Converted jUnit ARP tests to use new interface.
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.ByteArrayOutputStream;
53 import java.io.File;
54 import java.io.FileInputStream;
55 import java.io.FileNotFoundException;
56 import java.io.InputStream;
57 import java.io.StringReader;
58 import java.net.MalformedURLException;
59 import java.net.URI;
60 import java.net.URISyntaxException;
61 import java.net.URL;
62 import java.security.Principal;
63 import java.util.Arrays;
64 import java.util.HashSet;
65 import java.util.Properties;
66
67 import junit.framework.TestCase;
68
69 import org.apache.log4j.BasicConfigurator;
70 import org.apache.log4j.Level;
71 import org.apache.log4j.Logger;
72 import org.apache.xerces.parsers.DOMParser;
73 import org.apache.xml.serialize.OutputFormat;
74 import org.apache.xml.serialize.XMLSerializer;
75 import org.xml.sax.EntityResolver;
76 import org.xml.sax.ErrorHandler;
77 import org.xml.sax.InputSource;
78 import org.xml.sax.SAXException;
79 import org.xml.sax.SAXParseException;
80
81 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
82 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
83 import edu.internet2.middleware.shibboleth.common.AuthNPrincipal;
84
85 /**
86  * Validation suite for <code>Arp</code> processing.
87  * 
88  * @ author Walter Hoehn(wassa@columbia.edu)
89  */
90
91 public class ArpTests extends TestCase {
92
93         private DOMParser parser = new DOMParser();
94         private String[] arpExamples =
95                 {
96                         "data/example1.xml",
97                         "data/example2.xml",
98                         "data/example3.xml",
99                         "data/example4.xml",
100                         "data/example5.xml",
101                         "data/example6.xml",
102                         "data/example7.xml",
103                         "data/example8.xml",
104                         "data/example9.xml",
105                         "data/example10.xml",
106                         "data/example11.xml" };
107
108         public ArpTests(String name) {
109                 super(name);
110                 BasicConfigurator.resetConfiguration();
111                 BasicConfigurator.configure();
112                 Logger.getRootLogger().setLevel(Level.OFF);
113         }
114
115         public static void main(String[] args) {
116                 junit.textui.TestRunner.run(ArpTests.class);
117                 BasicConfigurator.configure();
118                 Logger.getRootLogger().setLevel(Level.OFF);
119         }
120
121         /**
122          * @see junit.framework.TestCase#setUp()
123          */
124         protected void setUp() throws Exception {
125                 super.setUp();
126                 try {
127                         parser.setFeature("http://xml.org/sax/features/validation", true);
128                         parser.setFeature("http://apache.org/xml/features/validation/schema", true);
129                         parser.setEntityResolver(new EntityResolver() {
130                                 public InputSource resolveEntity(String publicId, String systemId) throws SAXException {
131
132                                         if (systemId.endsWith("shibboleth-arp-1.0.xsd")) {
133                                                 InputStream stream;
134                                                 try {
135                                                         stream = new FileInputStream("src/schemas/shibboleth-arp-1.0.xsd");
136                                                         if (stream != null) {
137                                                                 return new InputSource(stream);
138                                                         }
139                                                         throw new SAXException("Could not load entity: Null input stream");
140                                                 } catch (FileNotFoundException e) {
141                                                         throw new SAXException("Could not load entity: " + e);
142                                                 }
143                                         } else {
144                                                 return null;
145                                         }
146                                 }
147                         });
148
149                         parser.setErrorHandler(new ErrorHandler() {
150                                 public void error(SAXParseException arg0) throws SAXException {
151                                         throw new SAXException("Error parsing xml file: " + arg0);
152                                 }
153                                 public void fatalError(SAXParseException arg0) throws SAXException {
154                                         throw new SAXException("Error parsing xml file: " + arg0);
155                                 }
156                                 public void warning(SAXParseException arg0) throws SAXException {
157                                         throw new SAXException("Error parsing xml file: " + arg0);
158                                 }
159                         });
160                 } catch (Exception e) {
161                         fail("Failed to setup xml parser: " + e);
162                 }
163
164         }
165
166         public void testArpMarshalling() {
167
168                 //Test ARP description
169                 try {
170                         InputStream inStream = new FileInputStream("data/arp1.xml");
171                         parser.parse(new InputSource(inStream));
172                         Arp arp1 = new Arp();
173                         arp1.marshall(parser.getDocument().getDocumentElement());
174                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
175
176                         //Test Rule description
177                         assertEquals(
178                                 "ARP Rule Description not marshalled properly",
179                                 arp1.getAllRules()[0].getDescription(),
180                                 "Example Rule Description.");
181                 } catch (Exception e) {
182                         fail("Failed to marshall ARP: " + e);
183                 }
184
185                 //Test case where ARP description does not exist
186                 try {
187                         InputStream inStream = new FileInputStream("data/arp2.xml");
188                         parser.parse(new InputSource(inStream));
189                         Arp arp2 = new Arp();
190                         arp2.marshall(parser.getDocument().getDocumentElement());
191                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
192
193                         //Test case where ARP Rule description does not exist   
194                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
195                 } catch (Exception e) {
196                         fail("Failed to marshall ARP.");
197                 }
198
199         }
200
201         public void testMatchingFunctions() {
202
203                 try {
204
205                         /*
206                          * Test Arp Engine function retrieval
207                          */
208
209                         //Lookup a function that doesn't exist
210                         MatchFunction noFunction =
211                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
212                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
213
214                         //Lookup some real functions
215                         MatchFunction exactSharFunction =
216                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
217                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
218                         MatchFunction resourceTreeFunction =
219                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
220                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
221                         MatchFunction regexFunction =
222                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
223                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
224
225                         /* 
226                          * Test the Exact SHAR function (requester)
227                          */
228
229                         assertTrue(
230                                 "Exact SHAR function: false negative",
231                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
232                         assertTrue(
233                                 "Exact SHAR function: false negative",
234                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
235                         assertTrue(
236                                 "Exact SHAR function: false negative",
237                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
238
239                         //Make sure we properly handle bad input
240                         try {
241                                 exactSharFunction.match(null, null);
242                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
243                         } catch (ArpException ie) {
244                                 //This is supposed to fail
245                         }
246
247                         /*
248                          * Test the Resource Tree function (resource)
249                          */
250
251                         URL requestURL1 = new URL("http://www.example.edu/test/");
252                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
253                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
254                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
255
256                         assertTrue(
257                                 "Resource Tree function: false negative",
258                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
259                         assertTrue(
260                                 "Resource Tree function: false positive",
261                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
262                         assertTrue(
263                                 "Resource Tree function: false negative",
264                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
265                         assertTrue(
266                                 "Resource Tree function: false positive",
267                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
268                         assertTrue(
269                                 "Resource Tree function: false negative",
270                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
271                         assertTrue(
272                                 "Resource Tree function: false negative",
273                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
274                         assertTrue(
275                                 "Resource Tree function: false negative",
276                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
277                         assertTrue(
278                                 "Resource Tree function: false positive",
279                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
280                         assertTrue(
281                                 "Resource Tree function: false negative",
282                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
283                         assertTrue(
284                                 "Resource Tree function: false negative",
285                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
286                         assertTrue(
287                                 "Resource Tree function: false negative",
288                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
289                         assertTrue(
290                                 "Resource Tree function: false positive",
291                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
292
293                         //Make sure we properly handle bad input
294                         try {
295                                 resourceTreeFunction.match(null, null);
296                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
297                         } catch (ArpException ie) {
298                                 //This is supposed to fail
299                         }
300                         try {
301                                 resourceTreeFunction.match("Test", "Test");
302                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
303                         } catch (ArpException ie) {
304                                 //This is supposed to fail
305                         }
306
307                         /*
308                          * Test the Regex function (requester & resource)
309                          */
310
311                         //Try requester regexes
312                         assertTrue(
313                                 "Regex function: false negative",
314                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
315                         assertTrue(
316                                 "Regex function: false negative",
317                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
318                         assertTrue(
319                                 "Regex function: false negative",
320                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
321                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
322                         assertTrue(
323                                 "Regex function: false positive",
324                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
325                         assertTrue(
326                                 "Regex function: false positive",
327                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
328                         assertTrue(
329                                 "Regex function: false positive",
330                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
331
332                         //Try resource regexes
333                         assertTrue(
334                                 "Regex function: false negative",
335                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
336                         assertTrue(
337                                 "Regex function: false negative",
338                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
339                         assertTrue(
340                                 "Regex function: false negative",
341                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
342                         assertTrue(
343                                 "Regex function: false negative",
344                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
345                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
346                         assertTrue(
347                                 "Regex function: false positive",
348                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
349                         assertTrue(
350                                 "Regex function: false positive",
351                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
352
353                         //Make sure we properly handle bad input
354                         try {
355                                 regexFunction.match(null, null);
356                                 fail("Regex function seems to take improper input without throwing an exception.");
357                         } catch (ArpException ie) {
358                                 //This is supposed to fail
359                         }
360
361                 } catch (ArpException e) {
362                         fail("Encountered a problem loading match function: " + e);
363                 } catch (URISyntaxException e) {
364                         fail("Unable to create URI from test string.");
365                 } catch (MalformedURLException e) {
366                         fail("Couldn't create test URLs: " + e);
367                 }
368
369         }
370
371         public void testRepositories() {
372
373                 /*
374                  * Test the Factory
375                  */
376
377                 //Make sure we fail if no Repository is specified
378                 Properties props = new Properties();
379                 try {
380                         ArpRepositoryFactory.getInstance(props);
381                 } catch (ArpRepositoryException e) {
382                         //This is supposed to fail
383                 }
384
385                 // Make sure we can create an Arp Repository
386                 props.setProperty(
387                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
388                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
389                 ArpRepository repository = null;
390                 try {
391                         repository = ArpRepositoryFactory.getInstance(props);
392                 } catch (ArpRepositoryException e) {
393                         fail("Failed to create memory-based Arp Repository" + e);
394                 }
395                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
396
397                 /*
398                  * Exercise the Memory Arp Repository
399                  */
400
401                 //Set/retrieve/remove a Site ARP
402                 Arp siteArp1 = new Arp();
403                 siteArp1.setDescription("Test Site Arp 1.");
404                 try {
405                         repository.update(siteArp1);
406                         assertEquals(
407                                 "Memory Repository does not store and retrieve Site ARPs properly.",
408                                 siteArp1,
409                                 repository.getSitePolicy());
410                         repository.remove(repository.getSitePolicy());
411                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
412                 } catch (ArpRepositoryException e) {
413                         fail("Error adding Site ARP to Memory Repository.");
414                 }
415
416                 //Set/retrieve/delete some user ARPs
417                 Arp userArp1 = new Arp();
418                 userArp1.setDescription("Broken User Arp 1.");
419                 try {
420                         repository.update(userArp1);
421                         assertTrue(
422                                 "Memory Repository does not store and retrieve User ARPs properly.",
423                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
424                 } catch (ArpRepositoryException e) {
425                         fail("Error adding User ARP to Memory Repository.");
426                 }
427
428                 Arp userArp2 = new Arp(new AuthNPrincipal("TestPrincipal"));
429                 userArp2.setDescription("Test User Arp 2.");
430                 try {
431                         repository.update(userArp2);
432                         assertEquals(
433                                 "Memory Repository does not store and retrieve User ARPs properly.",
434                                 userArp2,
435                                 repository.getUserPolicy(userArp2.getPrincipal()));
436                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
437                         assertNull(
438                                 "Memorty Repository does not properly delete User ARPs.",
439                                 repository.getUserPolicy(userArp2.getPrincipal()));
440                 } catch (ArpRepositoryException e) {
441                         fail("Error adding User ARP to Memory Repository.");
442                 }
443
444                 /*
445                  * Exercise the Memory Arp Repository
446                  */
447
448                 //create a repository
449                 props.setProperty(
450                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
451                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
452                 props.setProperty(
453                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository.Path",
454                         new File("data/").toURI().toString());
455                 props.setProperty("edu.internet2.middleware.shibboleth.aa.arp.BaseArpRepository.ArpTTL", "65535");
456                 repository = null;
457                 try {
458                         repository = ArpRepositoryFactory.getInstance(props);
459                 } catch (ArpRepositoryException e) {
460                         fail("Failed to create file-based Arp Repository" + e.getMessage());
461                 }
462                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
463
464                 try {
465                         Arp siteArp = repository.getSitePolicy();
466
467                         InputStream inStream = new FileInputStream("data/arp.site.xml");
468                         parser.parse(new InputSource(inStream));
469                         ByteArrayOutputStream directXML = new ByteArrayOutputStream();
470                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
471
472                         ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
473                         new XMLSerializer(processedXML, new OutputFormat()).serialize(siteArp.unmarshall());
474
475                         assertTrue(
476                                 "File-based ARP Repository did not return the correct site ARP.",
477                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
478                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
479
480                         Arp userArp = repository.getUserPolicy(new AuthNPrincipal("test"));
481
482                         inStream = new FileInputStream("data/arp.user.test.xml");
483                         parser.parse(new InputSource(inStream));
484                         directXML = new ByteArrayOutputStream();
485                         new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
486
487                         processedXML = new ByteArrayOutputStream();
488                         new XMLSerializer(processedXML, new OutputFormat()).serialize(userArp.unmarshall());
489
490                         assertTrue(
491                                 "File-based ARP Repository did not return the correct user ARP.",
492                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
493                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
494
495                         Arp[] allArps = repository.getAllPolicies(new AuthNPrincipal("test"));
496
497                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
498
499                 } catch (Exception e) {
500                         fail("Error retrieving ARP from Repository: " + e);
501                 }
502
503         }
504
505         public void testPossibleReleaseSetComputation() {
506                 Properties props = new Properties();
507                 props.setProperty(
508                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
509                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
510                 ArpRepository repository = null;
511                 try {
512                         repository = ArpRepositoryFactory.getInstance(props);
513                 } catch (ArpRepositoryException e) {
514                         fail("Failed to create memory-based Arp Repository" + e);
515                 }
516
517                 try {
518                         Principal principal1 = new AuthNPrincipal("TestPrincipal");
519                         URL url1 = new URL("http://www.example.edu/");
520                         URI[] list1 = { new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation")};
521                         URI[] list2 =
522                                 {
523                                         new URI("urn:mace:eduPerson:1.0:eduPersonAffiliation"),
524                                         new URI("urn:mace:eduPerson:1.0:eduPersonPrincipalName")};
525                         URI[] list3 = new URI[0];
526
527                         //Test with just a site ARP
528                         InputStream inStream = new FileInputStream("data/arp1.xml");
529                         parser.parse(new InputSource(inStream));
530                         Arp arp1 = new Arp();
531                         arp1.marshall(parser.getDocument().getDocumentElement());
532                         repository.update(arp1);
533                         ArpEngine engine = new ArpEngine(repository, props);
534                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
535                         assertEquals(
536                                 "Incorrectly computed possible release set (1).",
537                                 new HashSet(Arrays.asList(possibleAttributes)),
538                                 new HashSet(Arrays.asList(list1)));
539
540                         //Test with site and user ARPs
541                         inStream = new FileInputStream("data/arp7.xml");
542                         parser.parse(new InputSource(inStream));
543                         Arp arp7 = new Arp();
544                         arp7.setPrincipal(principal1);
545                         arp7.marshall(parser.getDocument().getDocumentElement());
546                         repository.update(arp7);
547                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
548                         assertEquals(
549                                 "Incorrectly computed possible release set (2).",
550                                 new HashSet(Arrays.asList(possibleAttributes)),
551                                 new HashSet(Arrays.asList(list2)));
552
553                         //Ensure that explicit denies on any value are not in the release set
554                         inStream = new FileInputStream("data/arp6.xml");
555                         parser.parse(new InputSource(inStream));
556                         Arp arp6 = new Arp();
557                         arp6.setPrincipal(principal1);
558                         arp6.marshall(parser.getDocument().getDocumentElement());
559                         repository.update(arp6);
560                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
561                         assertEquals(
562                                 "Incorrectly computed possible release set (3).",
563                                 new HashSet(Arrays.asList(possibleAttributes)),
564                                 new HashSet(Arrays.asList(list3)));
565
566                 } catch (Exception e) {
567                         e.printStackTrace();
568                         fail("Failed to marshall ARP: " + e);
569                 }
570
571         }
572
573         public void testArpApplication() {
574
575                 //Setup a test ARP repository
576                 Properties props = new Properties();
577                 props.setProperty(
578                         "edu.internet2.middleware.shibboleth.aa.arp.ArpRepository.implementation",
579                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
580                 ArpRepository repository = null;
581                 try {
582                         repository = ArpRepositoryFactory.getInstance(props);
583                 } catch (ArpRepositoryException e) {
584                         fail("Failed to create memory-based Arp Repository" + e);
585                 }
586
587                 try {
588
589                         arpApplicationTest1(repository, props, parser);
590                         arpApplicationTest2(repository, props, parser);
591                         arpApplicationTest3(repository, props, parser);
592                         arpApplicationTest4(repository, props, parser);
593                         arpApplicationTest5(repository, props, parser);
594                         arpApplicationTest6(repository, props, parser);
595                         arpApplicationTest7(repository, props, parser);
596                         arpApplicationTest8(repository, props, parser);
597                         arpApplicationTest9(repository, props, parser);
598                         arpApplicationTest10(repository, props, parser);
599                         arpApplicationTest11(repository, props, parser);
600                         arpApplicationTest12(repository, props, parser);
601                         arpApplicationTest13(repository, props, parser);
602                         arpApplicationTest14(repository, props, parser);
603                         arpApplicationTest15(repository, props, parser);
604                         arpApplicationTest16(repository, props, parser);
605                         arpApplicationTest17(repository, props, parser);
606                         arpApplicationTest18(repository, props, parser);
607                         arpApplicationTest19(repository, props, parser);
608                         arpApplicationTest20(repository, props, parser);
609                         arpApplicationTest21(repository, props, parser);
610
611                 } catch (Exception e) {
612                         e.printStackTrace();
613                         fail("Failed to apply filter to ARPs: " + e);
614                 }
615         }
616
617         public void testRoundtripMarshalling() {
618
619                 try {
620                         for (int i = 0; i < arpExamples.length; i++) {
621
622                                 InputStream inStream = new FileInputStream(arpExamples[i]);
623                                 parser.parse(new InputSource(inStream));
624                                 ByteArrayOutputStream directXML = new ByteArrayOutputStream();
625                                 new XMLSerializer(directXML, new OutputFormat()).serialize(parser.getDocument().getDocumentElement());
626
627                                 Arp arp1 = new Arp();
628                                 arp1.marshall(parser.getDocument().getDocumentElement());
629
630                                 ByteArrayOutputStream processedXML = new ByteArrayOutputStream();
631                                 new XMLSerializer(processedXML, new OutputFormat()).serialize(arp1.unmarshall());
632
633                                 assertTrue(
634                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
635                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
636                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
637                         }
638
639                 } catch (Exception e) {
640                         fail("Failed to marshall ARP: " + e);
641                 }
642
643         }
644         /**
645          * ARPs: A site ARP only
646          * Target: Any
647          * Attribute: Any value release,
648          */
649         void arpApplicationTest1(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
650
651                 //Gather the Input
652                 String rawArp =
653                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
654                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
655                                 + "                     <Rule>"
656                                 + "                             <Target>"
657                                 + "                                     <AnyTarget/>"
658                                 + "                             </Target>"
659                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
660                                 + "                                     <AnyValue release=\"permit\"/>"
661                                 + "                             </Attribute>"
662                                 + "                     </Rule>"
663                                 + "     </AttributeReleasePolicy>";
664
665                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
666                 URL url1 = new URL("http://www.example.edu/");
667                 AAAttributeSet inputSet =
668                         new AAAttributeSet(
669                                 new AAAttribute(
670                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
671                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
672
673                 AAAttributeSet releaseSet =
674                         new AAAttributeSet(
675                                 new AAAttribute(
676                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
677                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
678
679                 //Setup the engine
680                 parser.parse(new InputSource(new StringReader(rawArp)));
681                 Arp siteArp = new Arp();
682                 siteArp.marshall(parser.getDocument().getDocumentElement());
683                 repository.update(siteArp);
684                 ArpEngine engine = new ArpEngine(repository, props);
685
686                 //Apply the ARP
687                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
688
689                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
690         }
691
692         /**
693          * ARPs: A site ARP only
694          * Target: Any
695          * Attribute: Any value release, implicit deny
696          */
697         void arpApplicationTest2(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
698
699                 //Gather the Input
700                 String rawArp =
701                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
702                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
703                                 + "                     <Rule>"
704                                 + "                             <Target>"
705                                 + "                                     <AnyTarget/>"
706                                 + "                             </Target>"
707                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
708                                 + "                                     <AnyValue release=\"permit\"/>"
709                                 + "                             </Attribute>"
710                                 + "                     </Rule>"
711                                 + "     </AttributeReleasePolicy>";
712
713                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
714                 URL url1 = new URL("http://www.example.edu/");
715                 AAAttributeSet inputSet =
716                         new AAAttributeSet(
717                                 new AAAttribute[] {
718                                         new AAAttribute(
719                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
720                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
721                                         new AAAttribute(
722                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
723                                                 new Object[] { "mehoehn@example.edu" })
724                 });
725
726                 AAAttributeSet releaseSet =
727                         new AAAttributeSet(
728                                 new AAAttribute[] {
729                                          new AAAttribute(
730                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
731                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
732                 });
733
734                 //Setup the engine
735                 parser.parse(new InputSource(new StringReader(rawArp)));
736                 Arp siteArp = new Arp();
737                 siteArp.marshall(parser.getDocument().getDocumentElement());
738                 repository.update(siteArp);
739                 ArpEngine engine = new ArpEngine(repository, props);
740
741                 //Apply the ARP
742                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
743
744                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
745         }
746
747         /**
748          * ARPs: A site ARP only
749          * Target: Any
750          * Attribute: One value release
751          */
752         void arpApplicationTest3(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
753
754                 //Gather the Input
755                 String rawArp =
756                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
757                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
758                                 + "                     <Rule>"
759                                 + "                             <Target>"
760                                 + "                                     <AnyTarget/>"
761                                 + "                             </Target>"
762                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
763                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
764                                 + "                             </Attribute>"
765                                 + "                     </Rule>"
766                                 + "     </AttributeReleasePolicy>";
767
768                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
769                 URL url1 = new URL("http://www.example.edu/");
770                 AAAttributeSet inputSet =
771                         new AAAttributeSet(
772                                 new AAAttribute(
773                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
774                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
775                 AAAttributeSet releaseSet =
776                         new AAAttributeSet(
777                                 new AAAttribute("urn:mace:eduPerson:1.0:eduPersonAffiliation", new Object[] { "member@example.edu" }));
778
779                 //Setup the engine
780                 parser.parse(new InputSource(new StringReader(rawArp)));
781                 Arp siteArp = new Arp();
782                 siteArp.marshall(parser.getDocument().getDocumentElement());
783                 repository.update(siteArp);
784                 ArpEngine engine = new ArpEngine(repository, props);
785
786                 //Apply the ARP
787                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
788
789                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
790         }
791
792         /**
793          * ARPs: A site ARP only
794          * Target: Any
795          * Attribute: Any value except one release, canonical representation
796          */
797         void arpApplicationTest4(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
798
799                 //Gather the Input
800                 String rawArp =
801                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
802                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
803                                 + "                     <Rule>"
804                                 + "                             <Target>"
805                                 + "                                     <AnyTarget/>"
806                                 + "                             </Target>"
807                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
808                                 + "                                     <AnyValue release=\"permit\"/>"
809                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
810                                 + "                             </Attribute>"
811                                 + "                     </Rule>"
812                                 + "     </AttributeReleasePolicy>";
813
814                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
815                 URL url1 = new URL("http://www.example.edu/");
816                 AAAttributeSet inputSet =
817                         new AAAttributeSet(
818                                 new AAAttribute(
819                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
820                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
821                 AAAttributeSet releaseSet =
822                         new AAAttributeSet(
823                                 new AAAttribute(
824                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
825                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
826
827                 //Setup the engine
828                 parser.parse(new InputSource(new StringReader(rawArp)));
829                 Arp siteArp = new Arp();
830                 siteArp.marshall(parser.getDocument().getDocumentElement());
831                 repository.update(siteArp);
832                 ArpEngine engine = new ArpEngine(repository, props);
833
834                 //Apply the ARP
835                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
836
837                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
838         }
839
840         /**
841          * ARPs: A site ARP only
842          * Target: Any
843          * Attribute: Any value except one release, expanded representation
844          */
845         void arpApplicationTest5(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
846
847                 //Gather the Input
848                 String rawArp =
849                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
850                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
851                                 + "                     <Rule>"
852                                 + "                             <Target>"
853                                 + "                                     <AnyTarget/>"
854                                 + "                             </Target>"
855                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
856                                 + "                                     <AnyValue release=\"permit\"/>"
857                                 + "                             </Attribute>"
858                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
859                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
860                                 + "                             </Attribute>"
861                                 + "                     </Rule>"
862                                 + "     </AttributeReleasePolicy>";
863
864                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
865                 URL url1 = new URL("http://www.example.edu/");
866                 AAAttributeSet inputSet =
867                         new AAAttributeSet(
868                                 new AAAttribute(
869                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
870                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
871                 AAAttributeSet releaseSet =
872                         new AAAttributeSet(
873                                 new AAAttribute(
874                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
875                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
876
877                 //Setup the engine
878                 parser.parse(new InputSource(new StringReader(rawArp)));
879                 Arp siteArp = new Arp();
880                 siteArp.marshall(parser.getDocument().getDocumentElement());
881                 repository.update(siteArp);
882                 ArpEngine engine = new ArpEngine(repository, props);
883
884                 //Apply the ARP
885                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
886
887                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
888         }
889
890         /**
891          * ARPs: A site ARP only
892          * Target: Any
893          * Attribute: Any value except two release, expanded representation
894          */
895         void arpApplicationTest6(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
896
897                 //Gather the Input
898                 String rawArp =
899                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
900                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
901                                 + "                     <Rule>"
902                                 + "                             <Target>"
903                                 + "                                     <AnyTarget/>"
904                                 + "                             </Target>"
905                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
906                                 + "                                     <AnyValue release=\"permit\"/>"
907                                 + "                             </Attribute>"
908                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
909                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
910                                 + "                             </Attribute>"
911                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
912                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
913                                 + "                             </Attribute>"
914                                 + "                     </Rule>"
915                                 + "     </AttributeReleasePolicy>";
916
917                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
918                 URL url1 = new URL("http://www.example.edu/");
919                 AAAttributeSet inputSet =
920                         new AAAttributeSet(
921                                 new AAAttribute(
922                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
923                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
924                 AAAttributeSet releaseSet =
925                         new AAAttributeSet(
926                                 new AAAttribute(
927                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
928                                         new Object[] { "employee@example.edu" }));
929
930                 //Setup the engine
931                 parser.parse(new InputSource(new StringReader(rawArp)));
932                 Arp siteArp = new Arp();
933                 siteArp.marshall(parser.getDocument().getDocumentElement());
934                 repository.update(siteArp);
935                 ArpEngine engine = new ArpEngine(repository, props);
936
937                 //Apply the ARP
938                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
939
940                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
941         }
942
943         /**
944          * ARPs: A site ARP only
945          * Target: Any
946          * Attribute: Two value release, canonical representation
947          */
948         void arpApplicationTest7(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
949
950                 //Gather the Input
951                 String rawArp =
952                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
953                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
954                                 + "                     <Rule>"
955                                 + "                             <Target>"
956                                 + "                                     <AnyTarget/>"
957                                 + "                             </Target>"
958                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
959                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
960                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
961                                 + "                             </Attribute>"
962                                 + "                     </Rule>"
963                                 + "     </AttributeReleasePolicy>";
964
965                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
966                 URL url1 = new URL("http://www.example.edu/");
967                 AAAttributeSet inputSet =
968                         new AAAttributeSet(
969                                 new AAAttribute(
970                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
971                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
972                 AAAttributeSet releaseSet =
973                         new AAAttributeSet(
974                                 new AAAttribute(
975                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
976                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
977
978                 //Setup the engine
979                 parser.parse(new InputSource(new StringReader(rawArp)));
980                 Arp siteArp = new Arp();
981                 siteArp.marshall(parser.getDocument().getDocumentElement());
982                 repository.update(siteArp);
983                 ArpEngine engine = new ArpEngine(repository, props);
984
985                 //Apply the ARP
986                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
987
988                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
989         }
990
991         /**
992          * ARPs: A site ARP only
993          * Target: Any
994          * Attribute: Two value release, expanded representation
995          */
996         void arpApplicationTest8(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
997
998                 //Gather the Input
999                 String rawArp =
1000                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1001                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1002                                 + "                     <Rule>"
1003                                 + "                             <Target>"
1004                                 + "                                     <AnyTarget/>"
1005                                 + "                             </Target>"
1006                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1007                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1008                                 + "                             </Attribute>"
1009                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1010                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1011                                 + "                             </Attribute>"
1012                                 + "                     </Rule>"
1013                                 + "     </AttributeReleasePolicy>";
1014
1015                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1016                 URL url1 = new URL("http://www.example.edu/");
1017                 AAAttributeSet inputSet =
1018                         new AAAttributeSet(
1019                                 new AAAttribute(
1020                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1021                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1022                 AAAttributeSet releaseSet =
1023                         new AAAttributeSet(
1024                                 new AAAttribute(
1025                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1026                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1027
1028                 //Setup the engine
1029                 parser.parse(new InputSource(new StringReader(rawArp)));
1030                 Arp siteArp = new Arp();
1031                 siteArp.marshall(parser.getDocument().getDocumentElement());
1032                 repository.update(siteArp);
1033                 ArpEngine engine = new ArpEngine(repository, props);
1034
1035                 //Apply the ARP
1036                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1037
1038                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1039         }
1040
1041         /**
1042          * ARPs: A site ARP only
1043          * Target: Any
1044          * Attribute: Any value deny
1045          */
1046         void arpApplicationTest9(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1047
1048                 //Gather the Input
1049                 String rawArp =
1050                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1051                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1052                                 + "                     <Rule>"
1053                                 + "                             <Target>"
1054                                 + "                                     <AnyTarget/>"
1055                                 + "                             </Target>"
1056                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1057                                 + "                                     <AnyValue release=\"deny\"/>"
1058                                 + "                             </Attribute>"
1059                                 + "                     </Rule>"
1060                                 + "     </AttributeReleasePolicy>";
1061
1062                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1063                 URL url1 = new URL("http://www.example.edu/");
1064                 AAAttributeSet inputSet =
1065                         new AAAttributeSet(
1066                                 new AAAttribute(
1067                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1068                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1069
1070                 //Setup the engine
1071                 parser.parse(new InputSource(new StringReader(rawArp)));
1072                 Arp siteArp = new Arp();
1073                 siteArp.marshall(parser.getDocument().getDocumentElement());
1074                 repository.update(siteArp);
1075                 ArpEngine engine = new ArpEngine(repository, props);
1076
1077                 //Apply the ARP
1078                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1079
1080                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1081         }
1082
1083         /**
1084          * ARPs: A site ARP only
1085          * Target: Any
1086          * Attribute: Any value deny trumps explicit permit expanded representation
1087          */
1088         void arpApplicationTest10(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1089
1090                 //Gather the Input
1091                 String rawArp =
1092                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1093                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1094                                 + "                     <Rule>"
1095                                 + "                             <Target>"
1096                                 + "                                     <AnyTarget/>"
1097                                 + "                             </Target>"
1098                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1099                                 + "                                     <AnyValue release=\"deny\"/>"
1100                                 + "                             </Attribute>"
1101                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1102                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1103                                 + "                             </Attribute>"
1104                                 + "                     </Rule>"
1105                                 + "     </AttributeReleasePolicy>";
1106
1107                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1108                 URL url1 = new URL("http://www.example.edu/");
1109                 AAAttributeSet inputSet =
1110                         new AAAttributeSet(
1111                                 new AAAttribute(
1112                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1113                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1114
1115                 //Setup the engine
1116                 parser.parse(new InputSource(new StringReader(rawArp)));
1117                 Arp siteArp = new Arp();
1118                 siteArp.marshall(parser.getDocument().getDocumentElement());
1119                 repository.update(siteArp);
1120                 ArpEngine engine = new ArpEngine(repository, props);
1121
1122                 //Apply the ARP
1123                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1124
1125                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1126         }
1127
1128         /**
1129          * ARPs: A site ARP only
1130          * Target: Any
1131          * Attribute: Any value deny trumps explicit permit canonical representation
1132          */
1133         void arpApplicationTest11(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1134
1135                 //Gather the Input
1136                 String rawArp =
1137                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1138                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1139                                 + "                     <Rule>"
1140                                 + "                             <Target>"
1141                                 + "                                     <AnyTarget/>"
1142                                 + "                             </Target>"
1143                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1144                                 + "                                     <AnyValue release=\"deny\"/>"
1145                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1146                                 + "                             </Attribute>"
1147                                 + "                     </Rule>"
1148                                 + "     </AttributeReleasePolicy>";
1149
1150                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1151                 URL url1 = new URL("http://www.example.edu/");
1152                 AAAttributeSet inputSet =
1153                         new AAAttributeSet(
1154                                 new AAAttribute(
1155                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1156                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1157
1158                 //Setup the engine
1159                 parser.parse(new InputSource(new StringReader(rawArp)));
1160                 Arp siteArp = new Arp();
1161                 siteArp.marshall(parser.getDocument().getDocumentElement());
1162                 repository.update(siteArp);
1163                 ArpEngine engine = new ArpEngine(repository, props);
1164
1165                 //Apply the ARP
1166                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1167
1168                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1169         }
1170
1171         /**
1172          * ARPs: A site ARP only
1173          * Target: Specific shar, Any Resource
1174          * Attribute: Any value release
1175          */
1176         void arpApplicationTest12(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1177
1178                 //Gather the Input
1179                 String rawArp =
1180                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1181                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1182                                 + "                     <Rule>"
1183                                 + "                             <Target>"
1184                                 + "                                     <Requester>shar.example.edu</Requester>"
1185                                 + "                                     <AnyResource />"
1186                                 + "                             </Target>"
1187                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1188                                 + "                                     <AnyValue release=\"permit\"/>"
1189                                 + "                             </Attribute>"
1190                                 + "                     </Rule>"
1191                                 + "     </AttributeReleasePolicy>";
1192
1193                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1194                 URL url1 = new URL("http://www.example.edu/");
1195                 AAAttributeSet inputSet =
1196                         new AAAttributeSet(
1197                                 new AAAttribute(
1198                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1199                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1200                 AAAttributeSet releaseSet =
1201                         new AAAttributeSet(
1202                                 new AAAttribute(
1203                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1204                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1205
1206                 //Setup the engine
1207                 parser.parse(new InputSource(new StringReader(rawArp)));
1208                 Arp siteArp = new Arp();
1209                 siteArp.marshall(parser.getDocument().getDocumentElement());
1210                 repository.update(siteArp);
1211                 ArpEngine engine = new ArpEngine(repository, props);
1212
1213                 //Apply the ARP
1214                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1215
1216                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1217         }
1218
1219         /**
1220          * ARPs: A site ARP only
1221          * Target: Specific shar, Any Resource (another example)
1222          * Attribute: Any value release
1223          */
1224         void arpApplicationTest13(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1225
1226                 //Gather the Input
1227                 String rawArp =
1228                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1229                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1230                                 + "                     <Rule>"
1231                                 + "                             <Target>"
1232                                 + "                                     <Requester>shar.example.edu</Requester>"
1233                                 + "                                     <AnyResource />"
1234                                 + "                             </Target>"
1235                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1236                                 + "                                     <AnyValue release=\"permit\"/>"
1237                                 + "                             </Attribute>"
1238                                 + "                     </Rule>"
1239                                 + "     </AttributeReleasePolicy>";
1240
1241                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1242                 URL url1 = new URL("https://foo.com/");
1243                 AAAttributeSet inputSet =
1244                         new AAAttributeSet(
1245                                 new AAAttribute(
1246                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1247                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1248                 AAAttributeSet releaseSet =
1249                         new AAAttributeSet(
1250                                 new AAAttribute(
1251                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1252                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1253
1254                 //Setup the engine
1255                 parser.parse(new InputSource(new StringReader(rawArp)));
1256                 Arp siteArp = new Arp();
1257                 siteArp.marshall(parser.getDocument().getDocumentElement());
1258                 repository.update(siteArp);
1259                 ArpEngine engine = new ArpEngine(repository, props);
1260
1261                 //Apply the ARP
1262                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1263
1264                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1265         }
1266
1267         /**
1268          * ARPs: A site ARP only
1269          * Target: Specific shar (no match), Any Resource
1270          * Attribute: Any value release
1271          */
1272         void arpApplicationTest14(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1273
1274                 //Gather the Input
1275                 String rawArp =
1276                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1277                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1278                                 + "                     <Rule>"
1279                                 + "                             <Target>"
1280                                 + "                                     <Requester>shar.example.edu</Requester>"
1281                                 + "                                     <AnyResource />"
1282                                 + "                             </Target>"
1283                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1284                                 + "                                     <AnyValue release=\"permit\"/>"
1285                                 + "                             </Attribute>"
1286                                 + "                     </Rule>"
1287                                 + "     </AttributeReleasePolicy>";
1288
1289                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1290                 URL url1 = new URL("http://www.example.edu/");
1291                 AAAttributeSet inputSet =
1292                         new AAAttributeSet(
1293                                 new AAAttribute(
1294                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1295                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1296
1297                 //Setup the engine
1298                 parser.parse(new InputSource(new StringReader(rawArp)));
1299                 Arp siteArp = new Arp();
1300                 siteArp.marshall(parser.getDocument().getDocumentElement());
1301                 repository.update(siteArp);
1302                 ArpEngine engine = new ArpEngine(repository, props);
1303
1304                 //Apply the ARP
1305                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1306
1307                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1308         }
1309
1310         /**
1311          * ARPs: A site ARP only
1312          * Target: Specific shar, Specific resource
1313          * Attribute: Any value release
1314          */
1315         void arpApplicationTest15(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1316
1317                 //Gather the Input
1318                 String rawArp =
1319                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1320                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1321                                 + "                     <Rule>"
1322                                 + "                             <Target>"
1323                                 + "                                     <Requester>shar.example.edu</Requester>"
1324                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1325                                 + "                             </Target>"
1326                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1327                                 + "                                     <AnyValue release=\"permit\"/>"
1328                                 + "                             </Attribute>"
1329                                 + "                     </Rule>"
1330                                 + "     </AttributeReleasePolicy>";
1331
1332                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1333                 URL url1 = new URL("http://www.example.edu/index.html");
1334                 AAAttributeSet inputSet =
1335                         new AAAttributeSet(
1336                                 new AAAttribute(
1337                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1338                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1339                 AAAttributeSet releaseSet =
1340                         new AAAttributeSet(
1341                                 new AAAttribute(
1342                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1343                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1344
1345                 //Setup the engine
1346                 parser.parse(new InputSource(new StringReader(rawArp)));
1347                 Arp siteArp = new Arp();
1348                 siteArp.marshall(parser.getDocument().getDocumentElement());
1349                 repository.update(siteArp);
1350                 ArpEngine engine = new ArpEngine(repository, props);
1351
1352                 //Apply the ARP
1353                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1354
1355                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1356         }
1357
1358         /**
1359          * ARPs: A site ARP only
1360          * Target: Specific shar, Specific resource (no match)
1361          * Attribute: Any value release
1362          */
1363         void arpApplicationTest16(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1364
1365                 //Gather the Input
1366                 String rawArp =
1367                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1368                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1369                                 + "                     <Rule>"
1370                                 + "                             <Target>"
1371                                 + "                                     <Requester>shar.example.edu</Requester>"
1372                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1373                                 + "                             </Target>"
1374                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1375                                 + "                                     <AnyValue release=\"permit\"/>"
1376                                 + "                             </Attribute>"
1377                                 + "                     </Rule>"
1378                                 + "     </AttributeReleasePolicy>";
1379
1380                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1381                 URL url1 = new URL("https://www.example.edu/index.html");
1382                 AAAttributeSet inputSet =
1383                         new AAAttributeSet(
1384                                 new AAAttribute(
1385                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1386                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1387
1388                 //Setup the engine
1389                 parser.parse(new InputSource(new StringReader(rawArp)));
1390                 Arp siteArp = new Arp();
1391                 siteArp.marshall(parser.getDocument().getDocumentElement());
1392                 repository.update(siteArp);
1393                 ArpEngine engine = new ArpEngine(repository, props);
1394
1395                 //Apply the ARP
1396                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1397
1398                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1399         }
1400
1401         /**
1402          * ARPs: A site ARP only
1403          * Target: Multiple matching rules
1404          * Attribute: various
1405          */
1406         void arpApplicationTest17(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1407
1408                 //Gather the Input
1409                 String rawArp =
1410                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1411                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1412                                 + "                     <Rule>"
1413                                 + "                             <Target>"
1414                                 + "                                     <AnyTarget />"
1415                                 + "                             </Target>"
1416                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1417                                 + "                                     <AnyValue release=\"permit\"/>"
1418                                 + "                             </Attribute>"
1419                                 + "                     </Rule>"
1420                                 + "                     <Rule>"
1421                                 + "                             <Target>"
1422                                 + "                                     <Requester>shar1.example.edu</Requester>"
1423                                 + "                                     <AnyResource />"
1424                                 + "                             </Target>"
1425                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1426                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1427                                 + "                             </Attribute>"
1428                                 + "                     </Rule>"
1429                                 + "                     <Rule>"
1430                                 + "                             <Target>"
1431                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1432                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1433                                 + "                             </Target>"
1434                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1435                                 + "                                     <AnyValue release=\"permit\"/>"
1436                                 + "                             </Attribute>"
1437                                 + "                     </Rule>"
1438                                 + "     </AttributeReleasePolicy>";
1439
1440                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1441                 URL url1 = new URL("https://www.example.edu/index.html");
1442                 AAAttributeSet inputSet =
1443                         new AAAttributeSet(
1444                                 new AAAttribute[] {
1445                                         new AAAttribute(
1446                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1447                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1448                                         new AAAttribute(
1449                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1450                                                 new Object[] { "wassa@columbia.edu" })
1451                 });
1452
1453                 AAAttributeSet releaseSet =
1454                         new AAAttributeSet(
1455                                 new AAAttribute[] {
1456                                         new AAAttribute(
1457                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1458                                                 new Object[] { "wassa@columbia.edu" }),
1459                                         new AAAttribute(
1460                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1461                                                 new Object[] { "member@example.edu" })
1462                 });
1463
1464                 //Setup the engine
1465                 parser.parse(new InputSource(new StringReader(rawArp)));
1466                 Arp siteArp = new Arp();
1467                 siteArp.marshall(parser.getDocument().getDocumentElement());
1468                 repository.update(siteArp);
1469                 ArpEngine engine = new ArpEngine(repository, props);
1470
1471                 //Apply the ARP
1472                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1473
1474                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1475         }
1476
1477         /**
1478          * ARPs: A site ARP only
1479          * Target: Any
1480          * Attribute: Any value release of two attributes in one rule
1481          */
1482         void arpApplicationTest18(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1483
1484                 //Gather the Input
1485                 String rawArp =
1486                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1487                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1488                                 + "                     <Rule>"
1489                                 + "                             <Target>"
1490                                 + "                                     <AnyTarget/>"
1491                                 + "                             </Target>"
1492                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1493                                 + "                                     <AnyValue release=\"permit\"/>"
1494                                 + "                             </Attribute>"
1495                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1496                                 + "                                     <AnyValue release=\"permit\"/>"
1497                                 + "                             </Attribute>"
1498                                 + "                     </Rule>"
1499                                 + "     </AttributeReleasePolicy>";
1500
1501                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1502                 URL url1 = new URL("http://www.example.edu/");
1503                 AAAttributeSet inputSet =
1504                         new AAAttributeSet(
1505                                 new AAAttribute[] {
1506                                         new AAAttribute(
1507                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1508                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1509                                         new AAAttribute(
1510                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1511                                                 new Object[] { "mehoehn@example.edu" })
1512                 });
1513
1514                 AAAttributeSet releaseSet =
1515                         new AAAttributeSet(
1516                                 new AAAttribute[] {
1517                                         new AAAttribute(
1518                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1519                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1520                                         new AAAttribute(
1521                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1522                                                 new Object[] { "mehoehn@example.edu" })
1523                 });
1524
1525                 //Setup the engine
1526                 parser.parse(new InputSource(new StringReader(rawArp)));
1527                 Arp siteArp = new Arp();
1528                 siteArp.marshall(parser.getDocument().getDocumentElement());
1529                 repository.update(siteArp);
1530                 ArpEngine engine = new ArpEngine(repository, props);
1531
1532                 //Apply the ARP
1533                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1534
1535                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1536         }
1537
1538         /**
1539          * ARPs: A user ARP only
1540          * Target: Any
1541          * Attribute: Any value release,
1542          */
1543         void arpApplicationTest19(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1544
1545                 //Gather the Input
1546                 String rawArp =
1547                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1548                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1549                                 + "                     <Rule>"
1550                                 + "                             <Target>"
1551                                 + "                                     <AnyTarget/>"
1552                                 + "                             </Target>"
1553                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1554                                 + "                                     <AnyValue release=\"permit\"/>"
1555                                 + "                             </Attribute>"
1556                                 + "                     </Rule>"
1557                                 + "     </AttributeReleasePolicy>";
1558
1559                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1560                 URL url1 = new URL("http://www.example.edu/");
1561                 AAAttributeSet inputSet =
1562                         new AAAttributeSet(
1563                                 new AAAttribute(
1564                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1565                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1566                 AAAttributeSet releaseSet =
1567                         new AAAttributeSet(
1568                                 new AAAttribute(
1569                                         "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1570                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1571
1572                 //Setup the engine
1573                 parser.parse(new InputSource(new StringReader(rawArp)));
1574                 Arp userArp = new Arp();
1575                 userArp.setPrincipal(principal1);
1576                 userArp.marshall(parser.getDocument().getDocumentElement());
1577                 repository.update(userArp);
1578                 ArpEngine engine = new ArpEngine(repository, props);
1579
1580                 //Apply the ARP
1581                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1582
1583                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1584         }
1585
1586         /**
1587          * ARPs: A site ARP and user ARP
1588          * Target: various
1589          * Attribute: various combinations
1590          */
1591         void arpApplicationTest20(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1592
1593                 //Gather the Input
1594                 String rawSiteArp =
1595                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1596                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1597                                 + "                     <Rule>"
1598                                 + "                             <Target>"
1599                                 + "                                     <AnyTarget/>"
1600                                 + "                             </Target>"
1601                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1602                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1603                                 + "                             </Attribute>"
1604                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1605                                 + "                                     <AnyValue release=\"permit\" />"
1606                                 + "                             </Attribute>"
1607                                 + "                     </Rule>"
1608                                 + "                     <Rule>"
1609                                 + "                             <Target>"
1610                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1611                                 + "                                     <AnyResource />"
1612                                 + "                             </Target>"
1613                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1614                                 + "                                     <AnyValue release=\"permit\"/>"
1615                                 + "                             </Attribute>"
1616                                 + "                     </Rule>"
1617                                 + "                     <Rule>"
1618                                 + "                             <Target>"
1619                                 + "                                     <Requester>www.example.edu</Requester>"
1620                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1621                                 + "                             </Target>"
1622                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1623                                 + "                                     <AnyValue release=\"permit\"/>"
1624                                 + "                             </Attribute>"
1625                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1626                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1627                                 + "                             </Attribute>"
1628                                 + "                     </Rule>"
1629                                 + "                     <Rule>"
1630                                 + "                             <Target>"
1631                                 + "                                     <Requester>www.external.com</Requester>"
1632                                 + "                                     <Resource>http://www.external.com/</Resource>"
1633                                 + "                             </Target>"
1634                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1635                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1636                                 + "                             </Attribute>"
1637                                 + "                     </Rule>"
1638                                 + "     </AttributeReleasePolicy>";
1639
1640                 String rawUserArp =
1641                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1642                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1643                                 + "                     <Rule>"
1644                                 + "                             <Target>"
1645                                 + "                                     <AnyTarget/>"
1646                                 + "                             </Target>"
1647                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1648                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1649                                 + "                             </Attribute>"
1650                                 + "                     </Rule>"
1651                                 + "                     <Rule>"
1652                                 + "                             <Target>"
1653                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1654                                 + "                                     <AnyResource />"
1655                                 + "                             </Target>"
1656                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1657                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1658                                 + "                             </Attribute>"
1659                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1660                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1661                                 + "                             </Attribute>"
1662                                 + "                     </Rule>"
1663                                 + "     </AttributeReleasePolicy>";
1664
1665                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1666                 URL url1 = new URL("http://www.example.edu/test/index.html");
1667
1668                 AAAttributeSet inputSet =
1669                         new AAAttributeSet(
1670                                 new AAAttribute[] {
1671                                         new AAAttribute(
1672                                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1673                                                 new Object[] {
1674                                                         "urn:example:lovesIceCream",
1675                                                         "urn:example:poorlyDressed",
1676                                                         "urn:example:contract:113455",
1677                                                         "urn:example:contract:4657483" }),
1678                                         new AAAttribute(
1679                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1680                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1681                                         new AAAttribute(
1682                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1683                                                 new Object[] { "wassa@example.edu" }),
1684                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1685                 });
1686
1687                 AAAttributeSet releaseSet =
1688                         new AAAttributeSet(
1689                                 new AAAttribute[] {
1690                                         new AAAttribute(
1691                                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1692                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1693                                         new AAAttribute(
1694                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1695                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1696                                         new AAAttribute(
1697                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1698                                                 new Object[] { "wassa@example.edu" }),
1699                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1700                 });
1701
1702                 //Add the site ARP
1703                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1704                 Arp siteArp = new Arp();
1705                 siteArp.marshall(parser.getDocument().getDocumentElement());
1706                 repository.update(siteArp);
1707
1708                 //Add the user ARP
1709                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1710                 Arp userArp = new Arp();
1711                 userArp.setPrincipal(principal1);
1712                 userArp.marshall(parser.getDocument().getDocumentElement());
1713                 repository.update(userArp);
1714
1715                 ArpEngine engine = new ArpEngine(repository, props);
1716
1717                 //Apply the ARP
1718                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1719
1720                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1721         }
1722
1723         /**
1724          * ARPs: A site ARP and user ARP
1725          * Target: various
1726          * Attribute: various combinations (same ARPs as 20, different requester)
1727          */
1728         void arpApplicationTest21(ArpRepository repository, Properties props, DOMParser parser) throws Exception {
1729
1730                 //Gather the Input
1731                 String rawSiteArp =
1732                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1733                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1734                                 + "                     <Rule>"
1735                                 + "                             <Target>"
1736                                 + "                                     <AnyTarget/>"
1737                                 + "                             </Target>"
1738                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1739                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1740                                 + "                             </Attribute>"
1741                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1742                                 + "                                     <AnyValue release=\"permit\" />"
1743                                 + "                             </Attribute>"
1744                                 + "                     </Rule>"
1745                                 + "                     <Rule>"
1746                                 + "                             <Target>"
1747                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1748                                 + "                                     <AnyResource />"
1749                                 + "                             </Target>"
1750                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonPrincipalName\">"
1751                                 + "                                     <AnyValue release=\"permit\"/>"
1752                                 + "                             </Attribute>"
1753                                 + "                     </Rule>"
1754                                 + "                     <Rule>"
1755                                 + "                             <Target>"
1756                                 + "                                     <Requester>www.example.edu</Requester>"
1757                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1758                                 + "                             </Target>"
1759                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1760                                 + "                                     <AnyValue release=\"permit\"/>"
1761                                 + "                             </Attribute>"
1762                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1763                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1764                                 + "                             </Attribute>"
1765                                 + "                     </Rule>"
1766                                 + "                     <Rule>"
1767                                 + "                             <Target>"
1768                                 + "                                     <Requester>www.external.com</Requester>"
1769                                 + "                                     <Resource>http://www.external.com/</Resource>"
1770                                 + "                             </Target>"
1771                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1772                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1773                                 + "                             </Attribute>"
1774                                 + "                     </Rule>"
1775                                 + "     </AttributeReleasePolicy>";
1776
1777                 String rawUserArp =
1778                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1779                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1780                                 + "                     <Rule>"
1781                                 + "                             <Target>"
1782                                 + "                                     <AnyTarget/>"
1783                                 + "                             </Target>"
1784                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1785                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1786                                 + "                             </Attribute>"
1787                                 + "                     </Rule>"
1788                                 + "                     <Rule>"
1789                                 + "                             <Target>"
1790                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1791                                 + "                                     <AnyResource />"
1792                                 + "                             </Target>"
1793                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonAffiliation\">"
1794                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1795                                 + "                             </Attribute>"
1796                                 + "                             <Attribute name=\"urn:mace:eduPerson:1.0:eduPersonEntitlement\">"
1797                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1798                                 + "                             </Attribute>"
1799                                 + "                     </Rule>"
1800                                 + "     </AttributeReleasePolicy>";
1801
1802                 Principal principal1 = new AuthNPrincipal("TestPrincipal");
1803                 URL url1 = new URL("http://www.external.com/");
1804
1805                 AAAttributeSet inputSet =
1806                         new AAAttributeSet(
1807                                 new AAAttribute[] {
1808                                         new AAAttribute(
1809                                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1810                                                 new Object[] {
1811                                                         "urn:example:lovesIceCream",
1812                                                         "urn:example:poorlyDressed",
1813                                                         "urn:example:contract:113455",
1814                                                         "urn:example:contract:4657483" }),
1815                                         new AAAttribute(
1816                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1817                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1818                                         new AAAttribute(
1819                                                 "urn:mace:eduPerson:1.0:eduPersonPrincipalName",
1820                                                 new Object[] { "wassa@example.edu" }),
1821                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1822                 });
1823
1824                 AAAttributeSet releaseSet =
1825                         new AAAttributeSet(
1826                                 new AAAttribute[] {
1827                                         new AAAttribute(
1828                                                 "urn:mace:eduPerson:1.0:eduPersonEntitlement",
1829                                                 new Object[] { "urn:example:contract:113455" }),
1830                                         new AAAttribute(
1831                                                 "urn:mace:eduPerson:1.0:eduPersonAffiliation",
1832                                                 new Object[] { "member@example.edu" }),
1833                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1834                 });
1835
1836                 //Add the site ARP
1837                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1838                 Arp siteArp = new Arp();
1839                 siteArp.marshall(parser.getDocument().getDocumentElement());
1840                 repository.update(siteArp);
1841
1842                 //Add the user ARP
1843                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1844                 Arp userArp = new Arp();
1845                 userArp.setPrincipal(principal1);
1846                 userArp.marshall(parser.getDocument().getDocumentElement());
1847                 repository.update(userArp);
1848
1849                 ArpEngine engine = new ArpEngine(repository, props);
1850
1851                 //Apply the ARP
1852                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1853
1854                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1855         }
1856
1857 }