2 * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
8 * http://www.apache.org/licenses/LICENSE-2.0
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
17 package edu.internet2.middleware.shibboleth.aa.arp;
20 import java.io.FileInputStream;
21 import java.io.InputStream;
22 import java.io.StringReader;
24 import java.net.URISyntaxException;
25 import java.security.Principal;
26 import java.util.ArrayList;
27 import java.util.Arrays;
28 import java.util.Collection;
29 import java.util.HashSet;
32 import javax.xml.parsers.DocumentBuilderFactory;
33 import javax.xml.parsers.ParserConfigurationException;
35 import junit.framework.TestCase;
37 import org.apache.log4j.BasicConfigurator;
38 import org.apache.log4j.Level;
39 import org.apache.log4j.Logger;
40 import org.w3c.dom.Document;
41 import org.w3c.dom.Element;
42 import org.w3c.dom.Text;
43 import org.xml.sax.InputSource;
45 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
46 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
47 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
48 import edu.internet2.middleware.shibboleth.xml.Parser;
51 * Validation suite for <code>Arp</code> processing.
53 * @author Walter Hoehn(wassa@memphis.edu)
56 public class ArpTests extends TestCase {
58 private Parser.DOMParser parser = new Parser.DOMParser(true);
59 Element memoryRepositoryElement;
60 private String[] arpExamples = {"data/example1.xml", "data/example2.xml", "data/example3.xml", "data/example4.xml",
61 "data/example5.xml", "data/example6.xml", "data/example7.xml", "data/example8.xml", "data/example9.xml",
62 "data/example10.xml", "data/example11.xml", "data/example12.xml", "data/example13.xml"};
64 public ArpTests(String name) {
67 BasicConfigurator.resetConfiguration();
68 BasicConfigurator.configure();
69 Logger.getRootLogger().setLevel(Level.OFF);
72 public static void main(String[] args) {
74 junit.textui.TestRunner.run(ArpTests.class);
75 BasicConfigurator.configure();
76 Logger.getRootLogger().setLevel(Level.OFF);
80 * @see junit.framework.TestCase#setUp()
82 protected void setUp() throws Exception {
86 // Setup an xml parser
88 // Setup a dummy xml config for a Memory-based repository
89 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
90 docFactory.setNamespaceAware(true);
93 placeHolder = docFactory.newDocumentBuilder().newDocument();
95 memoryRepositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
96 memoryRepositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
97 "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
98 } catch (ParserConfigurationException e) {
99 fail("Failed to create memory-based Arp Repository configuration" + e);
103 public void testArpMarshalling() {
105 // Test ARP description
107 InputStream inStream = new FileInputStream("data/arp1.xml");
108 parser.parse(new InputSource(inStream));
109 Arp arp1 = new Arp();
110 arp1.marshall(parser.getDocument().getDocumentElement());
111 assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
113 // Test Rule description
114 assertEquals("ARP Rule Description not marshalled properly", arp1.getAllRules().iterator().next()
115 .getDescription(), "Example Rule Description.");
116 } catch (Exception e) {
117 fail("Failed to marshall ARP: " + e);
120 // Test case where ARP description does not exist
122 InputStream inStream = new FileInputStream("data/arp2.xml");
123 parser.parse(new InputSource(inStream));
124 Arp arp2 = new Arp();
125 arp2.marshall(parser.getDocument().getDocumentElement());
126 assertNull("ARP Description not marshalled properly", arp2.getDescription());
128 // Test case where ARP Rule description does not exist
129 assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules().iterator().next()
131 } catch (Exception e) {
132 fail("Failed to marshall ARP.");
137 public void testMatchingFunctions() {
142 * Test Arp Engine function retrieval
145 // Lookup a function that doesn't exist
146 MatchFunction noFunction = ArpEngine.lookupMatchFunction(new URI(
147 "urn:mace:shibboleth:arp:matchFunction:dummy"));
148 assertNull("ArpEngine did not return null on dummy function.", noFunction);
150 // Lookup some real functions
151 MatchFunction stringMatch = ArpEngine.lookupMatchFunction(new URI(
152 "urn:mace:shibboleth:arp:matchFunction:stringMatch"));
153 assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
155 MatchFunction regexFunction = ArpEngine.lookupMatchFunction(new URI(
156 "urn:mace:shibboleth:arp:matchFunction:regexMatch"));
157 assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
159 MatchFunction regexNotFunction = ArpEngine.lookupMatchFunction(new URI(
160 "urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
161 assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
163 MatchFunction stringNotFunction = ArpEngine.lookupMatchFunction(new URI(
164 "urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
165 assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
168 * Test the Regex function (requester & resource)
171 // Try requester regexes
172 assertTrue("Regex function: false negative", regexFunction.match("^shar\\.example\\.edu$",
173 "shar.example.edu"));
174 assertTrue("Regex function: false negative", regexFunction
175 .match("^.*\\.example\\.edu$", "shar.example.edu"));
176 assertTrue("Regex function: false negative", regexFunction.match("^shar[1-9]?\\.example\\.edu$",
177 "shar1.example.edu"));
178 assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
179 assertTrue("Regex function: false positive", !regexFunction.match("^shar[1-9]\\.example\\.edu$",
180 "shar.example.edu"));
181 assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
183 assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
186 // Make sure we properly handle bad input
188 regexFunction.match(null, null);
189 fail("Regex function seems to take improper input without throwing an exception.");
190 } catch (ArpException ie) {
191 // This is supposed to fail
194 // Test the StringNotMatch function
195 assertFalse("StringNotMatch function: false positive", stringNotFunction.match("foo", "foo"));
196 assertTrue("StringNotMatch function: false negative", stringNotFunction.match("foo", "bar"));
197 // Make sure we properly handle bad input
199 stringNotFunction.match(null, null);
200 fail("StringNotMatch function seems to take improper input without throwing an exception.");
201 } catch (ArpException ie) {
202 // This is supposed to fail
205 // Test the RegexNotMatch function
207 assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
208 assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
210 // Make sure we properly handle bad input
212 regexNotFunction.match(null, null);
213 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
214 } catch (ArpException ie) {
215 // This is supposed to fail
218 } catch (ArpException e) {
219 fail("Encountered a problem loading match function: " + e);
220 } catch (URISyntaxException e) {
221 fail("Unable to create URI from test string.");
226 public void testRepositories() {
232 // Make sure we fail if an unavailable Repository implementation is specified
233 ArpRepository repository = null;
235 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
236 docFactory.setNamespaceAware(true);
237 Document placeHolder;
239 placeHolder = docFactory.newDocumentBuilder().newDocument();
241 Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
242 repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
243 "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
245 ArpRepositoryFactory.getInstance(repositoryElement);
247 } catch (ParserConfigurationException e) {
248 fail("Failed to create bogus Arp Repository configuration" + e);
250 } catch (ArpRepositoryException e) {
251 // This is supposed to fail
254 // Make sure we can create an Arp Repository
257 repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
258 } catch (ArpRepositoryException e) {
259 fail("Failed to create memory-based Arp Repository" + e);
261 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
264 * Exercise the Memory Arp Repository
267 // Set/retrieve/remove a Site ARP
268 Arp siteArp1 = new Arp();
269 siteArp1.setDescription("Test Site Arp 1.");
271 repository.update(siteArp1);
272 assertEquals("Memory Repository does not store and retrieve Site ARPs properly.", siteArp1, repository
274 repository.remove(repository.getSitePolicy());
275 assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
276 } catch (ArpRepositoryException e) {
277 fail("Error adding Site ARP to Memory Repository.");
280 // Set/retrieve/delete some user ARPs
281 Arp userArp1 = new Arp();
282 userArp1.setDescription("Broken User Arp 1.");
284 repository.update(userArp1);
285 assertTrue("Memory Repository does not store and retrieve User ARPs properly.", (!userArp1
286 .equals(repository.getUserPolicy(userArp1.getPrincipal()))));
287 } catch (ArpRepositoryException e) {
288 fail("Error adding User ARP to Memory Repository.");
291 Arp userArp2 = new Arp(new LocalPrincipal("TestPrincipal"));
292 userArp2.setDescription("Test User Arp 2.");
294 repository.update(userArp2);
295 assertEquals("Memory Repository does not store and retrieve User ARPs properly.", userArp2, repository
296 .getUserPolicy(userArp2.getPrincipal()));
297 repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
298 assertNull("Memorty Repository does not properly delete User ARPs.", repository.getUserPolicy(userArp2
300 } catch (ArpRepositoryException e) {
301 fail("Error adding User ARP to Memory Repository.");
304 // create a repository
308 placeHolder = docFactory.newDocumentBuilder().newDocument();
310 Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
311 repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
312 "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
313 repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "arpTTL", "65535");
315 Element path = placeHolder.createElementNS(IdPConfig.configNameSpace, "Path");
316 Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
317 path.appendChild(text);
319 repositoryElement.appendChild(path);
321 repository = ArpRepositoryFactory.getInstance(repositoryElement);
323 } catch (ArpRepositoryException e) {
324 fail("Failed to create file-based Arp Repository" + e);
325 } catch (ParserConfigurationException e) {
326 fail("Failed to create file-based Arp Repository configuration" + e);
329 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
332 Arp siteArp = repository.getSitePolicy();
334 InputStream inStream = new FileInputStream("data/arp.site.xml");
335 parser.parse(new InputSource(inStream));
336 String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
338 String processedXML = Parser.serialize(siteArp.unmarshall());
340 assertTrue("File-based ARP Repository did not return the correct site ARP.", directXML.toString()
341 .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
343 Arp userArp = repository.getUserPolicy(new LocalPrincipal("test"));
345 inStream = new FileInputStream("data/arp.user.test.xml");
346 parser.parse(new InputSource(inStream));
347 directXML = Parser.serialize(parser.getDocument().getDocumentElement());
349 processedXML = Parser.serialize(userArp.unmarshall());
351 assertTrue("File-based ARP Repository did not return the correct user ARP.", directXML.toString()
352 .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
354 Arp[] allArps = repository.getAllPolicies(new LocalPrincipal("test"));
356 assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
358 } catch (Exception e) {
359 fail("Error retrieving ARP from Repository: " + e);
364 public void testPossibleReleaseSetComputation() {
366 ArpRepository repository = null;
368 repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
369 } catch (ArpRepositoryException e) {
370 fail("Failed to create memory-based Arp Repository" + e);
374 Principal principal1 = new LocalPrincipal("TestPrincipal");
376 Set<URI> list1 = new HashSet<URI>();
377 list1.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
379 Set<URI> list2 = new HashSet<URI>();
380 list2.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
381 list2.add(new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName"));
383 Set<URI> list3 = new HashSet<URI>();
385 // Test with just a site ARP
386 InputStream inStream = new FileInputStream("data/arp1.xml");
387 parser.parse(new InputSource(inStream));
388 Arp arp1 = new Arp();
389 arp1.marshall(parser.getDocument().getDocumentElement());
390 repository.update(arp1);
391 ArpEngine engine = new ArpEngine(repository);
392 Set<URI> possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
393 assertEquals("Incorrectly computed possible release set (1).", possibleAttributes, list1);
395 // Test with site and user ARPs
396 inStream = new FileInputStream("data/arp7.xml");
397 parser.parse(new InputSource(inStream));
398 Arp arp7 = new Arp();
399 arp7.setPrincipal(principal1);
400 arp7.marshall(parser.getDocument().getDocumentElement());
401 repository.update(arp7);
402 possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
403 assertEquals("Incorrectly computed possible release set (2).", possibleAttributes, list2);
405 // Ensure that explicit denies on any value are not in the release set
406 inStream = new FileInputStream("data/arp6.xml");
407 parser.parse(new InputSource(inStream));
408 Arp arp6 = new Arp();
409 arp6.setPrincipal(principal1);
410 arp6.marshall(parser.getDocument().getDocumentElement());
411 repository.update(arp6);
412 possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
413 assertEquals("Incorrectly computed possible release set (3).", possibleAttributes, list3);
415 } catch (Exception e) {
417 fail("Failed to marshall ARP: " + e);
422 public void testArpApplication() {
424 // Construct an engine with a memory-based repository
425 ArpRepository repository = null;
427 repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
429 } catch (ArpRepositoryException e) {
430 fail("Failed to create memory-based Arp Repository" + e);
435 arpApplicationTest1(repository, parser);
436 arpApplicationTest2(repository, parser);
437 arpApplicationTest3(repository, parser);
438 arpApplicationTest4(repository, parser);
439 arpApplicationTest5(repository, parser);
440 arpApplicationTest6(repository, parser);
441 arpApplicationTest7(repository, parser);
442 arpApplicationTest8(repository, parser);
443 arpApplicationTest9(repository, parser);
444 arpApplicationTest10(repository, parser);
445 arpApplicationTest11(repository, parser);
446 arpApplicationTest12(repository, parser);
447 arpApplicationTest13(repository, parser);
448 arpApplicationTest14(repository, parser);
449 arpApplicationTest15(repository, parser);
450 arpApplicationTest17(repository, parser);
451 arpApplicationTest18(repository, parser);
452 arpApplicationTest19(repository, parser);
453 arpApplicationTest20(repository, parser);
454 arpApplicationTest21(repository, parser);
455 arpApplicationTest22(repository, parser);
456 arpApplicationTest23(repository, parser);
457 arpApplicationTest24(repository, parser);
459 } catch (Exception e) {
461 fail("Failed to apply filter to ARPs: " + e);
465 public void testRoundtripMarshalling() {
468 for (int i = 0; i < arpExamples.length; i++) {
470 // Get a non-validating parser so we don't fill in schema defaults
471 Parser.DOMParser nonValParser = new Parser.DOMParser(false);
473 InputStream inStream = new FileInputStream(arpExamples[i]);
475 nonValParser.parse(new InputSource(inStream));
476 String directXML = Parser.serialize(nonValParser.getDocument().getDocumentElement());
479 // Use validation when marshalling into an ARP
480 inStream = new FileInputStream(arpExamples[i]);
481 parser.parse(new InputSource(inStream));
482 Arp arp1 = new Arp();
483 arp1.marshall(parser.getDocument().getDocumentElement());
484 String processedXML = Parser.serialize(arp1.unmarshall());
486 assertEquals("Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")", directXML
487 .toString().replaceAll(">[\t\r\n ]+<", "><"), processedXML.toString().replaceAll(
488 ">[\t\r\n ]+<", "><"));
491 } catch (Exception e) {
493 fail("Failed to marshall ARP: " + e);
498 * ARPs: A site ARP only Target: Single Attribute: Any value release. Most basic test.
500 void arpApplicationTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
503 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
504 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
509 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
510 + " <AnyValue release=\"permit\"/>"
513 + " </AttributeReleasePolicy>";
515 Principal principal1 = new LocalPrincipal("TestPrincipal");
517 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
518 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
519 "faculty@example.edu"})));
521 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
522 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
523 "faculty@example.edu"}));
526 parser.parse(new InputSource(new StringReader(rawArp)));
527 Arp siteArp = new Arp();
528 siteArp.marshall(parser.getDocument().getDocumentElement());
529 repository.update(siteArp);
530 ArpEngine engine = new ArpEngine(repository);
533 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
535 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
540 * ARPs: A site ARP only Target: Single Attribute: Any value release. Test implicit deny of other attributes.
542 void arpApplicationTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
545 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
546 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
551 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
552 + " <AnyValue release=\"permit\"/>"
555 + " </AttributeReleasePolicy>";
557 Principal principal1 = new LocalPrincipal("TestPrincipal");
558 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
559 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
560 "faculty@example.edu"}),
561 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
562 new Object[]{"mehoehn@example.edu"})}));
564 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{new AAAttribute(
565 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
566 "faculty@example.edu"})});
569 parser.parse(new InputSource(new StringReader(rawArp)));
570 Arp siteArp = new Arp();
571 siteArp.marshall(parser.getDocument().getDocumentElement());
572 repository.update(siteArp);
573 ArpEngine engine = new ArpEngine(repository);
576 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
578 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
582 * ARPs: A site ARP only Target: Single Attribute: Single value release
584 void arpApplicationTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
587 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
588 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
593 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
594 + " <Value release=\"permit\">member@example.edu</Value>"
597 + " </AttributeReleasePolicy>";
599 Principal principal1 = new LocalPrincipal("TestPrincipal");
600 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
601 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
602 "faculty@example.edu"})));
603 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
604 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}));
607 parser.parse(new InputSource(new StringReader(rawArp)));
608 Arp siteArp = new Arp();
609 siteArp.marshall(parser.getDocument().getDocumentElement());
610 repository.update(siteArp);
611 ArpEngine engine = new ArpEngine(repository);
614 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
616 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
620 * ARPs: A site ARP only Target: Single Attribute: Any value except one release, canonical representation
622 void arpApplicationTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
625 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
626 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
631 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
632 + " <AnyValue release=\"permit\"/>"
633 + " <Value release=\"deny\">member@example.edu</Value>"
636 + " </AttributeReleasePolicy>";
638 Principal principal1 = new LocalPrincipal("TestPrincipal");
640 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
641 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
642 "faculty@example.edu", "employee@example.edu"})));
643 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
644 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
645 "employee@example.edu"}));
648 parser.parse(new InputSource(new StringReader(rawArp)));
649 Arp siteArp = new Arp();
650 siteArp.marshall(parser.getDocument().getDocumentElement());
651 repository.update(siteArp);
652 ArpEngine engine = new ArpEngine(repository);
655 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
657 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
661 * ARPs: A site ARP any Target: Single Attribute: Any value except one release, expanded representation
663 void arpApplicationTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
666 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
667 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
672 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
673 + " <AnyValue release=\"permit\"/>"
675 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
676 + " <Value release=\"deny\">member@example.edu</Value>"
679 + " </AttributeReleasePolicy>";
681 Principal principal1 = new LocalPrincipal("TestPrincipal");
683 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
684 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
685 "faculty@example.edu", "employee@example.edu"})));
686 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
687 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
688 "employee@example.edu"}));
691 parser.parse(new InputSource(new StringReader(rawArp)));
692 Arp siteArp = new Arp();
693 siteArp.marshall(parser.getDocument().getDocumentElement());
694 repository.update(siteArp);
695 ArpEngine engine = new ArpEngine(repository);
698 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
700 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
704 * ARPs: A site ARP any Target: Single Attribute: Any value except two release, expanded representation
706 void arpApplicationTest6(ArpRepository repository, Parser.DOMParser parser) throws Exception {
709 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
710 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
715 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
716 + " <AnyValue release=\"permit\"/>"
718 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
719 + " <Value release=\"deny\">member@example.edu</Value>"
721 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
722 + " <Value release=\"deny\">faculty@example.edu</Value>"
725 + " </AttributeReleasePolicy>";
727 Principal principal1 = new LocalPrincipal("TestPrincipal");
729 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
730 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
731 "faculty@example.edu", "employee@example.edu"})));
732 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
733 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"employee@example.edu"}));
736 parser.parse(new InputSource(new StringReader(rawArp)));
737 Arp siteArp = new Arp();
738 siteArp.marshall(parser.getDocument().getDocumentElement());
739 repository.update(siteArp);
740 ArpEngine engine = new ArpEngine(repository);
743 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
745 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
749 * ARPs: A site ARP any Target: Single Attribute: Two value release, canonical representation
751 void arpApplicationTest7(ArpRepository repository, Parser.DOMParser parser) throws Exception {
754 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
755 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
760 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
761 + " <Value release=\"permit\">member@example.edu</Value>"
762 + " <Value release=\"permit\">faculty@example.edu</Value>"
765 + " </AttributeReleasePolicy>";
767 Principal principal1 = new LocalPrincipal("TestPrincipal");
769 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
770 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
771 "faculty@example.edu", "employee@example.edu"})));
772 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
773 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
774 "faculty@example.edu"}));
777 parser.parse(new InputSource(new StringReader(rawArp)));
778 Arp siteArp = new Arp();
779 siteArp.marshall(parser.getDocument().getDocumentElement());
780 repository.update(siteArp);
781 ArpEngine engine = new ArpEngine(repository);
784 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
786 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
790 * ARPs: A site ARP any Target: Single Attribute: Two value release, expanded representation
792 void arpApplicationTest8(ArpRepository repository, Parser.DOMParser parser) throws Exception {
795 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
796 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
801 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
802 + " <Value release=\"permit\">member@example.edu</Value>"
804 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
805 + " <Value release=\"permit\">faculty@example.edu</Value>"
808 + " </AttributeReleasePolicy>";
810 Principal principal1 = new LocalPrincipal("TestPrincipal");
812 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
813 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
814 "faculty@example.edu", "employee@example.edu"})));
815 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
816 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
817 "faculty@example.edu"}));
820 parser.parse(new InputSource(new StringReader(rawArp)));
821 Arp siteArp = new Arp();
822 siteArp.marshall(parser.getDocument().getDocumentElement());
823 repository.update(siteArp);
824 ArpEngine engine = new ArpEngine(repository);
827 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
829 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
833 * ARPs: A site ARP any Target: Single Attribute: Any value deny
835 void arpApplicationTest9(ArpRepository repository, Parser.DOMParser parser) throws Exception {
838 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
839 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
844 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
845 + " <AnyValue release=\"deny\"/>"
848 + " </AttributeReleasePolicy>";
850 Principal principal1 = new LocalPrincipal("TestPrincipal");
852 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
853 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
854 "faculty@example.edu"})));
857 parser.parse(new InputSource(new StringReader(rawArp)));
858 Arp siteArp = new Arp();
859 siteArp.marshall(parser.getDocument().getDocumentElement());
860 repository.update(siteArp);
861 ArpEngine engine = new ArpEngine(repository);
864 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
866 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
870 * ARPs: A site ARP any Target: Single Attribute: Any value deny trumps explicit permit expanded representation
872 void arpApplicationTest10(ArpRepository repository, Parser.DOMParser parser) throws Exception {
875 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
876 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
881 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
882 + " <AnyValue release=\"deny\"/>"
884 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
885 + " <Value release=\"permit\">member@example.edu</Value>"
888 + " </AttributeReleasePolicy>";
890 Principal principal1 = new LocalPrincipal("TestPrincipal");
892 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
893 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
894 "faculty@example.edu"})));
897 parser.parse(new InputSource(new StringReader(rawArp)));
898 Arp siteArp = new Arp();
899 siteArp.marshall(parser.getDocument().getDocumentElement());
900 repository.update(siteArp);
901 ArpEngine engine = new ArpEngine(repository);
904 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
906 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
909 * ARPs: A site ARP any Target: single Attribute: Any value deny trumps explicit permit canonical representation
911 void arpApplicationTest11(ArpRepository repository, Parser.DOMParser parser) throws Exception {
914 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
915 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
920 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
921 + " <AnyValue release=\"deny\"/>"
922 + " <Value release=\"permit\">member@example.edu</Value>"
925 + " </AttributeReleasePolicy>";
927 Principal principal1 = new LocalPrincipal("TestPrincipal");
929 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
930 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
931 "faculty@example.edu"})));
934 parser.parse(new InputSource(new StringReader(rawArp)));
935 Arp siteArp = new Arp();
936 siteArp.marshall(parser.getDocument().getDocumentElement());
937 repository.update(siteArp);
938 ArpEngine engine = new ArpEngine(repository);
941 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
943 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
947 * ARPs: Test release to a specific requester
949 void arpApplicationTest12(ArpRepository repository, Parser.DOMParser parser) throws Exception {
952 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
953 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
956 + " <Requester>shar.example.edu</Requester>"
958 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
959 + " <AnyValue release=\"permit\"/>"
962 + " </AttributeReleasePolicy>";
964 Principal principal1 = new LocalPrincipal("TestPrincipal");
966 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
967 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
968 "faculty@example.edu"})));
969 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
970 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
971 "faculty@example.edu"}));
974 parser.parse(new InputSource(new StringReader(rawArp)));
975 Arp siteArp = new Arp();
976 siteArp.marshall(parser.getDocument().getDocumentElement());
977 repository.update(siteArp);
978 ArpEngine engine = new ArpEngine(repository);
981 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
983 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
986 * ARPs: Test release to multiple specific requesters
988 void arpApplicationTest13(ArpRepository repository, Parser.DOMParser parser) throws Exception {
991 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
992 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
995 + " <Requester>shar.example.edu</Requester>"
996 + " <Requester>http://foo.example.edu</Requester>"
998 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
999 + " <AnyValue release=\"permit\"/>"
1002 + " </AttributeReleasePolicy>";
1004 Principal principal1 = new LocalPrincipal("TestPrincipal");
1006 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1007 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1008 "faculty@example.edu"})));
1009 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1010 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1011 "faculty@example.edu"}));
1014 parser.parse(new InputSource(new StringReader(rawArp)));
1015 Arp siteArp = new Arp();
1016 siteArp.marshall(parser.getDocument().getDocumentElement());
1017 repository.update(siteArp);
1018 ArpEngine engine = new ArpEngine(repository);
1021 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1023 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1025 // Try for the 2nd requester
1026 inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1027 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1028 "faculty@example.edu"})));
1030 engine.filterAttributes(inputSet, principal1, "http://foo.example.edu");
1031 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1035 * ARPs: Specific requester (no match)
1037 void arpApplicationTest14(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1040 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1041 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1044 + " <Requester>shar.example.edu</Requester>"
1046 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1047 + " <AnyValue release=\"permit\"/>"
1050 + " </AttributeReleasePolicy>";
1052 Principal principal1 = new LocalPrincipal("TestPrincipal");
1054 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1055 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1056 "faculty@example.edu"})));
1059 parser.parse(new InputSource(new StringReader(rawArp)));
1060 Arp siteArp = new Arp();
1061 siteArp.marshall(parser.getDocument().getDocumentElement());
1062 repository.update(siteArp);
1063 ArpEngine engine = new ArpEngine(repository);
1066 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1068 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1071 * ARPs: Multiple specific requesters (no match)
1073 void arpApplicationTest15(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1076 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1077 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1080 + " <Requester>shar.example.edu</Requester>"
1081 + " <Requester>http://foo.example.edu</Requester>"
1083 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1084 + " <AnyValue release=\"permit\"/>"
1087 + " </AttributeReleasePolicy>";
1089 Principal principal1 = new LocalPrincipal("TestPrincipal");
1091 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1092 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1093 "faculty@example.edu"})));
1096 parser.parse(new InputSource(new StringReader(rawArp)));
1097 Arp siteArp = new Arp();
1098 siteArp.marshall(parser.getDocument().getDocumentElement());
1099 repository.update(siteArp);
1100 ArpEngine engine = new ArpEngine(repository);
1103 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1105 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1109 * ARPs: A site ARP only Target: Multiple matching rules Attribute: various
1111 void arpApplicationTest17(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1114 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1115 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1120 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1121 + " <AnyValue release=\"permit\"/>"
1126 + " <Requester>shar1.example.edu</Requester>"
1128 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1129 + " <Value release=\"deny\">faculty@example.edu</Value>"
1134 + " <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1136 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1137 + " <AnyValue release=\"permit\"/>"
1140 + " </AttributeReleasePolicy>";
1142 Principal principal1 = new LocalPrincipal("TestPrincipal");
1143 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1144 .asList(new AAAttribute[]{
1145 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1146 "member@example.edu", "faculty@example.edu"}),
1147 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1148 new Object[]{"wassa@columbia.edu"})}));
1150 Collection<AAAttribute> releaseSet = Arrays
1151 .asList(new AAAttribute[]{
1152 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation",
1153 new Object[]{"member@example.edu"}),
1154 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1155 new Object[]{"wassa@columbia.edu"})});
1158 parser.parse(new InputSource(new StringReader(rawArp)));
1159 Arp siteArp = new Arp();
1160 siteArp.marshall(parser.getDocument().getDocumentElement());
1161 repository.update(siteArp);
1162 ArpEngine engine = new ArpEngine(repository);
1165 engine.filterAttributes(inputSet, principal1, "shar1.example.edu");
1167 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1171 * ARPs: A site ARP any Target: Any Attribute: Any value release of two attributes in one rule
1173 void arpApplicationTest18(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1176 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1177 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1182 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1183 + " <AnyValue release=\"permit\"/>"
1185 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1186 + " <AnyValue release=\"permit\"/>"
1189 + " </AttributeReleasePolicy>";
1191 Principal principal1 = new LocalPrincipal("TestPrincipal");
1193 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1194 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1195 "faculty@example.edu"}),
1196 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1197 new Object[]{"mehoehn@example.edu"})}));
1199 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1200 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1201 "faculty@example.edu"}),
1202 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1203 new Object[]{"mehoehn@example.edu"})});
1206 parser.parse(new InputSource(new StringReader(rawArp)));
1207 Arp siteArp = new Arp();
1208 siteArp.marshall(parser.getDocument().getDocumentElement());
1209 repository.update(siteArp);
1210 ArpEngine engine = new ArpEngine(repository);
1213 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1215 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1219 * ARPs: A user ARP any Target: Single Attribute: Any value release,
1221 void arpApplicationTest19(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1224 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1225 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1230 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1231 + " <AnyValue release=\"permit\"/>"
1234 + " </AttributeReleasePolicy>";
1236 Principal principal1 = new LocalPrincipal("TestPrincipal");
1238 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1239 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1240 "faculty@example.edu"})));
1241 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1242 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1243 "faculty@example.edu"}));
1246 parser.parse(new InputSource(new StringReader(rawArp)));
1247 Arp userArp = new Arp();
1248 userArp.setPrincipal(principal1);
1249 userArp.marshall(parser.getDocument().getDocumentElement());
1250 repository.update(userArp);
1251 ArpEngine engine = new ArpEngine(repository);
1254 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1256 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1260 * ARPs: A site ARP and user ARP Target: various Attribute: various combinations
1262 void arpApplicationTest20(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1265 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1266 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1271 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1272 + " <Value release=\"permit\">member@example.edu</Value>"
1274 + " <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1275 + " <AnyValue release=\"permit\" />"
1280 + " <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1282 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1283 + " <AnyValue release=\"permit\"/>"
1288 + " <Requester>www.example.edu</Requester>"
1290 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1291 + " <AnyValue release=\"permit\"/>"
1293 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1294 + " <Value release=\"permit\">urn:example:contract:4657483</Value>"
1299 + " <Requester>www.external.com</Requester>"
1301 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1302 + " <Value release=\"permit\">urn:example:contract:113455</Value>"
1305 + " </AttributeReleasePolicy>";
1307 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1308 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1313 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1314 + " <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1319 + " <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1321 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1322 + " <Value release=\"deny\">faculty@example.edu</Value>"
1324 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1325 + " <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1328 + " </AttributeReleasePolicy>";
1330 Principal principal1 = new LocalPrincipal("TestPrincipal");
1332 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1333 .asList(new AAAttribute[]{
1334 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1335 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1336 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1337 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1338 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1339 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1340 new Object[]{"wassa@example.edu"}),
1341 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1343 Collection<AAAttribute> releaseSet = Arrays
1344 .asList(new AAAttribute[]{
1345 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1346 "urn:example:lovesIceCream", "urn:example:contract:4657483"}),
1347 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1348 "member@example.edu", "employee@example.edu"}),
1349 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1350 new Object[]{"wassa@example.edu"}),
1351 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1354 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1355 Arp siteArp = new Arp();
1356 siteArp.marshall(parser.getDocument().getDocumentElement());
1357 repository.update(siteArp);
1360 parser.parse(new InputSource(new StringReader(rawUserArp)));
1361 Arp userArp = new Arp();
1362 userArp.setPrincipal(principal1);
1363 userArp.marshall(parser.getDocument().getDocumentElement());
1364 repository.update(userArp);
1366 ArpEngine engine = new ArpEngine(repository);
1369 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1371 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1374 * ARPs: A site ARP and user ARP Target: various Attribute: various combinations (same ARPs as 20, different
1377 void arpApplicationTest21(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1380 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1381 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1386 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1387 + " <Value release=\"permit\">member@example.edu</Value>"
1389 + " <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1390 + " <AnyValue release=\"permit\" />"
1395 + " <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1397 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1398 + " <AnyValue release=\"permit\"/>"
1403 + " <Requester>www.example.edu</Requester>"
1405 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1406 + " <AnyValue release=\"permit\"/>"
1408 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1409 + " <Value release=\"permit\">urn:example:contract:4657483</Value>"
1414 + " <Requester>www.external.com</Requester>"
1416 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1417 + " <Value release=\"permit\">urn:example:contract:113455</Value>"
1420 + " </AttributeReleasePolicy>";
1422 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1423 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1428 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1429 + " <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1434 + " <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1436 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1437 + " <Value release=\"deny\">faculty@example.edu</Value>"
1439 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1440 + " <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1443 + " </AttributeReleasePolicy>";
1445 Principal principal1 = new LocalPrincipal("TestPrincipal");
1447 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1448 .asList(new AAAttribute[]{
1449 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1450 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1451 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1452 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1453 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1454 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1455 new Object[]{"wassa@example.edu"}),
1456 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1458 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1459 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement",
1460 new Object[]{"urn:example:contract:113455"}),
1461 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}),
1462 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1465 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1466 Arp siteArp = new Arp();
1467 siteArp.marshall(parser.getDocument().getDocumentElement());
1468 repository.update(siteArp);
1471 parser.parse(new InputSource(new StringReader(rawUserArp)));
1472 Arp userArp = new Arp();
1473 userArp.setPrincipal(principal1);
1474 userArp.marshall(parser.getDocument().getDocumentElement());
1475 repository.update(userArp);
1477 ArpEngine engine = new ArpEngine(repository);
1480 engine.filterAttributes(inputSet, principal1, "www.external.com");
1482 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1486 * ARPs: A site ARP any Target: Specific requester: Release values by regex
1488 void arpApplicationTest22(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1491 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1492 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1495 + " <Requester>shar.example.edu</Requester>"
1497 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1498 + " <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1501 + " </AttributeReleasePolicy>";
1503 Principal principal1 = new LocalPrincipal("Test2Principal");
1505 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1506 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1507 "urn:x:adagio", "urn:x:awol"})));
1508 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1509 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:adagio", "urn:x:awol"}));
1512 parser.parse(new InputSource(new StringReader(rawArp)));
1513 Arp siteArp = new Arp();
1514 siteArp.marshall(parser.getDocument().getDocumentElement());
1515 repository.update(siteArp);
1516 ArpEngine engine = new ArpEngine(repository);
1519 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1521 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1525 * ARPs: A site ARP any Target: Specific shar, Attribute: Deny specific values by regex
1527 void arpApplicationTest23(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1530 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1531 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1534 + " <Requester>shar.example.edu</Requester>"
1536 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1537 + " <AnyValue release=\"permit\" />"
1538 + " <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1539 + " </Attribute>" + " </Rule>" + " </AttributeReleasePolicy>";
1541 Principal principal1 = new LocalPrincipal("Test2Principal");
1543 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1544 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1545 "urn:x:adagio", "urn:x:awol"})));
1546 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1547 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar"}));
1550 parser.parse(new InputSource(new StringReader(rawArp)));
1551 Arp siteArp = new Arp();
1552 siteArp.marshall(parser.getDocument().getDocumentElement());
1553 repository.update(siteArp);
1554 ArpEngine engine = new ArpEngine(repository);
1557 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1559 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1563 * ARPs: A site ARP Specific requester, Attribute: No matches on specific values should
1564 * yield no attribute
1566 void arpApplicationTest24(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1569 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1570 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1573 + " <Requester>shar.example.edu</Requester>"
1575 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1576 + " <AnyValue release=\"permit\" />"
1578 + " <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1579 + " <Value release=\"permit\">urn:x:foo</Value>"
1582 + " </AttributeReleasePolicy>";
1584 Principal principal1 = new LocalPrincipal("Test2Principal");
1586 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1587 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:bar",
1589 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"})}));
1590 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1591 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"}));
1594 parser.parse(new InputSource(new StringReader(rawArp)));
1595 Arp siteArp = new Arp();
1596 siteArp.marshall(parser.getDocument().getDocumentElement());
1597 repository.update(siteArp);
1598 ArpEngine engine = new ArpEngine(repository);
1601 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1603 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);