public void DefaultConstructor ()
{
Evidence evidence = new Evidence ();
AssertEquals ("Default constructor count should be zero", evidence.Count, 0);
AssertEquals ("Default constructor host enumerator MoveNext() should be false",
evidence.GetHostEnumerator().MoveNext(), false);
AssertEquals ("Default constructor assembly enumerator MoveNext() should be false",
evidence.GetAssemblyEnumerator().MoveNext(), false);
AssertEquals ("Default constructor enumerator MoveNext() should be false",
evidence.GetEnumerator().MoveNext(), false);
}
internal static char[] MakeEvidenceArray( Evidence evidence, bool verbose )
{
// We only support caching on our built-in evidence types (excluding hash b/c it would
// make our caching scheme just match up the same assembly from the same location which
// doesn't gain us anything).
IEnumerator enumerator = evidence.GetEnumerator();
int requiredLength = 0;
while (enumerator.MoveNext())
{
IBuiltInEvidence obj = enumerator.Current as IBuiltInEvidence;
if (obj == null)
return null;
requiredLength += obj.GetRequiredSize(verbose);
}
enumerator.Reset();
char[] buffer = new char[requiredLength];
int position = 0;
while (enumerator.MoveNext())
{
position = ((IBuiltInEvidence)enumerator.Current).OutputToBuffer( buffer, position, verbose );
}
return buffer;
}
public PermissionSet Resolve(Evidence evidence, PermissionSet request)
{
#if _DEBUG
if (debug)
{
DEBUG_OUT("PolicyManager::Resolve");
IEnumerator evidenceEnumerator = evidence.GetEnumerator();
DEBUG_OUT("Evidence:");
while (evidenceEnumerator.MoveNext())
{
Object obj = evidenceEnumerator.Current;
if (obj is Site)
{
DEBUG_OUT( ((Site)obj).ToXml().ToString() );
}
else if (obj is Zone)
{
DEBUG_OUT( ((Zone)obj).ToXml().ToString() );
}
else if (obj is Url)
{
DEBUG_OUT( ((Url)obj).ToXml().ToString() );
}
else if (obj is StrongName)
{
DEBUG_OUT( ((StrongName)obj).ToXml().ToString() );
}
else if (obj is PermissionRequestEvidence)
{
DEBUG_OUT( ((PermissionRequestEvidence)obj).ToXml().ToString() );
}
}
}
#endif
// We set grant to null to represent "AllPossible"
PermissionSet grant = null;
PolicyStatement policy;
PolicyLevel currentLevel = null;
IEnumerator levelEnumerator = m_levels.GetEnumerator();
char[] serializedEvidence = MakeEvidenceArray( evidence, false );
int count = evidence.Count;
bool testApplicationLevels = false;
while (levelEnumerator.MoveNext())
{
currentLevel = (PolicyLevel)levelEnumerator.Current;
policy = currentLevel.Resolve( evidence, count, serializedEvidence );
// If the grant is "AllPossible", the intersection is just the other permission set.
// Otherwise, do an inplace intersection (since we know we can alter the grant set since
// it is a copy of the first policy statement's permission set).
if (grant == null)
{
grant = policy.PermissionSet;
}
else
{
// An exception somewhere in here means that a permission
// failed some operation. This simply means that it will be
// dropped from the grant set which is safe operation that
// can be ignored.
try
{
grant.InplaceIntersect( policy.GetPermissionSetNoCopy() );
}
catch (Exception)
{
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT( "Level = " + currentLevel.Label );
DEBUG_OUT( "policy =\n" + policy.ToXml().ToString() );
DEBUG_OUT( "grant so far =\n" + grant.ToXml().ToString() );
}
#endif
if (grant.IsEmpty())
{
break;
}
else if ((policy.Attributes & PolicyStatementAttribute.LevelFinal) == PolicyStatementAttribute.LevelFinal)
{
if (!currentLevel.Label.Equals( "AppDomain" ))
{
testApplicationLevels = true;
}
break;
}
}
if (testApplicationLevels)
{
PolicyLevel appDomainLevel = null;
for (int i = m_levels.Count - 1; i >= 0; --i)
{
currentLevel = (PolicyLevel)m_levels[i];
if (currentLevel.Label.Equals( "AppDomain" ))
{
appDomainLevel = currentLevel;
break;
}
}
if (appDomainLevel != null)
{
policy = appDomainLevel.Resolve( evidence, count, serializedEvidence );
grant.InplaceIntersect( policy.GetPermissionSetNoCopy() );
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT( "granted =\n" + grant.ToString() );
DEBUG_OUT( "request =\n" + (request != null ? request.ToString() : "<null>") );
DEBUG_OUT( "awarded =\n" + (request != null ? grant.Intersect( request ).ToString() : grant.ToString()) );
}
#endif
try
{
if(request != null)
grant.InplaceIntersect( request );
}
catch (Exception)
{
}
#if _DEBUG
if (debug) {
DEBUG_OUT("granted after intersect w/ request =\n" + grant.ToString());
}
#endif
// Each piece of evidence can possibly create an identity permission that we
// need to add to our grant set. Therefore, for all pieces of evidence that
// implement the IIdentityPermissionFactory interface, ask it for its
// adjoining identity permission and add it to the grant.
IEnumerator enumerator = evidence.GetHostEnumerator();
while (enumerator.MoveNext())
{
try
{
Object obj = enumerator.Current;
IIdentityPermissionFactory factory = obj as IIdentityPermissionFactory;
if (factory != null)
{
IPermission perm = factory.CreateIdentityPermission( evidence );
if (perm != null)
{
grant.AddPermission( perm );
}
}
}
catch (Exception)
{
}
}
#if _DEBUG
if (debug)
{
DEBUG_OUT( "awarded with identity =\n" + grant.ToString() );
}
#endif
return grant;
}
public void EnumeratorReset ()
{
object[] hostarray = { "host-1", "host-2", "host-3", "host-4" };
object[] asmbarray = { "asmb-1", "asmb-2", "asmb-3", "asmb-4" };
ArrayList compare = new ArrayList ();
Evidence evidence = new Evidence (hostarray, asmbarray);
compare.AddRange (hostarray);
compare.AddRange (asmbarray);
int i = 0;
IEnumerator enumerator = evidence.GetEnumerator ();
while (enumerator.MoveNext ()) {
Assert.AreEqual (enumerator.Current, compare[i++]);
}
enumerator.Reset ();
i = 0;
while (enumerator.MoveNext ()) {
Assert.AreEqual (enumerator.Current, compare[i++]);
}
}
