Code cleanups in preparation for 2.0 work. Ripped out v1.1 ARP syntax remnants....
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /*
2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package edu.internet2.middleware.shibboleth.aa.arp;
18
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.io.InputStream;
22 import java.io.StringReader;
23 import java.net.URI;
24 import java.net.URISyntaxException;
25 import java.security.Principal;
26 import java.util.ArrayList;
27 import java.util.Arrays;
28 import java.util.Collection;
29 import java.util.HashSet;
30 import java.util.Set;
31
32 import javax.xml.parsers.DocumentBuilderFactory;
33 import javax.xml.parsers.ParserConfigurationException;
34
35 import junit.framework.TestCase;
36
37 import org.apache.log4j.BasicConfigurator;
38 import org.apache.log4j.Level;
39 import org.apache.log4j.Logger;
40 import org.w3c.dom.Document;
41 import org.w3c.dom.Element;
42 import org.w3c.dom.Text;
43 import org.xml.sax.InputSource;
44
45 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
46 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
47 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
48 import edu.internet2.middleware.shibboleth.xml.Parser;
49
50 /**
51  * Validation suite for <code>Arp</code> processing.
52  * 
53  * @author Walter Hoehn(wassa@memphis.edu)
54  */
55
56 public class ArpTests extends TestCase {
57
58         private Parser.DOMParser parser = new Parser.DOMParser(true);
59         Element memoryRepositoryElement;
60         private String[] arpExamples = {"data/example1.xml", "data/example2.xml", "data/example3.xml", "data/example4.xml",
61                         "data/example5.xml", "data/example6.xml", "data/example7.xml", "data/example8.xml", "data/example9.xml",
62                         "data/example10.xml", "data/example11.xml", "data/example12.xml"};
63
64         public ArpTests(String name) {
65
66                 super(name);
67                 BasicConfigurator.resetConfiguration();
68                 BasicConfigurator.configure();
69                 Logger.getRootLogger().setLevel(Level.OFF);
70         }
71
72         public static void main(String[] args) {
73
74                 junit.textui.TestRunner.run(ArpTests.class);
75                 BasicConfigurator.configure();
76                 Logger.getRootLogger().setLevel(Level.OFF);
77         }
78
79         /**
80          * @see junit.framework.TestCase#setUp()
81          */
82         protected void setUp() throws Exception {
83
84                 super.setUp();
85
86                 // Setup an xml parser
87
88                 // Setup a dummy xml config for a Memory-based repository
89                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
90                 docFactory.setNamespaceAware(true);
91                 Document placeHolder;
92                 try {
93                         placeHolder = docFactory.newDocumentBuilder().newDocument();
94
95                         memoryRepositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
96                         memoryRepositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
97                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
98                 } catch (ParserConfigurationException e) {
99                         fail("Failed to create memory-based Arp Repository configuration" + e);
100                 }
101         }
102
103         public void testArpMarshalling() {
104
105                 // Test ARP description
106                 try {
107                         InputStream inStream = new FileInputStream("data/arp1.xml");
108                         parser.parse(new InputSource(inStream));
109                         Arp arp1 = new Arp();
110                         arp1.marshall(parser.getDocument().getDocumentElement());
111                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
112
113                         // Test Rule description
114                         assertEquals("ARP Rule Description not marshalled properly", arp1.getAllRules().iterator().next()
115                                         .getDescription(), "Example Rule Description.");
116                 } catch (Exception e) {
117                         fail("Failed to marshall ARP: " + e);
118                 }
119
120                 // Test case where ARP description does not exist
121                 try {
122                         InputStream inStream = new FileInputStream("data/arp2.xml");
123                         parser.parse(new InputSource(inStream));
124                         Arp arp2 = new Arp();
125                         arp2.marshall(parser.getDocument().getDocumentElement());
126                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
127
128                         // Test case where ARP Rule description does not exist
129                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules().iterator().next()
130                                         .getDescription());
131                 } catch (Exception e) {
132                         fail("Failed to marshall ARP.");
133                 }
134
135         }
136
137         public void testMatchingFunctions() {
138
139                 try {
140
141                         /*
142                          * Test Arp Engine function retrieval
143                          */
144
145                         // Lookup a function that doesn't exist
146                         MatchFunction noFunction = ArpEngine.lookupMatchFunction(new URI(
147                                         "urn:mace:shibboleth:arp:matchFunction:dummy"));
148                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
149
150                         // Lookup some real functions
151                         MatchFunction stringMatch = ArpEngine.lookupMatchFunction(new URI(
152                                         "urn:mace:shibboleth:arp:matchFunction:stringMatch"));
153                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
154
155                         MatchFunction regexFunction = ArpEngine.lookupMatchFunction(new URI(
156                                         "urn:mace:shibboleth:arp:matchFunction:regexMatch"));
157                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
158
159                         MatchFunction regexNotFunction = ArpEngine.lookupMatchFunction(new URI(
160                                         "urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
161                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
162
163                         MatchFunction stringNotFunction = ArpEngine.lookupMatchFunction(new URI(
164                                         "urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
165                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
166
167                         /*
168                          * Test the Regex function (requester & resource)
169                          */
170
171                         // Try requester regexes
172                         assertTrue("Regex function: false negative", regexFunction.match("^shar\\.example\\.edu$",
173                                         "shar.example.edu"));
174                         assertTrue("Regex function: false negative", regexFunction
175                                         .match("^.*\\.example\\.edu$", "shar.example.edu"));
176                         assertTrue("Regex function: false negative", regexFunction.match("^shar[1-9]?\\.example\\.edu$",
177                                         "shar1.example.edu"));
178                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
179                         assertTrue("Regex function: false positive", !regexFunction.match("^shar[1-9]\\.example\\.edu$",
180                                         "shar.example.edu"));
181                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
182                                         "www.example.edu"));
183                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
184                                         "www.example.com"));
185
186                         // Make sure we properly handle bad input
187                         try {
188                                 regexFunction.match(null, null);
189                                 fail("Regex function seems to take improper input without throwing an exception.");
190                         } catch (ArpException ie) {
191                                 // This is supposed to fail
192                         }
193
194                         // Test the StringNotMatch function
195                         assertFalse("StringNotMatch function: false positive", stringNotFunction.match("foo", "foo"));
196                         assertTrue("StringNotMatch function: false negative", stringNotFunction.match("foo", "bar"));
197                         // Make sure we properly handle bad input
198                         try {
199                                 stringNotFunction.match(null, null);
200                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
201                         } catch (ArpException ie) {
202                                 // This is supposed to fail
203                         }
204
205                         // Test the RegexNotMatch function
206
207                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
208                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
209
210                         // Make sure we properly handle bad input
211                         try {
212                                 regexNotFunction.match(null, null);
213                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
214                         } catch (ArpException ie) {
215                                 // This is supposed to fail
216                         }
217
218                 } catch (ArpException e) {
219                         fail("Encountered a problem loading match function: " + e);
220                 } catch (URISyntaxException e) {
221                         fail("Unable to create URI from test string.");
222                 }
223
224         }
225
226         public void testRepositories() {
227
228                 /*
229                  * Test the Factory
230                  */
231
232                 // Make sure we fail if an unavailable Repository implementation is specified
233                 ArpRepository repository = null;
234
235                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
236                 docFactory.setNamespaceAware(true);
237                 Document placeHolder;
238                 try {
239                         placeHolder = docFactory.newDocumentBuilder().newDocument();
240
241                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
242                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
243                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
244
245                         ArpRepositoryFactory.getInstance(repositoryElement);
246
247                 } catch (ParserConfigurationException e) {
248                         fail("Failed to create bogus Arp Repository configuration" + e);
249
250                 } catch (ArpRepositoryException e) {
251                         // This is supposed to fail
252                 }
253
254                 // Make sure we can create an Arp Repository
255                 repository = null;
256                 try {
257                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
258                 } catch (ArpRepositoryException e) {
259                         fail("Failed to create memory-based Arp Repository" + e);
260                 }
261                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
262
263                 /*
264                  * Exercise the Memory Arp Repository
265                  */
266
267                 // Set/retrieve/remove a Site ARP
268                 Arp siteArp1 = new Arp();
269                 siteArp1.setDescription("Test Site Arp 1.");
270                 try {
271                         repository.update(siteArp1);
272                         assertEquals("Memory Repository does not store and retrieve Site ARPs properly.", siteArp1, repository
273                                         .getSitePolicy());
274                         repository.remove(repository.getSitePolicy());
275                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
276                 } catch (ArpRepositoryException e) {
277                         fail("Error adding Site ARP to Memory Repository.");
278                 }
279
280                 // Set/retrieve/delete some user ARPs
281                 Arp userArp1 = new Arp();
282                 userArp1.setDescription("Broken User Arp 1.");
283                 try {
284                         repository.update(userArp1);
285                         assertTrue("Memory Repository does not store and retrieve User ARPs properly.", (!userArp1
286                                         .equals(repository.getUserPolicy(userArp1.getPrincipal()))));
287                 } catch (ArpRepositoryException e) {
288                         fail("Error adding User ARP to Memory Repository.");
289                 }
290
291                 Arp userArp2 = new Arp(new LocalPrincipal("TestPrincipal"));
292                 userArp2.setDescription("Test User Arp 2.");
293                 try {
294                         repository.update(userArp2);
295                         assertEquals("Memory Repository does not store and retrieve User ARPs properly.", userArp2, repository
296                                         .getUserPolicy(userArp2.getPrincipal()));
297                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
298                         assertNull("Memorty Repository does not properly delete User ARPs.", repository.getUserPolicy(userArp2
299                                         .getPrincipal()));
300                 } catch (ArpRepositoryException e) {
301                         fail("Error adding User ARP to Memory Repository.");
302                 }
303
304                 // create a repository
305                 repository = null;
306
307                 try {
308                         placeHolder = docFactory.newDocumentBuilder().newDocument();
309
310                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
311                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
312                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
313                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "arpTTL", "65535");
314
315                         Element path = placeHolder.createElementNS(IdPConfig.configNameSpace, "Path");
316                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
317                         path.appendChild(text);
318
319                         repositoryElement.appendChild(path);
320
321                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
322
323                 } catch (ArpRepositoryException e) {
324                         fail("Failed to create file-based Arp Repository" + e);
325                 } catch (ParserConfigurationException e) {
326                         fail("Failed to create file-based Arp Repository configuration" + e);
327                 }
328
329                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
330
331                 try {
332                         Arp siteArp = repository.getSitePolicy();
333
334                         InputStream inStream = new FileInputStream("data/arp.site.xml");
335                         parser.parse(new InputSource(inStream));
336                         String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
337
338                         String processedXML = Parser.serialize(siteArp.unmarshall());
339
340                         assertTrue("File-based ARP Repository did not return the correct site ARP.", directXML.toString()
341                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
342
343                         Arp userArp = repository.getUserPolicy(new LocalPrincipal("test"));
344
345                         inStream = new FileInputStream("data/arp.user.test.xml");
346                         parser.parse(new InputSource(inStream));
347                         directXML = Parser.serialize(parser.getDocument().getDocumentElement());
348
349                         processedXML = Parser.serialize(userArp.unmarshall());
350
351                         assertTrue("File-based ARP Repository did not return the correct user ARP.", directXML.toString()
352                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
353
354                         Arp[] allArps = repository.getAllPolicies(new LocalPrincipal("test"));
355
356                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
357
358                 } catch (Exception e) {
359                         fail("Error retrieving ARP from Repository: " + e);
360                 }
361
362         }
363
364         public void testPossibleReleaseSetComputation() {
365
366                 ArpRepository repository = null;
367                 try {
368                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
369                 } catch (ArpRepositoryException e) {
370                         fail("Failed to create memory-based Arp Repository" + e);
371                 }
372
373                 try {
374                         Principal principal1 = new LocalPrincipal("TestPrincipal");
375
376                         Set<URI> list1 = new HashSet<URI>();
377                         list1.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
378
379                         Set<URI> list2 = new HashSet<URI>();
380                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
381                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName"));
382
383                         Set<URI> list3 = new HashSet<URI>();
384
385                         // Test with just a site ARP
386                         InputStream inStream = new FileInputStream("data/arp1.xml");
387                         parser.parse(new InputSource(inStream));
388                         Arp arp1 = new Arp();
389                         arp1.marshall(parser.getDocument().getDocumentElement());
390                         repository.update(arp1);
391                         ArpEngine engine = new ArpEngine(repository);
392                         Set<URI> possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
393                         assertEquals("Incorrectly computed possible release set (1).", possibleAttributes, list1);
394
395                         // Test with site and user ARPs
396                         inStream = new FileInputStream("data/arp7.xml");
397                         parser.parse(new InputSource(inStream));
398                         Arp arp7 = new Arp();
399                         arp7.setPrincipal(principal1);
400                         arp7.marshall(parser.getDocument().getDocumentElement());
401                         repository.update(arp7);
402                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
403                         assertEquals("Incorrectly computed possible release set (2).", possibleAttributes, list2);
404
405                         // Ensure that explicit denies on any value are not in the release set
406                         inStream = new FileInputStream("data/arp6.xml");
407                         parser.parse(new InputSource(inStream));
408                         Arp arp6 = new Arp();
409                         arp6.setPrincipal(principal1);
410                         arp6.marshall(parser.getDocument().getDocumentElement());
411                         repository.update(arp6);
412                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
413                         assertEquals("Incorrectly computed possible release set (3).", possibleAttributes, list3);
414
415                 } catch (Exception e) {
416                         e.printStackTrace();
417                         fail("Failed to marshall ARP: " + e);
418                 }
419
420         }
421
422         public void testArpApplication() {
423
424                 // Construct an engine with a memory-based repository
425                 ArpRepository repository = null;
426                 try {
427                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
428
429                 } catch (ArpRepositoryException e) {
430                         fail("Failed to create memory-based Arp Repository" + e);
431                 }
432
433                 try {
434                         
435                         arpApplicationTest1(repository, parser);
436                         arpApplicationTest2(repository, parser);
437                         arpApplicationTest3(repository, parser);
438                         arpApplicationTest4(repository, parser);
439                         arpApplicationTest5(repository, parser);
440                         arpApplicationTest6(repository, parser);
441                         arpApplicationTest7(repository, parser);
442                         arpApplicationTest8(repository, parser);
443                         arpApplicationTest9(repository, parser);
444                         arpApplicationTest10(repository, parser);
445                         arpApplicationTest11(repository, parser);
446                         arpApplicationTest12(repository, parser);
447                         arpApplicationTest14(repository, parser);
448                         arpApplicationTest17(repository, parser);
449                         arpApplicationTest18(repository, parser);
450                         arpApplicationTest19(repository, parser);
451                         arpApplicationTest20(repository, parser);
452                         arpApplicationTest21(repository, parser);
453                         arpApplicationTest22(repository, parser);
454                         arpApplicationTest23(repository, parser);
455                         arpApplicationTest24(repository, parser);
456                          
457                 } catch (Exception e) {
458                         e.printStackTrace();
459                         fail("Failed to apply filter to ARPs: " + e);
460                 }
461         }
462
463         public void testRoundtripMarshalling() {
464
465                 try {
466                         for (int i = 0; i < arpExamples.length; i++) {
467
468                                 // Get a non-validating parser so we don't fill in schema defaults
469                                 Parser.DOMParser nonValParser = new Parser.DOMParser(false);
470
471                                 InputStream inStream = new FileInputStream(arpExamples[i]);
472
473                                 nonValParser.parse(new InputSource(inStream));
474                                 String directXML = Parser.serialize(nonValParser.getDocument().getDocumentElement());
475                                 inStream.close();
476
477                                 // Use validation when marshalling into an ARP
478                                 inStream = new FileInputStream(arpExamples[i]);
479                                 parser.parse(new InputSource(inStream));
480                                 Arp arp1 = new Arp();
481                                 arp1.marshall(parser.getDocument().getDocumentElement());
482                                 String processedXML = Parser.serialize(arp1.unmarshall());
483
484                                 assertEquals("Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")", directXML
485                                                 .toString().replaceAll(">[\t\r\n ]+<", "><"), processedXML.toString().replaceAll(
486                                                 ">[\t\r\n ]+<", "><"));
487                         }
488
489                 } catch (Exception e) {
490                         e.printStackTrace();
491                         fail("Failed to marshall ARP: " + e);
492                 }
493
494         }
495         /**
496          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Most basic test.
497          */
498         void arpApplicationTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
499
500                 // Gather the Input
501                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
502                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
503                                 + "                     <Rule>" 
504                                 + "                             <Target>" 
505                                 + "                                     <AnyTarget/>" 
506                                 + "                             </Target>"
507                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
508                                 + "                                     <AnyValue release=\"permit\"/>" 
509                                 + "                             </Attribute>" 
510                                 + "                     </Rule>"
511                                 + "     </AttributeReleasePolicy>";
512
513                 Principal principal1 = new LocalPrincipal("TestPrincipal");
514                 
515                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
516                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
517                                                 "faculty@example.edu"})));
518
519                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
520                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
521                                                 "faculty@example.edu"}));
522
523                 // Setup the engine
524                 parser.parse(new InputSource(new StringReader(rawArp)));
525                 Arp siteArp = new Arp();
526                 siteArp.marshall(parser.getDocument().getDocumentElement());
527                 repository.update(siteArp);
528                 ArpEngine engine = new ArpEngine(repository);
529
530                 // Apply the ARP
531                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
532
533                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
534         }
535
536
537         /**
538          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Test implicit deny of other attributes.
539          */
540         void arpApplicationTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
541
542                 // Gather the Input
543                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
544                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
545                                 + "                     <Rule>" 
546                                 + "                             <Target>" 
547                                 + "                                     <AnyTarget/>" 
548                                 + "                             </Target>"
549                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
550                                 + "                                     <AnyValue release=\"permit\"/>" 
551                                 + "                             </Attribute>" 
552                                 + "                     </Rule>"
553                                 + "     </AttributeReleasePolicy>";
554
555                 Principal principal1 = new LocalPrincipal("TestPrincipal");
556                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
557                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
558                                                 "faculty@example.edu"}),
559                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
560                                                 new Object[]{"mehoehn@example.edu"})}));
561
562                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{new AAAttribute(
563                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
564                                                 "faculty@example.edu"})});
565
566                 // Setup the engine
567                 parser.parse(new InputSource(new StringReader(rawArp)));
568                 Arp siteArp = new Arp();
569                 siteArp.marshall(parser.getDocument().getDocumentElement());
570                 repository.update(siteArp);
571                 ArpEngine engine = new ArpEngine(repository);
572
573                 // Apply the ARP
574                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
575
576                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
577         }
578
579         /**
580          * ARPs: A site ARP only Target: Single Attribute: Single value release
581          */
582         void arpApplicationTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
583
584                 // Gather the Input
585                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
586                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
587                                 + "                     <Rule>" 
588                                 + "                             <Target>" 
589                                 + "                                     <AnyTarget/>" 
590                                 + "                             </Target>"
591                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
592                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
593                                 + "                             </Attribute>" 
594                                 + "                     </Rule>"
595                                 + "     </AttributeReleasePolicy>";
596
597                 Principal principal1 = new LocalPrincipal("TestPrincipal");
598                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
599                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
600                                                 "faculty@example.edu"})));
601                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
602                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}));
603
604                 // Setup the engine
605                 parser.parse(new InputSource(new StringReader(rawArp)));
606                 Arp siteArp = new Arp();
607                 siteArp.marshall(parser.getDocument().getDocumentElement());
608                 repository.update(siteArp);
609                 ArpEngine engine = new ArpEngine(repository);
610
611                 // Apply the ARP
612                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
613
614                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
615         }
616
617         /**
618          * ARPs: A site ARP only Target: Single Attribute: Any value except one release, canonical representation
619          */
620         void arpApplicationTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
621
622                 // Gather the Input
623                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
624                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
625                                 + "                     <Rule>"
626                                 + "                             <Target>" 
627                                 + "                                     <AnyTarget/>" 
628                                 + "                             </Target>"
629                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
630                                 + "                                     <AnyValue release=\"permit\"/>" 
631                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
632                                 + "                             </Attribute>" 
633                                 + "                     </Rule>" 
634                                 + "     </AttributeReleasePolicy>";
635
636                 Principal principal1 = new LocalPrincipal("TestPrincipal");
637                 
638                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
639                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
640                                                 "faculty@example.edu", "employee@example.edu"})));
641                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
642                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
643                                                 "employee@example.edu"}));
644
645                 // Setup the engine
646                 parser.parse(new InputSource(new StringReader(rawArp)));
647                 Arp siteArp = new Arp();
648                 siteArp.marshall(parser.getDocument().getDocumentElement());
649                 repository.update(siteArp);
650                 ArpEngine engine = new ArpEngine(repository);
651
652                 // Apply the ARP
653                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
654
655                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
656         }
657
658         /**
659          * ARPs: A site ARP any Target: Single Attribute: Any value except one release, expanded representation
660          */
661         void arpApplicationTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
662
663                 // Gather the Input
664                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
665                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
666                                 + "                     <Rule>" 
667                                 + "                             <Target>" 
668                                 + "                                     <AnyTarget/>" 
669                                 + "                             </Target>"
670                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
671                                 + "                                     <AnyValue release=\"permit\"/>" 
672                                 + "                             </Attribute>"
673                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
674                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
675                                 + "                             </Attribute>" 
676                                 + "                     </Rule>"
677                                 + "     </AttributeReleasePolicy>";
678
679                 Principal principal1 = new LocalPrincipal("TestPrincipal");
680         
681                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
682                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
683                                                 "faculty@example.edu", "employee@example.edu"})));
684                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
685                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
686                                                 "employee@example.edu"}));
687
688                 // Setup the engine
689                 parser.parse(new InputSource(new StringReader(rawArp)));
690                 Arp siteArp = new Arp();
691                 siteArp.marshall(parser.getDocument().getDocumentElement());
692                 repository.update(siteArp);
693                 ArpEngine engine = new ArpEngine(repository);
694
695                 // Apply the ARP
696                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
697
698                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
699         }
700
701         /**
702          * ARPs: A site ARP any Target: Single Attribute: Any value except two release, expanded representation
703          */
704         void arpApplicationTest6(ArpRepository repository, Parser.DOMParser parser) throws Exception {
705
706                 // Gather the Input
707                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
708                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
709                                 + "                     <Rule>" 
710                                 + "                             <Target>" 
711                                 + "                                     <AnyTarget/>" 
712                                 + "                             </Target>"
713                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
714                                 + "                                     <AnyValue release=\"permit\"/>" 
715                                 + "                             </Attribute>"
716                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
717                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
718                                 + "                             </Attribute>"
719                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
720                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
721                                 + "                             </Attribute>" 
722                                 + "                     </Rule>"
723                                 + "     </AttributeReleasePolicy>";
724
725                 Principal principal1 = new LocalPrincipal("TestPrincipal");
726                 
727                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
728                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
729                                                 "faculty@example.edu", "employee@example.edu"})));
730                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
731                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"employee@example.edu"}));
732
733                 // Setup the engine
734                 parser.parse(new InputSource(new StringReader(rawArp)));
735                 Arp siteArp = new Arp();
736                 siteArp.marshall(parser.getDocument().getDocumentElement());
737                 repository.update(siteArp);
738                 ArpEngine engine = new ArpEngine(repository);
739
740                 // Apply the ARP
741                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
742
743                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
744         }
745
746         /**
747          * ARPs: A site ARP any Target: Single Attribute: Two value release, canonical representation
748          */
749         void arpApplicationTest7(ArpRepository repository, Parser.DOMParser parser) throws Exception {
750
751                 // Gather the Input
752                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
753                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
754                                 + "                     <Rule>" 
755                                 + "                             <Target>" 
756                                 + "                                     <AnyTarget/>" 
757                                 + "                             </Target>"
758                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
759                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
760                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
761                                 + "                             </Attribute>" 
762                                 + "                     </Rule>"
763                                 + "     </AttributeReleasePolicy>";
764
765                 Principal principal1 = new LocalPrincipal("TestPrincipal");
766
767                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
768                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
769                                                 "faculty@example.edu", "employee@example.edu"})));
770                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
771                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
772                                                 "faculty@example.edu"}));
773
774                 // Setup the engine
775                 parser.parse(new InputSource(new StringReader(rawArp)));
776                 Arp siteArp = new Arp();
777                 siteArp.marshall(parser.getDocument().getDocumentElement());
778                 repository.update(siteArp);
779                 ArpEngine engine = new ArpEngine(repository);
780
781                 // Apply the ARP
782                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
783
784                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
785         }
786
787         /**
788          * ARPs: A site ARP any Target: Single Attribute: Two value release, expanded representation
789          */
790         void arpApplicationTest8(ArpRepository repository, Parser.DOMParser parser) throws Exception {
791
792                 // Gather the Input
793                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
794                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
795                                 + "                     <Rule>" 
796                                 + "                             <Target>" 
797                                 + "                                     <AnyTarget/>" 
798                                 + "                             </Target>"
799                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
800                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
801                                 + "                             </Attribute>"
802                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
803                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
804                                 + "                             </Attribute>" 
805                                 + "                     </Rule>"
806                                 + "     </AttributeReleasePolicy>";
807
808                 Principal principal1 = new LocalPrincipal("TestPrincipal");
809
810                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
811                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
812                                                 "faculty@example.edu", "employee@example.edu"})));
813                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
814                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
815                                                 "faculty@example.edu"}));
816
817                 // Setup the engine
818                 parser.parse(new InputSource(new StringReader(rawArp)));
819                 Arp siteArp = new Arp();
820                 siteArp.marshall(parser.getDocument().getDocumentElement());
821                 repository.update(siteArp);
822                 ArpEngine engine = new ArpEngine(repository);
823
824                 // Apply the ARP
825                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
826
827                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
828         }
829
830         /**
831          * ARPs: A site ARP any Target: Single Attribute: Any value deny
832          */
833         void arpApplicationTest9(ArpRepository repository, Parser.DOMParser parser) throws Exception {
834
835                 // Gather the Input
836                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
837                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
838                                 + "                     <Rule>" 
839                                 + "                             <Target>" 
840                                 + "                                     <AnyTarget/>" 
841                                 + "                             </Target>"
842                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
843                                 + "                                     <AnyValue release=\"deny\"/>" 
844                                 + "                             </Attribute>" 
845                                 + "                     </Rule>"
846                                 + "     </AttributeReleasePolicy>";
847
848                 Principal principal1 = new LocalPrincipal("TestPrincipal");
849
850                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
851                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
852                                                 "faculty@example.edu"})));
853
854                 // Setup the engine
855                 parser.parse(new InputSource(new StringReader(rawArp)));
856                 Arp siteArp = new Arp();
857                 siteArp.marshall(parser.getDocument().getDocumentElement());
858                 repository.update(siteArp);
859                 ArpEngine engine = new ArpEngine(repository);
860
861                 // Apply the ARP
862                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
863
864                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
865         }
866
867         /**
868          * ARPs: A site ARP any Target: Single Attribute: Any value deny trumps explicit permit expanded representation
869          */
870         void arpApplicationTest10(ArpRepository repository, Parser.DOMParser parser) throws Exception {
871
872                 // Gather the Input
873                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
874                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
875                                 + "                     <Rule>" 
876                                 + "                             <Target>" 
877                                 + "                                     <AnyTarget/>" 
878                                 + "                             </Target>"
879                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
880                                 + "                                     <AnyValue release=\"deny\"/>" 
881                                 + "                             </Attribute>"
882                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
883                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
884                                 + "                             </Attribute>" 
885                                 + "                     </Rule>"
886                                 + "     </AttributeReleasePolicy>";
887
888                 Principal principal1 = new LocalPrincipal("TestPrincipal");
889
890                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
891                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
892                                                 "faculty@example.edu"})));
893
894                 // Setup the engine
895                 parser.parse(new InputSource(new StringReader(rawArp)));
896                 Arp siteArp = new Arp();
897                 siteArp.marshall(parser.getDocument().getDocumentElement());
898                 repository.update(siteArp);
899                 ArpEngine engine = new ArpEngine(repository);
900
901                 // Apply the ARP
902                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
903
904                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
905         }
906         /**
907          * ARPs: A site ARP any Target: single Attribute: Any value deny trumps explicit permit canonical representation
908          */
909         void arpApplicationTest11(ArpRepository repository, Parser.DOMParser parser) throws Exception {
910
911                 // Gather the Input
912                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
913                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
914                                 + "                     <Rule>" 
915                                 + "                             <Target>" 
916                                 + "                                     <AnyTarget/>" 
917                                 + "                             </Target>"
918                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
919                                 + "                                     <AnyValue release=\"deny\"/>" 
920                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
921                                 + "                             </Attribute>" 
922                                 + "                     </Rule>" 
923                                 + "     </AttributeReleasePolicy>";
924
925                 Principal principal1 = new LocalPrincipal("TestPrincipal");
926
927                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
928                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
929                                                 "faculty@example.edu"})));
930
931                 // Setup the engine
932                 parser.parse(new InputSource(new StringReader(rawArp)));
933                 Arp siteArp = new Arp();
934                 siteArp.marshall(parser.getDocument().getDocumentElement());
935                 repository.update(siteArp);
936                 ArpEngine engine = new ArpEngine(repository);
937
938                 // Apply the ARP
939                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
940
941                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
942         }
943
944         /**
945          * ARPs: Test release to a specific requester
946          */
947         void arpApplicationTest12(ArpRepository repository, Parser.DOMParser parser) throws Exception {
948
949                 // Gather the Input
950                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
951                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
952                                 + "                     <Rule>" 
953                                 + "                             <Target>" 
954                                 + "                                     <Requester>shar.example.edu</Requester>"
955                                 + "                             </Target>"
956                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
957                                 + "                                     <AnyValue release=\"permit\"/>" 
958                                 + "                             </Attribute>" 
959                                 + "                     </Rule>"
960                                 + "     </AttributeReleasePolicy>";
961
962                 Principal principal1 = new LocalPrincipal("TestPrincipal");
963
964                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
965                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
966                                                 "faculty@example.edu"})));
967                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
968                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
969                                                 "faculty@example.edu"}));
970
971                 // Setup the engine
972                 parser.parse(new InputSource(new StringReader(rawArp)));
973                 Arp siteArp = new Arp();
974                 siteArp.marshall(parser.getDocument().getDocumentElement());
975                 repository.update(siteArp);
976                 ArpEngine engine = new ArpEngine(repository);
977
978                 // Apply the ARP
979                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
980
981                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
982         }
983
984         /**
985          * ARPs: Specific requester (no match)
986          */
987         void arpApplicationTest14(ArpRepository repository, Parser.DOMParser parser) throws Exception {
988
989                 // Gather the Input
990                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
991                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
992                                 + "                     <Rule>" 
993                                 + "                             <Target>" 
994                                 + "                                     <Requester>shar.example.edu</Requester>"
995                                 + "                             </Target>"
996                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
997                                 + "                                     <AnyValue release=\"permit\"/>" 
998                                 + "                             </Attribute>" 
999                                 + "                     </Rule>"
1000                                 + "     </AttributeReleasePolicy>";
1001
1002                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1003
1004                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1005                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1006                                                 "faculty@example.edu"})));
1007
1008                 // Setup the engine
1009                 parser.parse(new InputSource(new StringReader(rawArp)));
1010                 Arp siteArp = new Arp();
1011                 siteArp.marshall(parser.getDocument().getDocumentElement());
1012                 repository.update(siteArp);
1013                 ArpEngine engine = new ArpEngine(repository);
1014
1015                 // Apply the ARP
1016                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1017
1018                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1019         }
1020
1021         /**
1022          * ARPs: A site ARP only Target: Multiple matching rules Attribute: various
1023          */
1024         void arpApplicationTest17(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1025
1026                 // Gather the Input
1027                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1028                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1029                                 + "                     <Rule>"
1030                                 + "                             <Target>"
1031                                 + "                                     <AnyTarget />"
1032                                 + "                             </Target>"
1033                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1034                                 + "                                     <AnyValue release=\"permit\"/>"
1035                                 + "                             </Attribute>"
1036                                 + "                     </Rule>"
1037                                 + "                     <Rule>"
1038                                 + "                             <Target>"
1039                                 + "                                     <Requester>shar1.example.edu</Requester>"
1040                                 + "                             </Target>"
1041                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1042                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1043                                 + "                             </Attribute>"
1044                                 + "                     </Rule>"
1045                                 + "                     <Rule>"
1046                                 + "                             <Target>"
1047                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1048                                 + "                             </Target>" 
1049                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1050                                 + "                                     <AnyValue release=\"permit\"/>" 
1051                                 + "                             </Attribute>" 
1052                                 + "                     </Rule>"
1053                                 + "     </AttributeReleasePolicy>";
1054
1055                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1056                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1057                                 .asList(new AAAttribute[]{
1058                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1059                                                                 "member@example.edu", "faculty@example.edu"}),
1060                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1061                                                                 new Object[]{"wassa@columbia.edu"})}));
1062
1063                 Collection<AAAttribute> releaseSet = Arrays
1064                                 .asList(new AAAttribute[]{
1065                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation",
1066                                                                 new Object[]{"member@example.edu"}),
1067                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1068                                                                 new Object[]{"wassa@columbia.edu"})});
1069
1070                 // Setup the engine
1071                 parser.parse(new InputSource(new StringReader(rawArp)));
1072                 Arp siteArp = new Arp();
1073                 siteArp.marshall(parser.getDocument().getDocumentElement());
1074                 repository.update(siteArp);
1075                 ArpEngine engine = new ArpEngine(repository);
1076
1077                 // Apply the ARP
1078                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu");
1079
1080                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1081         }
1082
1083         /**
1084          * ARPs: A site ARP any Target: Any Attribute: Any value release of two attributes in one rule
1085          */
1086         void arpApplicationTest18(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1087
1088                 // Gather the Input
1089                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1090                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1091                                 + "                     <Rule>" 
1092                                 + "                             <Target>" 
1093                                 + "                                     <AnyTarget/>" 
1094                                 + "                             </Target>"
1095                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1096                                 + "                                     <AnyValue release=\"permit\"/>" 
1097                                 + "                             </Attribute>"
1098                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1099                                 + "                                     <AnyValue release=\"permit\"/>" 
1100                                 + "                             </Attribute>" 
1101                                 + "                     </Rule>"
1102                                 + "     </AttributeReleasePolicy>";
1103
1104                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1105
1106                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1107                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1108                                                 "faculty@example.edu"}),
1109                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1110                                                 new Object[]{"mehoehn@example.edu"})}));
1111
1112                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1113                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1114                                                 "faculty@example.edu"}),
1115                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1116                                                 new Object[]{"mehoehn@example.edu"})});
1117
1118                 // Setup the engine
1119                 parser.parse(new InputSource(new StringReader(rawArp)));
1120                 Arp siteArp = new Arp();
1121                 siteArp.marshall(parser.getDocument().getDocumentElement());
1122                 repository.update(siteArp);
1123                 ArpEngine engine = new ArpEngine(repository);
1124
1125                 // Apply the ARP
1126                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1127
1128                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1129         }
1130
1131         /**
1132          * ARPs: A user ARP any Target: Single Attribute: Any value release,
1133          */
1134         void arpApplicationTest19(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1135
1136                 // Gather the Input
1137                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1138                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1139                                 + "                     <Rule>" 
1140                                 + "                             <Target>" 
1141                                 + "                                     <AnyTarget/>" 
1142                                 + "                             </Target>"
1143                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1144                                 + "                                     <AnyValue release=\"permit\"/>" 
1145                                 + "                             </Attribute>" 
1146                                 + "                     </Rule>"
1147                                 + "     </AttributeReleasePolicy>";
1148
1149                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1150
1151                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1152                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1153                                                 "faculty@example.edu"})));
1154                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1155                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1156                                                 "faculty@example.edu"}));
1157
1158                 // Setup the engine
1159                 parser.parse(new InputSource(new StringReader(rawArp)));
1160                 Arp userArp = new Arp();
1161                 userArp.setPrincipal(principal1);
1162                 userArp.marshall(parser.getDocument().getDocumentElement());
1163                 repository.update(userArp);
1164                 ArpEngine engine = new ArpEngine(repository);
1165
1166                 // Apply the ARP
1167                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1168
1169                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1170         }
1171
1172         /**
1173          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations
1174          */
1175         void arpApplicationTest20(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1176
1177                 // Gather the Input
1178                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1179                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1180                                 + "                     <Rule>"
1181                                 + "                             <Target>"
1182                                 + "                                     <AnyTarget/>"
1183                                 + "                             </Target>"
1184                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1185                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1186                                 + "                             </Attribute>"
1187                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1188                                 + "                                     <AnyValue release=\"permit\" />"
1189                                 + "                             </Attribute>"
1190                                 + "                     </Rule>"
1191                                 + "                     <Rule>"
1192                                 + "                             <Target>"
1193                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1194                                 + "                             </Target>"
1195                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1196                                 + "                                     <AnyValue release=\"permit\"/>" 
1197                                 + "                             </Attribute>" 
1198                                 + "                     </Rule>" 
1199                                 + "                     <Rule>"
1200                                 + "                             <Target>" 
1201                                 + "                                     <Requester>www.example.edu</Requester>"
1202                                 + "                             </Target>"
1203                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1204                                 + "                                     <AnyValue release=\"permit\"/>" 
1205                                 + "                             </Attribute>"
1206                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1207                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1208                                 + "                             </Attribute>"
1209                                 + "                     </Rule>" 
1210                                 + "                     <Rule>" 
1211                                 + "                             <Target>" 
1212                                 + "                                     <Requester>www.external.com</Requester>"
1213                                 + "                             </Target>"
1214                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1215                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1216                                 + "                             </Attribute>"
1217                                 + "                     </Rule>" 
1218                                 + "     </AttributeReleasePolicy>";
1219
1220                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1221                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1222                                 + "                     <Rule>"
1223                                 + "                             <Target>"
1224                                 + "                                     <AnyTarget/>"
1225                                 + "                             </Target>"
1226                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1227                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1228                                 + "                             </Attribute>"
1229                                 + "                     </Rule>"
1230                                 + "                     <Rule>"
1231                                 + "                             <Target>"
1232                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1233                                 + "                             </Target>"
1234                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1235                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1236                                 + "                             </Attribute>"
1237                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1238                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1239                                 + "                             </Attribute>"
1240                                 + "                     </Rule>" 
1241                                 + "     </AttributeReleasePolicy>";
1242
1243                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1244
1245                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1246                                 .asList(new AAAttribute[]{
1247                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1248                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1249                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1250                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1251                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1252                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1253                                                                 new Object[]{"wassa@example.edu"}),
1254                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1255
1256                 Collection<AAAttribute> releaseSet = Arrays
1257                                 .asList(new AAAttribute[]{
1258                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1259                                                                 "urn:example:lovesIceCream", "urn:example:contract:4657483"}),
1260                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1261                                                                 "member@example.edu", "employee@example.edu"}),
1262                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1263                                                                 new Object[]{"wassa@example.edu"}),
1264                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1265
1266                 // Add the site ARP
1267                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1268                 Arp siteArp = new Arp();
1269                 siteArp.marshall(parser.getDocument().getDocumentElement());
1270                 repository.update(siteArp);
1271
1272                 // Add the user ARP
1273                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1274                 Arp userArp = new Arp();
1275                 userArp.setPrincipal(principal1);
1276                 userArp.marshall(parser.getDocument().getDocumentElement());
1277                 repository.update(userArp);
1278
1279                 ArpEngine engine = new ArpEngine(repository);
1280
1281                 // Apply the ARP
1282                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1283
1284                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1285         }
1286         /**
1287          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations (same ARPs as 20, different
1288          * requester)
1289          */
1290         void arpApplicationTest21(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1291
1292                 // Gather the Input
1293                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1294                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1295                                 + "                     <Rule>"
1296                                 + "                             <Target>"
1297                                 + "                                     <AnyTarget/>"
1298                                 + "                             </Target>"
1299                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1300                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1301                                 + "                             </Attribute>"
1302                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1303                                 + "                                     <AnyValue release=\"permit\" />"
1304                                 + "                             </Attribute>"
1305                                 + "                     </Rule>"
1306                                 + "                     <Rule>"
1307                                 + "                             <Target>"
1308                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1309                                 + "                             </Target>"
1310                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1311                                 + "                                     <AnyValue release=\"permit\"/>" 
1312                                 + "                             </Attribute>" 
1313                                 + "                     </Rule>" 
1314                                 + "                     <Rule>"
1315                                 + "                             <Target>" 
1316                                 + "                                     <Requester>www.example.edu</Requester>"
1317                                 + "                             </Target>"
1318                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1319                                 + "                                     <AnyValue release=\"permit\"/>" 
1320                                 + "                             </Attribute>"
1321                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1322                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1323                                 + "                             </Attribute>"
1324                                 + "                     </Rule>" 
1325                                 + "                     <Rule>" 
1326                                 + "                             <Target>" 
1327                                 + "                                     <Requester>www.external.com</Requester>"
1328                                 + "                             </Target>"
1329                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1330                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1331                                 + "                             </Attribute>"
1332                                 + "                     </Rule>" 
1333                                 + "     </AttributeReleasePolicy>";
1334
1335                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1336                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1337                                 + "                     <Rule>"
1338                                 + "                             <Target>"
1339                                 + "                                     <AnyTarget/>"
1340                                 + "                             </Target>"
1341                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1342                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1343                                 + "                             </Attribute>"
1344                                 + "                     </Rule>"
1345                                 + "                     <Rule>"
1346                                 + "                             <Target>"
1347                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>" 
1348                                 + "                             </Target>"
1349                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1350                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1351                                 + "                             </Attribute>"
1352                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1353                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1354                                 + "                             </Attribute>"
1355                                 + "                     </Rule>" 
1356                                 + "     </AttributeReleasePolicy>";
1357
1358                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1359
1360                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1361                                 .asList(new AAAttribute[]{
1362                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1363                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1364                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1365                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1366                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1367                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1368                                                                 new Object[]{"wassa@example.edu"}),
1369                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1370
1371                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1372                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement",
1373                                                 new Object[]{"urn:example:contract:113455"}),
1374                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}),
1375                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1376
1377                 // Add the site ARP
1378                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1379                 Arp siteArp = new Arp();
1380                 siteArp.marshall(parser.getDocument().getDocumentElement());
1381                 repository.update(siteArp);
1382
1383                 // Add the user ARP
1384                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1385                 Arp userArp = new Arp();
1386                 userArp.setPrincipal(principal1);
1387                 userArp.marshall(parser.getDocument().getDocumentElement());
1388                 repository.update(userArp);
1389
1390                 ArpEngine engine = new ArpEngine(repository);
1391
1392                 // Apply the ARP
1393                 engine.filterAttributes(inputSet, principal1, "www.external.com");
1394
1395                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1396         }
1397
1398         /**
1399          * ARPs: A site ARP any Target: Specific requester: Release values by regex
1400          */
1401         void arpApplicationTest22(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1402
1403                 // Gather the Input
1404                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1405                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1406                                 + "                     <Rule>"
1407                                 + "                             <Target>"
1408                                 + "                                     <Requester>shar.example.edu</Requester>"
1409                                 + "                             </Target>"
1410                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1411                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1412                                 + "                             </Attribute>"
1413                                 + "                     </Rule>" 
1414                                 + "     </AttributeReleasePolicy>";
1415
1416                 Principal principal1 = new LocalPrincipal("Test2Principal");
1417
1418                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1419                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1420                                                 "urn:x:adagio", "urn:x:awol"})));
1421                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1422                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:adagio", "urn:x:awol"}));
1423
1424                 // Setup the engine
1425                 parser.parse(new InputSource(new StringReader(rawArp)));
1426                 Arp siteArp = new Arp();
1427                 siteArp.marshall(parser.getDocument().getDocumentElement());
1428                 repository.update(siteArp);
1429                 ArpEngine engine = new ArpEngine(repository);
1430
1431                 // Apply the ARP
1432                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1433
1434                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1435         }
1436
1437         /**
1438          * ARPs: A site ARP any Target: Specific shar, Attribute: Deny specific values by regex
1439          */
1440         void arpApplicationTest23(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1441
1442                 // Gather the Input
1443                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1444                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1445                                 + "                     <Rule>"
1446                                 + "                             <Target>"
1447                                 + "                                     <Requester>shar.example.edu</Requester>"
1448                                 + "                             </Target>"
1449                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1450                                 + "                                     <AnyValue release=\"permit\" />"
1451                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1452                                 + "                             </Attribute>" + "                       </Rule>" + "    </AttributeReleasePolicy>";
1453
1454                 Principal principal1 = new LocalPrincipal("Test2Principal");
1455
1456                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1457                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1458                                                 "urn:x:adagio", "urn:x:awol"})));
1459                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1460                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar"}));
1461
1462                 // Setup the engine
1463                 parser.parse(new InputSource(new StringReader(rawArp)));
1464                 Arp siteArp = new Arp();
1465                 siteArp.marshall(parser.getDocument().getDocumentElement());
1466                 repository.update(siteArp);
1467                 ArpEngine engine = new ArpEngine(repository);
1468
1469                 // Apply the ARP
1470                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1471
1472                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1473         }
1474
1475         /**
1476          * ARPs: A site ARP Specific requester, Attribute: No matches on specific values should
1477          * yield no attribute
1478          */
1479         void arpApplicationTest24(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1480
1481                 // Gather the Input
1482                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1483                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1484                                 + "                     <Rule>" 
1485                                 + "                             <Target>" 
1486                                 + "                                     <Requester>shar.example.edu</Requester>"
1487                                 + "                             </Target>"
1488                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1489                                 + "                                     <AnyValue release=\"permit\" />" 
1490                                 + "                             </Attribute>"
1491                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1492                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>" 
1493                                 + "                             </Attribute>" 
1494                                 + "                     </Rule>"
1495                                 + "     </AttributeReleasePolicy>";
1496
1497                 Principal principal1 = new LocalPrincipal("Test2Principal");
1498
1499                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1500                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:bar",
1501                                                 "urn:x:adagio"}),
1502                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"})}));
1503                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1504                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"}));
1505
1506                 // Setup the engine
1507                 parser.parse(new InputSource(new StringReader(rawArp)));
1508                 Arp siteArp = new Arp();
1509                 siteArp.marshall(parser.getDocument().getDocumentElement());
1510                 repository.update(siteArp);
1511                 ArpEngine engine = new ArpEngine(repository);
1512
1513                 // Apply the ARP
1514                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1515
1516                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
1517         }
1518
1519
1520
1521
1522
1523         
1524
1525 }