/// <summary>
///
/// </summary>
/// <param name="attribute"></param>
public Attribute( con.AttributeElementReadWrite attribute )
{
// This call is required by the Windows.Forms Form Designer.
InitializeComponent();
LoadingData = true;
_attribute = attribute;
foreach( FieldInfo field in typeof(InternalDataTypes).GetFields() )
{
cmbDataType.Items.Add( field.GetValue( null ) );
}
this.lstAttributeValue.DisplayMember = "Value";
foreach( con.AttributeValueElementReadWrite attr in _attribute.AttributeValues )
{
lstAttributeValue.Items.Add( attr );
}
if( _attribute.AttributeValues.Count != 0 )
{
lstAttributeValue.SelectedIndex = 0;
}
txtId.Text = _attribute.AttributeId;
txtId.DataBindings.Add( "Text", _attribute, "AttributeId" );
txtIssuer.Text = _attribute.Issuer;
//txtIssuer.DataBindings.Add( "Text", _attribute, "Issuer" );
cmbDataType.SelectedIndex = cmbDataType.FindStringExact( _attribute.DataType);
cmbDataType.DataBindings.Add( "SelectedItem", _attribute, "DataType" );
LoadingData = false;
}
/// <summary>
///
/// </summary>
/// <param name="resource"></param>
public Resource( con.ResourceElementReadWrite resource )
{
// This call is required by the Windows.Forms Form Designer.
InitializeComponent();
_resource = resource;
if( _resource.ResourceContent != null )
{
txtContent.Text = _resource.ResourceContent.XmlDocument.InnerXml;
}
}
/// <summary>
/// Resolves the attribute reference defined within the given match.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="match">The target item match.</param>
/// <param name="contextTargetItem">The context target item.</param>
/// <returns>The context attribute.</returns>
public static ctx.AttributeElement Resolve( EvaluationContext context, pol.TargetMatchBaseReadWrite match, ctx.TargetItemBase contextTargetItem )
{
ctx.AttributeElementReadWrite attribute = null;
if( match.AttributeReference is pol.AttributeDesignatorBase )
{
pol.AttributeDesignatorBase attrDesig = (pol.AttributeDesignatorBase)match.AttributeReference;
context.Trace( "Looking for attribute: {0}", attrDesig.AttributeId );
foreach( ctx.AttributeElementReadWrite tempAttribute in contextTargetItem.Attributes )
{
if( tempAttribute.Match( attrDesig ) )
{
attribute = tempAttribute;
break;
}
}
if( attribute == null )
{
context.Trace( "Attribute not found, loading searching an external repository" );
attribute = GetAttribute( context, attrDesig );
}
}
else if( match.AttributeReference is pol.AttributeSelectorElement )
{
pol.AttributeSelectorElement attrSelec = (pol.AttributeSelectorElement)match.AttributeReference;
ctx.ResourceContentElement content = (ctx.ResourceContentElement)((ctx.ResourceElement)contextTargetItem).ResourceContent;
if( content != null )
{
XmlDocument doc = context.ContextDocument.XmlDocument;
if( context.ContextDocument.XmlNamespaceManager == null )
{
context.ContextDocument.AddNamespaces( context.PolicyDocument.Namespaces );
}
string xpath = attrSelec.RequestContextPath;
try
{
XmlNode node = doc.DocumentElement.SelectSingleNode( xpath, context.ContextDocument.XmlNamespaceManager );
if( node != null )
{
attribute = new ctx.AttributeElement( null, attrSelec.DataType, null, null, node.InnerText, attrSelec.SchemaVersion );
}
}
catch( XPathException e )
{
context.Trace( Resource.TRACE_ERROR, e.Message );
context.ProcessingError = true;
}
}
}
if( attribute == null && match.AttributeReference.MustBePresent )
{
context.IsMissingAttribute = true;
context.AddMissingAttribute( match.AttributeReference );
}
if( attribute != null )
{
return new ctx.AttributeElement( attribute.AttributeId, attribute.DataType, attribute.Issuer, attribute.IssueInstant,
attribute.Value, attribute.SchemaVersion);
}
return null;
}
/// <summary>
/// Search for the attribute in the context target item using the attribute designator specified.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <param name="attributeDesignator">The attribute designator instance.</param>
/// <param name="targetItem">The target item to search in.</param>
/// <returns>A bag value with the values of the attributes found.</returns>
public static BagValue FindAttribute( EvaluationContext context, pol.AttributeDesignatorBase attributeDesignator, ctx.TargetItemBase targetItem )
{
BagValue bag = new BagValue( GetDataType( attributeDesignator.DataType ) );
foreach( ctx.AttributeElement attribute in targetItem.Attributes )
{
if( attribute.Match( attributeDesignator ) )
{
context.Trace( "Adding target item attribute designator: {0}", attribute.ToString() );
bag.Add( attribute );
}
}
return bag;
}
/// <summary>
/// Evaluate the context document using a specified policy
/// </summary>
/// <param name="policyDocument">The policy instance</param>
/// <param name="contextDocument">The context document instance</param>
/// <returns>The response document</returns>
public ctx.ResponseElement Evaluate( pol.PolicyDocument policyDocument, ctx.ContextDocument contextDocument )
{
if (policyDocument == null) throw new ArgumentNullException("policyDocument");
if (contextDocument == null) throw new ArgumentNullException("contextDocument");
EvaluationContext context = new EvaluationContext( this, policyDocument, (ctx.ContextDocument)contextDocument ) ;
context.Trace( "Start evaluation" );
context.AddIndent();
if ( policyDocument == null || contextDocument == null )
{
// If a validation error was found a response is created with the syntax error message
ctx.ResponseElement response =
new ctx.ResponseElement(
new ctx.ResultElement[] {
new ctx.ResultElement(
null,
Decision.Indeterminate,
new ctx.StatusElement(
new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ),
null,
null, policyDocument.Version ),
null, policyDocument.Version ) },
policyDocument.Version );
return response;
}
// Check if both documents are valid
if( !policyDocument.IsValidDocument || !contextDocument.IsValidDocument )
{
// If a validation error was found a response is created with the syntax error message
ctx.ResponseElement response =
new ctx.ResponseElement(
new ctx.ResultElement[] {
new ctx.ResultElement(
null,
Decision.Indeterminate,
new ctx.StatusElement(
new ctx.StatusCodeElement( StatusCodes.SyntaxError, null, policyDocument.Version ),
null,
null, policyDocument.Version ),
null, policyDocument.Version ) },
policyDocument.Version );
return response;
}
// Create a new response
contextDocument.Response = new ctx.ResponseElement( (ctx.ResultElement[])null, policyDocument.Version );
try
{
// Create the evaluable policy intance
IMatchEvaluable policy = null;
if( policyDocument.PolicySet != null )
{
policy = new PolicySet( this, (pol.PolicySetElement)policyDocument.PolicySet );
}
else if( policyDocument.Policy != null )
{
policy = new Policy( (pol.PolicyElement)policyDocument.Policy );
}
// Evaluate the policy or policy set
if( policy != null )
{
// Creates the evaluable policy set
if( policy.AllResources.Count == 0 )
{
policy.AllResources.Add( "" );
}
string requestedResourceString = String.Empty;
Uri requestedResource = null;
foreach( ctx.ResourceElement resource in contextDocument.Request.Resources )
{
// Keep the requested resource
if( resource.IsHierarchical )
{
foreach( ctx.AttributeElement attribute in resource.Attributes )
{
if( attribute.AttributeId == ResourceElement.ResourceId )
{
if( context.PolicyDocument.Version == XacmlVersion.Version10 ||
context.PolicyDocument.Version == XacmlVersion.Version11 )
{
requestedResourceString = attribute.AttributeValues[0].Contents;
}
else
{
if( attribute.AttributeValues.Count > 1 )
{
throw new NotSupportedException( "resources contains a bag of values" );
}
requestedResourceString = attribute.AttributeValues[0].Contents;
}
}
}
if( !string.IsNullOrEmpty(requestedResourceString) )
{
requestedResource = new Uri( requestedResourceString );
}
}
// Iterate through the policy resources evaluating each resource in the context document request
foreach( string resourceName in policy.AllResources )
{
bool mustEvaluate;
if( resource.IsHierarchical )
{
//Validate if the resource is hierarchically desdendant or children
//of the requested resource
Uri policyResource = new Uri( resourceName );
if( !(mustEvaluate = requestedResource.Equals( policyResource ) ) )
{
// Perform the hierarchical evaluation
if( resource.ResourceScopeValue == ctx.ResourceScope.Children )
{
mustEvaluate = typ.AnyUri.IsChildrenOf( requestedResource, policyResource );
}
else if( resource.ResourceScopeValue == ctx.ResourceScope.Descendants )
{
mustEvaluate = typ.AnyUri.IsDescendantOf( requestedResource, policyResource );
}
}
if( mustEvaluate )
{
foreach( ctx.AttributeElementReadWrite attribute in context.CurrentResource.Attributes )
{
if( attribute.AttributeId == ResourceElement.ResourceId )
{
attribute.AttributeValues[0].Contents = resourceName;
break;
}
}
}
}
else
{
context.CurrentResource = resource;
mustEvaluate = true;
}
if( mustEvaluate )
{
// Evaluates the policy set
Decision decision = policy.Evaluate( context );
// Create a status code using the policy execution state
ctx.StatusCodeElement scode;
if( context.IsMissingAttribute )
{
scode = new ctx.StatusCodeElement(
StatusCodes.MissingAttribute, null, policyDocument.Version );
}
else if( context.ProcessingError )
{
scode = new ctx.StatusCodeElement(
StatusCodes.ProcessingError, null, policyDocument.Version );
}
else
{
scode = new ctx.StatusCodeElement(
StatusCodes.OK, null, policyDocument.Version );
}
//Stop the iteration if there is not a hierarchical request
if( !resource.IsHierarchical )
{
// Ussually when a single resource is requested the ResourceId is not specified in the result
IObligationsContainer oblig = policy as IObligationsContainer;
contextDocument.Response.Results.Add(
new ctx.ResultElement( "", decision,
new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) );
break;
}
else
{
// Adding a resource for each requested resource, using the resourceName as the resourceId of the result
IObligationsContainer oblig = policy as IObligationsContainer;
contextDocument.Response.Results.Add(
new ctx.ResultElement( resourceName, decision,
new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) );
}
} // if( mustEvaluate )
} // foreach( string resourceName in policy.AllResources )
}
} //if( policy != null )
}
catch( EvaluationException e )
{
// If a validation error was found a response is created with the syntax error message
contextDocument.Response =
new ctx.ResponseElement(
new ctx.ResultElement[] {
new ctx.ResultElement(
null,
Decision.Indeterminate,
new ctx.StatusElement(
new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ),
e.Message,
e.StackTrace, policyDocument.Version ),
null, policyDocument.Version ) },
policyDocument.Version );
}
return contextDocument.Response;
}
/// <summary>
/// Evaluate the context document using a specified policy
/// </summary>
/// <param name="contextDocument">The context document instance</param>
/// <returns>The response document.</returns>
public ctx.ResponseElement Evaluate( ctx.ContextDocument contextDocument )
{
EvaluationContext context = new EvaluationContext( this, null, contextDocument );
try
{
// Validates the configuration file was found.
if( ConfigurationRoot.Config != null )
{
// Search all the policies repositories to find a policy that matches the
// context document
pol.PolicyDocument policyDocument = null;
foreach( inf.IPolicyRepository policyRep in ConfigurationRoot.Config.PolicyRepositories )
{
if( policyDocument == null )
{
policyDocument = policyRep.Match( context );
}
else
{
throw new EvaluationException( Resource.ResourceManager[ Resource.MessageKey.exc_duplicated_policy_in_repository ] );
}
}
// If the policy was found evaluate the context document, otherwise use the
// Evaluate method to generate a Response context document.
if( policyDocument != null )
{
return Evaluate( policyDocument, contextDocument );
}
return Evaluate(null, null);
}
throw new EvaluationException(Resource.ResourceManager[ Resource.MessageKey.exc_configuration_file_not_found]);
}
catch( EvaluationException e )
{
context.Trace( Resource.TRACE_ERROR, e.Message );
}
return Evaluate(null, null);
}
