/// <summary>
/// Evauluate the Apply.
/// </summary>
/// <param name="request">The context request.</param>
/// <returns>The match result.</returns>
public XacmlAttributeMatchResult Evalute(XacmlContextRequest request)
{
XacmlAttributeValue policyConditionAttributeValue = null;
XacmlAttributeDesignator xacmlAttributeDesignator = null;
XacmlApply xacmlApply = null;
foreach (IXacmlExpression xacmlExpression in this.Parameters)
{
if (xacmlExpression.GetType() == typeof(XacmlAttributeValue))
{
policyConditionAttributeValue = xacmlExpression as XacmlAttributeValue;
}
else if (xacmlExpression.GetType() == typeof(XacmlAttributeDesignator))
{
xacmlAttributeDesignator = xacmlExpression as XacmlAttributeDesignator;
}
else if (xacmlExpression.GetType() == typeof(XacmlApply))
{
xacmlApply = xacmlExpression as XacmlApply;
}
}
if (xacmlAttributeDesignator == null && xacmlApply != null)
{
foreach (IXacmlExpression xacmlExpression in xacmlApply.Parameters)
{
if (xacmlExpression.GetType() == typeof(XacmlAttributeDesignator))
{
xacmlAttributeDesignator = xacmlExpression as XacmlAttributeDesignator;
}
}
}
return(this.Evaluate(request, policyConditionAttributeValue, xacmlAttributeDesignator, xacmlApply));
}
/// <summary>
/// Initializes a new instance of the <see cref="XacmlMatch"/> class.
/// </summary>
/// <param name="matchId">Specifies a matching function.The value of this attribute MUST be of type xs:anyURI with legal values documented in Section 7.6.</param>
/// <param name="attributeValue">Embedded attribute value.</param>
/// <param name="attributeSelector">MAY be used to identify one or more attribute values in a<Content/> element of the request context.</param>
public XacmlMatch(Uri matchId, XacmlAttributeValue attributeValue, XacmlAttributeSelector attributeSelector)
{
Guard.ArgumentNotNull(matchId, nameof(matchId));
Guard.ArgumentNotNull(attributeValue, nameof(attributeValue));
Guard.ArgumentNotNull(attributeSelector, nameof(attributeSelector));
this.matchId = matchId;
this.attributeValue = attributeValue;
this.attributeSelector = attributeSelector;
}
/// <summary>
/// Matches the context attribute against the Policy.
/// </summary>
/// <param name="xacmlAttributeValue">A xacml attribute value</param>
/// <returns>A boolean indicating it is a match</returns>
public bool IsMatch(XacmlAttributeValue xacmlAttributeValue)
{
if (this.AttributeValue.DataType.OriginalString.Equals(xacmlAttributeValue.DataType.OriginalString))
{
return(AttributeMatcher.MatchAttributes(this.AttributeValue.Value, xacmlAttributeValue.Value, this.MatchId.OriginalString));
}
else
{
// Returns false if datatype is different even the values are the same
return(false);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="XacmlCombinerParameter"/> class.
/// </summary>
/// <param name="parameterName">The identifier of the parameter.</param>
/// <param name="attributeValue">The value of the parameter.</param>
public XacmlCombinerParameter(string parameterName, XacmlAttributeValue attributeValue)
{
Guard.ArgumentNotNull(parameterName, nameof(parameterName));
if (parameterName.Length == 0)
{
throw new ArgumentException("Value cannot be empty.", nameof(parameterName));
}
Guard.ArgumentNotNull(parameterName, nameof(parameterName));
this.parameterName = parameterName;
this.attributeValue = attributeValue;
}
private bool Match(Uri matchFunction, XacmlAttribute contextAttribute, XacmlAttributeValue policyConditionAttributeValue)
{
foreach (XacmlAttributeValue contextAttributeValue in contextAttribute.AttributeValues)
{
if (contextAttributeValue.MatchAttributeValues(matchFunction, policyConditionAttributeValue))
{
return(true);
}
}
return(false);
}
/// <summary>
/// Match Attribute value against input attribute value.
/// </summary>
/// <param name="matchFunction">The match function.</param>
/// <param name="policyAttributeValue">The policy Attribute.</param>
/// <returns>A bool indicating it is a match.</returns>
public bool MatchAttributeValues(Uri matchFunction, XacmlAttributeValue policyAttributeValue)
{
return(AttributeMatcher.MatchAttributes(this.value, policyAttributeValue.Value, matchFunction.OriginalString));
}
private bool ValidateSingleElementInBagCondition(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlApply xacmlApply, XacmlAttributeDesignator attributeDesignator)
{
bool isSingleFunction = false;
string applyfunction = this.FunctionId.OriginalString;
if (xacmlApply != null)
{
applyfunction = xacmlApply.FunctionId.OriginalString;
}
switch (applyfunction)
{
case XacmlConstants.AttributeMatchFunction.IntegerOneAndOnly:
isSingleFunction = true;
break;
case XacmlConstants.AttributeMatchFunction.DateOneAndOnly:
isSingleFunction = true;
break;
case XacmlConstants.AttributeMatchFunction.DateTimeOneAndOnly:
isSingleFunction = true;
break;
default:
break;
}
if (!isSingleFunction)
{
return(true);
}
int attributeCount = this.GetBagSize(contextAttributes, attributeDesignator);
if (attributeCount > 1)
{
return(false);
}
return(true);
}
private XacmlAttributeMatchResult EvaluateBagSize(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlApply xacmlApply, XacmlAttributeDesignator attributeDesignator)
{
string applyfunction = xacmlApply.FunctionId.OriginalString;
switch (applyfunction)
{
case XacmlConstants.AttributeBagFunction.TimeBagSize:
case XacmlConstants.AttributeBagFunction.DateBagSize:
case XacmlConstants.AttributeBagFunction.DateTimeBagSize:
int bagSize = this.GetBagSize(contextAttributes, attributeDesignator);
if (int.Parse(policyConditionAttributeValue.Value).Equals(bagSize))
{
return(XacmlAttributeMatchResult.Match);
}
return(XacmlAttributeMatchResult.BagSizeConditionFailed);
default:
break;
}
return(XacmlAttributeMatchResult.BagSizeConditionFailed);
}
private XacmlAttributeMatchResult Evalute(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlAttributeDesignator attributeDesignator)
{
bool attributeWithCorrectAttributeIdFound = false;
foreach (XacmlContextAttributes xacmlContextAttributes in contextAttributes)
{
foreach (XacmlAttribute attribute in xacmlContextAttributes.Attributes)
{
if (attribute.AttributeId.Equals(attributeDesignator.AttributeId))
{
attributeWithCorrectAttributeIdFound = true;
if (this.Match(this.FunctionId, attribute, policyConditionAttributeValue))
{
return(XacmlAttributeMatchResult.Match);
}
}
}
}
if (attributeWithCorrectAttributeIdFound)
{
return(XacmlAttributeMatchResult.NoMatch);
}
return(XacmlAttributeMatchResult.RequiredAttributeMissing);
}
private XacmlAttributeMatchResult Evaluate(XacmlContextRequest contextRequest, XacmlAttributeValue policyConditionAttributeValue, XacmlAttributeDesignator attributeDesignator, XacmlApply xacmlApply)
{
ICollection <XacmlContextAttributes> xacmlContextAttributes = new Collection <XacmlContextAttributes>();
foreach (XacmlContextAttributes attributes in contextRequest.Attributes)
{
if (attributes.Category.Equals(attributeDesignator.Category))
{
xacmlContextAttributes.Add(attributes);
}
}
if (xacmlContextAttributes.Count == 0)
{
// No match for the condition in the attributes
return(XacmlAttributeMatchResult.RequiredAttributeMissing);
}
if (!this.ValidateSingleElementInBagCondition(xacmlContextAttributes, policyConditionAttributeValue, xacmlApply, attributeDesignator))
{
return(XacmlAttributeMatchResult.ToManyAttributes);
}
if (this.IsBagSizeCondition(xacmlApply))
{
return(this.EvaluateBagSize(xacmlContextAttributes, policyConditionAttributeValue, xacmlApply, attributeDesignator));
}
return(this.Evalute(xacmlContextAttributes, policyConditionAttributeValue, attributeDesignator));
}
