/// <summary>
/// The evaluation implementation in the pseudo-code described in the specification.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="policies">The policies that must be evaluated.</param>
/// <returns>The final decission for the combination of the policy evaluation.</returns>
public Decision Evaluate( EvaluationContext context, IMatchEvaluableCollection policies )
{
foreach( IMatchEvaluable policy in policies )
{
Decision decision = policy.Evaluate( context );
context.TraceContextValues();
if( decision == Decision.Deny )
{
context.ProcessingError = false;
context.IsMissingAttribute = false;
return Decision.Deny;
}
if( decision == Decision.Permit )
{
context.ProcessingError = false;
context.IsMissingAttribute = false;
return Decision.Permit;
}
if( decision == Decision.NotApplicable )
{
continue;
}
if( decision == Decision.Indeterminate )
{
return Decision.Indeterminate;
}
}
return Decision.NotApplicable;
}
/// <summary>
/// The evaluation implementation in the pseudo-code described in the specification.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="policies">The policies that must be evaluated.</param>
/// <returns>The final decission for the combination of the policy evaluation.</returns>
public Decision Evaluate( EvaluationContext context, IMatchEvaluableCollection policies )
{
Boolean atLeastOne = false;
Policy selectedPolicy = null;
TargetEvaluationValue appResult;
for( int i = 0; i < policies.Count; i++ )
{
Policy tempPolicy = (Policy)policies[ i ];
appResult = appResult = tempPolicy.Match( context );
if( appResult == TargetEvaluationValue.Indeterminate )
{
context.ProcessingError = true;
context.TraceContextValues();
return Decision.Indeterminate;
}
if( appResult == TargetEvaluationValue.Match )
{
if ( atLeastOne )
{
context.ProcessingError = true;
context.TraceContextValues();
return Decision.Indeterminate;
}
else
{
atLeastOne = true;
selectedPolicy = (Policy)policies[i];
}
}
if ( appResult == TargetEvaluationValue.NoMatch )
{
continue;
}
}
if ( atLeastOne )
{
Decision retValue = selectedPolicy.Evaluate( context );
context.TraceContextValues();
if( retValue == Decision.Deny || retValue == Decision.Permit )
{
context.ProcessingError = false;
context.IsMissingAttribute = false;
}
return retValue;
}
else
{
return Decision.NotApplicable;
}
}
/// <summary>
/// The evaluation implementation in the pseudo-code described in the specification.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="rules">The policies that must be evaluated.</param>
/// <returns>The final decission for the combination of the rule evaluation.</returns>
public Decision Evaluate( EvaluationContext context, RuleCollection rules )
{
Decision decision = Decision.Indeterminate;
context.Trace( "Evaluating rules..." );
context.AddIndent();
try
{
foreach( Rule rule in rules )
{
decision = rule.Evaluate( context );
context.TraceContextValues();
if( decision == Decision.Deny )
{
decision = Decision.Deny;
return decision;
}
if( decision == Decision.Permit )
{
decision = Decision.Permit;
return decision;
}
if( decision == Decision.NotApplicable )
{
continue;
}
if( decision == Decision.Indeterminate )
{
decision = Decision.Indeterminate;
return decision;
}
}
return Decision.NotApplicable;
}
finally
{
context.Trace( "Rule combination algorithm: {0}", decision.ToString() );
context.RemoveIndent();
}
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
EvaluationValue _evaluationValue = null;
context.Trace("Evaluating condition...");
context.AddIndent();
try
{
// Get the function instance
inf.IFunction function = EvaluationEngine.GetFunction(ApplyDefinition.FunctionId);
if (function == null)
{
context.Trace("ERR: function not found {0}", ApplyDefinition.FunctionId);
context.ProcessingError = true;
return(EvaluationValue.Indeterminate);
}
// Validates the function return value
if (function.Returns == null)
{
context.Trace("The function '{0}' does not defines it's return value", ApplyDefinition.FunctionId);
_evaluationValue = EvaluationValue.Indeterminate;
context.ProcessingError = true;
}
else if (function.Returns != DataTypeDescriptor.Boolean)
{
context.Trace("Function does not return Boolean a value");
_evaluationValue = EvaluationValue.Indeterminate;
context.ProcessingError = true;
}
else
{
// Call the ApplyBase method to perform the evaluation.
_evaluationValue = base.Evaluate(context);
}
// Validate the results of the evaluation
if (_evaluationValue.IsIndeterminate)
{
context.Trace("condition evaluated into {0}", _evaluationValue.ToString());
return(_evaluationValue);
}
if (!(_evaluationValue.Value is bool))
{
context.Trace("condition evaluated into {0}", _evaluationValue.ToString());
return(EvaluationValue.Indeterminate);
}
if (_evaluationValue.BoolValue)
{
context.Trace("condition evaluated into {0}", _evaluationValue.ToString());
return(EvaluationValue.True);
}
else
{
// If the evaluation was false, validate if there was a missin attribute during
// evaluation and return an Indeterminate, otherwise return the False value.
if (context.IsMissingAttribute)
{
context.Trace("condition evaluated into {0}", _evaluationValue.ToString());
return(EvaluationValue.Indeterminate);
}
else
{
context.Trace("condition evaluated into {0}", _evaluationValue.ToString());
return(EvaluationValue.False);
}
}
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
context.Trace("Condition: {0}", _evaluationValue.ToString());
}
}
/// <summary>
/// Evaluates the variable into a value.
/// </summary>
/// <param name="context">The contex of the evaluation.</param>
/// <returns>The value of the function.</returns>
public EvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Trace("Evaluating variable");
context.AddIndent();
try
{
if (_variableDefinition.Expression is pol.ApplyElement)
{
context.Trace("Apply within condition.");
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply((pol.ApplyElement)_variableDefinition.Expression);
// Evaluate the Apply
_value = _childApply.Evaluate(context);
context.TraceContextValues();
return(_value);
}
else if (_variableDefinition.Expression is pol.FunctionElement)
{
throw new NotImplementedException("FunctionElement"); //TODO:
}
else if (_variableDefinition.Expression is pol.VariableReferenceElement)
{
pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition;
context.TraceContextValues();
if (!variableDef.IsEvaluated)
{
return(variableDef.Evaluate(context));
}
else
{
return(variableDef.Value);
}
}
else if (_variableDefinition.Expression is pol.AttributeValueElementReadWrite)
{
// The AttributeValue does not need to be processed
context.Trace("Attribute value {0}", _variableDefinition.Expression.ToString());
pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression;
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(att.DataType, att.Contents, att.SchemaVersion);
_value = new EvaluationValue(
attributeValue.GetTypedValue(attributeValue.GetType(context), 0),
attributeValue.GetType(context));
return(_value);
}
else if (_variableDefinition.Expression is pol.AttributeDesignatorBase)
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace("Processing attribute designator: {0}", _variableDefinition.Expression.ToString());
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve(context, attrDes);
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if (bag.BagSize == 0)
{
if (_variableDefinition.Expression is pol.SubjectAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding subject attribute designator: {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.ResourceAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding resource attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.ActionAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding action attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (_variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding environment attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if (bag.BagSize == 0 && attrDes.MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute(attrDes);
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue(bag, bag.GetType(context));
}
return(_value);
}
else if (_variableDefinition.Expression is pol.AttributeSelectorElement)
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace("Attribute selector");
try
{
pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve(context, attributeSelector);
if (bag.Elements.Count == 0 && attributeSelector.MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute(attributeSelector);
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue(bag, bag.GetType(context));
}
}
catch (EvaluationException e)
{
context.Trace("ERR: {0}", e.Message);
context.ProcessingError = true;
_value = EvaluationValue.Indeterminate;
}
return(_value);
}
throw new NotSupportedException("internal error");
}
finally
{
_isEvaluated = true;
context.RemoveIndent();
}
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
EvaluationValue _evaluationValue = null;
context.Trace( "Evaluating condition..." );
context.AddIndent();
try
{
// Get the function instance
inf.IFunction function = EvaluationEngine.GetFunction( ApplyDefinition.FunctionId );
if( function == null )
{
context.Trace( "ERR: function not found {0}", ApplyDefinition.FunctionId );
context.ProcessingError = true;
return EvaluationValue.Indeterminate;
}
// Validates the function return value
if( function.Returns == null )
{
context.Trace( "The function '{0}' does not defines it's return value", ApplyDefinition.FunctionId );
_evaluationValue = EvaluationValue.Indeterminate;
context.ProcessingError = true;
}
else if( function.Returns != DataTypeDescriptor.Boolean )
{
context.Trace( "Function does not return Boolean a value" );
_evaluationValue = EvaluationValue.Indeterminate;
context.ProcessingError = true;
}
else
{
// Call the ApplyBase method to perform the evaluation.
_evaluationValue = base.Evaluate( context );
}
// Validate the results of the evaluation
if( _evaluationValue.IsIndeterminate )
{
context.Trace( "condition evaluated into {0}", _evaluationValue.ToString() );
return _evaluationValue;
}
if( !(_evaluationValue.Value is bool) )
{
context.Trace( "condition evaluated into {0}", _evaluationValue.ToString() );
return EvaluationValue.Indeterminate;
}
if( _evaluationValue.BoolValue )
{
context.Trace( "condition evaluated into {0}", _evaluationValue.ToString() );
return EvaluationValue.True;
}
else
{
// If the evaluation was false, validate if there was a missin attribute during
// evaluation and return an Indeterminate, otherwise return the False value.
if( context.IsMissingAttribute )
{
context.Trace( "condition evaluated into {0}", _evaluationValue.ToString() );
return EvaluationValue.Indeterminate;
}
else
{
context.Trace( "condition evaluated into {0}", _evaluationValue.ToString() );
return EvaluationValue.False;
}
}
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
context.Trace( "Condition: {0}", _evaluationValue.ToString() );
}
}
/// <summary>
/// Evaluates the variable into a value.
/// </summary>
/// <param name="context">The contex of the evaluation.</param>
/// <returns>The value of the function.</returns>
public EvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
context.Trace( "Evaluating variable" );
context.AddIndent();
try
{
if( _variableDefinition.Expression is pol.ApplyElement )
{
context.Trace( "Apply within condition." );
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply( (pol.ApplyElement)_variableDefinition.Expression );
// Evaluate the Apply
_value = _childApply.Evaluate( context );
context.TraceContextValues();
return _value;
}
else if( _variableDefinition.Expression is pol.FunctionElement )
{
throw new NotImplementedException( "FunctionElement" ); //TODO:
}
else if( _variableDefinition.Expression is pol.VariableReferenceElement )
{
pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition;
context.TraceContextValues();
if( !variableDef.IsEvaluated )
{
return variableDef.Evaluate( context );
}
else
{
return variableDef.Value;
}
}
else if( _variableDefinition.Expression is pol.AttributeValueElementReadWrite )
{
// The AttributeValue does not need to be processed
context.Trace( "Attribute value {0}", _variableDefinition.Expression.ToString() );
pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression;
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( att.DataType, att.Contents, att.SchemaVersion );
_value = new EvaluationValue(
attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ),
attributeValue.GetType( context ) );
return _value;
}
else if( _variableDefinition.Expression is pol.AttributeDesignatorBase )
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace( "Processing attribute designator: {0}", _variableDefinition.Expression.ToString() );
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve( context, attrDes );
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if( bag.BagSize == 0 )
{
if( _variableDefinition.Expression is pol.SubjectAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding subject attribute designator: {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.ResourceAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding resource attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.ActionAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding action attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( _variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding environment attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if( bag.BagSize == 0 && attrDes.MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( attrDes );
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue( bag, bag.GetType( context ) );
}
return _value;
}
else if( _variableDefinition.Expression is pol.AttributeSelectorElement )
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace( "Attribute selector" );
try
{
pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression;
BagValue bag = EvaluationEngine.Resolve( context, attributeSelector );
if( bag.Elements.Count == 0 && attributeSelector.MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( attributeSelector );
_value = EvaluationValue.Indeterminate;
}
else
{
_value = new EvaluationValue( bag, bag.GetType( context ) );
}
}
catch( EvaluationException e )
{
context.Trace( "ERR: {0}", e.Message );
context.ProcessingError = true;
_value = EvaluationValue.Indeterminate;
}
return _value;
}
throw new NotSupportedException( "internal error" );
}
finally
{
_isEvaluated = true;
context.RemoveIndent();
}
}
/// <summary>
/// The evaluation implementation in the pseudo-code described in the specification.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="rules">The policies that must be evaluated.</param>
/// <returns>The final decission for the combination of the rule evaluation.</returns>
public Decision Evaluate(EvaluationContext context, RuleCollection rules)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (rules == null)
{
throw new ArgumentNullException("rules");
}
Decision decision = Decision.Indeterminate;
bool atLeastOneError = false;
bool potentialPermit = false;
bool atLeastOneDeny = false;
context.Trace("Evaluating rules...");
context.AddIndent();
try
{
foreach (Rule rule in rules)
{
decision = rule.Evaluate(context);
context.TraceContextValues();
if (decision == Decision.Deny)
{
atLeastOneDeny = true;
continue;
}
if (decision == Decision.Permit)
{
decision = Decision.Permit;
return(decision);
}
if (decision == Decision.NotApplicable)
{
continue;
}
if (decision == Decision.Indeterminate)
{
atLeastOneError = true;
if (rule.RuleDefinition.Effect == pol.Effect.Permit)
{
potentialPermit = true;
}
continue;
}
}
if (potentialPermit)
{
decision = Decision.Indeterminate;
return(decision);
}
if (atLeastOneDeny)
{
decision = Decision.Deny;
return(decision);
}
if (atLeastOneError)
{
decision = Decision.Indeterminate;
return(decision);
}
decision = Decision.NotApplicable;
return(decision);
}
finally
{
context.Trace("Rule combination algorithm: {0}", decision.ToString());
context.RemoveIndent();
}
}
/// <summary>
/// THe argument processing method resolves all the attribute designators, attribute
/// selectors. If there is an internal Apply it will be evaulated within this method.
/// </summary>
/// <remarks>All the processed arguments are converted into an IFunctionParameter instance
/// because this is the only value that can be used to call a function.</remarks>
/// <param name="context">The evaluation context instance.</param>
/// <param name="arguments">The arguments to process.</param>
/// <returns>A list of arguments ready to be used by a function.</returns>
private IFunctionParameterCollection ProcessArguments( EvaluationContext context, pol.IExpressionCollection arguments )
{
context.Trace( "Processing arguments" );
context.AddIndent();
// Create a list to return the processed values.
IFunctionParameterCollection processedArguments = new IFunctionParameterCollection();
// Iterate through the arguments, the IExpressionType is a mark interface
foreach( inf.IExpression arg in arguments )
{
if( arg is pol.ApplyElement )
{
context.Trace( "Nested apply" );
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply( (pol.ApplyElement)arg );
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate( context );
context.TraceContextValues();
// If the results were Indeterminate the Indeterminate value will be placed in
// the processed arguments, later another method will validate the parameters
// and cancel the evaluation propperly.
if( !retVal.IsIndeterminate )
{
if( !context.IsMissingAttribute )
{
processedArguments.Add( retVal );
}
}
else
{
processedArguments.Add( retVal );
}
}
else if( arg is pol.FunctionElementReadWrite )
{
// Search for the function and place it in the processed arguments.
pol.FunctionElement functionId = new pol.FunctionElement( ((pol.FunctionElementReadWrite)arg).FunctionId, ((pol.FunctionElementReadWrite)arg).SchemaVersion );
context.Trace( "Function {0}", functionId.FunctionId );
inf.IFunction function = EvaluationEngine.GetFunction( functionId.FunctionId );
if( function == null )
{
context.Trace( "ERR: function not found {0}", _applyBase.FunctionId );
context.ProcessingError = true;
processedArguments.Add( EvaluationValue.Indeterminate );
}
else
{
processedArguments.Add( function );
}
}
else if( arg is pol.VariableReferenceElement )
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition;
context.TraceContextValues();
if( !variableDef.IsEvaluated )
{
processedArguments.Add( variableDef.Evaluate( context ) );
}
else
{
processedArguments.Add( variableDef.Value );
}
}
else if( arg is pol.AttributeValueElementReadWrite )
{
// The AttributeValue does not need to be processed
context.Trace( "Attribute value {0}", arg.ToString() );
processedArguments.Add( new pol.AttributeValueElement( ((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion ));
}
else if( arg is pol.AttributeDesignatorBase )
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace( "Processing attribute designator: {0}", arg.ToString() );
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = EvaluationEngine.Resolve( context, attrDes );
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if( bag.BagSize == 0 )
{
if( arg is pol.SubjectAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding subject attribute designator: {0}", attrib.ToString() );
bag.Add( attrib );
break;
}
}
else if( arg is pol.ResourceAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding resource attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( arg is pol.ActionAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding action attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
else if( arg is pol.EnvironmentAttributeDesignatorElement )
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes );
if( attrib != null )
{
context.Trace( "Adding environment attribute designator {0}", attrib.ToString() );
bag.Add( attrib );
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if( bag.BagSize == 0 && attrDes.MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( attrDes );
}
else
{
processedArguments.Add( bag );
}
}
else if( arg is pol.AttributeSelectorElement )
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace( "Attribute selector" );
try
{
BagValue bag = EvaluationEngine.Resolve( context, (pol.AttributeSelectorElement)arg );
if( bag.Elements.Count == 0 && ((pol.AttributeSelectorElement)arg).MustBePresent )
{
context.Trace( "Attribute is missing" );
context.IsMissingAttribute = true;
context.AddMissingAttribute( (pol.AttributeReferenceBase)arg );
}
else
{
processedArguments.Add( bag );
}
}
catch( EvaluationException e )
{
context.Trace( Resource.TRACE_ERROR, e.Message );
processedArguments.Add( EvaluationValue.Indeterminate );
context.ProcessingError = true;
}
}
}
context.RemoveIndent();
return processedArguments;
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
context.Trace( "Evaluating condition" );
context.AddIndent();
try
{
// Iterate through the arguments, the IExpressionType is a mark interface
foreach( inf.IExpression arg in ApplyDefinition.Arguments )
{
if( arg is pol.ApplyElement )
{
context.Trace( "Apply within condition." );
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply( (pol.ApplyElement)arg );
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate( context );
return retVal;
}
else if( arg is pol.FunctionElementReadWrite )
{
throw new NotImplementedException( "FunctionElement" ); //TODO:
}
else if( arg is pol.VariableReferenceElement )
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition;
if( !variableDef.IsEvaluated )
{
return variableDef.Evaluate( context );
}
else
{
return variableDef.Value;
}
}
else if( arg is pol.AttributeValueElementReadWrite )
{
// The AttributeValue does not need to be processed
context.Trace( "Attribute value {0}", arg.ToString() );
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( ((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion );
return new EvaluationValue(
attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ),
attributeValue.GetType( context ) );
}
else if( arg is pol.AttributeDesignatorBase )
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace( "Processing attribute designator: {0}", arg.ToString() );
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrDes.DataType ) );
return new EvaluationValue( bag, bag.GetType( context ) );
}
else if( arg is pol.AttributeSelectorElement )
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace( "Attribute selector" );
pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg;
BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrSel.DataType ) );
return new EvaluationValue( bag, bag.GetType( context ) );
}
}
throw new NotSupportedException( "internal error" );
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
}
}
/// <summary>
/// Matches this target instance using the context document.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The results of the evaluation of this target.</returns>
public TargetEvaluationValue Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
// Set the default value.
_evaluationValue = TargetEvaluationValue.NoMatch;
// Resource
context.Trace( "Evaluating Resource..." );
context.AddIndent();
TargetEvaluationValue resourceEval = _resources.Evaluate( context, context.CurrentResource );
context.TraceContextValues();
context.Trace( "Target item result: {0}", resourceEval );
context.RemoveIndent();
// Action
context.Trace( "Evaluating Action..." );
context.AddIndent();
TargetEvaluationValue actionEval = _actions.Evaluate( context, context.ContextDocument.Request.Action );
context.TraceContextValues();
context.Trace( "Target item result: {0}", actionEval );
context.RemoveIndent();
context.Trace( "Evaluating Subjects..." );
context.AddIndent();
if( actionEval == TargetEvaluationValue.Match && resourceEval == TargetEvaluationValue.Match )
{
// Subjects
foreach( ctx.SubjectElement ctxSubject in context.ContextDocument.Request.Subjects )
{
context.Trace( "Evaluating Subject: {0}", ctxSubject.SubjectCategory );
// Subject
TargetEvaluationValue subjectEval = _subjects.Evaluate( context, ctxSubject );
context.TraceContextValues();
if( subjectEval == TargetEvaluationValue.Indeterminate )
{
_evaluationValue = TargetEvaluationValue.Indeterminate;
}
else if( subjectEval == TargetEvaluationValue.Match )
{
_evaluationValue = TargetEvaluationValue.Match;
context.RemoveIndent();
context.Trace( "Target item result: {0}", _evaluationValue );
return _evaluationValue;
}
}
context.RemoveIndent();
context.Trace( "Target item result: {0}", _evaluationValue );
return _evaluationValue;
}
else
{
context.Trace( "Actions or Resources does not Match so Subjects will not be evaluated" );
if( resourceEval == TargetEvaluationValue.Indeterminate || actionEval == TargetEvaluationValue.Indeterminate )
{
context.RemoveIndent();
return TargetEvaluationValue.Indeterminate;
}
else
{
context.RemoveIndent();
return TargetEvaluationValue.NoMatch;
}
}
}
/// <summary>
/// THe argument processing method resolves all the attribute designators, attribute
/// selectors. If there is an internal Apply it will be evaulated within this method.
/// </summary>
/// <remarks>All the processed arguments are converted into an IFunctionParameter instance
/// because this is the only value that can be used to call a function.</remarks>
/// <param name="context">The evaluation context instance.</param>
/// <param name="arguments">The arguments to process.</param>
/// <returns>A list of arguments ready to be used by a function.</returns>
private IFunctionParameterCollection ProcessArguments(EvaluationContext context, pol.IExpressionCollection arguments)
{
context.Trace("Processing arguments");
context.AddIndent();
// Create a list to return the processed values.
IFunctionParameterCollection processedArguments = new IFunctionParameterCollection();
// Iterate through the arguments, the IExpressionType is a mark interface
foreach (inf.IExpression arg in arguments)
{
if (arg is pol.ApplyElement)
{
context.Trace("Nested apply");
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply((pol.ApplyElement)arg);
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate(context);
context.TraceContextValues();
// If the results were Indeterminate the Indeterminate value will be placed in
// the processed arguments, later another method will validate the parameters
// and cancel the evaluation propperly.
if (!retVal.IsIndeterminate)
{
if (!context.IsMissingAttribute)
{
processedArguments.Add(retVal);
}
}
else
{
processedArguments.Add(retVal);
}
}
else if (arg is pol.FunctionElementReadWrite)
{
// Search for the function and place it in the processed arguments.
pol.FunctionElement functionId = new pol.FunctionElement(((pol.FunctionElementReadWrite)arg).FunctionId, ((pol.FunctionElementReadWrite)arg).SchemaVersion);
context.Trace("Function {0}", functionId.FunctionId);
inf.IFunction function = EvaluationEngine.GetFunction(functionId.FunctionId);
if (function == null)
{
context.Trace("ERR: function not found {0}", _applyBase.FunctionId);
context.ProcessingError = true;
processedArguments.Add(EvaluationValue.Indeterminate);
}
else
{
processedArguments.Add(function);
}
}
else if (arg is pol.VariableReferenceElement)
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition;
context.TraceContextValues();
if (!variableDef.IsEvaluated)
{
processedArguments.Add(variableDef.Evaluate(context));
}
else
{
processedArguments.Add(variableDef.Value);
}
}
else if (arg is pol.AttributeValueElementReadWrite)
{
// The AttributeValue does not need to be processed
context.Trace("Attribute value {0}", arg.ToString());
processedArguments.Add(new pol.AttributeValueElement(((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion));
}
else if (arg is pol.AttributeDesignatorBase)
{
// Resolve the AttributeDesignator using the EvaluationEngine public methods.
context.Trace("Processing attribute designator: {0}", arg.ToString());
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = EvaluationEngine.Resolve(context, attrDes);
// If the attribute was not resolved by the EvaluationEngine search the
// attribute in the context document, also using the EvaluationEngine public
// methods.
if (bag.BagSize == 0)
{
if (arg is pol.SubjectAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding subject attribute designator: {0}", attrib.ToString());
bag.Add(attrib);
break;
}
}
else if (arg is pol.ResourceAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding resource attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (arg is pol.ActionAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding action attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
else if (arg is pol.EnvironmentAttributeDesignatorElement)
{
ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes);
if (attrib != null)
{
context.Trace("Adding environment attribute designator {0}", attrib.ToString());
bag.Add(attrib);
}
}
}
// If the argument was not found and the attribute must be present this is
// a MissingAttribute situation so set the flag. Otherwise add the attribute
// to the processed arguments.
if (bag.BagSize == 0 && attrDes.MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute(attrDes);
}
else
{
processedArguments.Add(bag);
}
}
else if (arg is pol.AttributeSelectorElement)
{
// Resolve the XPath query using the EvaluationEngine public methods.
context.Trace("Attribute selector");
try
{
BagValue bag = EvaluationEngine.Resolve(context, (pol.AttributeSelectorElement)arg);
if (bag.Elements.Count == 0 && ((pol.AttributeSelectorElement)arg).MustBePresent)
{
context.Trace("Attribute is missing");
context.IsMissingAttribute = true;
context.AddMissingAttribute((pol.AttributeReferenceBase)arg);
}
else
{
processedArguments.Add(bag);
}
}
catch (EvaluationException e)
{
context.Trace(Resource.TRACE_ERROR, e.Message);
processedArguments.Add(EvaluationValue.Indeterminate);
context.ProcessingError = true;
}
}
}
context.RemoveIndent();
return(processedArguments);
}
/// <summary>
/// This method overrides the ApplyBase method in order to provide extra validations
/// required in the condition evaluation, for example the final return value should be a
/// boolean value.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The EvaluationValue with the results of the condition evaluation.</returns>
public override EvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Trace("Evaluating condition");
context.AddIndent();
try
{
// Iterate through the arguments, the IExpressionType is a mark interface
foreach (inf.IExpression arg in ApplyDefinition.Arguments)
{
if (arg is pol.ApplyElement)
{
context.Trace("Apply within condition.");
// There is a nested apply un this policy a new Apply will be created and also
// evaluated. It's return value will be used as the processed argument.
Apply _childApply = new Apply((pol.ApplyElement)arg);
// Evaluate the Apply
EvaluationValue retVal = _childApply.Evaluate(context);
return(retVal);
}
else if (arg is pol.FunctionElementReadWrite)
{
throw new NotImplementedException("FunctionElement"); //TODO:
}
else if (arg is pol.VariableReferenceElement)
{
pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement;
VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition;
if (!variableDef.IsEvaluated)
{
return(variableDef.Evaluate(context));
}
else
{
return(variableDef.Value);
}
}
else if (arg is pol.AttributeValueElementReadWrite)
{
// The AttributeValue does not need to be processed
context.Trace("Attribute value {0}", arg.ToString());
pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion);
return(new EvaluationValue(
attributeValue.GetTypedValue(attributeValue.GetType(context), 0),
attributeValue.GetType(context)));
}
else if (arg is pol.AttributeDesignatorBase)
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace("Processing attribute designator: {0}", arg.ToString());
pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg;
BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrDes.DataType));
return(new EvaluationValue(bag, bag.GetType(context)));
}
else if (arg is pol.AttributeSelectorElement)
{
// Returning an empty bag, since the condition is not supposed to work with a bag
context.Trace("Attribute selector");
pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg;
BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrSel.DataType));
return(new EvaluationValue(bag, bag.GetType(context)));
}
}
throw new NotSupportedException("internal error");
}
finally
{
context.TraceContextValues();
context.RemoveIndent();
}
}
/// <summary>
/// Process the match result.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="targetEvaluationValue">The match evaluation result.</param>
private void ProcessTargetEvaluationValue(EvaluationContext context, TargetEvaluationValue targetEvaluationValue)
{
if (targetEvaluationValue == TargetEvaluationValue.Match)
{
try
{
context.Trace("Evaluating policies...");
context.AddIndent();
context.Trace("Policy combination algorithm: {0}", _policySet.PolicyCombiningAlgorithm);
// Evaluate all policies and apply rule combination
inf.IPolicyCombiningAlgorithm pca = EvaluationEngine.CreatePolicyCombiningAlgorithm(_policySet.PolicyCombiningAlgorithm);
if (pca == null)
{
throw new EvaluationException("the policy combining algorithm does not exists."); //TODO: resources
}
_evaluationValue = pca.Evaluate(context, _policies);
// Update the flags for general evaluation status.
context.TraceContextValues();
context.Trace("Policy combination algorithm: {0}", _evaluationValue.ToString());
}
finally
{
context.RemoveIndent();
}
}
else if (targetEvaluationValue == TargetEvaluationValue.NoMatch)
{
_evaluationValue = Decision.NotApplicable;
}
else if (targetEvaluationValue == TargetEvaluationValue.Indeterminate)
{
_evaluationValue = Decision.Indeterminate;
}
}
/// <summary>
/// Match the target of this policy set.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The retult evaluation of the policy set target.</returns>
public TargetEvaluationValue Match( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
// Evaluate the policy target
TargetEvaluationValue targetEvaluationValue = TargetEvaluationValue.Match;
if( _target != null )
{
targetEvaluationValue = _target.Evaluate( context );
context.TraceContextValues();
}
return targetEvaluationValue;
}
/// <summary>
/// Verifies if the rule target matches
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The result of the Match process.</returns>
public TargetEvaluationValue Match( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
TargetEvaluationValue targetEvaluationValue = TargetEvaluationValue.Indeterminate;
context.Trace( "Evaluating rule target" );
context.AddIndent();
try
{
// Evaluate the policy target
targetEvaluationValue = TargetEvaluationValue.Match;
if( _target != null )
{
targetEvaluationValue = _target.Evaluate( context );
context.TraceContextValues();
}
return targetEvaluationValue;
}
finally
{
context.RemoveIndent();
context.Trace( "Target: {0}", targetEvaluationValue );
}
}
/// <summary>
/// Matches this target instance using the context document.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The results of the evaluation of this target.</returns>
public TargetEvaluationValue Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
// Set the default value.
_evaluationValue = TargetEvaluationValue.NoMatch;
// Resource
context.Trace("Evaluating Resource...");
context.AddIndent();
TargetEvaluationValue resourceEval = _resources.Evaluate(context, context.CurrentResource);
context.TraceContextValues();
context.Trace("Target item result: {0}", resourceEval);
context.RemoveIndent();
// Action
context.Trace("Evaluating Action...");
context.AddIndent();
TargetEvaluationValue actionEval = _actions.Evaluate(context, context.ContextDocument.Request.Action);
context.TraceContextValues();
context.Trace("Target item result: {0}", actionEval);
context.RemoveIndent();
context.Trace("Evaluating Subjects...");
context.AddIndent();
if (actionEval == TargetEvaluationValue.Match && resourceEval == TargetEvaluationValue.Match)
{
// Subjects
foreach (ctx.SubjectElement ctxSubject in context.ContextDocument.Request.Subjects)
{
context.Trace("Evaluating Subject: {0}", ctxSubject.SubjectCategory);
// Subject
TargetEvaluationValue subjectEval = _subjects.Evaluate(context, ctxSubject);
context.TraceContextValues();
if (subjectEval == TargetEvaluationValue.Indeterminate)
{
_evaluationValue = TargetEvaluationValue.Indeterminate;
}
else if (subjectEval == TargetEvaluationValue.Match)
{
_evaluationValue = TargetEvaluationValue.Match;
context.RemoveIndent();
context.Trace("Target item result: {0}", _evaluationValue);
return(_evaluationValue);
}
}
context.RemoveIndent();
context.Trace("Target item result: {0}", _evaluationValue);
return(_evaluationValue);
}
else
{
context.Trace("Actions or Resources does not Match so Subjects will not be evaluated");
if (resourceEval == TargetEvaluationValue.Indeterminate || actionEval == TargetEvaluationValue.Indeterminate)
{
context.RemoveIndent();
return(TargetEvaluationValue.Indeterminate);
}
else
{
context.RemoveIndent();
return(TargetEvaluationValue.NoMatch);
}
}
}
/// <summary>
/// The evaluation implementation in the pseudo-code described in the specification.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="rules">The policies that must be evaluated.</param>
/// <returns>The final decission for the combination of the rule evaluation.</returns>
public Decision Evaluate( EvaluationContext context, RuleCollection rules )
{
Decision decision = Decision.Indeterminate;
bool atLeastOneError = false;
bool potentialDeny = false;
bool atLeastOnePermit = false;
context.Trace( "Evaluating rules..." );
context.AddIndent();
try
{
foreach( Rule rule in rules )
{
decision = rule.Evaluate( context );
context.TraceContextValues();
if( decision == Decision.Deny )
{
decision = Decision.Deny;
return decision;
}
if( decision == Decision.Permit )
{
atLeastOnePermit = true;
continue;
}
if( decision == Decision.NotApplicable )
{
continue;
}
if( decision == Decision.Indeterminate )
{
atLeastOneError = true;
if( rule.RuleDefinition.Effect == pol.Effect.Deny )
{
potentialDeny = true;
}
continue;
}
}
if( potentialDeny )
{
decision = Decision.Indeterminate;
return decision;
}
if( atLeastOnePermit )
{
decision = Decision.Permit;
return decision;
}
if( atLeastOneError )
{
decision = Decision.Indeterminate;
return decision;
}
decision = Decision.NotApplicable;
return decision;
}
finally
{
context.Trace( "Rule combination algorithm: {0}", decision.ToString() );
context.RemoveIndent();
}
}
