public void Dispose()
{
XacmlDecisionResult result = this.resultGetter();
IDictionary <XacmlEffectType, List <T> > dict = this.reference.Value;
if (result == XacmlDecisionResult.Permit && dict.ContainsKey(XacmlEffectType.Permit))
{
if (!this.savedOriginalCollection.ContainsKey(XacmlEffectType.Permit))
{
this.savedOriginalCollection.Add(XacmlEffectType.Permit, new List <T>());
}
this.savedOriginalCollection[XacmlEffectType.Permit].AddRange(dict[XacmlEffectType.Permit]);
}
if (result == XacmlDecisionResult.Deny && dict.ContainsKey(XacmlEffectType.Deny))
{
if (!this.savedOriginalCollection.ContainsKey(XacmlEffectType.Deny))
{
this.savedOriginalCollection.Add(XacmlEffectType.Deny, new List <T>());
}
this.savedOriginalCollection[XacmlEffectType.Deny].AddRange(dict[XacmlEffectType.Deny]);
}
this.reference.Value = savedOriginalCollection;
}
public static XacmlDecisionResult PolicyFirstApplicable(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams)
{
foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > resultDataFunc in results)
{
Tuple <XacmlDecisionResult, string> resultData = (Tuple <XacmlDecisionResult, string>)resultDataFunc.Item2["evaluate"]();
XacmlDecisionResult result = resultData.Item1;
if (result == XacmlDecisionResult.Deny)
{
return(XacmlDecisionResult.Deny);
}
if (result == XacmlDecisionResult.Permit)
{
return(XacmlDecisionResult.Permit);
}
if (result == XacmlDecisionResult.NotApplicable)
{
continue;
}
if (result == XacmlDecisionResult.Indeterminate ||
result == XacmlDecisionResult.IndeterminateD ||
result == XacmlDecisionResult.IndeterminateP ||
result == XacmlDecisionResult.IndeterminateDP)
{
return(XacmlDecisionResult.Indeterminate);
}
}
return(XacmlDecisionResult.NotApplicable);
}
public static XacmlDecisionResult RuleDenyOverrides(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams)
{
bool atLeastOneError = false;
bool potentialDeny = false;
bool atLeastOnePermit = false;
foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > resultDataFunc in results)
{
Tuple <XacmlDecisionResult, string> resultData = (Tuple <XacmlDecisionResult, string>)resultDataFunc.Item2["evaluate"]();
XacmlDecisionResult result = resultData.Item1;
if (result == XacmlDecisionResult.Deny)
{
return(XacmlDecisionResult.Deny);
}
if (result == XacmlDecisionResult.Permit)
{
atLeastOnePermit = true;
continue;
}
if (result == XacmlDecisionResult.NotApplicable)
{
continue;
}
if (result == XacmlDecisionResult.Indeterminate)
{
atLeastOneError = true;
if (resultData.Item2 == "Deny")
{
potentialDeny = true;
}
continue;
}
}
if (potentialDeny)
{
return(XacmlDecisionResult.Indeterminate);
}
if (atLeastOnePermit)
{
return(XacmlDecisionResult.Permit);
}
if (atLeastOneError)
{
return(XacmlDecisionResult.Indeterminate);
}
return(XacmlDecisionResult.NotApplicable);
}
public static XacmlDecisionResult PermitUnlessDeny_30(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams)
{
foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > elem in results)
{
Tuple <XacmlDecisionResult, string> decisionRes = (Tuple <XacmlDecisionResult, string>)elem.Item2["evaluate"]();
XacmlDecisionResult decision = decisionRes.Item1;
if (decision == XacmlDecisionResult.Deny)
{
return(XacmlDecisionResult.Deny);
}
}
return(XacmlDecisionResult.Permit);
}
protected virtual XacmlContextResult MakeResult(XacmlDecisionResult decision, XacmlContextStatus status) {
XacmlContextDecision resultDecision = XacmlContextDecision.NotApplicable;
switch (decision) {
case XacmlDecisionResult.Deny:
resultDecision = XacmlContextDecision.Deny;
break;
case XacmlDecisionResult.Indeterminate:
case XacmlDecisionResult.IndeterminateD:
case XacmlDecisionResult.IndeterminateP:
case XacmlDecisionResult.IndeterminateDP:
resultDecision = XacmlContextDecision.Indeterminate;
break;
case XacmlDecisionResult.Permit:
resultDecision = XacmlContextDecision.Permit;
break;
}
var result = new XacmlContextResult(resultDecision) {
Status = status,
};
if (decision == XacmlDecisionResult.Permit) {
foreach (var obligation in this.obligations[XacmlEffectType.Permit]) {
result.Obligations.Add(obligation);
}
}
if (decision == XacmlDecisionResult.Deny) {
foreach (var obligation in this.obligations[XacmlEffectType.Deny]) {
result.Obligations.Add(obligation);
}
}
return result;
}
public static XacmlDecisionResult PermitOvverides_30(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams)
{
bool atLeastOneErrorD = false;
bool atLeastOneErrorP = false;
bool atLeastOneErrorDP = false;
bool atLeastOneDeny = false;
foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > elem in results)
{
Tuple <XacmlDecisionResult, string> decisionRes = (Tuple <XacmlDecisionResult, string>)elem.Item2["evaluate"]();
XacmlDecisionResult decision = decisionRes.Item1;
if (decision == XacmlDecisionResult.Deny)
{
atLeastOneDeny = true;
continue;
}
if (decision == XacmlDecisionResult.Permit)
{
return(XacmlDecisionResult.Permit);
}
if (decision == XacmlDecisionResult.NotApplicable)
{
continue;
}
if (decision == XacmlDecisionResult.IndeterminateD)
{
atLeastOneErrorD = true;
continue;
}
if (decision == XacmlDecisionResult.IndeterminateP)
{
atLeastOneErrorP = true;
continue;
}
if (decision == XacmlDecisionResult.IndeterminateDP)
{
atLeastOneErrorDP = true;
continue;
}
}
if (atLeastOneErrorDP)
{
return(XacmlDecisionResult.IndeterminateDP);
}
if (atLeastOneErrorP && (atLeastOneErrorD || atLeastOneDeny))
{
return(XacmlDecisionResult.IndeterminateDP);
}
if (atLeastOneErrorP)
{
return(XacmlDecisionResult.IndeterminateP);
}
if (atLeastOneDeny)
{
return(XacmlDecisionResult.Deny);
}
if (atLeastOneErrorD)
{
return(XacmlDecisionResult.IndeterminateD);
}
return(XacmlDecisionResult.NotApplicable);
}
protected XacmlDecisionResult SpecifyCombiningAlgorithmResult(XacmlDecisionResult combAlgRes) {
switch (combAlgRes) {
case XacmlDecisionResult.NotApplicable:
return XacmlDecisionResult.NotApplicable;
case XacmlDecisionResult.Permit:
return XacmlDecisionResult.IndeterminateP;
case XacmlDecisionResult.Deny:
return XacmlDecisionResult.IndeterminateD;
case XacmlDecisionResult.Indeterminate:
return XacmlDecisionResult.IndeterminateDP;
case XacmlDecisionResult.IndeterminateDP:
return XacmlDecisionResult.IndeterminateDP;
case XacmlDecisionResult.IndeterminateP:
return XacmlDecisionResult.IndeterminateP;
case XacmlDecisionResult.IndeterminateD:
return XacmlDecisionResult.IndeterminateD;
default:
return XacmlDecisionResult.IndeterminateDP;
}
}
protected override XacmlContextResult MakeResult(XacmlDecisionResult decision, XacmlContextStatus status) {
XacmlContextDecision resultDecision = XacmlContextDecision.NotApplicable;
switch (decision) {
case XacmlDecisionResult.Deny:
resultDecision = XacmlContextDecision.Deny;
break;
case XacmlDecisionResult.Indeterminate:
case XacmlDecisionResult.IndeterminateD:
case XacmlDecisionResult.IndeterminateP:
case XacmlDecisionResult.IndeterminateDP:
resultDecision = XacmlContextDecision.Indeterminate;
break;
case XacmlDecisionResult.Permit:
resultDecision = XacmlContextDecision.Permit;
break;
}
//PROFILE - Multiple Decision Profile - #POL01 (Fists())
var result = new XacmlContextResult(resultDecision) {
Status = status,
};
foreach (var attribute in this.pip.GetAttributesWithIncludeInResult()) {
result.Attributes.Add(attribute);
};
if (decision == XacmlDecisionResult.Permit) {
foreach (var obligation in this.obligations[XacmlEffectType.Permit]) {
result.Obligations.Add(obligation);
}
foreach (var advice in this.advices[XacmlEffectType.Permit]) {
result.Advices.Add(advice);
}
if (pip.ReturnPolicyIdList()) {
foreach (var policyIdReferences in this.applicablePolicies[XacmlEffectType.Permit]) {
result.PolicyIdReferences.Add(policyIdReferences);
}
foreach (var policySetIdReferences in this.applicablePolicySets[XacmlEffectType.Permit]) {
result.PolicySetIdReferences.Add(policySetIdReferences);
}
}
}
if (decision == XacmlDecisionResult.Deny) {
foreach (var obligation in this.obligations[XacmlEffectType.Deny]) {
result.Obligations.Add(obligation);
}
foreach (var advice in this.advices[XacmlEffectType.Deny]) {
result.Advices.Add(advice);
}
if (pip.ReturnPolicyIdList()) {
foreach (var policyIdReferences in this.applicablePolicies[XacmlEffectType.Deny]) {
result.PolicyIdReferences.Add(policyIdReferences);
}
foreach (var policySetIdReferences in this.applicablePolicySets[XacmlEffectType.Deny]) {
result.PolicySetIdReferences.Add(policySetIdReferences);
}
}
}
return result;
}
