private static XElement SerializeScope(PolicyScope scope)
{
XElement scopeElement = new XElement("scope");
scopeElement.SetAttributeValue("uri", scope.Uri.ToString());
XElement claimTypesElement = new XElement("claimTypes");
scopeElement.Add(claimTypesElement);
foreach (var claimType in scope.ClaimTypes)
{
claimTypesElement.Add(SerializaClaimType(claimType));
}
XElement issuersElement = new XElement("issuers");
scopeElement.Add(issuersElement);
foreach (var issuer in scope.Issuers)
{
issuersElement.Add(SerializaIssuer(issuer));
}
XElement rulesElement = new XElement("rules");
scopeElement.Add(rulesElement);
foreach (var rule in scope.Rules)
{
rulesElement.Add(SerializaRule(rule));
}
return(scopeElement);
}
public void ShouldMatchInputClaim()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim");
OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue");
PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);
var policyScope = new PolicyScope(new Uri("http://myScope"), new[] { rule });
policyScope.AddIssuer(new Issuer("http://originalIssuer", string.Empty, "OriginalIssuer"));
store.RetrieveScopesReturnValue = new List <PolicyScope>()
{
policyScope
};
IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer", "http://originalIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value);
Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Issuer);
Assert.AreEqual("OriginalIssuer", evaluatedOutputClaims.ElementAt(0).OriginalIssuer);
}
public void PolicyScopeMatchResult(PolicyScope scope, ScopeMatchResult result)
{
this.logger.Log(
LogLevel.Diagnostic,
"Policy scope {0} {1} {2}",
scope.DisplayName,
result.Success ? "matches" : "does not match",
result.Arguments);
}
private static PolicyScope RetrievePolicyScope()
{
var scope = new PolicyScope(new Uri("http://localhost/tests"));
scope.ClaimTypes.Add(sampleClaimType);
scope.Issuers.Add(sampleIssuer);
return(scope);
}
public void ShouldPassEvaluateRuleIfCopyOutputValueFromInputIssuer()
{
var store = new XmlPolicyStore("My Xml Store Path", new MockXmlRepository(@"content\integrationTest2.xml"));
PolicyScope scope = store.RetrieveScope(new Uri("http://localhost/1"));
var issuer = scope.Issuers.ElementAt(0);
IList <InputPolicyClaim> inputClaims = new List <InputPolicyClaim>();
ClaimType claimType = new ClaimType("http://myClaimType", "myClaimType");
inputClaims.Add(new InputPolicyClaim(issuer, claimType, "*"));
PolicyRule newRule = new PolicyRule(AssertionsMatch.Any, inputClaims, new OutputPolicyClaim(claimType, string.Empty, CopyFromConstants.InputIssuer));
store.AddPolicyRule(new Uri("http://localhost/1"), newRule);
string claimValue = "myInputClaimValue33";
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
Claim inputClaim = new Claim("http://myClaimType", claimValue, string.Empty, "http://myIssuer1");
IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://localhost/1"), new[] { inputClaim });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual("http://myClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
}
public void ShouldMatchInputClaim()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim");
OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue");
PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);
var policyScope = new PolicyScope(new Uri("http://myScope"), new[] { rule });
policyScope.AddIssuer(new Issuer("http://originalIssuer", string.Empty, "OriginalIssuer"));
store.RetrieveScopesReturnValue = new List<PolicyScope>() { policyScope };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer", "http://originalIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value);
Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Issuer);
Assert.AreEqual("OriginalIssuer", evaluatedOutputClaims.ElementAt(0).OriginalIssuer);
}
public IEnumerable <Claim> Evaluate(Uri scope, IEnumerable <Claim> inputClaims)
{
if (scope == null)
{
throw new ArgumentNullException(nameof(scope));
}
if (!inputClaims.Any())
{
return(Enumerable.Empty <Claim>());
}
IEnumerable <PolicyScope> policyScopes = this.store.RetrieveScopes();
PolicyScope mappingScope = policyScopes.FirstOrDefault(s => s.Uri == scope);
if (mappingScope == null)
{
throw new ClaimsPolicyEvaluationException(string.Format(CultureInfo.CurrentUICulture, Resources.ScopeNotFound, scope));
}
return(MapClaims(inputClaims, mappingScope));
}
private static PolicyScope RetrieveScope(XElement scopeElement)
{
IDictionary <string, string> claimTypes = RetrieveReferences(scopeElement.Element("claimTypes"), "claimType", "displayName", "fullName");
IDictionary <string, Issuer> issuers = new Dictionary <string, Issuer>();
PolicyScope scope = new PolicyScope(new Uri(scopeElement.Attribute("uri").Value), new List <PolicyRule>());
var issuerElements = scopeElement.Element("issuers").Descendants("issuer");
foreach (var item in issuerElements)
{
Issuer issuer = new Issuer(
item.Attribute("uri").Value,
item.Attribute("thumbprint").Value.ToUpperInvariant(),
item.Attribute("displayName").Value);
scope.AddIssuer(issuer);
issuers.Add(issuer.DisplayName, issuer);
}
foreach (var item in claimTypes)
{
scope.AddClaimType(new ClaimType(item.Value, item.Key));
}
foreach (XElement ruleElement in scopeElement.Element("rules").Descendants("rule"))
{
AssertionsMatch assertionsMatch = RetrieveRuleAssertionsMatch(ruleElement);
IEnumerable <InputPolicyClaim> inputClaims = RetrieveInputClaims(ruleElement, issuers, claimTypes);
OutputPolicyClaim outputClaim = RetrieveOutputClaim(ruleElement, claimTypes);
scope.AddRule(new PolicyRule(assertionsMatch, inputClaims, outputClaim));
}
return(scope);
}
/// <inheritdoc/>
public string ToDelimitedString()
{
CultureInfo culture = CultureInfo.CurrentCulture;
return(string.Format(
culture,
StringHelper.StringFormatSequence(0, 73, Configuration.FieldSeparator),
Id,
InsuredsEmployeeId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsEmployeeId.Select(x => x.ToDelimitedString())) : null,
InsuredsSocialSecurityNumber,
InsuredsEmployersNameAndId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsEmployersNameAndId.Select(x => x.ToDelimitedString())) : null,
EmployerInformationData?.ToDelimitedString(),
MailClaimParty != null ? string.Join(Configuration.FieldRepeatSeparator, MailClaimParty.Select(x => x.ToDelimitedString())) : null,
MedicareHealthInsCardNumber,
MedicaidCaseName != null ? string.Join(Configuration.FieldRepeatSeparator, MedicaidCaseName.Select(x => x.ToDelimitedString())) : null,
MedicaidCaseNumber,
MilitarySponsorName != null ? string.Join(Configuration.FieldRepeatSeparator, MilitarySponsorName.Select(x => x.ToDelimitedString())) : null,
MilitaryIdNumber,
DependentOfMilitaryRecipient?.ToDelimitedString(),
MilitaryOrganization,
MilitaryStation,
MilitaryService?.ToDelimitedString(),
MilitaryRankGrade?.ToDelimitedString(),
MilitaryStatus?.ToDelimitedString(),
MilitaryRetireDate.HasValue ? MilitaryRetireDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
MilitaryNonAvailCertOnFile,
BabyCoverage,
CombineBabyBill,
BloodDeductible,
SpecialCoverageApprovalName != null ? string.Join(Configuration.FieldRepeatSeparator, SpecialCoverageApprovalName.Select(x => x.ToDelimitedString())) : null,
SpecialCoverageApprovalTitle,
NonCoveredInsuranceCode != null ? string.Join(Configuration.FieldRepeatSeparator, NonCoveredInsuranceCode.Select(x => x.ToDelimitedString())) : null,
PayorId != null ? string.Join(Configuration.FieldRepeatSeparator, PayorId.Select(x => x.ToDelimitedString())) : null,
PayorSubscriberId != null ? string.Join(Configuration.FieldRepeatSeparator, PayorSubscriberId.Select(x => x.ToDelimitedString())) : null,
EligibilitySource?.ToDelimitedString(),
RoomCoverageTypeAmount != null ? string.Join(Configuration.FieldRepeatSeparator, RoomCoverageTypeAmount.Select(x => x.ToDelimitedString())) : null,
PolicyTypeAmount != null ? string.Join(Configuration.FieldRepeatSeparator, PolicyTypeAmount.Select(x => x.ToDelimitedString())) : null,
DailyDeductible?.ToDelimitedString(),
LivingDependency?.ToDelimitedString(),
AmbulatoryStatus != null ? string.Join(Configuration.FieldRepeatSeparator, AmbulatoryStatus.Select(x => x.ToDelimitedString())) : null,
Citizenship != null ? string.Join(Configuration.FieldRepeatSeparator, Citizenship.Select(x => x.ToDelimitedString())) : null,
PrimaryLanguage?.ToDelimitedString(),
LivingArrangement?.ToDelimitedString(),
PublicityCode?.ToDelimitedString(),
ProtectionIndicator,
StudentIndicator?.ToDelimitedString(),
Religion?.ToDelimitedString(),
MothersMaidenName != null ? string.Join(Configuration.FieldRepeatSeparator, MothersMaidenName.Select(x => x.ToDelimitedString())) : null,
Nationality?.ToDelimitedString(),
EthnicGroup != null ? string.Join(Configuration.FieldRepeatSeparator, EthnicGroup.Select(x => x.ToDelimitedString())) : null,
MaritalStatus != null ? string.Join(Configuration.FieldRepeatSeparator, MaritalStatus.Select(x => x.ToDelimitedString())) : null,
InsuredsEmploymentStartDate.HasValue ? InsuredsEmploymentStartDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
EmploymentStopDate.HasValue ? EmploymentStopDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
JobTitle,
JobCodeClass?.ToDelimitedString(),
JobStatus?.ToDelimitedString(),
EmployerContactPersonName != null ? string.Join(Configuration.FieldRepeatSeparator, EmployerContactPersonName.Select(x => x.ToDelimitedString())) : null,
EmployerContactPersonPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, EmployerContactPersonPhoneNumber.Select(x => x.ToDelimitedString())) : null,
EmployerContactReason?.ToDelimitedString(),
InsuredsContactPersonsName != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsContactPersonsName.Select(x => x.ToDelimitedString())) : null,
InsuredsContactPersonPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsContactPersonPhoneNumber.Select(x => x.ToDelimitedString())) : null,
InsuredsContactPersonReason != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsContactPersonReason.Select(x => x.ToDelimitedString())) : null,
RelationshipToThePatientStartDate.HasValue ? RelationshipToThePatientStartDate.Value.ToString(Consts.DateFormatPrecisionDay, culture) : null,
RelationshipToThePatientStopDate != null ? string.Join(Configuration.FieldRepeatSeparator, RelationshipToThePatientStopDate.Select(x => x.ToString(Consts.DateFormatPrecisionDay, culture))) : null,
InsuranceCoContactReason?.ToDelimitedString(),
InsuranceCoContactPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuranceCoContactPhoneNumber.Select(x => x.ToDelimitedString())) : null,
PolicyScope?.ToDelimitedString(),
PolicySource?.ToDelimitedString(),
PatientMemberNumber?.ToDelimitedString(),
GuarantorsRelationshipToInsured?.ToDelimitedString(),
InsuredsPhoneNumberHome != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsPhoneNumberHome.Select(x => x.ToDelimitedString())) : null,
InsuredsEmployerPhoneNumber != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredsEmployerPhoneNumber.Select(x => x.ToDelimitedString())) : null,
MilitaryHandicappedProgram?.ToDelimitedString(),
SuspendFlag,
CopayLimitFlag,
StoplossLimitFlag,
InsuredOrganizationNameAndId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredOrganizationNameAndId.Select(x => x.ToDelimitedString())) : null,
InsuredEmployerOrganizationNameAndId != null ? string.Join(Configuration.FieldRepeatSeparator, InsuredEmployerOrganizationNameAndId.Select(x => x.ToDelimitedString())) : null,
Race != null ? string.Join(Configuration.FieldRepeatSeparator, Race.Select(x => x.ToDelimitedString())) : null,
PatientsRelationshipToInsured?.ToDelimitedString()
).TrimEnd(Configuration.FieldSeparator.ToCharArray()));
}
private static PolicyScope RetrievePolicyScope()
{
var scope = new PolicyScope(new Uri("http://localhost/tests"));
scope.ClaimTypes.Add(sampleClaimType);
scope.Issuers.Add(sampleIssuer);
return scope;
}
private static IEnumerable <Claim> MapClaims(IEnumerable <Claim> inputClaims, PolicyScope mappingScope)
{
List <Claim> mappedClaims = new List <Claim>();
foreach (PolicyRule rule in mappingScope.Rules)
{
IEnumerable <Claim> matchingInputClaims = MatchesRule(rule, inputClaims);
if (matchingInputClaims != null && matchingInputClaims.Any())
{
foreach (var matchingInputClaim in matchingInputClaims)
{
string outputValue;
if (rule.OutputClaim.CopyFromInput)
{
if (rule.InputClaims.ElementAt(0).Value != Wildcard)
{
if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue))
{
outputValue = rule.InputClaims.ElementAt(0).Value;
}
else
{
outputValue = rule.InputClaims.ElementAt(0).Issuer.DisplayName;
}
}
else
{
if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue))
{
outputValue = matchingInputClaim.Value;
}
else
{
var issuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.Issuer);
outputValue = issuer != null ? issuer.DisplayName : matchingInputClaim.Issuer;
}
}
}
else
{
outputValue = rule.OutputClaim.Value;
}
var originalIssuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.OriginalIssuer);
string originalIssuerDisplayName = originalIssuer != null ? originalIssuer.DisplayName : matchingInputClaim.Issuer;
mappedClaims.Add(
new Claim(
rule.OutputClaim.ClaimType.FullName,
outputValue,
matchingInputClaim.ValueType,
matchingInputClaim.Issuer,
originalIssuerDisplayName));
}
}
}
return(mappedClaims);
}
private static XElement SerializeScope(PolicyScope scope)
{
XElement scopeElement = new XElement("scope");
scopeElement.SetAttributeValue("uri", scope.Uri.ToString());
XElement claimTypesElement = new XElement("claimTypes");
scopeElement.Add(claimTypesElement);
foreach (var claimType in scope.ClaimTypes)
{
claimTypesElement.Add(SerializaClaimType(claimType));
}
XElement issuersElement = new XElement("issuers");
scopeElement.Add(issuersElement);
foreach (var issuer in scope.Issuers)
{
issuersElement.Add(SerializaIssuer(issuer));
}
XElement rulesElement = new XElement("rules");
scopeElement.Add(rulesElement);
foreach (var rule in scope.Rules)
{
rulesElement.Add(SerializaRule(rule));
}
return scopeElement;
}
private static PolicyScope RetrieveScope(XElement scopeElement)
{
IDictionary<string, string> claimTypes = RetrieveReferences(scopeElement.Element("claimTypes"), "claimType", "displayName", "fullName");
IDictionary<string, Issuer> issuers = new Dictionary<string, Issuer>();
PolicyScope scope = new PolicyScope(new Uri(scopeElement.Attribute("uri").Value), new List<PolicyRule>());
var issuerElements = scopeElement.Element("issuers").Descendants("issuer");
foreach (var item in issuerElements)
{
Issuer issuer = new Issuer(
item.Attribute("uri").Value,
item.Attribute("thumbprint").Value.ToUpperInvariant(),
item.Attribute("displayName").Value);
scope.AddIssuer(issuer);
issuers.Add(issuer.DisplayName, issuer);
}
foreach (var item in claimTypes)
{
scope.AddClaimType(new ClaimType(item.Value, item.Key));
}
foreach (XElement ruleElement in scopeElement.Element("rules").Descendants("rule"))
{
AssertionsMatch assertionsMatch = RetrieveRuleAssertionsMatch(ruleElement);
IEnumerable<InputPolicyClaim> inputClaims = RetrieveInputClaims(ruleElement, issuers, claimTypes);
OutputPolicyClaim outputClaim = RetrieveOutputClaim(ruleElement, claimTypes);
scope.AddRule(new PolicyRule(assertionsMatch, inputClaims, outputClaim));
}
return scope;
}
