public void ShouldMatchInputClaim() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); var policyScope = new PolicyScope(new Uri("http://myScope"), new[] { rule }); policyScope.AddIssuer(new Issuer("http://originalIssuer", string.Empty, "OriginalIssuer")); store.RetrieveScopesReturnValue = new List <PolicyScope>() { policyScope }; IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer", "http://originalIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value); Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Issuer); Assert.AreEqual("OriginalIssuer", evaluatedOutputClaims.ElementAt(0).OriginalIssuer); }
public void ShouldMatchInputClaimValueInCaseInsensitiveFashion() { var store = new MockPolicyStore(); var scopeUri = new Uri("http://myScope"); var inputClaimValue = "myInputClaimValue"; var outputClaimValue = "myOutputClaimValue"; InputPolicyClaim inputClaim = new InputPolicyClaim( new Issuer("http://myInputClaimIssuer", "myInputClaimIssuer"), new ClaimType("http://myInputClaimType", "myInputClaimType"), inputClaimValue); OutputPolicyClaim outputClaim = new OutputPolicyClaim( new ClaimType("http://myOutputClaimType", "myOutputClaimType"), outputClaimValue); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List <PolicyScope> { new PolicyScope(scopeUri, new[] { rule }) }; var evaluator = new ClaimsPolicyEvaluator(store); var evaluatedOutputClaims = evaluator.Evaluate(scopeUri, new[] { new Claim("http://myInputClaimType", inputClaimValue.ToUpperInvariant(), string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual(outputClaimValue, evaluatedOutputClaims.ElementAt(0).Value); }
public void ShouldOutputCorrectInputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputPolicyClaim1 = new InputPolicyClaim(this.issuer, this.inputClaimType, "*"); ClaimType outputClaimType1 = new ClaimType("http://myOutputClaimType1"); OutputPolicyClaim outputPolicyClaim1 = new OutputPolicyClaim(outputClaimType1, "myOutputClaimValue"); PolicyRule policyRule1 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim1 }, outputPolicyClaim1); InputPolicyClaim inputPolicyClaim2 = new InputPolicyClaim(this.issuer, this.inputClaimType, "inputClaimValue"); ClaimType outputClaimType2 = new ClaimType("http://myOutputClaimType2"); OutputPolicyClaim outputPolicyClaim2 = new OutputPolicyClaim(outputClaimType2, string.Empty, CopyFromConstants.InputValue); PolicyRule policyRule2 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim2 }, outputPolicyClaim2); store.RetrieveScopesReturnValue = new List <PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { policyRule1, policyRule2 }) }; IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "inputClaimValue", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(2, evaluatedOutputClaims.Count()); var outputClaim1 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType1"); Assert.IsNotNull(outputClaim1); Assert.AreEqual("myOutputClaimValue", outputClaim1.Value); var outputClaim2 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType2"); Assert.IsNotNull(outputClaim2); Assert.AreEqual("inputClaimValue", outputClaim2.Value); }
public void ShouldMatchInputClaimAndCopyInputIssuerToOutputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); ClaimType inputClaimType = new ClaimType("http://myInputClaimType"); ClaimType outputClaimType = new ClaimType("http://myOutputClaimType"); Issuer issuer = new Issuer("http://myInputClaimIssuer"); InputPolicyClaim inputClaim = new InputPolicyClaim(issuer, inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(outputClaimType, string.Empty, CopyFromConstants.InputIssuer); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List <PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Value); }
public PolicyRule(AssertionsMatch assertionsMatch, IEnumerable<InputPolicyClaim> inputClaims, OutputPolicyClaim outputClaim) { if (outputClaim.CopyFromInput && inputClaims.Count() > 1) { throw new PolicyRuleException(Resources.CopyFromInputWithMultipleInputClaims); } this.AssertionsMatch = assertionsMatch; this.OutputClaim = outputClaim; this.InputClaims = new List<InputPolicyClaim>(); this.InputClaims.AddRange(inputClaims); }
public void ShouldAddRuleViaWCF() { ChannelFactory <IPolicyStore> factory = new ChannelFactory <IPolicyStore>(new BasicHttpBinding(), new EndpointAddress("http://localhost:3333/policystore")); IPolicyStore store = factory.CreateChannel(); var scope = store.RetrieveScopes().ElementAt(0); InputPolicyClaim inputClaim = new InputPolicyClaim(scope.Issuers.ElementAt(0), scope.ClaimTypes.ElementAt(0), "thevalue"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(scope.ClaimTypes.ElementAt(0), CopyFromConstants.InputValue); PolicyRule rule = new PolicyRule(AssertionsMatch.All, new[] { inputClaim }, outputClaim); store.AddPolicyRule(scope.Uri, rule); var updatedScope = store.RetrieveScopes().ElementAt(0); Assert.AreEqual(3, updatedScope.Rules.Count()); }
public void ShoudMatchInputClaimWithAssertionMatchAll() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.All, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value); }
public void ShouldNotMatchInputClaimWithDifferentValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List <PolicyScope> { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "otherInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(0, evaluatedOutputClaims.Count()); }
private static XElement SerializeOutputClaim(OutputPolicyClaim outputPolicyClaim) { XElement outputElement = new XElement("output"); outputElement.SetAttributeValue("type", outputPolicyClaim.ClaimType.DisplayName); if (!string.IsNullOrEmpty(outputPolicyClaim.Value)) { outputElement.SetAttributeValue("value", outputPolicyClaim.Value); } if (outputPolicyClaim.CopyFromInput) { outputElement.SetAttributeValue("copyFrom", outputPolicyClaim.CopyFrom); } return(outputElement); }
public void ShouldMatchInputClaimWithWildcardOnValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(new Issuer("http://myInputClaimIssuer", "myInputClaimIssuer"), new ClaimType("http://myInputClaimType", "myInputClaimType"), "*"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(new ClaimType("http://myOutputClaimType", "myOutputClaimType"), "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List <PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable <Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "anyValueShouldMatch", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value); }
private static PolicyScope RetrieveScope(XElement scopeElement) { IDictionary <string, string> claimTypes = RetrieveReferences(scopeElement.Element("claimTypes"), "claimType", "displayName", "fullName"); IDictionary <string, Issuer> issuers = new Dictionary <string, Issuer>(); PolicyScope scope = new PolicyScope(new Uri(scopeElement.Attribute("uri").Value), new List <PolicyRule>()); var issuerElements = scopeElement.Element("issuers").Descendants("issuer"); foreach (var item in issuerElements) { Issuer issuer = new Issuer( item.Attribute("uri").Value, item.Attribute("thumbprint").Value.ToUpperInvariant(), item.Attribute("displayName").Value); scope.AddIssuer(issuer); issuers.Add(issuer.DisplayName, issuer); } foreach (var item in claimTypes) { scope.AddClaimType(new ClaimType(item.Value, item.Key)); } foreach (XElement ruleElement in scopeElement.Element("rules").Descendants("rule")) { AssertionsMatch assertionsMatch = RetrieveRuleAssertionsMatch(ruleElement); IEnumerable <InputPolicyClaim> inputClaims = RetrieveInputClaims(ruleElement, issuers, claimTypes); OutputPolicyClaim outputClaim = RetrieveOutputClaim(ruleElement, claimTypes); scope.AddRule(new PolicyRule(assertionsMatch, inputClaims, outputClaim)); } return(scope); }
public void ShouldMatchInputClaimAndCopyInputIssuerToOutputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); ClaimType inputClaimType = new ClaimType("http://myInputClaimType"); ClaimType outputClaimType = new ClaimType("http://myOutputClaimType"); Issuer issuer = new Issuer("http://myInputClaimIssuer"); InputPolicyClaim inputClaim = new InputPolicyClaim(issuer, inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(outputClaimType, string.Empty, CopyFromConstants.InputIssuer); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Value); }
public void ShouldOutputCorrectInputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputPolicyClaim1 = new InputPolicyClaim(this.issuer, this.inputClaimType, "*"); ClaimType outputClaimType1 = new ClaimType("http://myOutputClaimType1"); OutputPolicyClaim outputPolicyClaim1 = new OutputPolicyClaim(outputClaimType1, "myOutputClaimValue"); PolicyRule policyRule1 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim1 }, outputPolicyClaim1); InputPolicyClaim inputPolicyClaim2 = new InputPolicyClaim(this.issuer, this.inputClaimType, "inputClaimValue"); ClaimType outputClaimType2 = new ClaimType("http://myOutputClaimType2"); OutputPolicyClaim outputPolicyClaim2 = new OutputPolicyClaim(outputClaimType2, string.Empty, CopyFromConstants.InputValue); PolicyRule policyRule2 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim2 }, outputPolicyClaim2); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { policyRule1, policyRule2 }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "inputClaimValue", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(2, evaluatedOutputClaims.Count()); var outputClaim1 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType1"); Assert.IsNotNull(outputClaim1); Assert.AreEqual("myOutputClaimValue", outputClaim1.Value); var outputClaim2 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType2"); Assert.IsNotNull(outputClaim2); Assert.AreEqual("inputClaimValue", outputClaim2.Value); }
public void ShouldMatchInputClaimValueInCaseInsensitiveFashion() { var store = new MockPolicyStore(); var scopeUri = new Uri("http://myScope"); var inputClaimValue = "myInputClaimValue"; var outputClaimValue = "myOutputClaimValue"; InputPolicyClaim inputClaim = new InputPolicyClaim( new Issuer("http://myInputClaimIssuer", "myInputClaimIssuer"), new ClaimType("http://myInputClaimType", "myInputClaimType"), inputClaimValue); OutputPolicyClaim outputClaim = new OutputPolicyClaim( new ClaimType("http://myOutputClaimType", "myOutputClaimType"), outputClaimValue); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope> { new PolicyScope(scopeUri, new[] { rule }) }; var evaluator = new ClaimsPolicyEvaluator(store); var evaluatedOutputClaims = evaluator.Evaluate(scopeUri, new[] { new Claim("http://myInputClaimType", inputClaimValue.ToUpperInvariant(), string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual(outputClaimValue, evaluatedOutputClaims.ElementAt(0).Value); }
private static XElement SerializeOutputClaim(OutputPolicyClaim outputPolicyClaim) { XElement outputElement = new XElement("output"); outputElement.SetAttributeValue("type", outputPolicyClaim.ClaimType.DisplayName); if (!string.IsNullOrEmpty(outputPolicyClaim.Value)) { outputElement.SetAttributeValue("value", outputPolicyClaim.Value); } if (outputPolicyClaim.CopyFromInput) { outputElement.SetAttributeValue("copyFrom", outputPolicyClaim.CopyFrom); } return outputElement; }