Esempio n. 1
0
        public void WritePolicy_11()
        {
            var subject = new XacmlSubject(
                new XacmlSubjectMatch[]
            {
                new XacmlSubjectMatch(
                    new Uri("http://www.MatchId.www"),
                    new XacmlAttributeValue(new Uri("http://www.DataType.www")),
                    new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"))
                {
                    Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www")
                })
            });

            var            target         = new XacmlTarget(subject, null, null);
            XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicySetId.www"), new Uri("http://www.PolicyCombiningAlgId.www"), target);

            xacmlPolicySet.Description  = "description string";
            xacmlPolicySet.XPathVersion = Xacml10Constants.XPathVersions.Xpath10;

            XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), new XacmlTarget())
            {
                Description  = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };

            XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit)
            {
                Description = "xacmlRule description"
            };

            xacmlPolicy.Rules.Add(xacmlRule);
            XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"));
            XacmlObligation          xacmlObligation          = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment });

            xacmlPolicy.Obligations.Add(xacmlObligation);

            xacmlPolicySet.Policies.Add(xacmlPolicy);

            StringBuilder builder = new StringBuilder();

            using (XmlWriter writer = XmlWriter.Create(builder)) {
                var serializer = new Xacml10ProtocolSerializer();
                serializer.WritePolicySet(writer, xacmlPolicySet);
            }

            string xml = builder.ToString();

            ValidateMessage(xml, Path.Combine(TestCasePath, "cs-xacml-schema-context-01.xsd"));
        }
Esempio n. 2
0
        public void IID030_30()
        {
            XmlDocument request  = new XmlDocument();
            XmlDocument response = new XmlDocument();

            XmlDocument policy1 = new XmlDocument();
            XmlDocument policy2 = new XmlDocument();

            request.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Request.xml"));
            response.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Response.xml"));
            policy1.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Policy1.xml"));
            policy2.Load(Path.Combine(Xacml30TestsCases.TestCasePath, "IID030Policy2.xml"));

            var serialize = new Xacml30ProtocolSerializer();
            XacmlContextRequest  requestData;
            XacmlContextResponse responseData;

            XacmlPolicy policy1Data;
            XacmlPolicy policy2Data;

            using (XmlReader reader = XmlReader.Create(new StringReader(request.OuterXml))) {
                requestData = serialize.ReadContextRequest(reader);
            }

            using (XmlReader reader = XmlReader.Create(new StringReader(response.OuterXml))) {
                responseData = serialize.ReadContextResponse(reader);
            }

            using (XmlReader reader = XmlReader.Create(new StringReader(policy1.OuterXml))) {
                policy1Data = serialize.ReadPolicy(reader);
            }

            using (XmlReader reader = XmlReader.Create(new StringReader(policy2.OuterXml))) {
                policy2Data = serialize.ReadPolicy(reader);
            }

            var policySet = new XacmlPolicySet(Xacml10Constants.PolicyCombiningAlgorithms.OnlyOneApplicable, new XacmlTarget()); // TODO: PolicyCombiningAlgorithms

            policySet.Policies.Add(policy1Data);
            policySet.Policies.Add(policy2Data);

            EvaluationEngine engine = new EvaluationEngine30(policySet);

            XacmlContextResponse evaluatedResponse = engine.Evaluate(requestData, request);

            XacmlResponseAssert(responseData, evaluatedResponse);
        }
Esempio n. 3
0
        public void WritePolicy_20()
        {
            var subject = new XacmlSubject(
                new XacmlSubjectMatch[]
            {
                new XacmlSubjectMatch(
                    new Uri("http://www.MatchId.www"),
                    new XacmlAttributeValue(new Uri("http://www.DataType.www")),
                    new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"))
                {
                    Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www")
                }
                    )
            });

            var resource = new XacmlResource(
                new XacmlResourceMatch[]
            {
                new XacmlResourceMatch(
                    new Uri("http://www.MatchId.www"),
                    new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */),
                    new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"))
                {
                    Issuer = "String", MustBePresent = false
                }
                    )
            });

            var action = new XacmlAction(
                new XacmlActionMatch[]
            {
                new XacmlActionMatch(
                    new Uri("http://www.MatchId.www"),
                    new XacmlAttributeValue(new Uri("http://www.DataType.www")),
                    new XacmlActionAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"))
                {
                    Issuer = "String", MustBePresent = false
                }
                    )
            });

            var target = new XacmlTarget(subject, resource, action, null);

            // new Uri("http://www.PolicySetId.www")
            XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicyCombiningAlgId.www"), target)
            {
                Description  = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };

            ////#region Policy
            XacmlEnvironment env = new XacmlEnvironment(
                new XacmlEnvironmentMatch[]
            {
                new XacmlEnvironmentMatch(
                    new Uri("http://www.EnvironmentMatchIdId.www"),
                    new XacmlAttributeValue(new Uri("http://www.AttributValue.www")),
                    new XacmlEnvironmentAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"))
                {
                    Issuer = "String", MustBePresent = false
                }
                    )
            });

            XacmlTarget targetWithEnvironment = new XacmlTarget(null, null, null, new XacmlEnvironment[] { env });

            XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), targetWithEnvironment)
            {
                Description  = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };

            XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit)
            {
                Description = "xacmlRule description"
            };

            xacmlPolicy.Rules.Add(xacmlRule);

            XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"));
            XacmlObligation          xacmlObligation          = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment });

            xacmlPolicy.Obligations.Add(xacmlObligation);

            xacmlPolicySet.Policies.Add(xacmlPolicy);

            StringBuilder builder = new StringBuilder();

            using (XmlWriter writer = XmlWriter.Create(builder)) {
                var serializer = new Xacml20ProtocolSerializer();
                serializer.WritePolicySet(writer, xacmlPolicySet);
            }

            string xml = builder.ToString();

            ValidateMessage(xml, Path.Combine(TestCasePath, "access_control-xacml-2.0-policy-schema-os.xsd"));
        }
Esempio n. 4
0
        /// <summary>
        /// public void WritePolicySet
        /// </summary>
        /// <param name="writer">XmlWriter writer</param>
        /// <param name="data">XacmlPolicySet data</param>
        public virtual void WritePolicySet(XmlWriter writer, XacmlPolicySet data)
        {
            if (writer == null)
            {
                throw new ArgumentNullException(nameof(writer));
            }

            if (data == null)
            {
                throw new ArgumentNullException(nameof(data));
            }

            writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.PolicySetId, data.PolicySetId.OriginalString);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.PolicyCombiningAlgId, data.PolicyCombiningAlgId.OriginalString);

            if (data.Description != null)
            {
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy, data.Description);
            }

            // PolicySetDefaults
            if (data.XPathVersion != null)
            {
                writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy);
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy, data.XPathVersion.ToString());
                writer.WriteEndElement();
            }

            // Target
            this.WriteTarget(writer, data.Target);

            // PolicySet
            foreach (var policySet in data.PolicySets)
            {
                this.WritePolicySet(writer, policySet);
            }

            // Policy
            foreach (var policy in data.Policies)
            {
                this.WritePolicy(writer, policy);
            }

            // PolicySetIdReference
            foreach (var policySetIdReference in data.PolicySetIdReferences)
            {
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicySetIdReference, this.Version.NamespacePolicy, policySetIdReference.ToString());
            }

            // PolicyIdReference
            foreach (var policyIdReference in data.PolicyIdReferences)
            {
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.PolicyIdReference, this.Version.NamespacePolicy, policyIdReference.ToString());
            }

            // Obligations
            if (data.Obligations.Count > 0)
            {
                writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy);
                foreach (var obligation in data.Obligations)
                {
                    this.WriteObligation(writer, obligation);
                }

                writer.WriteEndElement();
            }

            writer.WriteEndElement();
        }
Esempio n. 5
0
        /// <summary>
        /// Reads the policy set.
        /// </summary>
        /// <param name="reader">The reader.</param>
        /// <returns></returns>
        /// <exception cref="System.InvalidOperationException"></exception>
        public virtual XacmlPolicySet ReadPolicySet(XmlReader reader)
        {
            if (reader == null)
            {
                throw new ArgumentNullException(nameof(reader));
            }

            if (!this.CanRead(reader, XacmlConstants.ElementNames.PolicySet))
            {
                throw ThrowHelperXml(reader, "XML message is not valid.");
            }

            // Collect namespaces
            IDictionary <string, string> nsMgr = new Dictionary <string, string>();

            for (int i = 0; i < reader.AttributeCount; i++)
            {
                reader.MoveToAttribute(i);
                if (reader.Prefix == "xmlns")
                {
                    nsMgr.Add(reader.LocalName, reader.Value);
                }
            }

            Uri gaPolicySetId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicySetId);

            Uri gaPolicyCombiningAlgId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicyCombiningAlgId);

            reader.ReadStartElement(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy);

            string description = null;

            if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy))
            {
                description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy);
            }

            // PolicySetDefault
            string xpathVersion = null;

            if (reader.IsStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy))
            {
                reader.ReadStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy);

                if (!reader.IsStartElement(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy))
                {
                    throw ThrowHelperXml(reader, "XPathVerison NotStartElement");
                }

                xpathVersion = reader.ReadElementContentAsString(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy);

                reader.ReadEndElement();
            }

            XacmlTarget target = null;

            if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy))
            {
                target = ReadTarget(reader);
            }

            XacmlPolicySet policySet = new XacmlPolicySet(gaPolicySetId, gaPolicyCombiningAlgId, target)
            {
                Description  = description,
                XPathVersion = xpathVersion != null ? new Uri(xpathVersion) : null,
            };

            policySet.Namespaces = nsMgr;

            IDictionary <Tuple <string, string>, Action> dicts = new Dictionary <Tuple <string, string>, Action>()
            {
                { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy), () => policySet.PolicySets.Add(this.ReadPolicySet(reader)) },
                { new Tuple <string, string>(XacmlConstants.ElementNames.Policy, this.Version.NamespacePolicy), () => policySet.Policies.Add(this.ReadPolicy(reader)) },
                { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySetIdReference, this.Version.NamespacePolicy), () => policySet.PolicySetIdReferences.Add(this.ReadPolicySetIdReference(reader)) },
                { new Tuple <string, string>(XacmlConstants.ElementNames.PolicyIdReference, this.Version.NamespacePolicy), () => policySet.PolicyIdReferences.Add(this.ReadPolicyIdReference(reader)) },
            };

            this.ReadChoiceMultiply(reader, dicts);

            if (reader.IsStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy))
            {
                reader.ReadStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy);

                this.ReadList(policySet.Obligations, XacmlConstants.ElementNames.Obligation, this.Version.NamespacePolicy, ReadObligation, reader);

                // end obligations
                reader.ReadEndElement();
            }

            return(policySet);
        }