Exemple #1
        /// <summary>
        /// Method called by the EvaluationEngine when the evaluation is executed without a policy document, this
        /// method search in the policy repository and return the first policy that matches its target with the
        /// context document specified.
        /// </summary>
        /// <param name="context">The evaluation context instance.</param>
        /// <returns>The policy document ready to be used by the evaluation engine.</returns>
        public pol.PolicyDocument Match(rtm.EvaluationContext context)
            if (context == null)
                throw new ArgumentNullException("context");
            pol.PolicyDocument polEv = null;

            //Search if there is a policySet which target matches the context document
            foreach (pol.PolicyDocument policy in _policySets.Values)
                rtm.PolicySet tempPolicy = new rtm.PolicySet(context.Engine, (pol.PolicySetElement)policy.PolicySet);

                rtm.EvaluationContext tempContext = new rtm.EvaluationContext(context.Engine, policy, context.ContextDocument);

                // Match the policy set target with the context document
                if (tempPolicy.Match(tempContext) == rtm.TargetEvaluationValue.Match)
                    if (polEv == null)
                        polEv = policy;
                        throw new EvaluationException(Resource.ResourceManager[Resource.MessageKey.exc_duplicated_policy_in_repository]);

            //Search if there is a policy which target matches the context document
            foreach (pol.PolicyDocument policy in _policies.Values)
                rtm.Policy tempPolicy = new rtm.Policy((pol.PolicyElement)policy.Policy);

                rtm.EvaluationContext tempContext = new rtm.EvaluationContext(context.Engine, policy, context.ContextDocument);

                // Match the policy target with the context document
                if (tempPolicy.Match(tempContext) == rtm.TargetEvaluationValue.Match)
                    if (polEv == null)
                        polEv = policy;
                        throw new EvaluationException(Resource.ResourceManager[Resource.MessageKey.exc_duplicated_policy_in_repository]);
		/// <summary>
		/// Evaluate the context document using a specified policy
		/// </summary>
		/// <param name="policyDocument">The policy instance</param>
		/// <param name="contextDocument">The context document instance</param>
		/// <returns>The response document</returns>
		public ctx.ResponseElement Evaluate( pol.PolicyDocument policyDocument, ctx.ContextDocument contextDocument )
            if (policyDocument == null) throw new ArgumentNullException("policyDocument");
            if (contextDocument == null) throw new ArgumentNullException("contextDocument");
			EvaluationContext context = new EvaluationContext( this, policyDocument, (ctx.ContextDocument)contextDocument ) ;

			context.Trace( "Start evaluation" );

            if ( policyDocument == null || contextDocument == null )
				// If a validation error was found a response is created with the syntax error message
				ctx.ResponseElement response =
					new ctx.ResponseElement( 
						new ctx.ResultElement[] {
							new ctx.ResultElement( 
								new ctx.StatusElement( 
									new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ), 
									null, policyDocument.Version ), 
									null, policyDocument.Version ) }, 
					policyDocument.Version );
				return response;

			// Check if both documents are valid
			if( !policyDocument.IsValidDocument || !contextDocument.IsValidDocument )
				// If a validation error was found a response is created with the syntax error message
				ctx.ResponseElement response =
					new ctx.ResponseElement( 
						new ctx.ResultElement[] {
							new ctx.ResultElement( 
								new ctx.StatusElement( 
									new ctx.StatusCodeElement( StatusCodes.SyntaxError, null, policyDocument.Version ), 
									null, policyDocument.Version ), 
								null, policyDocument.Version ) }, 
					policyDocument.Version );
				return response;

			// Create a new response
			contextDocument.Response = new ctx.ResponseElement( (ctx.ResultElement[])null, policyDocument.Version );

				// Create the evaluable policy intance
				IMatchEvaluable policy = null;
				if( policyDocument.PolicySet != null )
					policy = new PolicySet( this, (pol.PolicySetElement)policyDocument.PolicySet );
				else if( policyDocument.Policy != null )
					policy = new Policy( (pol.PolicyElement)policyDocument.Policy );

				// Evaluate the policy or policy set
				if( policy != null )
					// Creates the evaluable policy set
					if( policy.AllResources.Count == 0 )
						policy.AllResources.Add( "" );

					string requestedResourceString = String.Empty;
					Uri requestedResource = null;

					foreach( ctx.ResourceElement resource in contextDocument.Request.Resources )
						// Keep the requested resource
						if( resource.IsHierarchical )
							foreach( ctx.AttributeElement attribute in resource.Attributes )
								if( attribute.AttributeId == ResourceElement.ResourceId )
									if( context.PolicyDocument.Version == XacmlVersion.Version10 || 
										context.PolicyDocument.Version == XacmlVersion.Version11 )
										requestedResourceString = attribute.AttributeValues[0].Contents;
										if( attribute.AttributeValues.Count > 1 )
											throw new NotSupportedException( "resources contains a bag of values" );
										requestedResourceString = attribute.AttributeValues[0].Contents;
							if( !string.IsNullOrEmpty(requestedResourceString) )
								requestedResource = new Uri( requestedResourceString );

						// Iterate through the policy resources evaluating each resource in the context document request 
					    foreach( string resourceName in policy.AllResources )
						    bool mustEvaluate;
						    if( resource.IsHierarchical )
								//Validate if the resource is hierarchically desdendant or children 
								//of the requested resource
								Uri policyResource = new Uri( resourceName );

								if( !(mustEvaluate = requestedResource.Equals( policyResource ) ) )
									// Perform the hierarchical evaluation
									if( resource.ResourceScopeValue == ctx.ResourceScope.Children )
										mustEvaluate = typ.AnyUri.IsChildrenOf( requestedResource, policyResource );
									else if( resource.ResourceScopeValue == ctx.ResourceScope.Descendants )
										mustEvaluate = typ.AnyUri.IsDescendantOf( requestedResource, policyResource );

								if( mustEvaluate )
									foreach( ctx.AttributeElementReadWrite attribute in context.CurrentResource.Attributes )
										if( attribute.AttributeId == ResourceElement.ResourceId )
											attribute.AttributeValues[0].Contents = resourceName;
								context.CurrentResource = resource;
								mustEvaluate = true;

							if( mustEvaluate )
								// Evaluates the policy set
								Decision decision = policy.Evaluate( context );

								// Create a status code using the policy execution state
								ctx.StatusCodeElement scode;
								if( context.IsMissingAttribute )
									scode = new ctx.StatusCodeElement( 
										StatusCodes.MissingAttribute, null, policyDocument.Version );
								else if( context.ProcessingError )
									scode = new ctx.StatusCodeElement( 
										StatusCodes.ProcessingError, null, policyDocument.Version );
									scode = new ctx.StatusCodeElement( 
										StatusCodes.OK, null, policyDocument.Version );

								//Stop the iteration if there is not a hierarchical request
								if( !resource.IsHierarchical )
									// Ussually when a single resource is requested the ResourceId is not specified in the result
									IObligationsContainer oblig = policy as IObligationsContainer;
										new ctx.ResultElement( "", decision, 
											new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) );
									// Adding a resource for each requested resource, using the resourceName as the resourceId of the result
									IObligationsContainer oblig = policy as IObligationsContainer;
										new ctx.ResultElement( resourceName, decision, 
											new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) );
							} // if( mustEvaluate )
						} // foreach( string resourceName in policy.AllResources )
				} //if( policy != null )
			catch( EvaluationException e )
				// If a validation error was found a response is created with the syntax error message
				contextDocument.Response =
					new ctx.ResponseElement( 
						new ctx.ResultElement[] {
							new ctx.ResultElement( 
								new ctx.StatusElement( 
									new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ), 
									e.StackTrace, policyDocument.Version ), 
								null, policyDocument.Version ) }, 
					policyDocument.Version );

			return contextDocument.Response;
Exemple #3
		/// <summary>
		/// Creates a new runtime policy set evaluation.
		/// </summary>
		/// <param name="engine">The evaluation engine.</param>
		/// <param name="policySet">The policy set defined in the policy document.</param>
		public PolicySet( EvaluationEngine engine, pol.PolicySetElement policySet )
            if (engine == null) throw new ArgumentNullException("engine");
            if (policySet == null) throw new ArgumentNullException("policySet");
			_policySet = policySet;

			// Create a runtime target of this policy set.
			if( policySet.Target != null )
				_target = new Target( (pol.TargetElement)policySet.Target );

				foreach( pol.ResourceElement resource in policySet.Target.Resources.ItemsList )
					foreach( pol.ResourceMatchElement rmatch in resource.Match )
						if( !_allResources.Contains( rmatch.AttributeValue.Contents ) )
							_allResources.Add( rmatch.AttributeValue.Contents );

			// Add all the policies (or policy set) inside this policy set.
			foreach( object child in policySet.Policies )
                pol.PolicySetElement childPolicySet = child as pol.PolicySetElement;
                pol.PolicyElement childPolicyElement = child as pol.PolicyElement;
                pol.PolicySetIdReferenceElement childPolicySetIdReference = child as pol.PolicySetIdReferenceElement;
                pol.PolicyIdReferenceElement childPolicyIdReferenceElement = child as pol.PolicyIdReferenceElement;
                if (childPolicySet != null)
                    PolicySet policySetEv = new PolicySet(engine, childPolicySet);
					foreach( string rName in policySetEv.AllResources )
						if( !_allResources.Contains( rName ) )
							_allResources.Add( rName );
					_policies.Add( policySetEv );
                else if (childPolicyElement!=null)
                    Policy policyEv = new Policy(childPolicyElement);
					foreach( string rName in policyEv.AllResources )
						if( !_allResources.Contains( rName ) )
							_allResources.Add( rName );
					_policies.Add( policyEv );
                else if (childPolicySetIdReference!=null)
                    pol.PolicySetElement policySetDefinition = EvaluationEngine.Resolve(childPolicySetIdReference);
					if( policySetDefinition != null )
						PolicySet policySetEv = new PolicySet( engine, policySetDefinition );
						foreach( string rName in policySetEv.AllResources )
							if( !_allResources.Contains( rName ) )
								_allResources.Add( rName );
						_policies.Add( policySetEv );
						throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_policyset_reference_not_resolved, ((pol.PolicySetIdReferenceElement)child).PolicySetId ] );
                else if (childPolicyIdReferenceElement!=null)
                    pol.PolicyElement policyDefinition = EvaluationEngine.Resolve(childPolicyIdReferenceElement);
					if( policyDefinition != null )
						Policy policyEv = new Policy( policyDefinition );
						foreach( string rName in policyEv.AllResources )
							if( !_allResources.Contains( rName ) )
								_allResources.Add( rName );
						_policies.Add( policyEv );
						throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_policy_reference_not_resolved, ((pol.PolicyIdReferenceElement)child).PolicyId ] );
		/// <summary>
		/// Method called by the EvaluationEngine when the evaluation is executed without a policy document, this 
		/// method search in the policy repository and return the first policy that matches its target with the
		/// context document specified.
		/// </summary>
		/// <param name="context">The evaluation context instance.</param>
		/// <returns>The policy document ready to be used by the evaluation engine.</returns>
		public pol.PolicyDocument Match( rtm.EvaluationContext context )
            if (context == null) throw new ArgumentNullException("context");
			pol.PolicyDocument polEv = null;
			//Search if there is a policySet which target matches the context document
			foreach( pol.PolicyDocument policy in _policySets.Values )
				rtm.PolicySet tempPolicy = new rtm.PolicySet( context.Engine, (pol.PolicySetElement)policy.PolicySet );

				rtm.EvaluationContext tempContext = new rtm.EvaluationContext( context.Engine, policy, context.ContextDocument );

				// Match the policy set target with the context document
				if( tempPolicy.Match( tempContext ) == rtm.TargetEvaluationValue.Match )
					if( polEv == null )
						polEv = policy;
						throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_duplicated_policy_in_repository ] );

			//Search if there is a policy which target matches the context document
			foreach( pol.PolicyDocument policy in _policies.Values )
				rtm.Policy tempPolicy = new rtm.Policy( (pol.PolicyElement)policy.Policy );

				rtm.EvaluationContext tempContext = new rtm.EvaluationContext( context.Engine, policy, context.ContextDocument );

				// Match the policy target with the context document
				if( tempPolicy.Match( tempContext ) == rtm.TargetEvaluationValue.Match )
					if( polEv == null )
						polEv = policy;
						throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_duplicated_policy_in_repository ] );
			return polEv;