Better name for principal class.
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /* 
2  * The Shibboleth License, Version 1. 
3  * Copyright (c) 2002 
4  * University Corporation for Advanced Internet Development, Inc. 
5  * All rights reserved
6  * 
7  * 
8  * Redistribution and use in source and binary forms, with or without 
9  * modification, are permitted provided that the following conditions are met:
10  * 
11  * Redistributions of source code must retain the above copyright notice, this 
12  * list of conditions and the following disclaimer.
13  * 
14  * Redistributions in binary form must reproduce the above copyright notice, 
15  * this list of conditions and the following disclaimer in the documentation 
16  * and/or other materials provided with the distribution, if any, must include 
17  * the following acknowledgment: "This product includes software developed by 
18  * the University Corporation for Advanced Internet Development 
19  * <http://www.ucaid.edu>Internet2 Project. Alternately, this acknowledegement 
20  * may appear in the software itself, if and wherever such third-party 
21  * acknowledgments normally appear.
22  * 
23  * Neither the name of Shibboleth nor the names of its contributors, nor 
24  * Internet2, nor the University Corporation for Advanced Internet Development, 
25  * Inc., nor UCAID may be used to endorse or promote products derived from this 
26  * software without specific prior written permission. For written permission, 
27  * please contact shibboleth@shibboleth.org
28  * 
29  * Products derived from this software may not be called Shibboleth, Internet2, 
30  * UCAID, or the University Corporation for Advanced Internet Development, nor 
31  * may Shibboleth appear in their name, without prior written permission of the 
32  * University Corporation for Advanced Internet Development.
33  * 
34  * 
35  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 
36  * AND WITH ALL FAULTS. ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 
37  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A 
38  * PARTICULAR PURPOSE, AND NON-INFRINGEMENT ARE DISCLAIMED AND THE ENTIRE RISK 
39  * OF SATISFACTORY QUALITY, PERFORMANCE, ACCURACY, AND EFFORT IS WITH LICENSEE. 
40  * IN NO EVENT SHALL THE COPYRIGHT OWNER, CONTRIBUTORS OR THE UNIVERSITY 
41  * CORPORATION FOR ADVANCED INTERNET DEVELOPMENT, INC. BE LIABLE FOR ANY DIRECT, 
42  * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES 
43  * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 
44  * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND 
45  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 
46  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 
47  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
48  */
49
50 package edu.internet2.middleware.shibboleth.aa.arp;
51
52 import java.io.File;
53 import java.io.FileInputStream;
54 import java.io.InputStream;
55 import java.io.StringReader;
56 import java.net.MalformedURLException;
57 import java.net.URI;
58 import java.net.URISyntaxException;
59 import java.net.URL;
60 import java.security.Principal;
61 import java.util.Arrays;
62 import java.util.HashSet;
63
64 import javax.xml.parsers.DocumentBuilderFactory;
65 import javax.xml.parsers.ParserConfigurationException;
66
67 import junit.framework.TestCase;
68
69 import org.apache.log4j.BasicConfigurator;
70 import org.apache.log4j.Level;
71 import org.apache.log4j.Logger;
72 import org.w3c.dom.Document;
73 import org.w3c.dom.Element;
74 import org.w3c.dom.Text;
75 import org.xml.sax.InputSource;
76
77 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
78 import edu.internet2.middleware.shibboleth.aa.AAAttributeSet;
79 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
80 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
81 import edu.internet2.middleware.shibboleth.xml.Parser;
82
83 /**
84  * Validation suite for <code>Arp</code> processing.
85  * 
86  * @author Walter Hoehn(wassa@columbia.edu)
87  */
88
89 public class ArpTests extends TestCase {
90
91         private Parser.DOMParser parser = new Parser.DOMParser(true);
92         Element memoryRepositoryElement;
93         private String[] arpExamples =
94                 {
95                         "data/example1.xml",
96                         "data/example2.xml",
97                         "data/example3.xml",
98                         "data/example4.xml",
99                         "data/example5.xml",
100                         "data/example6.xml",
101                         "data/example7.xml",
102                         "data/example8.xml",
103                         "data/example9.xml",
104                         "data/example10.xml",
105                         "data/example11.xml",
106                         "data/example12.xml" };
107
108         public ArpTests(String name) {
109                 super(name);
110                 BasicConfigurator.resetConfiguration();
111                 BasicConfigurator.configure();
112                 Logger.getRootLogger().setLevel(Level.OFF);
113         }
114
115         public static void main(String[] args) {
116                 junit.textui.TestRunner.run(ArpTests.class);
117                 BasicConfigurator.configure();
118                 Logger.getRootLogger().setLevel(Level.OFF);
119         }
120
121         /**
122          * @see junit.framework.TestCase#setUp()
123          */
124         protected void setUp() throws Exception {
125                 super.setUp();
126
127                 // Setup an xml parser
128
129                 //Setup a dummy xml config for a Memory-based repository
130                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
131                 docFactory.setNamespaceAware(true);
132                 Document placeHolder;
133                 try {
134                         placeHolder = docFactory.newDocumentBuilder().newDocument();
135
136                         memoryRepositoryElement =
137                                 placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
138                         memoryRepositoryElement.setAttributeNS(
139                                 IdPConfig.configNameSpace,
140                                 "implementation",
141                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
142                 } catch (ParserConfigurationException e) {
143                         fail("Failed to create memory-based Arp Repository configuration" + e);
144                 }
145         }
146
147         public void testArpMarshalling() {
148
149                 //Test ARP description
150                 try {
151                         InputStream inStream = new FileInputStream("data/arp1.xml");
152                         parser.parse(new InputSource(inStream));
153                         Arp arp1 = new Arp();
154                         arp1.marshall(parser.getDocument().getDocumentElement());
155                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
156
157                         //Test Rule description
158                         assertEquals(
159                                 "ARP Rule Description not marshalled properly",
160                                 arp1.getAllRules()[0].getDescription(),
161                                 "Example Rule Description.");
162                 } catch (Exception e) {
163                         fail("Failed to marshall ARP: " + e);
164                 }
165
166                 //Test case where ARP description does not exist
167                 try {
168                         InputStream inStream = new FileInputStream("data/arp2.xml");
169                         parser.parse(new InputSource(inStream));
170                         Arp arp2 = new Arp();
171                         arp2.marshall(parser.getDocument().getDocumentElement());
172                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
173
174                         //Test case where ARP Rule description does not exist   
175                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules()[0].getDescription());
176                 } catch (Exception e) {
177                         fail("Failed to marshall ARP.");
178                 }
179
180         }
181
182         public void testMatchingFunctions() {
183
184                 try {
185
186                         /*
187                          * Test Arp Engine function retrieval
188                          */
189
190                         //Lookup a function that doesn't exist
191                         MatchFunction noFunction =
192                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:dummy"));
193                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
194
195                         //Lookup some real functions
196                         MatchFunction stringMatch =
197                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringMatch"));
198                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
199                         MatchFunction stringValue =
200                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringValue"));
201                         assertNotNull("ArpEngine did not properly load the String Value function.", stringValue);
202                         MatchFunction exactSharFunction =
203                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:exactShar"));
204                         assertNotNull("ArpEngine did not properly load the Exact SHAR function.", exactSharFunction);
205                         MatchFunction resourceTreeFunction =
206                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:resourceTree"));
207                         assertNotNull("ArpEngine did not properly load the Resource Tree SHAR function.", resourceTreeFunction);
208                         MatchFunction regexFunction =
209                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexMatch"));
210                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
211                         MatchFunction regexNotFunction =
212                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
213                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
214                         MatchFunction stringNotFunction =
215                                 ArpEngine.lookupMatchFunction(new URI("urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
216                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
217
218                         /* 
219                          * Test the Exact SHAR function (requester)
220                          */
221
222                         assertTrue(
223                                 "Exact SHAR function: false negative",
224                                 exactSharFunction.match("shar.example.edu", "shar.example.edu"));
225                         assertTrue(
226                                 "Exact SHAR function: false positive",
227                                 !exactSharFunction.match("shar.example.edu", "www.example.edu"));
228                         assertTrue(
229                                 "Exact SHAR function: false positive",
230                                 !exactSharFunction.match("example.edu", "shar.example.edu"));
231
232                         //Make sure we properly handle bad input
233                         try {
234                                 exactSharFunction.match(null, null);
235                                 fail("Exact SHAR function seems to take improper input without throwing an exception.");
236                         } catch (ArpException ie) {
237                                 //This is supposed to fail
238                         }
239
240                         /*
241                          * Test the Resource Tree function (resource)
242                          */
243
244                         URL requestURL1 = new URL("http://www.example.edu/test/");
245                         URL requestURL2 = new URL("http://www.example.edu/test/index.html");
246                         URL requestURL3 = new URL("http://www.example.edu/test2/index.html");
247                         URL requestURL4 = new URL("http://www.example.edu/test2/index.html?test1=test1");
248
249                         assertTrue(
250                                 "Resource Tree function: false negative",
251                                 resourceTreeFunction.match("http://www.example.edu/", requestURL1));
252                         assertTrue(
253                                 "Resource Tree function: false positive",
254                                 !resourceTreeFunction.match("https://www.example.edu/", requestURL1));
255                         assertTrue(
256                                 "Resource Tree function: false negative",
257                                 resourceTreeFunction.match("http://www.example.edu:80/", requestURL1));
258                         assertTrue(
259                                 "Resource Tree function: false positive",
260                                 !resourceTreeFunction.match("http://www.example.edu:81/", requestURL1));
261                         assertTrue(
262                                 "Resource Tree function: false negative",
263                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL1));
264                         assertTrue(
265                                 "Resource Tree function: false negative",
266                                 resourceTreeFunction.match("http://www.example.edu/test/", requestURL2));
267                         assertTrue(
268                                 "Resource Tree function: false negative",
269                                 resourceTreeFunction.match("http://www.example.edu/", requestURL3));
270                         assertTrue(
271                                 "Resource Tree function: false positive",
272                                 !resourceTreeFunction.match("http://www.example.edu/test/", requestURL3));
273                         assertTrue(
274                                 "Resource Tree function: false negative",
275                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL3));
276                         assertTrue(
277                                 "Resource Tree function: false negative",
278                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html", requestURL4));
279                         assertTrue(
280                                 "Resource Tree function: false negative",
281                                 resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL4));
282                         assertTrue(
283                                 "Resource Tree function: false positive",
284                                 !resourceTreeFunction.match("http://www.example.edu/test2/index.html?test1=test1", requestURL3));
285
286                         //Make sure we properly handle bad input
287                         try {
288                                 resourceTreeFunction.match(null, null);
289                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
290                         } catch (ArpException ie) {
291                                 //This is supposed to fail
292                         }
293                         try {
294                                 resourceTreeFunction.match("Test", "Test");
295                                 fail("Resource Tree function seems to take improper input without throwing an exception.");
296                         } catch (ArpException ie) {
297                                 //This is supposed to fail
298                         }
299
300                         /*
301                          * Test the Regex function (requester & resource)
302                          */
303
304                         //Try requester regexes
305                         assertTrue(
306                                 "Regex function: false negative",
307                                 regexFunction.match("^shar\\.example\\.edu$", "shar.example.edu"));
308                         assertTrue(
309                                 "Regex function: false negative",
310                                 regexFunction.match("^.*\\.example\\.edu$", "shar.example.edu"));
311                         assertTrue(
312                                 "Regex function: false negative",
313                                 regexFunction.match("^shar[1-9]?\\.example\\.edu$", "shar1.example.edu"));
314                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
315                         assertTrue(
316                                 "Regex function: false positive",
317                                 !regexFunction.match("^shar[1-9]\\.example\\.edu$", "shar.example.edu"));
318                         assertTrue(
319                                 "Regex function: false positive",
320                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.edu"));
321                         assertTrue(
322                                 "Regex function: false positive",
323                                 !regexFunction.match("^shar\\.example\\.edu$", "www.example.com"));
324
325                         //Try resource regexes
326                         assertTrue(
327                                 "Regex function: false negative",
328                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL1));
329                         assertTrue(
330                                 "Regex function: false negative",
331                                 regexFunction.match("^http://www\\.example\\.edu/.*$", requestURL2));
332                         assertTrue(
333                                 "Regex function: false negative",
334                                 regexFunction.match("^http://.*\\.example\\.edu/.*$", requestURL2));
335                         assertTrue(
336                                 "Regex function: false negative",
337                                 regexFunction.match("^https?://.*\\.example\\.edu/.*$", requestURL2));
338                         assertTrue("Regex function: false negative", regexFunction.match(".*", requestURL2));
339                         assertTrue(
340                                 "Regex function: false positive",
341                                 !regexFunction.match("^https?://.*\\.example\\.edu/$", requestURL2));
342                         assertTrue(
343                                 "Regex function: false positive",
344                                 !regexFunction.match("^https?://www\\.example\\.edu/test/$", requestURL3));
345
346                         //Make sure we properly handle bad input
347                         try {
348                                 regexFunction.match(null, null);
349                                 fail("Regex function seems to take improper input without throwing an exception.");
350                         } catch (ArpException ie) {
351                                 //This is supposed to fail
352                         }
353                         
354                         // Test the StringNotMatch function
355                         assertFalse(
356                                         "StringNotMatch function: false positive",
357                                         stringNotFunction.match("foo", "foo"));
358                         assertTrue(
359                                         "StringNotMatch function: false negative",
360                                         stringNotFunction.match("foo", "bar"));
361                         //Make sure we properly handle bad input
362                         try {
363                                 stringNotFunction.match(null, null);
364                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
365                         } catch (ArpException ie) {
366                                 //This is supposed to fail
367                         }
368                         
369                         //Test the RegexNotMatch function
370                         
371                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
372                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
373                         
374                         // Make sure we properly handle bad input
375                         try {
376                                 regexNotFunction.match(null, null);
377                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
378                         } catch (ArpException ie) {
379                                 //This is supposed to fail
380                         }
381                         
382                         
383                         
384                         
385                         
386
387                 } catch (ArpException e) {
388                         fail("Encountered a problem loading match function: " + e);
389                 } catch (URISyntaxException e) {
390                         fail("Unable to create URI from test string.");
391                 } catch (MalformedURLException e) {
392                         fail("Couldn't create test URLs: " + e);
393                 }
394
395         }
396
397         public void testRepositories() {
398
399                 /*
400                  * Test the Factory
401                  */
402
403                 //Make sure we fail if an unavailable Repository implementation is specified
404                 ArpRepository repository = null;
405
406                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
407                 docFactory.setNamespaceAware(true);
408                 Document placeHolder;
409                 try {
410                         placeHolder = docFactory.newDocumentBuilder().newDocument();
411
412                         Element repositoryElement =
413                                 placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
414                         repositoryElement.setAttributeNS(
415                                 IdPConfig.configNameSpace,
416                                 "implementation",
417                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
418
419                         ArpRepositoryFactory.getInstance(repositoryElement);
420
421                 } catch (ParserConfigurationException e) {
422                         fail("Failed to create bogus Arp Repository configuration" + e);
423
424                 } catch (ArpRepositoryException e) {
425                         //This is supposed to fail
426                 }
427
428                 // Make sure we can create an Arp Repository
429                 repository = null;
430                 try {
431                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
432                 } catch (ArpRepositoryException e) {
433                         fail("Failed to create memory-based Arp Repository" + e);
434                 }
435                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
436
437                 /*
438                  * Exercise the Memory Arp Repository
439                  */
440
441                 //Set/retrieve/remove a Site ARP
442                 Arp siteArp1 = new Arp();
443                 siteArp1.setDescription("Test Site Arp 1.");
444                 try {
445                         repository.update(siteArp1);
446                         assertEquals(
447                                 "Memory Repository does not store and retrieve Site ARPs properly.",
448                                 siteArp1,
449                                 repository.getSitePolicy());
450                         repository.remove(repository.getSitePolicy());
451                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
452                 } catch (ArpRepositoryException e) {
453                         fail("Error adding Site ARP to Memory Repository.");
454                 }
455
456                 //Set/retrieve/delete some user ARPs
457                 Arp userArp1 = new Arp();
458                 userArp1.setDescription("Broken User Arp 1.");
459                 try {
460                         repository.update(userArp1);
461                         assertTrue(
462                                 "Memory Repository does not store and retrieve User ARPs properly.",
463                                 (!userArp1.equals(repository.getUserPolicy(userArp1.getPrincipal()))));
464                 } catch (ArpRepositoryException e) {
465                         fail("Error adding User ARP to Memory Repository.");
466                 }
467
468                 Arp userArp2 = new Arp(new LocalPrincipal("TestPrincipal"));
469                 userArp2.setDescription("Test User Arp 2.");
470                 try {
471                         repository.update(userArp2);
472                         assertEquals(
473                                 "Memory Repository does not store and retrieve User ARPs properly.",
474                                 userArp2,
475                                 repository.getUserPolicy(userArp2.getPrincipal()));
476                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
477                         assertNull(
478                                 "Memorty Repository does not properly delete User ARPs.",
479                                 repository.getUserPolicy(userArp2.getPrincipal()));
480                 } catch (ArpRepositoryException e) {
481                         fail("Error adding User ARP to Memory Repository.");
482                 }
483
484                 //create a repository
485                 repository = null;
486
487                 try {
488                         placeHolder = docFactory.newDocumentBuilder().newDocument();
489
490                         Element repositoryElement =
491                                 placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
492                         repositoryElement.setAttributeNS(
493                                 IdPConfig.configNameSpace,
494                                 "implementation",
495                                 "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
496                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "arpTTL", "65535");
497
498                         Element path = placeHolder.createElementNS(IdPConfig.configNameSpace, "Path");
499                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
500                         path.appendChild(text);
501
502                         repositoryElement.appendChild(path);
503
504                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
505
506                 } catch (ArpRepositoryException e) {
507                         fail("Failed to create file-based Arp Repository" + e);
508                 } catch (ParserConfigurationException e) {
509                         fail("Failed to create file-based Arp Repository configuration" + e);
510                 }
511
512                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
513
514                 try {
515                         Arp siteArp = repository.getSitePolicy();
516
517                         InputStream inStream = new FileInputStream("data/arp.site.xml");
518                         parser.parse(new InputSource(inStream));
519                         String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
520
521                         String processedXML = Parser.serialize(siteArp.unmarshall());
522
523                         assertTrue(
524                                 "File-based ARP Repository did not return the correct site ARP.",
525                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
526                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
527
528                         Arp userArp = repository.getUserPolicy(new LocalPrincipal("test"));
529
530                         inStream = new FileInputStream("data/arp.user.test.xml");
531                         parser.parse(new InputSource(inStream));
532                         directXML = Parser.serialize(parser.getDocument().getDocumentElement());
533
534                         processedXML = Parser.serialize(userArp.unmarshall());
535
536                         assertTrue(
537                                 "File-based ARP Repository did not return the correct user ARP.",
538                                 directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
539                                         processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
540
541                         Arp[] allArps = repository.getAllPolicies(new LocalPrincipal("test"));
542
543                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
544
545                 } catch (Exception e) {
546                         fail("Error retrieving ARP from Repository: " + e);
547                 }
548
549         }
550
551         public void testPossibleReleaseSetComputation() {
552
553                 ArpRepository repository = null;
554                 try {
555                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
556                 } catch (ArpRepositoryException e) {
557                         fail("Failed to create memory-based Arp Repository" + e);
558                 }
559
560                 try {
561                         Principal principal1 = new LocalPrincipal("TestPrincipal");
562                         URL url1 = new URL("http://www.example.edu/");
563                         URI[] list1 = { new URI("urn:mace:dir:attribute-def:eduPersonAffiliation")};
564                         URI[] list2 =
565                                 {
566                                         new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"),
567                                         new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName")};
568                         URI[] list3 = new URI[0];
569
570                         //Test with just a site ARP
571                         InputStream inStream = new FileInputStream("data/arp1.xml");
572                         parser.parse(new InputSource(inStream));
573                         Arp arp1 = new Arp();
574                         arp1.marshall(parser.getDocument().getDocumentElement());
575                         repository.update(arp1);
576                         ArpEngine engine = new ArpEngine(repository);
577                         URI[] possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
578                         assertEquals(
579                                 "Incorrectly computed possible release set (1).",
580                                 new HashSet(Arrays.asList(possibleAttributes)),
581                                 new HashSet(Arrays.asList(list1)));
582
583                         //Test with site and user ARPs
584                         inStream = new FileInputStream("data/arp7.xml");
585                         parser.parse(new InputSource(inStream));
586                         Arp arp7 = new Arp();
587                         arp7.setPrincipal(principal1);
588                         arp7.marshall(parser.getDocument().getDocumentElement());
589                         repository.update(arp7);
590                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
591                         assertEquals(
592                                 "Incorrectly computed possible release set (2).",
593                                 new HashSet(Arrays.asList(possibleAttributes)),
594                                 new HashSet(Arrays.asList(list2)));
595
596                         //Ensure that explicit denies on any value are not in the release set
597                         inStream = new FileInputStream("data/arp6.xml");
598                         parser.parse(new InputSource(inStream));
599                         Arp arp6 = new Arp();
600                         arp6.setPrincipal(principal1);
601                         arp6.marshall(parser.getDocument().getDocumentElement());
602                         repository.update(arp6);
603                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu", url1);
604                         assertEquals(
605                                 "Incorrectly computed possible release set (3).",
606                                 new HashSet(Arrays.asList(possibleAttributes)),
607                                 new HashSet(Arrays.asList(list3)));
608
609                 } catch (Exception e) {
610                         e.printStackTrace();
611                         fail("Failed to marshall ARP: " + e);
612                 }
613
614         }
615
616         public void testArpApplication() {
617
618                 //Construct an engine with a memory-based repository
619                 ArpRepository repository = null;
620                 try {
621                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
622
623                 } catch (ArpRepositoryException e) {
624                         fail("Failed to create memory-based Arp Repository" + e);
625                 }
626
627                 try {
628
629                         arpApplicationTest1(repository, parser);
630                         arpApplicationTest2(repository, parser);
631                         arpApplicationTest3(repository, parser);
632                         arpApplicationTest4(repository, parser);
633                         arpApplicationTest5(repository, parser);
634                         arpApplicationTest6(repository, parser);
635                         arpApplicationTest7(repository, parser);
636                         arpApplicationTest8(repository, parser);
637                         arpApplicationTest9(repository, parser);
638                         arpApplicationTest10(repository, parser);
639                         arpApplicationTest11(repository, parser);
640                         arpApplicationTest12(repository, parser);
641                         arpApplicationTest13(repository, parser);
642                         arpApplicationTest14(repository, parser);
643                         arpApplicationTest15(repository, parser);
644                         arpApplicationTest16(repository, parser);
645                         arpApplicationTest17(repository, parser);
646                         arpApplicationTest18(repository, parser);
647                         arpApplicationTest19(repository, parser);
648                         arpApplicationTest20(repository, parser);
649                         arpApplicationTest21(repository, parser);
650                         arpApplicationTest22(repository, parser);
651                         arpApplicationTest23(repository, parser);
652                         arpApplicationTest24(repository, parser);
653
654                 } catch (Exception e) {
655                         e.printStackTrace();
656                         fail("Failed to apply filter to ARPs: " + e);
657                 }
658         }
659
660         public void testRoundtripMarshalling() {
661
662                 try {
663                         for (int i = 0; i < arpExamples.length; i++) {
664
665                                 InputStream inStream = new FileInputStream(arpExamples[i]);
666                                 parser.parse(new InputSource(inStream));
667                                 String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
668
669                                 Arp arp1 = new Arp();
670                                 arp1.marshall(parser.getDocument().getDocumentElement());
671
672                                 String processedXML = Parser.serialize(arp1.unmarshall());
673
674                                 assertTrue(
675                                         "Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")",
676                                         directXML.toString().replaceAll(">[\t\r\n ]+<", "><").equals(
677                                                 processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
678                         }
679
680                 } catch (Exception e) {
681                         fail("Failed to marshall ARP: " + e);
682                 }
683
684         }
685         /**
686          * ARPs: A site ARP only
687          * Target: Any
688          * Attribute: Any value release,
689          */
690         void arpApplicationTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
691
692                 //Gather the Input
693                 String rawArp =
694                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
695                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
696                                 + "                     <Rule>"
697                                 + "                             <Target>"
698                                 + "                                     <AnyTarget/>"
699                                 + "                             </Target>"
700                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
701                                 + "                                     <AnyValue release=\"permit\"/>"
702                                 + "                             </Attribute>"
703                                 + "                     </Rule>"
704                                 + "     </AttributeReleasePolicy>";
705
706                 Principal principal1 = new LocalPrincipal("TestPrincipal");
707                 URL url1 = new URL("http://www.example.edu/");
708                 AAAttributeSet inputSet =
709                         new AAAttributeSet(
710                                 new AAAttribute(
711                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
712                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
713
714                 AAAttributeSet releaseSet =
715                         new AAAttributeSet(
716                                 new AAAttribute(
717                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
718                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
719
720                 //Setup the engine
721                 parser.parse(new InputSource(new StringReader(rawArp)));
722                 Arp siteArp = new Arp();
723                 siteArp.marshall(parser.getDocument().getDocumentElement());
724                 repository.update(siteArp);
725                 ArpEngine engine = new ArpEngine(repository);
726
727                 //Apply the ARP
728                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
729
730                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
731         }
732
733         /**
734          * ARPs: A site ARP only
735          * Target: Any
736          * Attribute: Any value release, implicit deny
737          */
738         void arpApplicationTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
739
740                 //Gather the Input
741                 String rawArp =
742                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
743                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
744                                 + "                     <Rule>"
745                                 + "                             <Target>"
746                                 + "                                     <AnyTarget/>"
747                                 + "                             </Target>"
748                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
749                                 + "                                     <AnyValue release=\"permit\"/>"
750                                 + "                             </Attribute>"
751                                 + "                     </Rule>"
752                                 + "     </AttributeReleasePolicy>";
753
754                 Principal principal1 = new LocalPrincipal("TestPrincipal");
755                 URL url1 = new URL("http://www.example.edu/");
756                 AAAttributeSet inputSet =
757                         new AAAttributeSet(
758                                 new AAAttribute[] {
759                                         new AAAttribute(
760                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
761                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
762                                         new AAAttribute(
763                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
764                                                 new Object[] { "mehoehn@example.edu" })
765                 });
766
767                 AAAttributeSet releaseSet =
768                         new AAAttributeSet(
769                                 new AAAttribute[] {
770                                          new AAAttribute(
771                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
772                                                 new Object[] { "member@example.edu", "faculty@example.edu" })
773                 });
774
775                 //Setup the engine
776                 parser.parse(new InputSource(new StringReader(rawArp)));
777                 Arp siteArp = new Arp();
778                 siteArp.marshall(parser.getDocument().getDocumentElement());
779                 repository.update(siteArp);
780                 ArpEngine engine = new ArpEngine(repository);
781
782                 //Apply the ARP
783                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
784
785                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
786         }
787
788         /**
789          * ARPs: A site ARP only
790          * Target: Any
791          * Attribute: One value release
792          */
793         void arpApplicationTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
794
795                 //Gather the Input
796                 String rawArp =
797                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
798                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
799                                 + "                     <Rule>"
800                                 + "                             <Target>"
801                                 + "                                     <AnyTarget/>"
802                                 + "                             </Target>"
803                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
804                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
805                                 + "                             </Attribute>"
806                                 + "                     </Rule>"
807                                 + "     </AttributeReleasePolicy>";
808
809                 Principal principal1 = new LocalPrincipal("TestPrincipal");
810                 URL url1 = new URL("http://www.example.edu/");
811                 AAAttributeSet inputSet =
812                         new AAAttributeSet(
813                                 new AAAttribute(
814                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
815                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
816                 AAAttributeSet releaseSet =
817                         new AAAttributeSet(
818                                 new AAAttribute(
819                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
820                                         new Object[] { "member@example.edu" }));
821
822                 //Setup the engine
823                 parser.parse(new InputSource(new StringReader(rawArp)));
824                 Arp siteArp = new Arp();
825                 siteArp.marshall(parser.getDocument().getDocumentElement());
826                 repository.update(siteArp);
827                 ArpEngine engine = new ArpEngine(repository);
828
829                 //Apply the ARP
830                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
831
832                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
833         }
834
835         /**
836          * ARPs: A site ARP only
837          * Target: Any
838          * Attribute: Any value except one release, canonical representation
839          */
840         void arpApplicationTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
841
842                 //Gather the Input
843                 String rawArp =
844                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
845                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
846                                 + "                     <Rule>"
847                                 + "                             <Target>"
848                                 + "                                     <AnyTarget/>"
849                                 + "                             </Target>"
850                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
851                                 + "                                     <AnyValue release=\"permit\"/>"
852                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
853                                 + "                             </Attribute>"
854                                 + "                     </Rule>"
855                                 + "     </AttributeReleasePolicy>";
856
857                 Principal principal1 = new LocalPrincipal("TestPrincipal");
858                 URL url1 = new URL("http://www.example.edu/");
859                 AAAttributeSet inputSet =
860                         new AAAttributeSet(
861                                 new AAAttribute(
862                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
863                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
864                 AAAttributeSet releaseSet =
865                         new AAAttributeSet(
866                                 new AAAttribute(
867                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
868                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
869
870                 //Setup the engine
871                 parser.parse(new InputSource(new StringReader(rawArp)));
872                 Arp siteArp = new Arp();
873                 siteArp.marshall(parser.getDocument().getDocumentElement());
874                 repository.update(siteArp);
875                 ArpEngine engine = new ArpEngine(repository);
876
877                 //Apply the ARP
878                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
879
880                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
881         }
882
883         /**
884          * ARPs: A site ARP only
885          * Target: Any
886          * Attribute: Any value except one release, expanded representation
887          */
888         void arpApplicationTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
889
890                 //Gather the Input
891                 String rawArp =
892                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
893                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
894                                 + "                     <Rule>"
895                                 + "                             <Target>"
896                                 + "                                     <AnyTarget/>"
897                                 + "                             </Target>"
898                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
899                                 + "                                     <AnyValue release=\"permit\"/>"
900                                 + "                             </Attribute>"
901                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
902                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
903                                 + "                             </Attribute>"
904                                 + "                     </Rule>"
905                                 + "     </AttributeReleasePolicy>";
906
907                 Principal principal1 = new LocalPrincipal("TestPrincipal");
908                 URL url1 = new URL("http://www.example.edu/");
909                 AAAttributeSet inputSet =
910                         new AAAttributeSet(
911                                 new AAAttribute(
912                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
913                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
914                 AAAttributeSet releaseSet =
915                         new AAAttributeSet(
916                                 new AAAttribute(
917                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
918                                         new Object[] { "faculty@example.edu", "employee@example.edu" }));
919
920                 //Setup the engine
921                 parser.parse(new InputSource(new StringReader(rawArp)));
922                 Arp siteArp = new Arp();
923                 siteArp.marshall(parser.getDocument().getDocumentElement());
924                 repository.update(siteArp);
925                 ArpEngine engine = new ArpEngine(repository);
926
927                 //Apply the ARP
928                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
929
930                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
931         }
932
933         /**
934          * ARPs: A site ARP only
935          * Target: Any
936          * Attribute: Any value except two release, expanded representation
937          */
938         void arpApplicationTest6(ArpRepository repository, Parser.DOMParser parser) throws Exception {
939
940                 //Gather the Input
941                 String rawArp =
942                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
943                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
944                                 + "                     <Rule>"
945                                 + "                             <Target>"
946                                 + "                                     <AnyTarget/>"
947                                 + "                             </Target>"
948                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
949                                 + "                                     <AnyValue release=\"permit\"/>"
950                                 + "                             </Attribute>"
951                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
952                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
953                                 + "                             </Attribute>"
954                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
955                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
956                                 + "                             </Attribute>"
957                                 + "                     </Rule>"
958                                 + "     </AttributeReleasePolicy>";
959
960                 Principal principal1 = new LocalPrincipal("TestPrincipal");
961                 URL url1 = new URL("http://www.example.edu/");
962                 AAAttributeSet inputSet =
963                         new AAAttributeSet(
964                                 new AAAttribute(
965                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
966                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
967                 AAAttributeSet releaseSet =
968                         new AAAttributeSet(
969                                 new AAAttribute(
970                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
971                                         new Object[] { "employee@example.edu" }));
972
973                 //Setup the engine
974                 parser.parse(new InputSource(new StringReader(rawArp)));
975                 Arp siteArp = new Arp();
976                 siteArp.marshall(parser.getDocument().getDocumentElement());
977                 repository.update(siteArp);
978                 ArpEngine engine = new ArpEngine(repository);
979
980                 //Apply the ARP
981                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
982
983                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
984         }
985
986         /**
987          * ARPs: A site ARP only
988          * Target: Any
989          * Attribute: Two value release, canonical representation
990          */
991         void arpApplicationTest7(ArpRepository repository, Parser.DOMParser parser) throws Exception {
992
993                 //Gather the Input
994                 String rawArp =
995                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
996                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
997                                 + "                     <Rule>"
998                                 + "                             <Target>"
999                                 + "                                     <AnyTarget/>"
1000                                 + "                             </Target>"
1001                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1002                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1003                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1004                                 + "                             </Attribute>"
1005                                 + "                     </Rule>"
1006                                 + "     </AttributeReleasePolicy>";
1007
1008                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1009                 URL url1 = new URL("http://www.example.edu/");
1010                 AAAttributeSet inputSet =
1011                         new AAAttributeSet(
1012                                 new AAAttribute(
1013                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1014                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1015                 AAAttributeSet releaseSet =
1016                         new AAAttributeSet(
1017                                 new AAAttribute(
1018                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1019                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1020
1021                 //Setup the engine
1022                 parser.parse(new InputSource(new StringReader(rawArp)));
1023                 Arp siteArp = new Arp();
1024                 siteArp.marshall(parser.getDocument().getDocumentElement());
1025                 repository.update(siteArp);
1026                 ArpEngine engine = new ArpEngine(repository);
1027
1028                 //Apply the ARP
1029                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1030
1031                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
1032         }
1033
1034         /**
1035          * ARPs: A site ARP only
1036          * Target: Any
1037          * Attribute: Two value release, expanded representation
1038          */
1039         void arpApplicationTest8(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1040
1041                 //Gather the Input
1042                 String rawArp =
1043                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1044                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1045                                 + "                     <Rule>"
1046                                 + "                             <Target>"
1047                                 + "                                     <AnyTarget/>"
1048                                 + "                             </Target>"
1049                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1050                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1051                                 + "                             </Attribute>"
1052                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1053                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>"
1054                                 + "                             </Attribute>"
1055                                 + "                     </Rule>"
1056                                 + "     </AttributeReleasePolicy>";
1057
1058                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1059                 URL url1 = new URL("http://www.example.edu/");
1060                 AAAttributeSet inputSet =
1061                         new AAAttributeSet(
1062                                 new AAAttribute(
1063                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1064                                         new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }));
1065                 AAAttributeSet releaseSet =
1066                         new AAAttributeSet(
1067                                 new AAAttribute(
1068                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1069                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1070
1071                 //Setup the engine
1072                 parser.parse(new InputSource(new StringReader(rawArp)));
1073                 Arp siteArp = new Arp();
1074                 siteArp.marshall(parser.getDocument().getDocumentElement());
1075                 repository.update(siteArp);
1076                 ArpEngine engine = new ArpEngine(repository);
1077
1078                 //Apply the ARP
1079                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1080
1081                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
1082         }
1083
1084         /**
1085          * ARPs: A site ARP only
1086          * Target: Any
1087          * Attribute: Any value deny
1088          */
1089         void arpApplicationTest9(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1090
1091                 //Gather the Input
1092                 String rawArp =
1093                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1094                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1095                                 + "                     <Rule>"
1096                                 + "                             <Target>"
1097                                 + "                                     <AnyTarget/>"
1098                                 + "                             </Target>"
1099                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1100                                 + "                                     <AnyValue release=\"deny\"/>"
1101                                 + "                             </Attribute>"
1102                                 + "                     </Rule>"
1103                                 + "     </AttributeReleasePolicy>";
1104
1105                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1106                 URL url1 = new URL("http://www.example.edu/");
1107                 AAAttributeSet inputSet =
1108                         new AAAttributeSet(
1109                                 new AAAttribute(
1110                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1111                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1112
1113                 //Setup the engine
1114                 parser.parse(new InputSource(new StringReader(rawArp)));
1115                 Arp siteArp = new Arp();
1116                 siteArp.marshall(parser.getDocument().getDocumentElement());
1117                 repository.update(siteArp);
1118                 ArpEngine engine = new ArpEngine(repository);
1119
1120                 //Apply the ARP
1121                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1122
1123                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new AAAttributeSet());
1124         }
1125
1126         /**
1127          * ARPs: A site ARP only
1128          * Target: Any
1129          * Attribute: Any value deny trumps explicit permit expanded representation
1130          */
1131         void arpApplicationTest10(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1132
1133                 //Gather the Input
1134                 String rawArp =
1135                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1136                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1137                                 + "                     <Rule>"
1138                                 + "                             <Target>"
1139                                 + "                                     <AnyTarget/>"
1140                                 + "                             </Target>"
1141                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1142                                 + "                                     <AnyValue release=\"deny\"/>"
1143                                 + "                             </Attribute>"
1144                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1145                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1146                                 + "                             </Attribute>"
1147                                 + "                     </Rule>"
1148                                 + "     </AttributeReleasePolicy>";
1149
1150                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1151                 URL url1 = new URL("http://www.example.edu/");
1152                 AAAttributeSet inputSet =
1153                         new AAAttributeSet(
1154                                 new AAAttribute(
1155                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1156                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1157
1158                 //Setup the engine
1159                 parser.parse(new InputSource(new StringReader(rawArp)));
1160                 Arp siteArp = new Arp();
1161                 siteArp.marshall(parser.getDocument().getDocumentElement());
1162                 repository.update(siteArp);
1163                 ArpEngine engine = new ArpEngine(repository);
1164
1165                 //Apply the ARP
1166                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1167
1168                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new AAAttributeSet());
1169         }
1170
1171         /**
1172          * ARPs: A site ARP only
1173          * Target: Any
1174          * Attribute: Any value deny trumps explicit permit canonical representation
1175          */
1176         void arpApplicationTest11(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1177
1178                 //Gather the Input
1179                 String rawArp =
1180                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1181                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1182                                 + "                     <Rule>"
1183                                 + "                             <Target>"
1184                                 + "                                     <AnyTarget/>"
1185                                 + "                             </Target>"
1186                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1187                                 + "                                     <AnyValue release=\"deny\"/>"
1188                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1189                                 + "                             </Attribute>"
1190                                 + "                     </Rule>"
1191                                 + "     </AttributeReleasePolicy>";
1192
1193                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1194                 URL url1 = new URL("http://www.example.edu/");
1195                 AAAttributeSet inputSet =
1196                         new AAAttributeSet(
1197                                 new AAAttribute(
1198                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1199                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1200
1201                 //Setup the engine
1202                 parser.parse(new InputSource(new StringReader(rawArp)));
1203                 Arp siteArp = new Arp();
1204                 siteArp.marshall(parser.getDocument().getDocumentElement());
1205                 repository.update(siteArp);
1206                 ArpEngine engine = new ArpEngine(repository);
1207
1208                 //Apply the ARP
1209                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1210
1211                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new AAAttributeSet());
1212         }
1213
1214         /**
1215          * ARPs: A site ARP only
1216          * Target: Specific shar, Any Resource
1217          * Attribute: Any value release
1218          */
1219         void arpApplicationTest12(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1220
1221                 //Gather the Input
1222                 String rawArp =
1223                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1224                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1225                                 + "                     <Rule>"
1226                                 + "                             <Target>"
1227                                 + "                                     <Requester>shar.example.edu</Requester>"
1228                                 + "                                     <AnyResource />"
1229                                 + "                             </Target>"
1230                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1231                                 + "                                     <AnyValue release=\"permit\"/>"
1232                                 + "                             </Attribute>"
1233                                 + "                     </Rule>"
1234                                 + "     </AttributeReleasePolicy>";
1235
1236                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1237                 URL url1 = new URL("http://www.example.edu/");
1238                 AAAttributeSet inputSet =
1239                         new AAAttributeSet(
1240                                 new AAAttribute(
1241                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1242                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1243                 AAAttributeSet releaseSet =
1244                         new AAAttributeSet(
1245                                 new AAAttribute(
1246                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1247                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1248
1249                 //Setup the engine
1250                 parser.parse(new InputSource(new StringReader(rawArp)));
1251                 Arp siteArp = new Arp();
1252                 siteArp.marshall(parser.getDocument().getDocumentElement());
1253                 repository.update(siteArp);
1254                 ArpEngine engine = new ArpEngine(repository);
1255
1256                 //Apply the ARP
1257                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1258
1259                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1260         }
1261
1262         /**
1263          * ARPs: A site ARP only
1264          * Target: Specific shar, Any Resource (another example)
1265          * Attribute: Any value release
1266          */
1267         void arpApplicationTest13(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1268
1269                 //Gather the Input
1270                 String rawArp =
1271                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1272                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1273                                 + "                     <Rule>"
1274                                 + "                             <Target>"
1275                                 + "                                     <Requester>shar.example.edu</Requester>"
1276                                 + "                                     <AnyResource />"
1277                                 + "                             </Target>"
1278                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1279                                 + "                                     <AnyValue release=\"permit\"/>"
1280                                 + "                             </Attribute>"
1281                                 + "                     </Rule>"
1282                                 + "     </AttributeReleasePolicy>";
1283
1284                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1285                 URL url1 = new URL("https://foo.com/");
1286                 AAAttributeSet inputSet =
1287                         new AAAttributeSet(
1288                                 new AAAttribute(
1289                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1290                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1291                 AAAttributeSet releaseSet =
1292                         new AAAttributeSet(
1293                                 new AAAttribute(
1294                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1295                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1296
1297                 //Setup the engine
1298                 parser.parse(new InputSource(new StringReader(rawArp)));
1299                 Arp siteArp = new Arp();
1300                 siteArp.marshall(parser.getDocument().getDocumentElement());
1301                 repository.update(siteArp);
1302                 ArpEngine engine = new ArpEngine(repository);
1303
1304                 //Apply the ARP
1305                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1306
1307                 assertEquals("ARP application test 13: ARP not applied as expected.", inputSet, releaseSet);
1308         }
1309
1310         /**
1311          * ARPs: A site ARP only
1312          * Target: Specific shar (no match), Any Resource
1313          * Attribute: Any value release
1314          */
1315         void arpApplicationTest14(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1316
1317                 //Gather the Input
1318                 String rawArp =
1319                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1320                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1321                                 + "                     <Rule>"
1322                                 + "                             <Target>"
1323                                 + "                                     <Requester>shar.example.edu</Requester>"
1324                                 + "                                     <AnyResource />"
1325                                 + "                             </Target>"
1326                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1327                                 + "                                     <AnyValue release=\"permit\"/>"
1328                                 + "                             </Attribute>"
1329                                 + "                     </Rule>"
1330                                 + "     </AttributeReleasePolicy>";
1331
1332                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1333                 URL url1 = new URL("http://www.example.edu/");
1334                 AAAttributeSet inputSet =
1335                         new AAAttributeSet(
1336                                 new AAAttribute(
1337                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1338                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1339
1340                 //Setup the engine
1341                 parser.parse(new InputSource(new StringReader(rawArp)));
1342                 Arp siteArp = new Arp();
1343                 siteArp.marshall(parser.getDocument().getDocumentElement());
1344                 repository.update(siteArp);
1345                 ArpEngine engine = new ArpEngine(repository);
1346
1347                 //Apply the ARP
1348                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1349
1350                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new AAAttributeSet());
1351         }
1352
1353         /**
1354          * ARPs: A site ARP only
1355          * Target: Specific shar, Specific resource
1356          * Attribute: Any value release
1357          */
1358         void arpApplicationTest15(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1359
1360                 //Gather the Input
1361                 String rawArp =
1362                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1363                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1364                                 + "                     <Rule>"
1365                                 + "                             <Target>"
1366                                 + "                                     <Requester>shar.example.edu</Requester>"
1367                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1368                                 + "                             </Target>"
1369                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1370                                 + "                                     <AnyValue release=\"permit\"/>"
1371                                 + "                             </Attribute>"
1372                                 + "                     </Rule>"
1373                                 + "     </AttributeReleasePolicy>";
1374
1375                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1376                 URL url1 = new URL("http://www.example.edu/index.html");
1377                 AAAttributeSet inputSet =
1378                         new AAAttributeSet(
1379                                 new AAAttribute(
1380                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1381                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1382                 AAAttributeSet releaseSet =
1383                         new AAAttributeSet(
1384                                 new AAAttribute(
1385                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1386                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1387
1388                 //Setup the engine
1389                 parser.parse(new InputSource(new StringReader(rawArp)));
1390                 Arp siteArp = new Arp();
1391                 siteArp.marshall(parser.getDocument().getDocumentElement());
1392                 repository.update(siteArp);
1393                 ArpEngine engine = new ArpEngine(repository);
1394
1395                 //Apply the ARP
1396                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1397
1398                 assertEquals("ARP application test 15: ARP not applied as expected.", inputSet, releaseSet);
1399         }
1400
1401         /**
1402          * ARPs: A site ARP only
1403          * Target: Specific shar, Specific resource (no match)
1404          * Attribute: Any value release
1405          */
1406         void arpApplicationTest16(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1407
1408                 //Gather the Input
1409                 String rawArp =
1410                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1411                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1412                                 + "                     <Rule>"
1413                                 + "                             <Target>"
1414                                 + "                                     <Requester>shar.example.edu</Requester>"
1415                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1416                                 + "                             </Target>"
1417                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1418                                 + "                                     <AnyValue release=\"permit\"/>"
1419                                 + "                             </Attribute>"
1420                                 + "                     </Rule>"
1421                                 + "     </AttributeReleasePolicy>";
1422
1423                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1424                 URL url1 = new URL("https://www.example.edu/index.html");
1425                 AAAttributeSet inputSet =
1426                         new AAAttributeSet(
1427                                 new AAAttribute(
1428                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1429                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1430
1431                 //Setup the engine
1432                 parser.parse(new InputSource(new StringReader(rawArp)));
1433                 Arp siteArp = new Arp();
1434                 siteArp.marshall(parser.getDocument().getDocumentElement());
1435                 repository.update(siteArp);
1436                 ArpEngine engine = new ArpEngine(repository);
1437
1438                 //Apply the ARP
1439                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1440
1441                 assertEquals("ARP application test 16: ARP not applied as expected.", inputSet, new AAAttributeSet());
1442         }
1443
1444         /**
1445          * ARPs: A site ARP only
1446          * Target: Multiple matching rules
1447          * Attribute: various
1448          */
1449         void arpApplicationTest17(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1450
1451                 //Gather the Input
1452                 String rawArp =
1453                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1454                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1455                                 + "                     <Rule>"
1456                                 + "                             <Target>"
1457                                 + "                                     <AnyTarget />"
1458                                 + "                             </Target>"
1459                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1460                                 + "                                     <AnyValue release=\"permit\"/>"
1461                                 + "                             </Attribute>"
1462                                 + "                     </Rule>"
1463                                 + "                     <Rule>"
1464                                 + "                             <Target>"
1465                                 + "                                     <Requester>shar1.example.edu</Requester>"
1466                                 + "                                     <AnyResource />"
1467                                 + "                             </Target>"
1468                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1469                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1470                                 + "                             </Attribute>"
1471                                 + "                     </Rule>"
1472                                 + "                     <Rule>"
1473                                 + "                             <Target>"
1474                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1475                                 + "                                     <Resource matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^https?://.+\\.example\\.edu/.*$</Resource>"
1476                                 + "                             </Target>"
1477                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1478                                 + "                                     <AnyValue release=\"permit\"/>"
1479                                 + "                             </Attribute>"
1480                                 + "                     </Rule>"
1481                                 + "     </AttributeReleasePolicy>";
1482
1483                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1484                 URL url1 = new URL("https://www.example.edu/index.html");
1485                 AAAttributeSet inputSet =
1486                         new AAAttributeSet(
1487                                 new AAAttribute[] {
1488                                         new AAAttribute(
1489                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1490                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1491                                         new AAAttribute(
1492                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1493                                                 new Object[] { "wassa@columbia.edu" })
1494                 });
1495
1496                 AAAttributeSet releaseSet =
1497                         new AAAttributeSet(
1498                                 new AAAttribute[] {
1499                                         new AAAttribute(
1500                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1501                                                 new Object[] { "wassa@columbia.edu" }),
1502                                         new AAAttribute(
1503                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1504                                                 new Object[] { "member@example.edu" })
1505                 });
1506
1507                 //Setup the engine
1508                 parser.parse(new InputSource(new StringReader(rawArp)));
1509                 Arp siteArp = new Arp();
1510                 siteArp.marshall(parser.getDocument().getDocumentElement());
1511                 repository.update(siteArp);
1512                 ArpEngine engine = new ArpEngine(repository);
1513
1514                 //Apply the ARP
1515                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu", url1);
1516
1517                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1518         }
1519
1520         /**
1521          * ARPs: A site ARP only
1522          * Target: Any
1523          * Attribute: Any value release of two attributes in one rule
1524          */
1525         void arpApplicationTest18(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1526
1527                 //Gather the Input
1528                 String rawArp =
1529                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1530                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1531                                 + "                     <Rule>"
1532                                 + "                             <Target>"
1533                                 + "                                     <AnyTarget/>"
1534                                 + "                             </Target>"
1535                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1536                                 + "                                     <AnyValue release=\"permit\"/>"
1537                                 + "                             </Attribute>"
1538                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1539                                 + "                                     <AnyValue release=\"permit\"/>"
1540                                 + "                             </Attribute>"
1541                                 + "                     </Rule>"
1542                                 + "     </AttributeReleasePolicy>";
1543
1544                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1545                 URL url1 = new URL("http://www.example.edu/");
1546                 AAAttributeSet inputSet =
1547                         new AAAttributeSet(
1548                                 new AAAttribute[] {
1549                                         new AAAttribute(
1550                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1551                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1552                                         new AAAttribute(
1553                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1554                                                 new Object[] { "mehoehn@example.edu" })
1555                 });
1556
1557                 AAAttributeSet releaseSet =
1558                         new AAAttributeSet(
1559                                 new AAAttribute[] {
1560                                         new AAAttribute(
1561                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1562                                                 new Object[] { "member@example.edu", "faculty@example.edu" }),
1563                                         new AAAttribute(
1564                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1565                                                 new Object[] { "mehoehn@example.edu" })
1566                 });
1567
1568                 //Setup the engine
1569                 parser.parse(new InputSource(new StringReader(rawArp)));
1570                 Arp siteArp = new Arp();
1571                 siteArp.marshall(parser.getDocument().getDocumentElement());
1572                 repository.update(siteArp);
1573                 ArpEngine engine = new ArpEngine(repository);
1574
1575                 //Apply the ARP
1576                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1577
1578                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1579         }
1580
1581         /**
1582          * ARPs: A user ARP only
1583          * Target: Any
1584          * Attribute: Any value release,
1585          */
1586         void arpApplicationTest19(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1587
1588                 //Gather the Input
1589                 String rawArp =
1590                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1591                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1592                                 + "                     <Rule>"
1593                                 + "                             <Target>"
1594                                 + "                                     <AnyTarget/>"
1595                                 + "                             </Target>"
1596                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1597                                 + "                                     <AnyValue release=\"permit\"/>"
1598                                 + "                             </Attribute>"
1599                                 + "                     </Rule>"
1600                                 + "     </AttributeReleasePolicy>";
1601
1602                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1603                 URL url1 = new URL("http://www.example.edu/");
1604                 AAAttributeSet inputSet =
1605                         new AAAttributeSet(
1606                                 new AAAttribute(
1607                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1608                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1609                 AAAttributeSet releaseSet =
1610                         new AAAttributeSet(
1611                                 new AAAttribute(
1612                                         "urn:mace:dir:attribute-def:eduPersonAffiliation",
1613                                         new Object[] { "member@example.edu", "faculty@example.edu" }));
1614
1615                 //Setup the engine
1616                 parser.parse(new InputSource(new StringReader(rawArp)));
1617                 Arp userArp = new Arp();
1618                 userArp.setPrincipal(principal1);
1619                 userArp.marshall(parser.getDocument().getDocumentElement());
1620                 repository.update(userArp);
1621                 ArpEngine engine = new ArpEngine(repository);
1622
1623                 //Apply the ARP
1624                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1625
1626                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1627         }
1628
1629         /**
1630          * ARPs: A site ARP and user ARP
1631          * Target: various
1632          * Attribute: various combinations
1633          */
1634         void arpApplicationTest20(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1635
1636                 //Gather the Input
1637                 String rawSiteArp =
1638                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1639                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1640                                 + "                     <Rule>"
1641                                 + "                             <Target>"
1642                                 + "                                     <AnyTarget/>"
1643                                 + "                             </Target>"
1644                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1645                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1646                                 + "                             </Attribute>"
1647                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1648                                 + "                                     <AnyValue release=\"permit\" />"
1649                                 + "                             </Attribute>"
1650                                 + "                     </Rule>"
1651                                 + "                     <Rule>"
1652                                 + "                             <Target>"
1653                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1654                                 + "                                     <AnyResource />"
1655                                 + "                             </Target>"
1656                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1657                                 + "                                     <AnyValue release=\"permit\"/>"
1658                                 + "                             </Attribute>"
1659                                 + "                     </Rule>"
1660                                 + "                     <Rule>"
1661                                 + "                             <Target>"
1662                                 + "                                     <Requester>www.example.edu</Requester>"
1663                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1664                                 + "                             </Target>"
1665                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1666                                 + "                                     <AnyValue release=\"permit\"/>"
1667                                 + "                             </Attribute>"
1668                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1669                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1670                                 + "                             </Attribute>"
1671                                 + "                     </Rule>"
1672                                 + "                     <Rule>"
1673                                 + "                             <Target>"
1674                                 + "                                     <Requester>www.external.com</Requester>"
1675                                 + "                                     <Resource>http://www.external.com/</Resource>"
1676                                 + "                             </Target>"
1677                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1678                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1679                                 + "                             </Attribute>"
1680                                 + "                     </Rule>"
1681                                 + "     </AttributeReleasePolicy>";
1682
1683                 String rawUserArp =
1684                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1685                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1686                                 + "                     <Rule>"
1687                                 + "                             <Target>"
1688                                 + "                                     <AnyTarget/>"
1689                                 + "                             </Target>"
1690                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1691                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1692                                 + "                             </Attribute>"
1693                                 + "                     </Rule>"
1694                                 + "                     <Rule>"
1695                                 + "                             <Target>"
1696                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1697                                 + "                                     <AnyResource />"
1698                                 + "                             </Target>"
1699                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1700                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1701                                 + "                             </Attribute>"
1702                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1703                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1704                                 + "                             </Attribute>"
1705                                 + "                     </Rule>"
1706                                 + "     </AttributeReleasePolicy>";
1707
1708                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1709                 URL url1 = new URL("http://www.example.edu/test/index.html");
1710
1711                 AAAttributeSet inputSet =
1712                         new AAAttributeSet(
1713                                 new AAAttribute[] {
1714                                         new AAAttribute(
1715                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1716                                                 new Object[] {
1717                                                         "urn:example:lovesIceCream",
1718                                                         "urn:example:poorlyDressed",
1719                                                         "urn:example:contract:113455",
1720                                                         "urn:example:contract:4657483" }),
1721                                         new AAAttribute(
1722                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1723                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1724                                         new AAAttribute(
1725                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1726                                                 new Object[] { "wassa@example.edu" }),
1727                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1728                 });
1729
1730                 AAAttributeSet releaseSet =
1731                         new AAAttributeSet(
1732                                 new AAAttribute[] {
1733                                         new AAAttribute(
1734                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1735                                                 new Object[] { "urn:example:lovesIceCream", "urn:example:contract:4657483" }),
1736                                         new AAAttribute(
1737                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1738                                                 new Object[] { "member@example.edu", "employee@example.edu" }),
1739                                         new AAAttribute(
1740                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1741                                                 new Object[] { "wassa@example.edu" }),
1742                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1743                 });
1744
1745                 //Add the site ARP
1746                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1747                 Arp siteArp = new Arp();
1748                 siteArp.marshall(parser.getDocument().getDocumentElement());
1749                 repository.update(siteArp);
1750
1751                 //Add the user ARP
1752                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1753                 Arp userArp = new Arp();
1754                 userArp.setPrincipal(principal1);
1755                 userArp.marshall(parser.getDocument().getDocumentElement());
1756                 repository.update(userArp);
1757
1758                 ArpEngine engine = new ArpEngine(repository);
1759
1760                 //Apply the ARP
1761                 engine.filterAttributes(inputSet, principal1, "www.example.edu", url1);
1762
1763                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1764         }
1765
1766         /**
1767          * ARPs: A site ARP and user ARP
1768          * Target: various
1769          * Attribute: various combinations (same ARPs as 20, different requester)
1770          */
1771         void arpApplicationTest21(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1772
1773                 //Gather the Input
1774                 String rawSiteArp =
1775                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1776                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1777                                 + "                     <Rule>"
1778                                 + "                             <Target>"
1779                                 + "                                     <AnyTarget/>"
1780                                 + "                             </Target>"
1781                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1782                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1783                                 + "                             </Attribute>"
1784                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1785                                 + "                                     <AnyValue release=\"permit\" />"
1786                                 + "                             </Attribute>"
1787                                 + "                     </Rule>"
1788                                 + "                     <Rule>"
1789                                 + "                             <Target>"
1790                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1791                                 + "                                     <AnyResource />"
1792                                 + "                             </Target>"
1793                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1794                                 + "                                     <AnyValue release=\"permit\"/>"
1795                                 + "                             </Attribute>"
1796                                 + "                     </Rule>"
1797                                 + "                     <Rule>"
1798                                 + "                             <Target>"
1799                                 + "                                     <Requester>www.example.edu</Requester>"
1800                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1801                                 + "                             </Target>"
1802                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1803                                 + "                                     <AnyValue release=\"permit\"/>"
1804                                 + "                             </Attribute>"
1805                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1806                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>"
1807                                 + "                             </Attribute>"
1808                                 + "                     </Rule>"
1809                                 + "                     <Rule>"
1810                                 + "                             <Target>"
1811                                 + "                                     <Requester>www.external.com</Requester>"
1812                                 + "                                     <Resource>http://www.external.com/</Resource>"
1813                                 + "                             </Target>"
1814                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1815                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>"
1816                                 + "                             </Attribute>"
1817                                 + "                     </Rule>"
1818                                 + "     </AttributeReleasePolicy>";
1819
1820                 String rawUserArp =
1821                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1822                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1823                                 + "                     <Rule>"
1824                                 + "                             <Target>"
1825                                 + "                                     <AnyTarget/>"
1826                                 + "                             </Target>"
1827                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1828                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1829                                 + "                             </Attribute>"
1830                                 + "                     </Rule>"
1831                                 + "                     <Rule>"
1832                                 + "                             <Target>"
1833                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1834                                 + "                                     <AnyResource />"
1835                                 + "                             </Target>"
1836                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1837                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1838                                 + "                             </Attribute>"
1839                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1840                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>"
1841                                 + "                             </Attribute>"
1842                                 + "                     </Rule>"
1843                                 + "     </AttributeReleasePolicy>";
1844
1845                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1846                 URL url1 = new URL("http://www.external.com/");
1847
1848                 AAAttributeSet inputSet =
1849                         new AAAttributeSet(
1850                                 new AAAttribute[] {
1851                                         new AAAttribute(
1852                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1853                                                 new Object[] {
1854                                                         "urn:example:lovesIceCream",
1855                                                         "urn:example:poorlyDressed",
1856                                                         "urn:example:contract:113455",
1857                                                         "urn:example:contract:4657483" }),
1858                                         new AAAttribute(
1859                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1860                                                 new Object[] { "member@example.edu", "faculty@example.edu", "employee@example.edu" }),
1861                                         new AAAttribute(
1862                                                 "urn:mace:dir:attribute-def:eduPersonPrincipalName",
1863                                                 new Object[] { "wassa@example.edu" }),
1864                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1865                 });
1866
1867                 AAAttributeSet releaseSet =
1868                         new AAAttributeSet(
1869                                 new AAAttribute[] {
1870                                         new AAAttribute(
1871                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
1872                                                 new Object[] { "urn:example:contract:113455" }),
1873                                         new AAAttribute(
1874                                                 "urn:mace:dir:attribute-def:eduPersonAffiliation",
1875                                                 new Object[] { "member@example.edu" }),
1876                                         new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[] { "EO" })
1877                 });
1878
1879                 //Add the site ARP
1880                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1881                 Arp siteArp = new Arp();
1882                 siteArp.marshall(parser.getDocument().getDocumentElement());
1883                 repository.update(siteArp);
1884
1885                 //Add the user ARP
1886                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1887                 Arp userArp = new Arp();
1888                 userArp.setPrincipal(principal1);
1889                 userArp.marshall(parser.getDocument().getDocumentElement());
1890                 repository.update(userArp);
1891
1892                 ArpEngine engine = new ArpEngine(repository);
1893
1894                 //Apply the ARP
1895                 engine.filterAttributes(inputSet, principal1, "www.external.com", url1);
1896
1897                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1898         }
1899         /**
1900          * ARPs: A site ARP only
1901          * Target: Specific shar, Specific resource
1902          * Attribute: Release values by regex
1903          */
1904         void arpApplicationTest22(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1905
1906                 //Gather the Input
1907                 String rawArp =
1908                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1909                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1910                                 + "                     <Rule>"
1911                                 + "                             <Target>"
1912                                 + "                                     <Requester>shar.example.edu</Requester>"
1913                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1914                                 + "                             </Target>"
1915                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1916                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1917                                 + "                             </Attribute>"
1918                                 + "                     </Rule>"
1919                                 + "     </AttributeReleasePolicy>";
1920
1921                 Principal principal1 = new LocalPrincipal("Test2Principal");
1922                 URL url1 = new URL("http://www.example.edu/index.html");
1923                 AAAttributeSet inputSet =
1924                         new AAAttributeSet(
1925                                 new AAAttribute(
1926                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1927                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1928                 AAAttributeSet releaseSet =
1929                         new AAAttributeSet(
1930                                 new AAAttribute(
1931                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1932                                         new Object[] { "urn:x:adagio", "urn:x:awol" }));
1933
1934                 //Setup the engine
1935                 parser.parse(new InputSource(new StringReader(rawArp)));
1936                 Arp siteArp = new Arp();
1937                 siteArp.marshall(parser.getDocument().getDocumentElement());
1938                 repository.update(siteArp);
1939                 ArpEngine engine = new ArpEngine(repository);
1940
1941                 //Apply the ARP
1942                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1943
1944                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1945         }
1946         /**
1947          * ARPs: A site ARP only
1948          * Target: Specific shar, Specific resource
1949          * Attribute: Deny specific values by regex
1950          */
1951         void arpApplicationTest23(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1952
1953                 //Gather the Input
1954                 String rawArp =
1955                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1956                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1957                                 + "                     <Rule>"
1958                                 + "                             <Target>"
1959                                 + "                                     <Requester>shar.example.edu</Requester>"
1960                                 + "                                     <Resource>http://www.example.edu/</Resource>"
1961                                 + "                             </Target>"
1962                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1963                                 + "                                     <AnyValue release=\"permit\" />"
1964                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1965                                 + "                             </Attribute>"
1966                                 + "                     </Rule>"
1967                                 + "     </AttributeReleasePolicy>";
1968
1969                 Principal principal1 = new LocalPrincipal("Test2Principal");
1970                 URL url1 = new URL("http://www.example.edu/index.html");
1971                 AAAttributeSet inputSet =
1972                         new AAAttributeSet(
1973                                 new AAAttribute(
1974                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1975                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar", "urn:x:adagio", "urn:x:awol" }));
1976                 AAAttributeSet releaseSet =
1977                         new AAAttributeSet(
1978                                 new AAAttribute(
1979                                         "urn:mace:dir:attribute-def:eduPersonEntitlement",
1980                                         new Object[] { "urn:x:a", "urn:x:foo", "urn:x:bar" }));
1981
1982                 //Setup the engine
1983                 parser.parse(new InputSource(new StringReader(rawArp)));
1984                 Arp siteArp = new Arp();
1985                 siteArp.marshall(parser.getDocument().getDocumentElement());
1986                 repository.update(siteArp);
1987                 ArpEngine engine = new ArpEngine(repository);
1988
1989                 //Apply the ARP
1990                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
1991
1992                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1993         }
1994
1995         /**
1996          * ARPs: A site ARP only
1997          * Target: Specific shar, Specific resource
1998          * Attribute: No matches on specific values should yield no attribute
1999          */
2000         void arpApplicationTest24(ArpRepository repository, Parser.DOMParser parser) throws Exception {
2001
2002                 //Gather the Input
2003                 String rawArp =
2004                         "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
2005                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
2006                                 + "                     <Rule>"
2007                                 + "                             <Target>"
2008                                 + "                                     <Requester>shar.example.edu</Requester>"
2009                                 + "                                     <Resource>http://www.example.edu/</Resource>"
2010                                 + "                             </Target>"
2011                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
2012                                 + "                                     <AnyValue release=\"permit\" />"
2013                                 + "                             </Attribute>"
2014                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
2015                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>"
2016                                 + "                             </Attribute>"
2017                                 + "                     </Rule>"
2018                                 + "     </AttributeReleasePolicy>";
2019
2020                 Principal principal1 = new LocalPrincipal("Test2Principal");
2021                 URL url1 = new URL("http://www.example.edu/index.html");
2022                 AAAttributeSet inputSet =
2023                         new AAAttributeSet(
2024                                 new AAAttribute[] {
2025                                         new AAAttribute(
2026                                                 "urn:mace:dir:attribute-def:eduPersonEntitlement",
2027                                                 new Object[] { "urn:x:bar", "urn:x:adagio" }),
2028                                         new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" })
2029                 });
2030                 AAAttributeSet releaseSet =
2031                         new AAAttributeSet(
2032                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[] { "member" }));
2033
2034                 //Setup the engine
2035                 parser.parse(new InputSource(new StringReader(rawArp)));
2036                 Arp siteArp = new Arp();
2037                 siteArp.marshall(parser.getDocument().getDocumentElement());
2038                 repository.update(siteArp);
2039                 ArpEngine engine = new ArpEngine(repository);
2040
2041                 //Apply the ARP
2042                 engine.filterAttributes(inputSet, principal1, "shar.example.edu", url1);
2043
2044                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
2045         }
2046
2047 }