Beginnings of a test suite for strawman attribute constraint syntax.
[java-idp.git] / tests / edu / internet2 / middleware / shibboleth / aa / arp / ArpTests.java
1 /*
2  * Copyright [2005] [University Corporation for Advanced Internet Development, Inc.]
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  * http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16
17 package edu.internet2.middleware.shibboleth.aa.arp;
18
19 import java.io.File;
20 import java.io.FileInputStream;
21 import java.io.InputStream;
22 import java.io.StringReader;
23 import java.net.URI;
24 import java.net.URISyntaxException;
25 import java.security.Principal;
26 import java.util.ArrayList;
27 import java.util.Arrays;
28 import java.util.Collection;
29 import java.util.HashSet;
30 import java.util.Set;
31
32 import javax.xml.parsers.DocumentBuilderFactory;
33 import javax.xml.parsers.ParserConfigurationException;
34
35 import junit.framework.TestCase;
36
37 import org.apache.log4j.BasicConfigurator;
38 import org.apache.log4j.Level;
39 import org.apache.log4j.Logger;
40 import org.w3c.dom.Document;
41 import org.w3c.dom.Element;
42 import org.w3c.dom.Text;
43 import org.xml.sax.InputSource;
44
45 import edu.internet2.middleware.shibboleth.aa.AAAttribute;
46 import edu.internet2.middleware.shibboleth.common.LocalPrincipal;
47 import edu.internet2.middleware.shibboleth.idp.IdPConfig;
48 import edu.internet2.middleware.shibboleth.xml.Parser;
49
50 /**
51  * Validation suite for <code>Arp</code> processing.
52  * 
53  * @author Walter Hoehn(wassa@memphis.edu)
54  */
55
56 public class ArpTests extends TestCase {
57
58         private Parser.DOMParser parser = new Parser.DOMParser(true);
59         Element memoryRepositoryElement;
60         private String[] arpExamples = {"data/example1.xml", "data/example2.xml", "data/example3.xml", "data/example4.xml",
61                         "data/example5.xml", "data/example6.xml", "data/example7.xml", "data/example8.xml", "data/example9.xml",
62                         "data/example10.xml", "data/example11.xml", "data/example12.xml", "data/example13.xml"};
63
64         public ArpTests(String name) {
65
66                 super(name);
67                 BasicConfigurator.resetConfiguration();
68                 BasicConfigurator.configure();
69                 Logger.getRootLogger().setLevel(Level.OFF);
70         }
71
72         public static void main(String[] args) {
73
74                 junit.textui.TestRunner.run(ArpTests.class);
75                 BasicConfigurator.configure();
76                 Logger.getRootLogger().setLevel(Level.OFF);
77         }
78
79         /**
80          * @see junit.framework.TestCase#setUp()
81          */
82         protected void setUp() throws Exception {
83
84                 super.setUp();
85
86                 // Setup an xml parser
87
88                 // Setup a dummy xml config for a Memory-based repository
89                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
90                 docFactory.setNamespaceAware(true);
91                 Document placeHolder;
92                 try {
93                         placeHolder = docFactory.newDocumentBuilder().newDocument();
94
95                         memoryRepositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
96                         memoryRepositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
97                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.MemoryArpRepository");
98                 } catch (ParserConfigurationException e) {
99                         fail("Failed to create memory-based Arp Repository configuration" + e);
100                 }
101         }
102
103         public void testArpMarshalling() {
104
105                 // Test ARP description
106                 try {
107                         InputStream inStream = new FileInputStream("data/arp1.xml");
108                         parser.parse(new InputSource(inStream));
109                         Arp arp1 = new Arp();
110                         arp1.marshall(parser.getDocument().getDocumentElement());
111                         assertEquals("ARP Description not marshalled properly", arp1.getDescription(), "Simplest possible ARP.");
112
113                         // Test Rule description
114                         assertEquals("ARP Rule Description not marshalled properly", arp1.getAllRules().iterator().next()
115                                         .getDescription(), "Example Rule Description.");
116                 } catch (Exception e) {
117                         fail("Failed to marshall ARP: " + e);
118                 }
119
120                 // Test case where ARP description does not exist
121                 try {
122                         InputStream inStream = new FileInputStream("data/arp2.xml");
123                         parser.parse(new InputSource(inStream));
124                         Arp arp2 = new Arp();
125                         arp2.marshall(parser.getDocument().getDocumentElement());
126                         assertNull("ARP Description not marshalled properly", arp2.getDescription());
127
128                         // Test case where ARP Rule description does not exist
129                         assertNull("ARP Rule Description not marshalled properly", arp2.getAllRules().iterator().next()
130                                         .getDescription());
131                 } catch (Exception e) {
132                         fail("Failed to marshall ARP.");
133                 }
134
135         }
136
137         public void testMatchingFunctions() {
138
139                 try {
140
141                         /*
142                          * Test Arp Engine function retrieval
143                          */
144
145                         // Lookup a function that doesn't exist
146                         MatchFunction noFunction = ArpEngine.lookupMatchFunction(new URI(
147                                         "urn:mace:shibboleth:arp:matchFunction:dummy"));
148                         assertNull("ArpEngine did not return null on dummy function.", noFunction);
149
150                         // Lookup some real functions
151                         MatchFunction stringMatch = ArpEngine.lookupMatchFunction(new URI(
152                                         "urn:mace:shibboleth:arp:matchFunction:stringMatch"));
153                         assertNotNull("ArpEngine did not properly load the String Match function.", stringMatch);
154
155                         MatchFunction regexFunction = ArpEngine.lookupMatchFunction(new URI(
156                                         "urn:mace:shibboleth:arp:matchFunction:regexMatch"));
157                         assertNotNull("ArpEngine did not properly load the Regex function.", regexFunction);
158
159                         MatchFunction regexNotFunction = ArpEngine.lookupMatchFunction(new URI(
160                                         "urn:mace:shibboleth:arp:matchFunction:regexNotMatch"));
161                         assertNotNull("ArpEngine did not properly load the Regex Not Match function.", regexNotFunction);
162
163                         MatchFunction stringNotFunction = ArpEngine.lookupMatchFunction(new URI(
164                                         "urn:mace:shibboleth:arp:matchFunction:stringNotMatch"));
165                         assertNotNull("ArpEngine did not properly load the String Not Match function.", stringNotFunction);
166
167                         /*
168                          * Test the Regex function (requester & resource)
169                          */
170
171                         // Try requester regexes
172                         assertTrue("Regex function: false negative", regexFunction.match("^shar\\.example\\.edu$",
173                                         "shar.example.edu"));
174                         assertTrue("Regex function: false negative", regexFunction
175                                         .match("^.*\\.example\\.edu$", "shar.example.edu"));
176                         assertTrue("Regex function: false negative", regexFunction.match("^shar[1-9]?\\.example\\.edu$",
177                                         "shar1.example.edu"));
178                         assertTrue("Regex function: false negative", regexFunction.match(".*\\.edu", "shar.example.edu"));
179                         assertTrue("Regex function: false positive", !regexFunction.match("^shar[1-9]\\.example\\.edu$",
180                                         "shar.example.edu"));
181                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
182                                         "www.example.edu"));
183                         assertTrue("Regex function: false positive", !regexFunction.match("^shar\\.example\\.edu$",
184                                         "www.example.com"));
185
186                         // Make sure we properly handle bad input
187                         try {
188                                 regexFunction.match(null, null);
189                                 fail("Regex function seems to take improper input without throwing an exception.");
190                         } catch (ArpException ie) {
191                                 // This is supposed to fail
192                         }
193
194                         // Test the StringNotMatch function
195                         assertFalse("StringNotMatch function: false positive", stringNotFunction.match("foo", "foo"));
196                         assertTrue("StringNotMatch function: false negative", stringNotFunction.match("foo", "bar"));
197                         // Make sure we properly handle bad input
198                         try {
199                                 stringNotFunction.match(null, null);
200                                 fail("StringNotMatch function seems to take improper input without throwing an exception.");
201                         } catch (ArpException ie) {
202                                 // This is supposed to fail
203                         }
204
205                         // Test the RegexNotMatch function
206
207                         assertFalse("Regex function: false positive", regexNotFunction.match("^foo$", "foo"));
208                         assertTrue("Regex function: false negative", regexNotFunction.match("foo$", "bar"));
209
210                         // Make sure we properly handle bad input
211                         try {
212                                 regexNotFunction.match(null, null);
213                                 fail("RegexNotMatch function seems to take improper input without throwing an exception.");
214                         } catch (ArpException ie) {
215                                 // This is supposed to fail
216                         }
217
218                 } catch (ArpException e) {
219                         fail("Encountered a problem loading match function: " + e);
220                 } catch (URISyntaxException e) {
221                         fail("Unable to create URI from test string.");
222                 }
223
224         }
225
226         public void testRepositories() {
227
228                 /*
229                  * Test the Factory
230                  */
231
232                 // Make sure we fail if an unavailable Repository implementation is specified
233                 ArpRepository repository = null;
234
235                 DocumentBuilderFactory docFactory = DocumentBuilderFactory.newInstance();
236                 docFactory.setNamespaceAware(true);
237                 Document placeHolder;
238                 try {
239                         placeHolder = docFactory.newDocumentBuilder().newDocument();
240
241                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
242                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
243                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.Foo");
244
245                         ArpRepositoryFactory.getInstance(repositoryElement);
246
247                 } catch (ParserConfigurationException e) {
248                         fail("Failed to create bogus Arp Repository configuration" + e);
249
250                 } catch (ArpRepositoryException e) {
251                         // This is supposed to fail
252                 }
253
254                 // Make sure we can create an Arp Repository
255                 repository = null;
256                 try {
257                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
258                 } catch (ArpRepositoryException e) {
259                         fail("Failed to create memory-based Arp Repository" + e);
260                 }
261                 assertNotNull("Failed to create memory-based Arp Repository: Factory returned null.", repository);
262
263                 /*
264                  * Exercise the Memory Arp Repository
265                  */
266
267                 // Set/retrieve/remove a Site ARP
268                 Arp siteArp1 = new Arp();
269                 siteArp1.setDescription("Test Site Arp 1.");
270                 try {
271                         repository.update(siteArp1);
272                         assertEquals("Memory Repository does not store and retrieve Site ARPs properly.", siteArp1, repository
273                                         .getSitePolicy());
274                         repository.remove(repository.getSitePolicy());
275                         assertNull("Memorty Repository does not properly delete Site ARPs.", repository.getSitePolicy());
276                 } catch (ArpRepositoryException e) {
277                         fail("Error adding Site ARP to Memory Repository.");
278                 }
279
280                 // Set/retrieve/delete some user ARPs
281                 Arp userArp1 = new Arp();
282                 userArp1.setDescription("Broken User Arp 1.");
283                 try {
284                         repository.update(userArp1);
285                         assertTrue("Memory Repository does not store and retrieve User ARPs properly.", (!userArp1
286                                         .equals(repository.getUserPolicy(userArp1.getPrincipal()))));
287                 } catch (ArpRepositoryException e) {
288                         fail("Error adding User ARP to Memory Repository.");
289                 }
290
291                 Arp userArp2 = new Arp(new LocalPrincipal("TestPrincipal"));
292                 userArp2.setDescription("Test User Arp 2.");
293                 try {
294                         repository.update(userArp2);
295                         assertEquals("Memory Repository does not store and retrieve User ARPs properly.", userArp2, repository
296                                         .getUserPolicy(userArp2.getPrincipal()));
297                         repository.remove(repository.getUserPolicy(userArp2.getPrincipal()));
298                         assertNull("Memorty Repository does not properly delete User ARPs.", repository.getUserPolicy(userArp2
299                                         .getPrincipal()));
300                 } catch (ArpRepositoryException e) {
301                         fail("Error adding User ARP to Memory Repository.");
302                 }
303
304                 // create a repository
305                 repository = null;
306
307                 try {
308                         placeHolder = docFactory.newDocumentBuilder().newDocument();
309
310                         Element repositoryElement = placeHolder.createElementNS(IdPConfig.configNameSpace, "ArpRepository");
311                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "implementation",
312                                         "edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository");
313                         repositoryElement.setAttributeNS(IdPConfig.configNameSpace, "arpTTL", "65535");
314
315                         Element path = placeHolder.createElementNS(IdPConfig.configNameSpace, "Path");
316                         Text text = placeHolder.createTextNode(new File("data/").toURI().toString());
317                         path.appendChild(text);
318
319                         repositoryElement.appendChild(path);
320
321                         repository = ArpRepositoryFactory.getInstance(repositoryElement);
322
323                 } catch (ArpRepositoryException e) {
324                         fail("Failed to create file-based Arp Repository" + e);
325                 } catch (ParserConfigurationException e) {
326                         fail("Failed to create file-based Arp Repository configuration" + e);
327                 }
328
329                 assertNotNull("Failed to create file-based Arp Repository: Factory returned null.", repository);
330
331                 try {
332                         Arp siteArp = repository.getSitePolicy();
333
334                         InputStream inStream = new FileInputStream("data/arp.site.xml");
335                         parser.parse(new InputSource(inStream));
336                         String directXML = Parser.serialize(parser.getDocument().getDocumentElement());
337
338                         String processedXML = Parser.serialize(siteArp.unmarshall());
339
340                         assertTrue("File-based ARP Repository did not return the correct site ARP.", directXML.toString()
341                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
342
343                         Arp userArp = repository.getUserPolicy(new LocalPrincipal("test"));
344
345                         inStream = new FileInputStream("data/arp.user.test.xml");
346                         parser.parse(new InputSource(inStream));
347                         directXML = Parser.serialize(parser.getDocument().getDocumentElement());
348
349                         processedXML = Parser.serialize(userArp.unmarshall());
350
351                         assertTrue("File-based ARP Repository did not return the correct user ARP.", directXML.toString()
352                                         .replaceAll(">[\t\r\n ]+<", "><").equals(processedXML.toString().replaceAll(">[\t\r\n ]+<", "><")));
353
354                         Arp[] allArps = repository.getAllPolicies(new LocalPrincipal("test"));
355
356                         assertTrue("File-based ARP Repository did not return the correct number of ARPs.", (allArps.length == 2));
357
358                 } catch (Exception e) {
359                         fail("Error retrieving ARP from Repository: " + e);
360                 }
361
362         }
363
364         public void testPossibleReleaseSetComputation() {
365
366                 ArpRepository repository = null;
367                 try {
368                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
369                 } catch (ArpRepositoryException e) {
370                         fail("Failed to create memory-based Arp Repository" + e);
371                 }
372
373                 try {
374                         Principal principal1 = new LocalPrincipal("TestPrincipal");
375
376                         Set<URI> list1 = new HashSet<URI>();
377                         list1.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
378
379                         Set<URI> list2 = new HashSet<URI>();
380                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonAffiliation"));
381                         list2.add(new URI("urn:mace:dir:attribute-def:eduPersonPrincipalName"));
382
383                         Set<URI> list3 = new HashSet<URI>();
384
385                         // Test with just a site ARP
386                         InputStream inStream = new FileInputStream("data/arp1.xml");
387                         parser.parse(new InputSource(inStream));
388                         Arp arp1 = new Arp();
389                         arp1.marshall(parser.getDocument().getDocumentElement());
390                         repository.update(arp1);
391                         ArpEngine engine = new ArpEngine(repository);
392                         Set<URI> possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
393                         assertEquals("Incorrectly computed possible release set (1).", possibleAttributes, list1);
394
395                         // Test with site and user ARPs
396                         inStream = new FileInputStream("data/arp7.xml");
397                         parser.parse(new InputSource(inStream));
398                         Arp arp7 = new Arp();
399                         arp7.setPrincipal(principal1);
400                         arp7.marshall(parser.getDocument().getDocumentElement());
401                         repository.update(arp7);
402                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
403                         assertEquals("Incorrectly computed possible release set (2).", possibleAttributes, list2);
404
405                         // Ensure that explicit denies on any value are not in the release set
406                         inStream = new FileInputStream("data/arp6.xml");
407                         parser.parse(new InputSource(inStream));
408                         Arp arp6 = new Arp();
409                         arp6.setPrincipal(principal1);
410                         arp6.marshall(parser.getDocument().getDocumentElement());
411                         repository.update(arp6);
412                         possibleAttributes = engine.listPossibleReleaseAttributes(principal1, "shar.example.edu");
413                         assertEquals("Incorrectly computed possible release set (3).", possibleAttributes, list3);
414
415                 } catch (Exception e) {
416                         e.printStackTrace();
417                         fail("Failed to marshall ARP: " + e);
418                 }
419
420         }
421
422         public void testArpApplication() {
423
424                 // Construct an engine with a memory-based repository
425                 ArpRepository repository = null;
426                 try {
427                         repository = ArpRepositoryFactory.getInstance(memoryRepositoryElement);
428
429                 } catch (ArpRepositoryException e) {
430                         fail("Failed to create memory-based Arp Repository" + e);
431                 }
432
433                 try {
434                         
435                         arpApplicationTest1(repository, parser);
436                         arpApplicationTest2(repository, parser);
437                         arpApplicationTest3(repository, parser);
438                         arpApplicationTest4(repository, parser);
439                         arpApplicationTest5(repository, parser);
440                         arpApplicationTest6(repository, parser);
441                         arpApplicationTest7(repository, parser);
442                         arpApplicationTest8(repository, parser);
443                         arpApplicationTest9(repository, parser);
444                         arpApplicationTest10(repository, parser);
445                         arpApplicationTest11(repository, parser);
446                         arpApplicationTest12(repository, parser);
447                         arpApplicationTest13(repository, parser);
448                         arpApplicationTest14(repository, parser);
449                         arpApplicationTest15(repository, parser);
450                         arpApplicationTest17(repository, parser);
451                         arpApplicationTest18(repository, parser);
452                         arpApplicationTest19(repository, parser);
453                         arpApplicationTest20(repository, parser);
454                         arpApplicationTest21(repository, parser);
455                         arpApplicationTest22(repository, parser);
456                         arpApplicationTest23(repository, parser);
457                         arpApplicationTest24(repository, parser);
458                          
459                 } catch (Exception e) {
460                         e.printStackTrace();
461                         fail("Failed to apply filter to ARPs: " + e);
462                 }
463         }
464
465         public void testRoundtripMarshalling() {
466
467                 try {
468                         for (int i = 0; i < arpExamples.length; i++) {
469
470                                 // Get a non-validating parser so we don't fill in schema defaults
471                                 Parser.DOMParser nonValParser = new Parser.DOMParser(false);
472
473                                 InputStream inStream = new FileInputStream(arpExamples[i]);
474
475                                 nonValParser.parse(new InputSource(inStream));
476                                 String directXML = Parser.serialize(nonValParser.getDocument().getDocumentElement());
477                                 inStream.close();
478
479                                 // Use validation when marshalling into an ARP
480                                 inStream = new FileInputStream(arpExamples[i]);
481                                 parser.parse(new InputSource(inStream));
482                                 Arp arp1 = new Arp();
483                                 arp1.marshall(parser.getDocument().getDocumentElement());
484                                 String processedXML = Parser.serialize(arp1.unmarshall());
485
486                                 assertEquals("Round trip marshall/unmarshall failed for file (" + arpExamples[i] + ")", directXML
487                                                 .toString().replaceAll(">[\t\r\n ]+<", "><"), processedXML.toString().replaceAll(
488                                                 ">[\t\r\n ]+<", "><"));
489                         }
490
491                 } catch (Exception e) {
492                         e.printStackTrace();
493                         fail("Failed to marshall ARP: " + e);
494                 }
495
496         }
497         /**
498          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Most basic test.
499          */
500         void arpApplicationTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
501
502                 // Gather the Input
503                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
504                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
505                                 + "                     <Rule>" 
506                                 + "                             <Target>" 
507                                 + "                                     <AnyTarget/>" 
508                                 + "                             </Target>"
509                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
510                                 + "                                     <AnyValue release=\"permit\"/>" 
511                                 + "                             </Attribute>" 
512                                 + "                     </Rule>"
513                                 + "     </AttributeReleasePolicy>";
514
515                 Principal principal1 = new LocalPrincipal("TestPrincipal");
516                 
517                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
518                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
519                                                 "faculty@example.edu"})));
520
521                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
522                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
523                                                 "faculty@example.edu"}));
524
525                 // Setup the engine
526                 parser.parse(new InputSource(new StringReader(rawArp)));
527                 Arp siteArp = new Arp();
528                 siteArp.marshall(parser.getDocument().getDocumentElement());
529                 repository.update(siteArp);
530                 ArpEngine engine = new ArpEngine(repository);
531
532                 // Apply the ARP
533                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
534
535                 assertEquals("ARP application test 1: ARP not applied as expected.", inputSet, releaseSet);
536         }
537
538
539         /**
540          * ARPs: A site ARP only Target: Single Attribute: Any value release.  Test implicit deny of other attributes.
541          */
542         void arpApplicationTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
543
544                 // Gather the Input
545                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
546                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
547                                 + "                     <Rule>" 
548                                 + "                             <Target>" 
549                                 + "                                     <AnyTarget/>" 
550                                 + "                             </Target>"
551                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
552                                 + "                                     <AnyValue release=\"permit\"/>" 
553                                 + "                             </Attribute>" 
554                                 + "                     </Rule>"
555                                 + "     </AttributeReleasePolicy>";
556
557                 Principal principal1 = new LocalPrincipal("TestPrincipal");
558                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
559                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
560                                                 "faculty@example.edu"}),
561                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
562                                                 new Object[]{"mehoehn@example.edu"})}));
563
564                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{new AAAttribute(
565                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
566                                                 "faculty@example.edu"})});
567
568                 // Setup the engine
569                 parser.parse(new InputSource(new StringReader(rawArp)));
570                 Arp siteArp = new Arp();
571                 siteArp.marshall(parser.getDocument().getDocumentElement());
572                 repository.update(siteArp);
573                 ArpEngine engine = new ArpEngine(repository);
574
575                 // Apply the ARP
576                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
577
578                 assertEquals("ARP application test 2: ARP not applied as expected.", inputSet, releaseSet);
579         }
580
581         /**
582          * ARPs: A site ARP only Target: Single Attribute: Single value release
583          */
584         void arpApplicationTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
585
586                 // Gather the Input
587                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
588                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
589                                 + "                     <Rule>" 
590                                 + "                             <Target>" 
591                                 + "                                     <AnyTarget/>" 
592                                 + "                             </Target>"
593                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
594                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
595                                 + "                             </Attribute>" 
596                                 + "                     </Rule>"
597                                 + "     </AttributeReleasePolicy>";
598
599                 Principal principal1 = new LocalPrincipal("TestPrincipal");
600                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
601                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
602                                                 "faculty@example.edu"})));
603                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
604                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}));
605
606                 // Setup the engine
607                 parser.parse(new InputSource(new StringReader(rawArp)));
608                 Arp siteArp = new Arp();
609                 siteArp.marshall(parser.getDocument().getDocumentElement());
610                 repository.update(siteArp);
611                 ArpEngine engine = new ArpEngine(repository);
612
613                 // Apply the ARP
614                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
615
616                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
617         }
618
619         /**
620          * ARPs: A site ARP only Target: Single Attribute: Any value except one release, canonical representation
621          */
622         void arpApplicationTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
623
624                 // Gather the Input
625                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
626                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
627                                 + "                     <Rule>"
628                                 + "                             <Target>" 
629                                 + "                                     <AnyTarget/>" 
630                                 + "                             </Target>"
631                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
632                                 + "                                     <AnyValue release=\"permit\"/>" 
633                                 + "                                     <Value release=\"deny\">member@example.edu</Value>"
634                                 + "                             </Attribute>" 
635                                 + "                     </Rule>" 
636                                 + "     </AttributeReleasePolicy>";
637
638                 Principal principal1 = new LocalPrincipal("TestPrincipal");
639                 
640                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
641                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
642                                                 "faculty@example.edu", "employee@example.edu"})));
643                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
644                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
645                                                 "employee@example.edu"}));
646
647                 // Setup the engine
648                 parser.parse(new InputSource(new StringReader(rawArp)));
649                 Arp siteArp = new Arp();
650                 siteArp.marshall(parser.getDocument().getDocumentElement());
651                 repository.update(siteArp);
652                 ArpEngine engine = new ArpEngine(repository);
653
654                 // Apply the ARP
655                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
656
657                 assertEquals("ARP application test 4: ARP not applied as expected.", inputSet, releaseSet);
658         }
659
660         /**
661          * ARPs: A site ARP any Target: Single Attribute: Any value except one release, expanded representation
662          */
663         void arpApplicationTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
664
665                 // Gather the Input
666                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
667                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
668                                 + "                     <Rule>" 
669                                 + "                             <Target>" 
670                                 + "                                     <AnyTarget/>" 
671                                 + "                             </Target>"
672                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
673                                 + "                                     <AnyValue release=\"permit\"/>" 
674                                 + "                             </Attribute>"
675                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
676                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
677                                 + "                             </Attribute>" 
678                                 + "                     </Rule>"
679                                 + "     </AttributeReleasePolicy>";
680
681                 Principal principal1 = new LocalPrincipal("TestPrincipal");
682         
683                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
684                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
685                                                 "faculty@example.edu", "employee@example.edu"})));
686                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
687                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"faculty@example.edu",
688                                                 "employee@example.edu"}));
689
690                 // Setup the engine
691                 parser.parse(new InputSource(new StringReader(rawArp)));
692                 Arp siteArp = new Arp();
693                 siteArp.marshall(parser.getDocument().getDocumentElement());
694                 repository.update(siteArp);
695                 ArpEngine engine = new ArpEngine(repository);
696
697                 // Apply the ARP
698                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
699
700                 assertEquals("ARP application test 5: ARP not applied as expected.", inputSet, releaseSet);
701         }
702
703         /**
704          * ARPs: A site ARP any Target: Single Attribute: Any value except two release, expanded representation
705          */
706         void arpApplicationTest6(ArpRepository repository, Parser.DOMParser parser) throws Exception {
707
708                 // Gather the Input
709                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
710                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
711                                 + "                     <Rule>" 
712                                 + "                             <Target>" 
713                                 + "                                     <AnyTarget/>" 
714                                 + "                             </Target>"
715                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
716                                 + "                                     <AnyValue release=\"permit\"/>" 
717                                 + "                             </Attribute>"
718                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
719                                 + "                                     <Value release=\"deny\">member@example.edu</Value>" 
720                                 + "                             </Attribute>"
721                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
722                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
723                                 + "                             </Attribute>" 
724                                 + "                     </Rule>"
725                                 + "     </AttributeReleasePolicy>";
726
727                 Principal principal1 = new LocalPrincipal("TestPrincipal");
728                 
729                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
730                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
731                                                 "faculty@example.edu", "employee@example.edu"})));
732                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
733                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"employee@example.edu"}));
734
735                 // Setup the engine
736                 parser.parse(new InputSource(new StringReader(rawArp)));
737                 Arp siteArp = new Arp();
738                 siteArp.marshall(parser.getDocument().getDocumentElement());
739                 repository.update(siteArp);
740                 ArpEngine engine = new ArpEngine(repository);
741
742                 // Apply the ARP
743                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
744
745                 assertEquals("ARP application test 6: ARP not applied as expected.", inputSet, releaseSet);
746         }
747
748         /**
749          * ARPs: A site ARP any Target: Single Attribute: Two value release, canonical representation
750          */
751         void arpApplicationTest7(ArpRepository repository, Parser.DOMParser parser) throws Exception {
752
753                 // Gather the Input
754                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
755                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
756                                 + "                     <Rule>" 
757                                 + "                             <Target>" 
758                                 + "                                     <AnyTarget/>" 
759                                 + "                             </Target>"
760                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
761                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
762                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
763                                 + "                             </Attribute>" 
764                                 + "                     </Rule>"
765                                 + "     </AttributeReleasePolicy>";
766
767                 Principal principal1 = new LocalPrincipal("TestPrincipal");
768
769                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
770                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
771                                                 "faculty@example.edu", "employee@example.edu"})));
772                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
773                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
774                                                 "faculty@example.edu"}));
775
776                 // Setup the engine
777                 parser.parse(new InputSource(new StringReader(rawArp)));
778                 Arp siteArp = new Arp();
779                 siteArp.marshall(parser.getDocument().getDocumentElement());
780                 repository.update(siteArp);
781                 ArpEngine engine = new ArpEngine(repository);
782
783                 // Apply the ARP
784                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
785
786                 assertEquals("ARP application test 3: ARP not applied as expected.", inputSet, releaseSet);
787         }
788
789         /**
790          * ARPs: A site ARP any Target: Single Attribute: Two value release, expanded representation
791          */
792         void arpApplicationTest8(ArpRepository repository, Parser.DOMParser parser) throws Exception {
793
794                 // Gather the Input
795                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
796                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
797                                 + "                     <Rule>" 
798                                 + "                             <Target>" 
799                                 + "                                     <AnyTarget/>" 
800                                 + "                             </Target>"
801                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
802                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
803                                 + "                             </Attribute>"
804                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
805                                 + "                                     <Value release=\"permit\">faculty@example.edu</Value>" 
806                                 + "                             </Attribute>" 
807                                 + "                     </Rule>"
808                                 + "     </AttributeReleasePolicy>";
809
810                 Principal principal1 = new LocalPrincipal("TestPrincipal");
811
812                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
813                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
814                                                 "faculty@example.edu", "employee@example.edu"})));
815                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
816                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
817                                                 "faculty@example.edu"}));
818
819                 // Setup the engine
820                 parser.parse(new InputSource(new StringReader(rawArp)));
821                 Arp siteArp = new Arp();
822                 siteArp.marshall(parser.getDocument().getDocumentElement());
823                 repository.update(siteArp);
824                 ArpEngine engine = new ArpEngine(repository);
825
826                 // Apply the ARP
827                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
828
829                 assertEquals("ARP application test 8: ARP not applied as expected.", inputSet, releaseSet);
830         }
831
832         /**
833          * ARPs: A site ARP any Target: Single Attribute: Any value deny
834          */
835         void arpApplicationTest9(ArpRepository repository, Parser.DOMParser parser) throws Exception {
836
837                 // Gather the Input
838                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
839                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
840                                 + "                     <Rule>" 
841                                 + "                             <Target>" 
842                                 + "                                     <AnyTarget/>" 
843                                 + "                             </Target>"
844                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
845                                 + "                                     <AnyValue release=\"deny\"/>" 
846                                 + "                             </Attribute>" 
847                                 + "                     </Rule>"
848                                 + "     </AttributeReleasePolicy>";
849
850                 Principal principal1 = new LocalPrincipal("TestPrincipal");
851
852                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
853                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
854                                                 "faculty@example.edu"})));
855
856                 // Setup the engine
857                 parser.parse(new InputSource(new StringReader(rawArp)));
858                 Arp siteArp = new Arp();
859                 siteArp.marshall(parser.getDocument().getDocumentElement());
860                 repository.update(siteArp);
861                 ArpEngine engine = new ArpEngine(repository);
862
863                 // Apply the ARP
864                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
865
866                 assertEquals("ARP application test 9: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
867         }
868
869         /**
870          * ARPs: A site ARP any Target: Single Attribute: Any value deny trumps explicit permit expanded representation
871          */
872         void arpApplicationTest10(ArpRepository repository, Parser.DOMParser parser) throws Exception {
873
874                 // Gather the Input
875                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
876                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
877                                 + "                     <Rule>" 
878                                 + "                             <Target>" 
879                                 + "                                     <AnyTarget/>" 
880                                 + "                             </Target>"
881                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
882                                 + "                                     <AnyValue release=\"deny\"/>" 
883                                 + "                             </Attribute>"
884                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
885                                 + "                                     <Value release=\"permit\">member@example.edu</Value>" 
886                                 + "                             </Attribute>" 
887                                 + "                     </Rule>"
888                                 + "     </AttributeReleasePolicy>";
889
890                 Principal principal1 = new LocalPrincipal("TestPrincipal");
891
892                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
893                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
894                                                 "faculty@example.edu"})));
895
896                 // Setup the engine
897                 parser.parse(new InputSource(new StringReader(rawArp)));
898                 Arp siteArp = new Arp();
899                 siteArp.marshall(parser.getDocument().getDocumentElement());
900                 repository.update(siteArp);
901                 ArpEngine engine = new ArpEngine(repository);
902
903                 // Apply the ARP
904                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
905
906                 assertEquals("ARP application test 10: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
907         }
908         /**
909          * ARPs: A site ARP any Target: single Attribute: Any value deny trumps explicit permit canonical representation
910          */
911         void arpApplicationTest11(ArpRepository repository, Parser.DOMParser parser) throws Exception {
912
913                 // Gather the Input
914                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
915                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
916                                 + "                     <Rule>" 
917                                 + "                             <Target>" 
918                                 + "                                     <AnyTarget/>" 
919                                 + "                             </Target>"
920                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
921                                 + "                                     <AnyValue release=\"deny\"/>" 
922                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
923                                 + "                             </Attribute>" 
924                                 + "                     </Rule>" 
925                                 + "     </AttributeReleasePolicy>";
926
927                 Principal principal1 = new LocalPrincipal("TestPrincipal");
928
929                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
930                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
931                                                 "faculty@example.edu"})));
932
933                 // Setup the engine
934                 parser.parse(new InputSource(new StringReader(rawArp)));
935                 Arp siteArp = new Arp();
936                 siteArp.marshall(parser.getDocument().getDocumentElement());
937                 repository.update(siteArp);
938                 ArpEngine engine = new ArpEngine(repository);
939
940                 // Apply the ARP
941                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
942
943                 assertEquals("ARP application test 11: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
944         }
945
946         /**
947          * ARPs: Test release to a specific requester
948          */
949         void arpApplicationTest12(ArpRepository repository, Parser.DOMParser parser) throws Exception {
950
951                 // Gather the Input
952                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
953                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
954                                 + "                     <Rule>" 
955                                 + "                             <Target>" 
956                                 + "                                     <Requester>shar.example.edu</Requester>"
957                                 + "                             </Target>"
958                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
959                                 + "                                     <AnyValue release=\"permit\"/>" 
960                                 + "                             </Attribute>" 
961                                 + "                     </Rule>"
962                                 + "     </AttributeReleasePolicy>";
963
964                 Principal principal1 = new LocalPrincipal("TestPrincipal");
965
966                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
967                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
968                                                 "faculty@example.edu"})));
969                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
970                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
971                                                 "faculty@example.edu"}));
972
973                 // Setup the engine
974                 parser.parse(new InputSource(new StringReader(rawArp)));
975                 Arp siteArp = new Arp();
976                 siteArp.marshall(parser.getDocument().getDocumentElement());
977                 repository.update(siteArp);
978                 ArpEngine engine = new ArpEngine(repository);
979
980                 // Apply the ARP
981                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
982
983                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
984         }
985         /**
986          * ARPs: Test release to multiple specific requesters
987          */
988         void arpApplicationTest13(ArpRepository repository, Parser.DOMParser parser) throws Exception {
989
990                 // Gather the Input
991                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
992                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
993                                 + "                     <Rule>" 
994                                 + "                             <Target>" 
995                                 + "                                     <Requester>shar.example.edu</Requester>"
996                                 + "                                     <Requester>http://foo.example.edu</Requester>"
997                                 + "                             </Target>"
998                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
999                                 + "                                     <AnyValue release=\"permit\"/>" 
1000                                 + "                             </Attribute>" 
1001                                 + "                     </Rule>"
1002                                 + "     </AttributeReleasePolicy>";
1003
1004                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1005
1006                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1007                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1008                                                 "faculty@example.edu"})));
1009                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1010                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1011                                                 "faculty@example.edu"}));
1012
1013                 // Setup the engine
1014                 parser.parse(new InputSource(new StringReader(rawArp)));
1015                 Arp siteArp = new Arp();
1016                 siteArp.marshall(parser.getDocument().getDocumentElement());
1017                 repository.update(siteArp);
1018                 ArpEngine engine = new ArpEngine(repository);
1019
1020                 // Apply the ARP
1021                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1022
1023                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1024                 
1025                 // Try for the 2nd requester
1026                 inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1027                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1028                                                 "faculty@example.edu"})));
1029                 
1030                 engine.filterAttributes(inputSet, principal1, "http://foo.example.edu");
1031                 assertEquals("ARP application test 12: ARP not applied as expected.", inputSet, releaseSet);
1032         }
1033
1034         /**
1035          * ARPs: Specific requester (no match)
1036          */
1037         void arpApplicationTest14(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1038
1039                 // Gather the Input
1040                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1041                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1042                                 + "                     <Rule>" 
1043                                 + "                             <Target>" 
1044                                 + "                                     <Requester>shar.example.edu</Requester>"
1045                                 + "                             </Target>"
1046                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1047                                 + "                                     <AnyValue release=\"permit\"/>" 
1048                                 + "                             </Attribute>" 
1049                                 + "                     </Rule>"
1050                                 + "     </AttributeReleasePolicy>";
1051
1052                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1053
1054                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1055                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1056                                                 "faculty@example.edu"})));
1057
1058                 // Setup the engine
1059                 parser.parse(new InputSource(new StringReader(rawArp)));
1060                 Arp siteArp = new Arp();
1061                 siteArp.marshall(parser.getDocument().getDocumentElement());
1062                 repository.update(siteArp);
1063                 ArpEngine engine = new ArpEngine(repository);
1064
1065                 // Apply the ARP
1066                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1067
1068                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1069         }
1070         /**
1071          * ARPs: Multiple specific requesters (no match)
1072          */
1073         void arpApplicationTest15(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1074
1075                 // Gather the Input
1076                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1077                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1078                                 + "                     <Rule>" 
1079                                 + "                             <Target>" 
1080                                 + "                                     <Requester>shar.example.edu</Requester>"
1081                                 + "                                     <Requester>http://foo.example.edu</Requester>"
1082                                 + "                             </Target>"
1083                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1084                                 + "                                     <AnyValue release=\"permit\"/>" 
1085                                 + "                             </Attribute>" 
1086                                 + "                     </Rule>"
1087                                 + "     </AttributeReleasePolicy>";
1088
1089                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1090
1091                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1092                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1093                                                 "faculty@example.edu"})));
1094
1095                 // Setup the engine
1096                 parser.parse(new InputSource(new StringReader(rawArp)));
1097                 Arp siteArp = new Arp();
1098                 siteArp.marshall(parser.getDocument().getDocumentElement());
1099                 repository.update(siteArp);
1100                 ArpEngine engine = new ArpEngine(repository);
1101
1102                 // Apply the ARP
1103                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1104
1105                 assertEquals("ARP application test 14: ARP not applied as expected.", inputSet, new ArrayList<AAAttribute>());
1106         }
1107
1108         /**
1109          * ARPs: A site ARP only Target: Multiple matching rules Attribute: various
1110          */
1111         void arpApplicationTest17(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1112
1113                 // Gather the Input
1114                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1115                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1116                                 + "                     <Rule>"
1117                                 + "                             <Target>"
1118                                 + "                                     <AnyTarget />"
1119                                 + "                             </Target>"
1120                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1121                                 + "                                     <AnyValue release=\"permit\"/>"
1122                                 + "                             </Attribute>"
1123                                 + "                     </Rule>"
1124                                 + "                     <Rule>"
1125                                 + "                             <Target>"
1126                                 + "                                     <Requester>shar1.example.edu</Requester>"
1127                                 + "                             </Target>"
1128                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1129                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>"
1130                                 + "                             </Attribute>"
1131                                 + "                     </Rule>"
1132                                 + "                     <Rule>"
1133                                 + "                             <Target>"
1134                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">shar[1-9]\\.example\\.edu</Requester>"
1135                                 + "                             </Target>" 
1136                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1137                                 + "                                     <AnyValue release=\"permit\"/>" 
1138                                 + "                             </Attribute>" 
1139                                 + "                     </Rule>"
1140                                 + "     </AttributeReleasePolicy>";
1141
1142                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1143                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1144                                 .asList(new AAAttribute[]{
1145                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1146                                                                 "member@example.edu", "faculty@example.edu"}),
1147                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1148                                                                 new Object[]{"wassa@columbia.edu"})}));
1149
1150                 Collection<AAAttribute> releaseSet = Arrays
1151                                 .asList(new AAAttribute[]{
1152                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation",
1153                                                                 new Object[]{"member@example.edu"}),
1154                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1155                                                                 new Object[]{"wassa@columbia.edu"})});
1156
1157                 // Setup the engine
1158                 parser.parse(new InputSource(new StringReader(rawArp)));
1159                 Arp siteArp = new Arp();
1160                 siteArp.marshall(parser.getDocument().getDocumentElement());
1161                 repository.update(siteArp);
1162                 ArpEngine engine = new ArpEngine(repository);
1163
1164                 // Apply the ARP
1165                 engine.filterAttributes(inputSet, principal1, "shar1.example.edu");
1166
1167                 assertEquals("ARP application test 17: ARP not applied as expected.", inputSet, releaseSet);
1168         }
1169
1170         /**
1171          * ARPs: A site ARP any Target: Any Attribute: Any value release of two attributes in one rule
1172          */
1173         void arpApplicationTest18(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1174
1175                 // Gather the Input
1176                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1177                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1178                                 + "                     <Rule>" 
1179                                 + "                             <Target>" 
1180                                 + "                                     <AnyTarget/>" 
1181                                 + "                             </Target>"
1182                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1183                                 + "                                     <AnyValue release=\"permit\"/>" 
1184                                 + "                             </Attribute>"
1185                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1186                                 + "                                     <AnyValue release=\"permit\"/>" 
1187                                 + "                             </Attribute>" 
1188                                 + "                     </Rule>"
1189                                 + "     </AttributeReleasePolicy>";
1190
1191                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1192
1193                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1194                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1195                                                 "faculty@example.edu"}),
1196                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1197                                                 new Object[]{"mehoehn@example.edu"})}));
1198
1199                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1200                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1201                                                 "faculty@example.edu"}),
1202                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1203                                                 new Object[]{"mehoehn@example.edu"})});
1204
1205                 // Setup the engine
1206                 parser.parse(new InputSource(new StringReader(rawArp)));
1207                 Arp siteArp = new Arp();
1208                 siteArp.marshall(parser.getDocument().getDocumentElement());
1209                 repository.update(siteArp);
1210                 ArpEngine engine = new ArpEngine(repository);
1211
1212                 // Apply the ARP
1213                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1214
1215                 assertEquals("ARP application test 18: ARP not applied as expected.", inputSet, releaseSet);
1216         }
1217
1218         /**
1219          * ARPs: A user ARP any Target: Single Attribute: Any value release,
1220          */
1221         void arpApplicationTest19(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1222
1223                 // Gather the Input
1224                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1225                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1226                                 + "                     <Rule>" 
1227                                 + "                             <Target>" 
1228                                 + "                                     <AnyTarget/>" 
1229                                 + "                             </Target>"
1230                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1231                                 + "                                     <AnyValue release=\"permit\"/>" 
1232                                 + "                             </Attribute>" 
1233                                 + "                     </Rule>"
1234                                 + "     </AttributeReleasePolicy>";
1235
1236                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1237
1238                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1239                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1240                                                 "faculty@example.edu"})));
1241                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1242                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu",
1243                                                 "faculty@example.edu"}));
1244
1245                 // Setup the engine
1246                 parser.parse(new InputSource(new StringReader(rawArp)));
1247                 Arp userArp = new Arp();
1248                 userArp.setPrincipal(principal1);
1249                 userArp.marshall(parser.getDocument().getDocumentElement());
1250                 repository.update(userArp);
1251                 ArpEngine engine = new ArpEngine(repository);
1252
1253                 // Apply the ARP
1254                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1255
1256                 assertEquals("ARP application test 19: ARP not applied as expected.", inputSet, releaseSet);
1257         }
1258
1259         /**
1260          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations
1261          */
1262         void arpApplicationTest20(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1263
1264                 // Gather the Input
1265                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1266                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1267                                 + "                     <Rule>"
1268                                 + "                             <Target>"
1269                                 + "                                     <AnyTarget/>"
1270                                 + "                             </Target>"
1271                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1272                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1273                                 + "                             </Attribute>"
1274                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1275                                 + "                                     <AnyValue release=\"permit\" />"
1276                                 + "                             </Attribute>"
1277                                 + "                     </Rule>"
1278                                 + "                     <Rule>"
1279                                 + "                             <Target>"
1280                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1281                                 + "                             </Target>"
1282                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1283                                 + "                                     <AnyValue release=\"permit\"/>" 
1284                                 + "                             </Attribute>" 
1285                                 + "                     </Rule>" 
1286                                 + "                     <Rule>"
1287                                 + "                             <Target>" 
1288                                 + "                                     <Requester>www.example.edu</Requester>"
1289                                 + "                             </Target>"
1290                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1291                                 + "                                     <AnyValue release=\"permit\"/>" 
1292                                 + "                             </Attribute>"
1293                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1294                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1295                                 + "                             </Attribute>"
1296                                 + "                     </Rule>" 
1297                                 + "                     <Rule>" 
1298                                 + "                             <Target>" 
1299                                 + "                                     <Requester>www.external.com</Requester>"
1300                                 + "                             </Target>"
1301                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1302                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1303                                 + "                             </Attribute>"
1304                                 + "                     </Rule>" 
1305                                 + "     </AttributeReleasePolicy>";
1306
1307                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1308                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1309                                 + "                     <Rule>"
1310                                 + "                             <Target>"
1311                                 + "                                     <AnyTarget/>"
1312                                 + "                             </Target>"
1313                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1314                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1315                                 + "                             </Attribute>"
1316                                 + "                     </Rule>"
1317                                 + "                     <Rule>"
1318                                 + "                             <Target>"
1319                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1320                                 + "                             </Target>"
1321                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1322                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1323                                 + "                             </Attribute>"
1324                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1325                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1326                                 + "                             </Attribute>"
1327                                 + "                     </Rule>" 
1328                                 + "     </AttributeReleasePolicy>";
1329
1330                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1331
1332                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1333                                 .asList(new AAAttribute[]{
1334                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1335                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1336                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1337                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1338                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1339                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1340                                                                 new Object[]{"wassa@example.edu"}),
1341                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1342
1343                 Collection<AAAttribute> releaseSet = Arrays
1344                                 .asList(new AAAttribute[]{
1345                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1346                                                                 "urn:example:lovesIceCream", "urn:example:contract:4657483"}),
1347                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1348                                                                 "member@example.edu", "employee@example.edu"}),
1349                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1350                                                                 new Object[]{"wassa@example.edu"}),
1351                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1352
1353                 // Add the site ARP
1354                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1355                 Arp siteArp = new Arp();
1356                 siteArp.marshall(parser.getDocument().getDocumentElement());
1357                 repository.update(siteArp);
1358
1359                 // Add the user ARP
1360                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1361                 Arp userArp = new Arp();
1362                 userArp.setPrincipal(principal1);
1363                 userArp.marshall(parser.getDocument().getDocumentElement());
1364                 repository.update(userArp);
1365
1366                 ArpEngine engine = new ArpEngine(repository);
1367
1368                 // Apply the ARP
1369                 engine.filterAttributes(inputSet, principal1, "www.example.edu");
1370
1371                 assertEquals("ARP application test 20: ARP not applied as expected.", inputSet, releaseSet);
1372         }
1373         /**
1374          * ARPs: A site ARP and user ARP Target: various Attribute: various combinations (same ARPs as 20, different
1375          * requester)
1376          */
1377         void arpApplicationTest21(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1378
1379                 // Gather the Input
1380                 String rawSiteArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1381                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1382                                 + "                     <Rule>"
1383                                 + "                             <Target>"
1384                                 + "                                     <AnyTarget/>"
1385                                 + "                             </Target>"
1386                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1387                                 + "                                     <Value release=\"permit\">member@example.edu</Value>"
1388                                 + "                             </Attribute>"
1389                                 + "                             <Attribute name=\"urn:mace:inetOrgPerson:preferredLanguage\">"
1390                                 + "                                     <AnyValue release=\"permit\" />"
1391                                 + "                             </Attribute>"
1392                                 + "                     </Rule>"
1393                                 + "                     <Rule>"
1394                                 + "                             <Target>"
1395                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>"
1396                                 + "                             </Target>"
1397                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonPrincipalName\">"
1398                                 + "                                     <AnyValue release=\"permit\"/>" 
1399                                 + "                             </Attribute>" 
1400                                 + "                     </Rule>" 
1401                                 + "                     <Rule>"
1402                                 + "                             <Target>" 
1403                                 + "                                     <Requester>www.example.edu</Requester>"
1404                                 + "                             </Target>"
1405                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1406                                 + "                                     <AnyValue release=\"permit\"/>" 
1407                                 + "                             </Attribute>"
1408                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1409                                 + "                                     <Value release=\"permit\">urn:example:contract:4657483</Value>" 
1410                                 + "                             </Attribute>"
1411                                 + "                     </Rule>" 
1412                                 + "                     <Rule>" 
1413                                 + "                             <Target>" 
1414                                 + "                                     <Requester>www.external.com</Requester>"
1415                                 + "                             </Target>"
1416                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1417                                 + "                                     <Value release=\"permit\">urn:example:contract:113455</Value>" 
1418                                 + "                             </Attribute>"
1419                                 + "                     </Rule>" 
1420                                 + "     </AttributeReleasePolicy>";
1421
1422                 String rawUserArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1423                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1424                                 + "                     <Rule>"
1425                                 + "                             <Target>"
1426                                 + "                                     <AnyTarget/>"
1427                                 + "                             </Target>"
1428                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1429                                 + "                                     <Value release=\"deny\">urn:example:poorlyDressed</Value>"
1430                                 + "                             </Attribute>"
1431                                 + "                     </Rule>"
1432                                 + "                     <Rule>"
1433                                 + "                             <Target>"
1434                                 + "                                     <Requester matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">.*\\.example\\.edu</Requester>" 
1435                                 + "                             </Target>"
1436                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1437                                 + "                                     <Value release=\"deny\">faculty@example.edu</Value>" 
1438                                 + "                             </Attribute>"
1439                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1440                                 + "                                     <Value release=\"permit\">urn:example:lovesIceCream</Value>" 
1441                                 + "                             </Attribute>"
1442                                 + "                     </Rule>" 
1443                                 + "     </AttributeReleasePolicy>";
1444
1445                 Principal principal1 = new LocalPrincipal("TestPrincipal");
1446
1447                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays
1448                                 .asList(new AAAttribute[]{
1449                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{
1450                                                                 "urn:example:lovesIceCream", "urn:example:poorlyDressed",
1451                                                                 "urn:example:contract:113455", "urn:example:contract:4657483"}),
1452                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{
1453                                                                 "member@example.edu", "faculty@example.edu", "employee@example.edu"}),
1454                                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonPrincipalName",
1455                                                                 new Object[]{"wassa@example.edu"}),
1456                                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})}));
1457
1458                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute[]{
1459                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement",
1460                                                 new Object[]{"urn:example:contract:113455"}),
1461                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member@example.edu"}),
1462                                 new AAAttribute("urn:mace:inetOrgPerson:preferredLanguage", new Object[]{"EO"})});
1463
1464                 // Add the site ARP
1465                 parser.parse(new InputSource(new StringReader(rawSiteArp)));
1466                 Arp siteArp = new Arp();
1467                 siteArp.marshall(parser.getDocument().getDocumentElement());
1468                 repository.update(siteArp);
1469
1470                 // Add the user ARP
1471                 parser.parse(new InputSource(new StringReader(rawUserArp)));
1472                 Arp userArp = new Arp();
1473                 userArp.setPrincipal(principal1);
1474                 userArp.marshall(parser.getDocument().getDocumentElement());
1475                 repository.update(userArp);
1476
1477                 ArpEngine engine = new ArpEngine(repository);
1478
1479                 // Apply the ARP
1480                 engine.filterAttributes(inputSet, principal1, "www.external.com");
1481
1482                 assertEquals("ARP application test 21: ARP not applied as expected.", inputSet, releaseSet);
1483         }
1484
1485         /**
1486          * ARPs: A site ARP any Target: Specific requester: Release values by regex
1487          */
1488         void arpApplicationTest22(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1489
1490                 // Gather the Input
1491                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1492                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1493                                 + "                     <Rule>"
1494                                 + "                             <Target>"
1495                                 + "                                     <Requester>shar.example.edu</Requester>"
1496                                 + "                             </Target>"
1497                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1498                                 + "                                     <Value release=\"permit\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1499                                 + "                             </Attribute>"
1500                                 + "                     </Rule>" 
1501                                 + "     </AttributeReleasePolicy>";
1502
1503                 Principal principal1 = new LocalPrincipal("Test2Principal");
1504
1505                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1506                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1507                                                 "urn:x:adagio", "urn:x:awol"})));
1508                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1509                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:adagio", "urn:x:awol"}));
1510
1511                 // Setup the engine
1512                 parser.parse(new InputSource(new StringReader(rawArp)));
1513                 Arp siteArp = new Arp();
1514                 siteArp.marshall(parser.getDocument().getDocumentElement());
1515                 repository.update(siteArp);
1516                 ArpEngine engine = new ArpEngine(repository);
1517
1518                 // Apply the ARP
1519                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1520
1521                 assertEquals("ARP application test 22: ARP not applied as expected.", inputSet, releaseSet);
1522         }
1523
1524         /**
1525          * ARPs: A site ARP any Target: Specific shar, Attribute: Deny specific values by regex
1526          */
1527         void arpApplicationTest23(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1528
1529                 // Gather the Input
1530                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1531                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1532                                 + "                     <Rule>"
1533                                 + "                             <Target>"
1534                                 + "                                     <Requester>shar.example.edu</Requester>"
1535                                 + "                             </Target>"
1536                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1537                                 + "                                     <AnyValue release=\"permit\" />"
1538                                 + "                                     <Value release=\"deny\" matchFunction=\"urn:mace:shibboleth:arp:matchFunction:regexMatch\">^urn:x:a.+$</Value>"
1539                                 + "                             </Attribute>" + "                       </Rule>" + "    </AttributeReleasePolicy>";
1540
1541                 Principal principal1 = new LocalPrincipal("Test2Principal");
1542
1543                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute(
1544                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar",
1545                                                 "urn:x:adagio", "urn:x:awol"})));
1546                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1547                                 "urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:a", "urn:x:foo", "urn:x:bar"}));
1548
1549                 // Setup the engine
1550                 parser.parse(new InputSource(new StringReader(rawArp)));
1551                 Arp siteArp = new Arp();
1552                 siteArp.marshall(parser.getDocument().getDocumentElement());
1553                 repository.update(siteArp);
1554                 ArpEngine engine = new ArpEngine(repository);
1555
1556                 // Apply the ARP
1557                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1558
1559                 assertEquals("ARP application test 23: ARP not applied as expected.", inputSet, releaseSet);
1560         }
1561
1562         /**
1563          * ARPs: A site ARP Specific requester, Attribute: No matches on specific values should
1564          * yield no attribute
1565          */
1566         void arpApplicationTest24(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1567
1568                 // Gather the Input
1569                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1570                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1571                                 + "                     <Rule>" 
1572                                 + "                             <Target>" 
1573                                 + "                                     <Requester>shar.example.edu</Requester>"
1574                                 + "                             </Target>"
1575                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonAffiliation\">"
1576                                 + "                                     <AnyValue release=\"permit\" />" 
1577                                 + "                             </Attribute>"
1578                                 + "                             <Attribute name=\"urn:mace:dir:attribute-def:eduPersonEntitlement\">"
1579                                 + "                                     <Value release=\"permit\">urn:x:foo</Value>" 
1580                                 + "                             </Attribute>" 
1581                                 + "                     </Rule>"
1582                                 + "     </AttributeReleasePolicy>";
1583
1584                 Principal principal1 = new LocalPrincipal("Test2Principal");
1585
1586                 Collection<AAAttribute> inputSet = new ArrayList<AAAttribute>(Arrays.asList(new AAAttribute[]{
1587                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonEntitlement", new Object[]{"urn:x:bar",
1588                                                 "urn:x:adagio"}),
1589                                 new AAAttribute("urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"})}));
1590                 Collection<AAAttribute> releaseSet = Arrays.asList(new AAAttribute(
1591                                 "urn:mace:dir:attribute-def:eduPersonAffiliation", new Object[]{"member"}));
1592
1593                 // Setup the engine
1594                 parser.parse(new InputSource(new StringReader(rawArp)));
1595                 Arp siteArp = new Arp();
1596                 siteArp.marshall(parser.getDocument().getDocumentElement());
1597                 repository.update(siteArp);
1598                 ArpEngine engine = new ArpEngine(repository);
1599
1600                 // Apply the ARP
1601                 engine.filterAttributes(inputSet, principal1, "shar.example.edu");
1602
1603                 assertEquals("ARP application test 24: ARP not applied as expected.", inputSet, releaseSet);
1604         }
1605
1606
1607          /**
1608          * Use Case: must have an attribute
1609          * Example:  release uid only if user has any value for attribute "foo"
1610          */
1611         void arpConstraintTest1(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1612
1613                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1614                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1615                                 + "         <Rule>" 
1616                                 + "             <Constraint"
1617                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1618                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:anyValueMatch\""
1619                                 + "                                     matches=\"any\"/>"
1620                                 + "             <Target>" 
1621                                 + "                 <AnyTarget/>" 
1622                                 + "             </Target>"
1623                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1624                                 + "                 <AnyValue release=\"permit\"/>" 
1625                                 + "             </Attribute>" 
1626                                 + "         </Rule>"
1627                                 + " </AttributeReleasePolicy>";
1628
1629                 // Setup the engine
1630                 parser.parse(new InputSource(new StringReader(rawArp)));
1631                 Arp siteArp = new Arp();
1632                 siteArp.marshall(parser.getDocument().getDocumentElement());
1633                 repository.update(siteArp);
1634                 ArpEngine engine = new ArpEngine(repository);
1635
1636                 Principal principal = new LocalPrincipal("TestPrincipal");
1637
1638                 // test user who meets constraint
1639                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1640                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1641                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1642
1643                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1644                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1645
1646                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1647                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1648
1649                 // test user who does not meet constraint
1650                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1651                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1652
1653                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1654
1655                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1656                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1657
1658         }
1659         
1660          /**
1661          * Use Case: must have an attribute value
1662          * Example:  release uid only if user has a specific value for attribute "foo"
1663          */
1664         void arpConstraintTest2(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1665
1666                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1667                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1668                                 + "         <Rule>" 
1669                                 + "             <Constraint"
1670                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1671                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1672                                 + "                                     matches=\"any\">bar</Constraint>"
1673                                 + "             <Target>" 
1674                                 + "                 <AnyTarget/>" 
1675                                 + "             </Target>"
1676                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1677                                 + "                 <AnyValue release=\"permit\"/>" 
1678                                 + "             </Attribute>" 
1679                                 + "         </Rule>"
1680                                 + " </AttributeReleasePolicy>";
1681
1682                 // Setup the engine
1683                 parser.parse(new InputSource(new StringReader(rawArp)));
1684                 Arp siteArp = new Arp();
1685                 siteArp.marshall(parser.getDocument().getDocumentElement());
1686                 repository.update(siteArp);
1687                 ArpEngine engine = new ArpEngine(repository);
1688
1689                 Principal principal = new LocalPrincipal("TestPrincipal");
1690
1691                 // test user who meets constraint
1692                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1693                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1694                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1695
1696                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1697                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1698
1699                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1700                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1701
1702                 // test user who does not meet constraint
1703                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1704                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1705
1706                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1707
1708                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1709                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1710
1711         }
1712          /**
1713          * Use Case: must have only a specific attribute value
1714          * Example:  release uid only if user has a specific value for attribute "foo", but not if it has other values
1715          */
1716         void arpConstraintTest3(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1717
1718                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1719                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1720                                 + "         <Rule>" 
1721                                 + "             <Constraint"
1722                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1723                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1724                                 + "                                     matches=\"all\">bar</Constraint>"
1725                                 + "             <Target>" 
1726                                 + "                 <AnyTarget/>" 
1727                                 + "             </Target>"
1728                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1729                                 + "                 <AnyValue release=\"permit\"/>" 
1730                                 + "             </Attribute>" 
1731                                 + "         </Rule>"
1732                                 + " </AttributeReleasePolicy>";
1733
1734                 // Setup the engine
1735                 parser.parse(new InputSource(new StringReader(rawArp)));
1736                 Arp siteArp = new Arp();
1737                 siteArp.marshall(parser.getDocument().getDocumentElement());
1738                 repository.update(siteArp);
1739                 ArpEngine engine = new ArpEngine(repository);
1740
1741                 Principal principal = new LocalPrincipal("TestPrincipal");
1742
1743                 // test user who meets constraint
1744                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1745                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1746                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1747
1748                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1749                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1750
1751                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1752                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1753
1754                 // test user who does not meet constraint
1755                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1756                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1757
1758                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1759
1760                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1761                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1762
1763         }
1764          /**
1765          * Use Case: must have two  specific attribute values
1766          * Example:  release uid only if user has two specific value for attribute "foo", "bar" and "wee"
1767          */
1768         void arpConstraintTest4(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1769
1770                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1771                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1772                                 + "         <Rule>" 
1773                                 + "             <Constraint"
1774                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1775                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1776                                 + "                                     matches=\"any\">bar</Constraint>"
1777                                 + "             <Constraint"
1778                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1779                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1780                                 + "                                     matches=\"any\">wee</Constraint>"
1781                                 + "             <Target>" 
1782                                 + "                 <AnyTarget/>" 
1783                                 + "             </Target>"
1784                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1785                                 + "                 <AnyValue release=\"permit\"/>" 
1786                                 + "             </Attribute>" 
1787                                 + "         </Rule>"
1788                                 + " </AttributeReleasePolicy>";
1789
1790                 // Setup the engine
1791                 parser.parse(new InputSource(new StringReader(rawArp)));
1792                 Arp siteArp = new Arp();
1793                 siteArp.marshall(parser.getDocument().getDocumentElement());
1794                 repository.update(siteArp);
1795                 ArpEngine engine = new ArpEngine(repository);
1796
1797                 Principal principal = new LocalPrincipal("TestPrincipal");
1798
1799                 // test user who meets constraint
1800                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1801                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1802                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1803
1804                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1805                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1806
1807                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1808                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1809
1810                 // test user who does not meet constraint
1811                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1812                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1813
1814                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1815
1816                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1817                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1818
1819         }
1820         
1821          /**
1822          * Use Case: must not have a specific attribute value
1823          * Example:  release uid only if user does not have a specific value for attribute "foo"
1824          */
1825         void arpConstraintTest5(ArpRepository repository, Parser.DOMParser parser) throws Exception {
1826
1827                 String rawArp = "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
1828                                 + "<AttributeReleasePolicy xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns=\"urn:mace:shibboleth:arp:1.0\" xsi:schemaLocation=\"urn:mace:shibboleth:arp:1.0 shibboleth-arp-1.0.xsd\">"
1829                                 + "         <Rule>" 
1830                                 + "             <Constraint"
1831                                 + "                                     attributeName=\"urn:mace:dir:attribute-def:foo\""
1832                                 + "                                     matchFunction=\"urn:mace:shibboleth:arp:matchFunction:stringValueMatch\""
1833                                 + "                                     matches=\"none\">bar</Constraint>"
1834                                 + "             <Target>" 
1835                                 + "                 <AnyTarget/>" 
1836                                 + "             </Target>"
1837                                 + "             <Attribute name=\"urn:mace:dir:attribute-def:uid\">"
1838                                 + "                 <AnyValue release=\"permit\"/>" 
1839                                 + "             </Attribute>" 
1840                                 + "         </Rule>"
1841                                 + " </AttributeReleasePolicy>";
1842
1843                 // Setup the engine
1844                 parser.parse(new InputSource(new StringReader(rawArp)));
1845                 Arp siteArp = new Arp();
1846                 siteArp.marshall(parser.getDocument().getDocumentElement());
1847                 repository.update(siteArp);
1848                 ArpEngine engine = new ArpEngine(repository);
1849
1850                 Principal principal = new LocalPrincipal("TestPrincipal");
1851
1852                 // test user who meets constraint
1853                 Collection<AAAttribute> inputSet1 = new ArrayList<AAAttribute>();
1854                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1855                 inputSet1.add(new AAAttribute("urn:mace:dir:attribute-def:foo", new Object[]{"bar"}));
1856
1857                 Collection<AAAttribute> releaseSet1 = new ArrayList<AAAttribute>();
1858                 releaseSet1.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1859
1860                 engine.filterAttributes(inputSet1, principal, "shar.example.edu");
1861                 assertEquals("ARP application test 1a: ARP not applied as expected.", releaseSet1, inputSet1);
1862
1863                 // test user who does not meet constraint
1864                 Collection<AAAttribute> inputSet2 = new ArrayList<AAAttribute>();
1865                 inputSet2.add(new AAAttribute("urn:mace:dir:attribute-def:uid", new Object[]{"gpburdell"}));
1866
1867                 Collection<AAAttribute> releaseSet2 = new ArrayList<AAAttribute>();
1868
1869                 engine.filterAttributes(inputSet2, principal, "shar.example.edu");
1870                 assertEquals("ARP application test 1b: ARP not applied as expected.", releaseSet2, inputSet2);
1871
1872         }
1873 }