + "                     <Rule>"
1667                                 + "                             <Target>"
1668                                 + "                                     <Requester>shar.example.edu</Requester>"
1669                                 + "                             </Target>"
1670                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1671                                 + "                                     <AnyValue release=\"permit\" />"
1672                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1673                                 + "                             </Attribute>" + "                       </Rule>" + "    </AttributeReleasePolicy>";
1674
1675                 Principal principal1 = new LocalPrincipal("Test2Principal");
1676
1677                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1678                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1679                                                 "urn:x:adagio", "urn:x:awol"})));
1680                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1681                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar"}));
1682
1683                 // Setup the engine
1684                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1685                 factory.setValidating(false);
1686                 factory.setNamespaceAware(true);
1687                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1688                 
1689                 Arp siteArp = new Arp();
1690                 siteArp.marshall(doc.getDocumentElement());
1691                 repository.update(siteArp);
1692                 ArpEngine engine = new ArpEngine(repository);
1693
1694                 // Apply the ARP
1695                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1696
1697                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1698         }
1699
1700         /**
1701          * ARPs: A site ARP Specific requester, Attribute: No matches on specific values should
1702          * yield no attribute
1703          */
1704         void arpApplicationTest24(ArpRepository repository) throws Exception {
1705
1706                 // Gather the Input
1707                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1708                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1709                                 + "                     <Rule>" 
1710                                 + "                             <Target>" 
1711                                 + "                                     <Requester>shar.example.edu</Requester>"
1712                                 + "                             </Target>"
1713                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1714                                 + "                                     <AnyValue release=\"permit\" />" 
1715                                 + "                             </Attribute>"
1716                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1717                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>" 
1718                                 + "                             </Attribute>" 
1719                                 + "                     </Rule>"
1720                                 + "     </AttributeReleasePolicy>";
1721
1722                 Principal principal1 = new LocalPrincipal("Test2Principal");
1723
1724                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1725                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:bar",
1726                                                 "urn:x:adagio"}),
1727                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"})}));
1728                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1729                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"}));
1730
1731                 // Setup the engine
1732                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1733                 factory.setValidating(false);
1734                 factory.setNamespaceAware(true);
1735                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1736                 
1737                 Arp siteArp = new Arp();
1738                 siteArp.marshall(doc.getDocumentElement());
1739                 repository.update(siteArp);
1740                 ArpEngine engine = new ArpEngine(repository);
1741
1742                 // Apply the ARP
1743                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1744
1745                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
1746         }
1747
1748
1749          /**
1750          * Use Case: must have an attribute
1751          * Example:  release uid only if user has any value for attribute "foo"
1752          */
1753         void arpConstraintTest1(ArpRepository repository) throws Exception {
1754
1755                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1756                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1757                                 + "         <Rule>" 
1758                                 + "             <Constraint"
1759                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1760                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:anyValueMatch\""
1761                                 + "                                     matches=\"any\"/>"
1762                                 + "             <Target>" 
1763                                 + "                 <AnyTarget/>" 
1764                                 + "             </Target>"
1765                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1766                                 + "                 <AnyValue release=\"permit\"/>" 
1767                                 + "             </Attribute>" 
1768                                 + "         </Rule>"
1769                                 + " </AttributeReleasePolicy>";
1770
1771                 // Setup the engine
1772                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1773                 factory.setValidating(false);
1774                 factory.setNamespaceAware(true);
1775                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1776                 
1777                 Arp siteArp = new Arp();
1778                 siteArp.marshall(doc.getDocumentElement());
1779                 repository.update(siteArp);
1780                 ArpEngine engine = new ArpEngine(repository);
1781
1782                 Principal principal = new LocalPrincipal("TestPrincipal");
1783
1784                 // test user who meets constraint
1785                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1786                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1787                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1788
1789                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1790                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1791
1792                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1793                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1794
1795                 // test user who does not meet constraint
1796                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1797                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1798
1799                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1800
1801                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1802                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1803
1804         }
1805         
1806          /**
1807          * Use Case: must have an attribute value
1808          * Example:  release uid only if user has a specific value for attribute "foo"
1809          */
1810         void arpConstraintTest2(ArpRepository repository) throws Exception {
1811
1812                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1813                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1814                                 + "         <Rule>" 
1815                                 + "             <Constraint"
1816                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1817                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1818                                 + "                                     matches=\"any\">bar</Constraint>"
1819                                 + "             <Target>" 
1820                                 + "                 <AnyTarget/>" 
1821                                 + "             </Target>"
1822                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1823                                 + "                 <AnyValue release=\"permit\"/>" 
1824                                 + "             </Attribute>" 
1825                                 + "         </Rule>"
1826                                 + " </AttributeReleasePolicy>";
1827
1828                 // Setup the engine
1829                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1830                 factory.setValidating(false);
1831                 factory.setNamespaceAware(true);
1832                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1833                 
1834                 Arp siteArp = new Arp();
1835                 siteArp.marshall(doc.getDocumentElement());
1836                 repository.update(siteArp);
1837                 ArpEngine engine = new ArpEngine(repository);
1838
1839                 Principal principal = new LocalPrincipal("TestPrincipal");
1840
1841                 // test user who meets constraint
1842                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1843                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1844                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1845
1846                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1847                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1848
1849                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1850                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1851
1852                 // test user who does not meet constraint
1853                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1854                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1855
1856                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1857
1858                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1859                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1860
1861         }
1862          /**
1863          * Use Case: must have only a specific attribute value
1864          * Example:  release uid only if user has a specific value for attribute "foo", but not if it has other values
1865          */
1866         void arpConstraintTest3(ArpRepository repository) throws Exception {
1867
1868                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1869                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1870                                 + "         <Rule>" 
1871                                 + "             <Constraint"
1872                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1873                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1874                                 + "                                     matches=\"all\">bar</Constraint>"
1875                                 + "             <Target>" 
1876                                 + "                 <AnyTarget/>" 
1877                                 + "             </Target>"
1878                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1879                                 + "                 <AnyValue release=\"permit\"/>" 
1880                                 + "             </Attribute>" 
1881                                 + "         </Rule>"
1882                                 + " </AttributeReleasePolicy>";
1883
1884                 // Setup the engine
1885                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1886                 factory.setValidating(false);
1887                 factory.setNamespaceAware(true);
1888                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1889                 
1890                 Arp siteArp = new Arp();
1891                 siteArp.marshall(doc.getDocumentElement());
1892                 repository.update(siteArp);
1893                 ArpEngine engine = new ArpEngine(repository);
1894
1895                 Principal principal = new LocalPrincipal("TestPrincipal");
1896
1897                 // test user who meets constraint
1898                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1899                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1900                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1901
1902                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1903                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1904
1905                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1906                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1907
1908                 // test user who does not meet constraint
1909                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1910                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1911
1912                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1913
1914                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1915                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1916
1917         }
1918          /**
1919          * Use Case: must have two  specific attribute values
1920          * Example:  release uid only if user has two specific value for attribute "foo", "bar" and "wee"
1921          */
1922         void arpConstraintTest4(ArpRepository repository) throws Exception {
1923
1924                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1925                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1926                                 + "         <Rule>" 
1927                                 + "             <Constraint"
1928                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1929                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1930                                 + "                                     matches=\"any\">bar</Constraint>"
1931                                 + "             <Constraint"
1932                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1933                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1934                                 + "                                     matches=\"any\">wee</Constraint>"
1935                                 + "             <Target>" 
1936                                 + "                 <AnyTarget/>" 
1937                                 + "             </Target>"
1938                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1939                                 + "                 <AnyValue release=\"permit\"/>" 
1940                                 + "             </Attribute>" 
1941                                 + "         </Rule>"
1942                                 + " </AttributeReleasePolicy>";
1943
1944                 // Setup the engine
1945                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
1946                 factory.setValidating(false);
1947                 factory.setNamespaceAware(true);
1948                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
1949                 
1950                 Arp siteArp = new Arp();
1951                 siteArp.marshall(doc.getDocumentElement());
1952                 repository.update(siteArp);
1953                 ArpEngine engine = new ArpEngine(repository);
1954
1955                 Principal principal = new LocalPrincipal("TestPrincipal");
1956
1957                 // test user who meets constraint
1958                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1959                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1960                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1961
1962                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1963                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1964
1965                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1966                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1967
1968                 // test user who does not meet constraint
1969                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1970                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1971
1972                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1973
1974                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1975                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1976
1977         }
1978         
1979          /**
1980          * Use Case: must not have a specific attribute value
1981          * Example:  release uid only if user does not have a specific value for attribute "foo"
1982          */
1983         void arpConstraintTest5(ArpRepository repository) throws Exception {
1984
1985                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1986                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1987                                 + "         <Rule>" 
1988                                 + "             <Constraint"
1989                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1990                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1991                                 + "                                     matches=\"none\">bar</Constraint>"
1992                                 + "             <Target>" 
1993                                 + "                 <AnyTarget/>" 
1994                                 + "             </Target>"
1995                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1996                                 + "                 <AnyValue release=\"permit\"/>" 
1997                                 + "             </Attribute>" 
1998                                 + "         </Rule>"
1999                                 + " </AttributeReleasePolicy>";
2000
2001                 // Setup the engine
2002                 DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
2003                 factory.setValidating(false);
2004                 factory.setNamespaceAware(true);
2005                 Document doc = factory.newDocumentBuilder().parse(new InputSource(new StringReader(rawArp)));
2006                 
2007                 Arp siteArp = new Arp();
2008                 siteArp.marshall(doc.getDocumentElement());
2009                 repository.update(siteArp);
2010                 ArpEngine engine = new ArpEngine(repository);
2011
2012                 Principal principal = new LocalPrincipal("TestPrincipal");
2013
2014                 // test user who meets constraint
2015                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
2016                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
2017                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
2018
2019                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
2020                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
2021
2022                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
2023                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
2024
2025                 // test user who does not meet constraint
2026                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
2027                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
2028
2029                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
2030
2031                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
2032                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
2033
2034         }
2035 }