/// <summary>
/// Creates a new CombinerParameterElement using the XmlReader instance provided.
/// </summary>
/// <param name="reader">The XmlReader instance positioned at the CombinerParameterElement node.</param>
/// <param name="nodeName">The name of the node for this combiner parameter item.</param>
/// <param name="schemaVersion">The version of the schema that was used to validate.</param>
protected CombinerParameterElement(XmlReader reader, string nodeName, XacmlVersion schemaVersion)
: base(XacmlSchema.Policy, schemaVersion)
{
if (reader == null)
{
throw new ArgumentNullException("reader");
}
if (reader.LocalName == nodeName &&
ValidateSchema(reader, schemaVersion))
{
// Read the attributes
if (reader.HasAttributes)
{
// Load all the attributes
while (reader.MoveToNextAttribute())
{
if (reader.LocalName == PolicySchema2.CombinerParameterElement.ParameterName)
{
_parameterName = reader.GetAttribute(PolicySchema2.CombinerParameterElement.ParameterName);
}
else
{
AttributeFound(reader);
}
}
reader.MoveToElement();
}
// Read the rule contents.
while (reader.Read())
{
switch (reader.LocalName)
{
case PolicySchema2.CombinerParameterElement.AttributeValue:
_attributeValue = new AttributeValueElement(reader, schemaVersion);
break;
}
if (reader.LocalName == PolicySchema2.CombinerParameterElement.CombinerParameter &&
reader.NodeType == XmlNodeType.EndElement)
{
break;
}
}
}
else
{
throw new Exception(Resource.ResourceManager[Resource.MessageKey.exc_invalid_node_name, reader.LocalName]);
}
}
/// <summary>
/// Evaluates the variable into a value.
/// </summary>
/// <param name="context">The contex of the evaluation.</param>
/// <returns>The value of the function.</returns>
public EvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Trace("Evaluating variable");
context.AddIndent();
try
{
if (_variableDefinition.Expression is pol.ApplyElement)
{
context.Trace("Apply within condition.");
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply((pol.ApplyElement)_variableDefinition.Expression);
// Evaluate the Apply
_value = _childApply.Evaluate(context);
context.TraceContextValues();
return(_value);
}
else if (_variableDefinition.Expression is pol.FunctionElement)
{
throw new NotImplementedException("FunctionElement"); //TODO:
}
else if (_variableDefinition.Expression is pol.VariableReferenceElement)
{
pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition;
context.TraceContextValues();
if (!variableDef.IsEvaluated)
{
return(variableDef.Evaluate(context));
}
else
{
return(variableDef.Value);
}
}
else if (_variableDefinition.Expression is pol.AttributeValueElementReadWrite)
{
// The AttributeValue does not need to be processed
context.Trace("Attribute value {0}", _variableDefinition.Expression.ToString());
pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression;
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(att.DataType, att.Contents, att.SchemaVersion);
_value = new EvaluationValue(
attributeValue.GetTypedValue(attributeValue.GetType(context), 0),
attributeValue.GetType(context));
return(_value);
}
else if (_variableDefinition.Expression is pol.AttributeDesignatorBase)
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace("Processing attribute designator: {0}", _variableDefinition.Expression.ToString());
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve(context, attrDes);
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if (bag.BagSize == 0)
{
if (_variableDefinition.Expression is pol.SubjectAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding subject attribute designator: {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.ResourceAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding resource attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.ActionAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding action attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding environment attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if (bag.BagSize == 0 && attrDes.MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute(attrDes);
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue(bag, bag.GetType(context));
}
return(_value);
}
else if (_variableDefinition.Expression is pol.AttributeSelectorElement)
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace("Attribute selector");
try
{
pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve(context, attributeSelector);
if (bag.Elements.Count == 0 && attributeSelector.MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute(attributeSelector);
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue(bag, bag.GetType(context));
}
}
catch (EvaluationException e)
{
context.Trace("ERR: {0}", e.Message);
context.ProcessingError = true;
_value = EvaluationValue.Indeterminate;
}
return(_value);
}
throw new NotSupportedException("internal error");
}
finally
{
_isEvaluated = true;
context.RemoveIndent();
}
}
/// <summary>
/// Evaluates the variable into a value.
/// </summary>
/// <param name="context">The contex of the evaluation.</param>
/// <returns>The value of the function.</returns>
public EvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
context.Trace( "Evaluating variable" );
context.AddIndent();
try
{
if( _variableDefinition.Expression is pol.ApplyElement )
{
context.Trace( "Apply within condition." );
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply( (pol.ApplyElement)_variableDefinition.Expression );
// Evaluate the Apply
_value = _childApply.Evaluate( context );
context.TraceContextValues();
return _value;
}
else if( _variableDefinition.Expression is pol.FunctionElement )
{
throw new NotImplementedException( "FunctionElement" ); //TODO:
}
else if( _variableDefinition.Expression is pol.VariableReferenceElement )
{
pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition;
context.TraceContextValues();
if( !variableDef.IsEvaluated )
{
return variableDef.Evaluate( context );
}
else
{
return variableDef.Value;
}
}
else if( _variableDefinition.Expression is pol.AttributeValueElementReadWrite )
{
// The AttributeValue does not need to be processed
context.Trace( "Attribute value {0}", _variableDefinition.Expression.ToString() );
pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression;
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( att.DataType, att.Contents, att.SchemaVersion );
_value = new EvaluationValue(
attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ),
attributeValue.GetType( context ) );
return _value;
}
else if( _variableDefinition.Expression is pol.AttributeDesignatorBase )
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace( "Processing attribute designator: {0}", _variableDefinition.Expression.ToString() );
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve( context, attrDes );
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if( bag.BagSize == 0 )
{
if( _variableDefinition.Expression is pol.SubjectAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding subject attribute designator: {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.ResourceAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding resource attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.ActionAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding action attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding environment attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if( bag.BagSize == 0 && attrDes.MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( attrDes );
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue( bag, bag.GetType( context ) );
}
return _value;
}
else if( _variableDefinition.Expression is pol.AttributeSelectorElement )
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace( "Attribute selector" );
try
{
pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve( context, attributeSelector );
if( bag.Elements.Count == 0 && attributeSelector.MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( attributeSelector );
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue( bag, bag.GetType( context ) );
}
}
catch( EvaluationException e )
{
context.Trace( "ERR: {0}", e.Message );
context.ProcessingError = true;
_value = EvaluationValue.Indeterminate;
}
return _value;
}
throw new NotSupportedException( "internal error" );
}
finally
{
_isEvaluated = true;
context.RemoveIndent();
}
}
/// <summary>
/// Creates a new PolicyCombinerParameter using the provided argument values.
/// </summary>
/// <param name="parameterName">The parameter name.</param>
/// <param name="attributeValue">The attribute value.</param>
/// <param name="policyIdRef">The policy Id reference.</param>
/// <param name="version">The version of the schema that was used to validate.</param>
public PolicyCombinerParameterElement(string parameterName, AttributeValueElement attributeValue, Uri policyIdRef, XacmlVersion version)
: base(parameterName, attributeValue, version)
{
_policyIdRef = policyIdRef;
}
/// <summary>
/// Resolves the AttributeSelector in the context document using the XPath sentence.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="attributeSelector">The attribute selector.</param>
/// <returns>A bag of values with the contents of the node.</returns>
public static BagValue Resolve( EvaluationContext context, pol.AttributeSelectorElement attributeSelector )
{
BagValue bagValue = new BagValue( GetDataType( attributeSelector.DataType ) );
ctx.ResourceContentElement content = (ctx.ResourceContentElement)context.CurrentResource.ResourceContent;
if( content != null )
{
XmlDocument doc = context.ContextDocument.XmlDocument;
if( context.ContextDocument.XmlNamespaceManager == null )
{
context.ContextDocument.AddNamespaces( context.PolicyDocument.Namespaces );
}
try
{
string xpath = attributeSelector.RequestContextPath;
XmlNodeList nodeList = doc.DocumentElement.SelectNodes( xpath, context.ContextDocument.XmlNamespaceManager );
if( nodeList != null )
{
foreach( XmlNode node in nodeList )
{
pol.AttributeValueElement ave =
new pol.AttributeValueElement(
attributeSelector.DataType,
node.InnerText,
attributeSelector.SchemaVersion );
bagValue.Add( ave );
}
}
}
catch( XPathException e )
{
context.Trace( Resource.TRACE_ERROR, e.Message );
bagValue = new BagValue( GetDataType( attributeSelector.DataType ) );
}
}
return bagValue;
}
/// <summary>
/// Creates a new RuleCombinerParameter using the provided argument values.
/// </summary>
/// <param name="parameterName">The parameter name.</param>
/// <param name="attributeValue">The attribute value.</param>
/// <param name="ruleIdRef">The rule Id reference.</param>
/// <param name="version">The version of the schema that was used to validate.</param>
public RuleCombinerParameterElement(string parameterName, AttributeValueElement attributeValue, Uri ruleIdRef, XacmlVersion version)
: base(parameterName, attributeValue, version)
{
_ruleIdRef = ruleIdRef;
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Trace("Evaluating condition");
context.AddIndent();
try
{
// Iterate through the arguments, the IExpressionType is a mark interface
foreach (inf.IExpression arg in ApplyDefinition.Arguments)
{
if (arg is pol.ApplyElement)
{
context.Trace("Apply within condition.");
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply((pol.ApplyElement)arg);
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate(context);
return(retVal);
}
else if (arg is pol.FunctionElementReadWrite)
{
throw new NotImplementedException("FunctionElement"); //TODO:
}
else if (arg is pol.VariableReferenceElement)
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition;
if (!variableDef.IsEvaluated)
{
return(variableDef.Evaluate(context));
}
else
{
return(variableDef.Value);
}
}
else if (arg is pol.AttributeValueElementReadWrite)
{
// The AttributeValue does not need to be processed
context.Trace("Attribute value {0}", arg.ToString());
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion);
return(new EvaluationValue(
attributeValue.GetTypedValue(attributeValue.GetType(context), 0),
attributeValue.GetType(context)));
}
else if (arg is pol.AttributeDesignatorBase)
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace("Processing attribute designator: {0}", arg.ToString());
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrDes.DataType));
return(new EvaluationValue(bag, bag.GetType(context)));
}
else if (arg is pol.AttributeSelectorElement)
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace("Attribute selector");
pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg;
BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrSel.DataType));
return(new EvaluationValue(bag, bag.GetType(context)));
}
}
throw new NotSupportedException("internal error");
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
}
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
context.Trace( "Evaluating condition" );
context.AddIndent();
try
{
// Iterate through the arguments, the IExpressionType is a mark interface
foreach( inf.IExpression arg in ApplyDefinition.Arguments )
{
if( arg is pol.ApplyElement )
{
context.Trace( "Apply within condition." );
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply( (pol.ApplyElement)arg );
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate( context );
return retVal;
}
else if( arg is pol.FunctionElementReadWrite )
{
throw new NotImplementedException( "FunctionElement" ); //TODO:
}
else if( arg is pol.VariableReferenceElement )
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition;
if( !variableDef.IsEvaluated )
{
return variableDef.Evaluate( context );
}
else
{
return variableDef.Value;
}
}
else if( arg is pol.AttributeValueElementReadWrite )
{
// The AttributeValue does not need to be processed
context.Trace( "Attribute value {0}", arg.ToString() );
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( ((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion );
return new EvaluationValue(
attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ),
attributeValue.GetType( context ) );
}
else if( arg is pol.AttributeDesignatorBase )
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace( "Processing attribute designator: {0}", arg.ToString() );
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrDes.DataType ) );
return new EvaluationValue( bag, bag.GetType( context ) );
}
else if( arg is pol.AttributeSelectorElement )
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace( "Attribute selector" );
pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg;
BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrSel.DataType ) );
return new EvaluationValue( bag, bag.GetType( context ) );
}
}
throw new NotSupportedException( "internal error" );
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
}
}
/// <summary>
/// Creates a new CombinerParameter using the provided argument values.
/// </summary>
/// <param name="parameterName">The parameter name.</param>
/// <param name="attributeValue">The attribute value.</param>
/// <param name="schemaVersion">The version of the schema that was used to validate.</param>
public CombinerParameterElement(string parameterName, AttributeValueElement attributeValue, XacmlVersion schemaVersion)
: base(XacmlSchema.Policy, schemaVersion)
{
_parameterName = parameterName;
_attributeValue = attributeValue;
}
