private static IEnumerable<Claim> MapClaims(IEnumerable<Claim> inputClaims, PolicyScope mappingScope)
        {
            List<Claim> mappedClaims = new List<Claim>();
            foreach (PolicyRule rule in mappingScope.Rules)
            {
                IEnumerable<Claim> matchingInputClaims = MatchesRule(rule, inputClaims);
                if (matchingInputClaims != null && matchingInputClaims.Any())
                {
                    foreach (var matchingInputClaim in matchingInputClaims)
                    {
                        string outputValue;
                        if (rule.OutputClaim.CopyFromInput)
                        {
                            if (rule.InputClaims.ElementAt(0).Value != Wildcard)
                            {
                                if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue))
                                {
                                    outputValue = rule.InputClaims.ElementAt(0).Value;
                                }
                                else
                                {
                                    outputValue = rule.InputClaims.ElementAt(0).Issuer.DisplayName;
                                }
                            }
                            else
                            {
                                if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue))
                                {
                                    outputValue = matchingInputClaim.Value;
                                }
                                else
                                {
                                    var issuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.Issuer);

                                    outputValue = issuer != null ? issuer.DisplayName : matchingInputClaim.Issuer;
                                }
                            }
                        }
                        else
                        {
                            outputValue = rule.OutputClaim.Value;
                        }

                        var originalIssuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.OriginalIssuer);

                        string originalIssuerDisplayName = originalIssuer != null ? originalIssuer.DisplayName : matchingInputClaim.Issuer;

                        mappedClaims.Add(
                            new Claim(
                                rule.OutputClaim.ClaimType.FullName,
                                outputValue,
                                matchingInputClaim.ValueType,
                                matchingInputClaim.Issuer,
                                originalIssuerDisplayName));
                    }
                }
            }

            return mappedClaims;
        }
        public void ShouldMatchInputClaim()
        {
            var store = new MockPolicyStore();
            ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);

            InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim");
            OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue");
            PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);

            var policyScope = new PolicyScope(new Uri("http://myScope"), new[] { rule });
            policyScope.AddIssuer(new Issuer("http://originalIssuer", string.Empty, "OriginalIssuer"));
            store.RetrieveScopesReturnValue = new List<PolicyScope>() { policyScope };

            IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer", "http://originalIssuer") });

            Assert.IsNotNull(evaluatedOutputClaims);
            Assert.AreEqual(1, evaluatedOutputClaims.Count());
            Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
            Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value);
            Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Issuer);
            Assert.AreEqual("OriginalIssuer", evaluatedOutputClaims.ElementAt(0).OriginalIssuer);
        }
Beispiel #3
0
        private static XElement SerializeScope(PolicyScope scope)
        {
            XElement scopeElement = new XElement("scope");
            scopeElement.SetAttributeValue("uri", scope.Uri.ToString());

            XElement claimTypesElement = new XElement("claimTypes");
            scopeElement.Add(claimTypesElement);
            foreach (var claimType in scope.ClaimTypes)
            {
                claimTypesElement.Add(SerializaClaimType(claimType));
            }

            XElement issuersElement = new XElement("issuers");
            scopeElement.Add(issuersElement);
            foreach (var issuer in scope.Issuers)
            {
                issuersElement.Add(SerializaIssuer(issuer));
            }

            XElement rulesElement = new XElement("rules");
            scopeElement.Add(rulesElement);
            foreach (var rule in scope.Rules)
            {
                rulesElement.Add(SerializaRule(rule));
            }

            return scopeElement;
        }
Beispiel #4
0
        private static PolicyScope RetrieveScope(XElement scopeElement)
        {
            IDictionary<string, string> claimTypes = RetrieveReferences(scopeElement.Element("claimTypes"), "claimType", "displayName", "fullName");

            IDictionary<string, Issuer> issuers = new Dictionary<string, Issuer>();
            PolicyScope scope = new PolicyScope(new Uri(scopeElement.Attribute("uri").Value), new List<PolicyRule>());

            var issuerElements = scopeElement.Element("issuers").Descendants("issuer");
            foreach (var item in issuerElements)
            {
                Issuer issuer = new Issuer(
                                    item.Attribute("uri").Value,
                                    item.Attribute("thumbprint").Value.ToUpperInvariant(),
                                    item.Attribute("displayName").Value);

                scope.AddIssuer(issuer);
                issuers.Add(issuer.DisplayName, issuer);
            }

            foreach (var item in claimTypes)
            {
                scope.AddClaimType(new ClaimType(item.Value, item.Key));
            }

            foreach (XElement ruleElement in scopeElement.Element("rules").Descendants("rule"))
            {
                AssertionsMatch assertionsMatch = RetrieveRuleAssertionsMatch(ruleElement);
                IEnumerable<InputPolicyClaim> inputClaims = RetrieveInputClaims(ruleElement, issuers, claimTypes);
                OutputPolicyClaim outputClaim = RetrieveOutputClaim(ruleElement, claimTypes);

                scope.AddRule(new PolicyRule(assertionsMatch, inputClaims, outputClaim));
            }

            return scope;
        }
Beispiel #5
0
        private static PolicyScope RetrievePolicyScope()
        {
            var scope = new PolicyScope(new Uri("http://localhost/tests"));

            scope.ClaimTypes.Add(sampleClaimType);
            scope.Issuers.Add(sampleIssuer);

            return scope;
        }