public void WritePolicy_11() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var target = new XacmlTarget(subject, null, null); XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicySetId.www"), new Uri("http://www.PolicyCombiningAlgId.www"), target); xacmlPolicySet.Description = "description string"; xacmlPolicySet.XPathVersion = Xacml10Constants.XPathVersions.Xpath10; XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), new XacmlTarget()) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml10ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, Path.Combine(TestCasePath, "cs-xacml-schema-context-01.xsd")); }
public void IID030_30() { XmlDocument request = new XmlDocument(); XmlDocument response = new XmlDocument(); XmlDocument policy1 = new XmlDocument(); XmlDocument policy2 = new XmlDocument(); request.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Request.xml")); response.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Response.xml")); policy1.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Policy1.xml")); policy2.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Policy2.xml")); var serialize = new Xacml30ProtocolSerializer(); XacmlContextRequest requestData; XacmlContextResponse responseData; XacmlPolicy policy1Data; XacmlPolicy policy2Data; using (XmlReader reader = XmlReader.Create(new StringReader(request.OuterXml))) { requestData = serialize.ReadContextRequest(reader); } using (XmlReader reader = XmlReader.Create(new StringReader(response.OuterXml))) { responseData = serialize.ReadContextResponse(reader); } using (XmlReader reader = XmlReader.Create(new StringReader(policy1.OuterXml))) { policy1Data = serialize.ReadPolicy(reader); } using (XmlReader reader = XmlReader.Create(new StringReader(policy2.OuterXml))) { policy2Data = serialize.ReadPolicy(reader); } var policySet = new XacmlPolicySet(Xacml10Constants.PolicyCombiningAlgorithms.OnlyOneApplicable, new XacmlTarget()); // TODO: PolicyCombiningAlgorithms policySet.Policies.Add(policy1Data); policySet.Policies.Add(policy2Data); EvaluationEngine engine = new EvaluationEngine30(policySet); XacmlContextResponse evaluatedResponse = engine.Evaluate(requestData, request); XacmlResponseAssert(responseData, evaluatedResponse); }
public void WritePolicy_20() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") } ) }); var resource = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); var action = new XacmlAction( new XacmlActionMatch[] { new XacmlActionMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlActionAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); var target = new XacmlTarget(subject, resource, action, null); // new Uri("http://www.PolicySetId.www") XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicyCombiningAlgId.www"), target) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; ////#region Policy XacmlEnvironment env = new XacmlEnvironment( new XacmlEnvironmentMatch[] { new XacmlEnvironmentMatch( new Uri("http://www.EnvironmentMatchIdId.www"), new XacmlAttributeValue(new Uri("http://www.AttributValue.www")), new XacmlEnvironmentAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); XacmlTarget targetWithEnvironment = new XacmlTarget(null, null, null, new XacmlEnvironment[] { env }); XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), targetWithEnvironment) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml20ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, Path.Combine(TestCasePath, "access_control-xacml-2.0-policy-schema-os.xsd")); }
/// <summary> /// public void WritePolicySet /// </summary> /// <param name="writer">XmlWriter writer</param> /// <param name="data">XacmlPolicySet data</param> public virtual void WritePolicySet(XmlWriter writer, XacmlPolicySet data) { if (writer == null) { throw new ArgumentNullException(nameof(writer)); } if (data == null) { throw new ArgumentNullException(nameof(data)); } writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy); writer.WriteAttributeString(XacmlConstants.AttributeNames.PolicySetId, data.PolicySetId.OriginalString); writer.WriteAttributeString(XacmlConstants.AttributeNames.PolicyCombiningAlgId, data.PolicyCombiningAlgId.OriginalString); if (data.Description != null) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy, data.Description); } // PolicySetDefaults if (data.XPathVersion != null) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy); writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy, data.XPathVersion.ToString()); writer.WriteEndElement(); } // Target this.WriteTarget(writer, data.Target); // PolicySet foreach (var policySet in data.PolicySets) { this.WritePolicySet(writer, policySet); } // Policy foreach (var policy in data.Policies) { this.WritePolicy(writer, policy); } // PolicySetIdReference foreach (var policySetIdReference in data.PolicySetIdReferences) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySetIdReference, this.Version.NamespacePolicy, policySetIdReference.ToString()); } // PolicyIdReference foreach (var policyIdReference in data.PolicyIdReferences) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicyIdReference, this.Version.NamespacePolicy, policyIdReference.ToString()); } // Obligations if (data.Obligations.Count > 0) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy); foreach (var obligation in data.Obligations) { this.WriteObligation(writer, obligation); } writer.WriteEndElement(); } writer.WriteEndElement(); }
/// <summary> /// Reads the policy set. /// </summary> /// <param name="reader">The reader.</param> /// <returns></returns> /// <exception cref="System.InvalidOperationException"></exception> public virtual XacmlPolicySet ReadPolicySet(XmlReader reader) { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } if (!this.CanRead(reader, XacmlConstants.ElementNames.PolicySet)) { throw ThrowHelperXml(reader, "XML message is not valid."); } // Collect namespaces IDictionary <string, string> nsMgr = new Dictionary <string, string>(); for (int i = 0; i < reader.AttributeCount; i++) { reader.MoveToAttribute(i); if (reader.Prefix == "xmlns") { nsMgr.Add(reader.LocalName, reader.Value); } } Uri gaPolicySetId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicySetId); Uri gaPolicyCombiningAlgId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicyCombiningAlgId); reader.ReadStartElement(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy); string description = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy)) { description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy); } // PolicySetDefault string xpathVersion = null; if (reader.IsStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy); if (!reader.IsStartElement(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy)) { throw ThrowHelperXml(reader, "XPathVerison NotStartElement"); } xpathVersion = reader.ReadElementContentAsString(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy); reader.ReadEndElement(); } XacmlTarget target = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy)) { target = ReadTarget(reader); } XacmlPolicySet policySet = new XacmlPolicySet(gaPolicySetId, gaPolicyCombiningAlgId, target) { Description = description, XPathVersion = xpathVersion != null ? new Uri(xpathVersion) : null, }; policySet.Namespaces = nsMgr; IDictionary <Tuple <string, string>, Action> dicts = new Dictionary <Tuple <string, string>, Action>() { { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy), () => policySet.PolicySets.Add(this.ReadPolicySet(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.Policy, this.Version.NamespacePolicy), () => policySet.Policies.Add(this.ReadPolicy(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySetIdReference, this.Version.NamespacePolicy), () => policySet.PolicySetIdReferences.Add(this.ReadPolicySetIdReference(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.PolicyIdReference, this.Version.NamespacePolicy), () => policySet.PolicyIdReferences.Add(this.ReadPolicyIdReference(reader)) }, }; this.ReadChoiceMultiply(reader, dicts); if (reader.IsStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy); this.ReadList(policySet.Obligations, XacmlConstants.ElementNames.Obligation, this.Version.NamespacePolicy, ReadObligation, reader); // end obligations reader.ReadEndElement(); } return(policySet); }