Example #1
0
		/// <summary>
		/// Resolves the attribute reference defined within the given match.
		/// </summary>
		/// <param name="context">The evaluation context instance.</param>
		/// <param name="match">The target item match.</param>
		/// <param name="contextTargetItem">The context target item.</param>
		/// <returns>The context attribute.</returns>
		public static Context.AttributeElement Resolve(EvaluationContext context, TargetMatchBaseReadWrite match, ctx.TargetItemBase contextTargetItem)
		{
			Context.AttributeElementReadWrite attribute = null;
			if (match.AttributeReference is pol.AttributeDesignatorBase)
			{
				var attrDesig = (pol.AttributeDesignatorBase)match.AttributeReference;
				context.Trace("Looking for attribute: {0}", attrDesig.AttributeId);
				foreach (Context.AttributeElementReadWrite tempAttribute in contextTargetItem.Attributes)
				{
					if (tempAttribute.Match(attrDesig))
					{
						attribute = tempAttribute;
						break;
					}
				}

				if (attribute == null)
				{
					context.Trace("Attribute not found, loading searching an external repository");
					attribute = GetAttribute(context, attrDesig);
				}
			}
			else if (match.AttributeReference is pol.AttributeSelectorElement)
			{
				var attrSelec = (pol.AttributeSelectorElement)match.AttributeReference;
				var content = (ctx.ResourceContentElement)((ctx.ResourceElement)contextTargetItem).ResourceContent;
				if (content != null)
				{
					XmlDocument doc = context.ContextDocument.XmlDocument;

					if (context.ContextDocument.XmlNamespaceManager == null)
					{
						context.ContextDocument.AddNamespaces(context.PolicyDocument.Namespaces);
					}

					string xpath = attrSelec.RequestContextPath;
					try
					{
						Debug.Assert(doc.DocumentElement != null, "doc.DocumentElement != null");
						XmlNode node = doc.DocumentElement.SelectSingleNode(xpath, context.ContextDocument.XmlNamespaceManager);
						if (node != null)
						{
							attribute = new ctx.AttributeElement(null, attrSelec.DataType, null, null, node.InnerText, attrSelec.SchemaVersion);
						}
					}
					catch (XPathException e)
					{
						context.Trace("ERR: {0}", e.Message);
						context.ProcessingError = true;
					}
				}
			}

			if (!context.ProcessingError && attribute == null && match.AttributeReference.MustBePresent)
			{
				context.IsMissingAttribute = true;
				context.AddMissingAttribute(match.AttributeReference);
			}

			if (attribute != null)
			{
				return new Context.AttributeElement(attribute.AttributeId, attribute.DataType, attribute.Issuer, attribute.IssueInstant,
					attribute.Value, attribute.SchemaVersion);
			}
			return null;
		}
Example #2
0
		/// <summary>
		/// Search for the attribute in the context target item using the attribute designator specified.
		/// </summary>
		/// <param name="context">The evaluation context instance.</param>
		/// <param name="attributeDesignator">The attribute designator instance.</param>
		/// <param name="targetItem">The target item to search in.</param>
		/// <returns>A bag value with the values of the attributes found.</returns>
		public static BagValue FindAttribute(EvaluationContext context, pol.AttributeDesignatorBase attributeDesignator, ctx.TargetItemBase targetItem)
		{
			var bag = new BagValue(GetDataType(attributeDesignator.DataType));
			foreach (ctx.AttributeElement attribute in targetItem.Attributes)
			{
				if (attribute.Match(attributeDesignator))
				{
					context.Trace("Adding target item attribute designator: {0}", attribute.ToString());
					bag.Add(attribute);
				}
			}
			return bag;
		}
Example #3
0
		/// <summary>
		/// Evaluate the context document using a specified policy
		/// </summary>
		/// <param name="contextDocument">The context document instance</param>
		/// <returns>The response document.</returns>
		public ctx.ResponseElement Evaluate(ctx.ContextDocument contextDocument)
		{
			var context = new EvaluationContext(this, null, contextDocument);

			try
			{
				// Validates the configuration file was found.
				if (ConfigurationRoot.Config != null)
				{
					// Search all the policies repositories to find a policy that matches the 
					// context document
					pol.PolicyDocument policyDocument = null;
					foreach (IPolicyRepository policyRep in ConfigurationRoot.Config.PolicyRepositories)
					{
						if (policyDocument == null)
						{
							policyDocument = policyRep.Match(context);
						}
						else
						{
							throw new EvaluationException(Properties.Resource.exc_duplicated_policy_in_repository);
						}
					}

					// If the policy was found evaluate the context document, otherwise use the
					// Evaluate method to generate a Response context document.
					if (policyDocument != null)
					{
						return Evaluate(policyDocument, contextDocument);
					}
					else
					{
						return Evaluate(null, null);
					}
				}
				else
				{
					throw new EvaluationException(Properties.Resource.exc_configuration_file_not_found);
				}
			}
			catch (EvaluationException e)
			{
				context.Trace("ERR: {0}", e.Message);
				return Evaluate(null, null);
			}
		}
Example #4
0
		/// <summary>
		/// Evaluate the context document using a specified policy
		/// </summary>
		/// <param name="policyDocument">The policy instance</param>
		/// <param name="contextDocument">The context document instance</param>
		/// <returns>The response document</returns>
		public ctx.ResponseElement Evaluate(pol.PolicyDocument policyDocument, ctx.ContextDocument contextDocument)
		{
			if (policyDocument == null) throw new ArgumentNullException("policyDocument");
			if (contextDocument == null) throw new ArgumentNullException("contextDocument");
			var context = new EvaluationContext(this, policyDocument, contextDocument);

			context.Trace("Start evaluation");
			context.AddIndent();

			// Check if both documents are valid
			if (!policyDocument.IsValidDocument || !contextDocument.IsValidDocument)
			{
				// If a validation error was found a response is created with the syntax error message
				var response =
					new ctx.ResponseElement(
						new[] {
							new ctx.ResultElement( 
								null, 
								Decision.Indeterminate, 
								new ctx.StatusElement( 
									new ctx.StatusCodeElement(Consts.ContextSchema.StatusCodes.SyntaxError, null, policyDocument.Version ), 
									null, 
									null, policyDocument.Version ), 
								null, policyDocument.Version ) },
					policyDocument.Version);
				return response;
			}

			// Create a new response
			contextDocument.Response = new ctx.ResponseElement((ctx.ResultElement[])null, policyDocument.Version);

			try
			{
				// Create the evaluable policy intance
				IMatchEvaluable policy = null;
				if (policyDocument.PolicySet != null)
				{
					policy = new PolicySet(this, (pol.PolicySetElement)policyDocument.PolicySet);
				}
				else if (policyDocument.Policy != null)
				{
					policy = new Policy((pol.PolicyElement)policyDocument.Policy);
				}

				// Evaluate the policy or policy set
				if (policy != null)
				{
					// Creates the evaluable policy set
					if (policy.AllResources.Count == 0)
					{
						policy.AllResources.Add("");
					}

					string requestedResourceString = String.Empty;
					Uri requestedResource = null;

					foreach (ctx.ResourceElement resource in contextDocument.Request.Resources)
					{
						// Keep the requested resource
						if (resource.IsHierarchical)
						{
							foreach (ctx.AttributeElement attribute in resource.Attributes)
							{
								if (attribute.AttributeId == Consts.ContextSchema.ResourceElement.ResourceId)
								{
									if (context.PolicyDocument.Version == XacmlVersion.Version10 ||
										context.PolicyDocument.Version == XacmlVersion.Version11)
									{
										requestedResourceString = attribute.AttributeValues[0].Contents;
									}
									else
									{
										if (attribute.AttributeValues.Count > 1)
										{
											throw new NotSupportedException("resources contains a bag of values");
										}
										requestedResourceString = attribute.AttributeValues[0].Contents;
									}
								}
							}
							if (!string.IsNullOrEmpty(requestedResourceString))
							{
								requestedResource = new Uri(requestedResourceString);
							}
						}

						// Iterate through the policy resources evaluating each resource in the context document request 
						foreach (string resourceName in policy.AllResources)
						{
							bool mustEvaluate = false;
							if (resource.IsHierarchical)
							{
								//Validate if the resource is hierarchically desdendant or children 
								//of the requested resource
								Uri policyResource = new Uri(resourceName);

								Debug.Assert(requestedResource != null, "requestedResource != null");
								if (!(mustEvaluate = requestedResource.Equals(policyResource)))
								{
									// Perform the hierarchical evaluation
									if (resource.ResourceScopeValue == ctx.ResourceScope.Children)
									{
										mustEvaluate = typ.AnyUri.IsChildrenOf(requestedResource, policyResource);
									}
									else if (resource.ResourceScopeValue == ctx.ResourceScope.Descendants)
									{
										mustEvaluate = typ.AnyUri.IsDescendantOf(requestedResource, policyResource);
									}
								}

								if (mustEvaluate)
								{
									foreach (ctx.AttributeElementReadWrite attribute in context.CurrentResource.Attributes)
									{
										if (attribute.AttributeId == Consts.ContextSchema.ResourceElement.ResourceId)
										{
											attribute.AttributeValues[0].Contents = resourceName;
											break;
										}
									}
								}
							}
							else
							{
								context.CurrentResource = resource;
								mustEvaluate = true;
							}

							if (mustEvaluate)
							{
								// Evaluates the policy set
								Decision decision = policy.Evaluate(context);

								// Create a status code using the policy execution state
								ctx.StatusCodeElement scode;
								if (context.IsMissingAttribute)
								{
									scode = new ctx.StatusCodeElement(
										Consts.ContextSchema.StatusCodes.MissingAttribute, null, policyDocument.Version);
								}
								else if (context.ProcessingError)
								{
									scode = new ctx.StatusCodeElement(
										Consts.ContextSchema.StatusCodes.ProcessingError, null, policyDocument.Version);
								}
								else
								{
									scode = new ctx.StatusCodeElement(
										Consts.ContextSchema.StatusCodes.Ok, null, policyDocument.Version);
								}

								//Stop the iteration if there is not a hierarchical request
								if (!resource.IsHierarchical)
								{
									// Ussually when a single resource is requested the ResourceId is not specified in the result
									var oblig = policy as IObligationsContainer;
									contextDocument.Response.Results.Add(
										new ctx.ResultElement("", decision,
											new ctx.StatusElement(scode, "", "", policyDocument.Version), oblig.Obligations, policyDocument.Version));
									break;
								}
								else
								{
									// Adding a resource for each requested resource, using the resourceName as the resourceId of the result
									var oblig = policy as IObligationsContainer;
									contextDocument.Response.Results.Add(
										new ctx.ResultElement(resourceName, decision,
											new ctx.StatusElement(scode, "", "", policyDocument.Version), oblig.Obligations, policyDocument.Version));
								}
							} // if( mustEvaluate )
						} // foreach( string resourceName in policy.AllResources )
					}
				} //if( policy != null )
			}
			catch (EvaluationException e)
			{
				// If a validation error was found a response is created with the syntax error message
				contextDocument.Response =
					new ctx.ResponseElement(
						new ctx.ResultElement[] {
							new ctx.ResultElement( 
								null, 
								Decision.Indeterminate, 
								new ctx.StatusElement( 
									new ctx.StatusCodeElement(Consts.ContextSchema.StatusCodes.ProcessingError, null, policyDocument.Version ), 
									e.Message, 
									e.StackTrace, policyDocument.Version ), 
								null, policyDocument.Version ) },
					policyDocument.Version);
			}

			return contextDocument.Response;
		}
Example #5
0
        /// <summary>
        /// Creates a new context document
        /// </summary>
        /// <param name="sender">The mainTree control.</param>
        /// <param name="args">THe arguements for the event.</param>
        private void CreateContextDocument(object sender, EventArgs args)
        {
            // Create a new policydocument
            var newContext = new con.ContextDocumentReadWrite(); //TODO: check version

            newContext.Namespaces.Add(string.Empty, Consts.Schema1.Namespaces.Context);
            newContext.Namespaces.Add("xsi", Consts.Schema1.Namespaces.Xsi);
            var newNode = new Context(newContext);
            _mainTree.Nodes.Add(newNode);
            _docType = DocumentType.Request;
            newNode.NodeFont = new Font(_mainTree.Font, FontStyle.Bold);
            _menuItemOpenPolicy.Enabled = false;
            _menuItemOpenRequest.Enabled = false;
            _menuItemSaveAs.Enabled = true;
            _menuItemSave.Enabled = true;
            _menuItemRunPolicy.Enabled = true;
            _menuItemRunRequest.Enabled = false;
        }