/// <remarks>
/// used only for XACML 3.0
/// </remarks>
public IEnumerable <XmlNode> GetAttributeByXPath(Uri xpathVersion, string xpathExpression, Uri category, Uri contextSelectorId = null, IDictionary <string, string> namespaces = null)
{
if (xpathVersion == null)
{
throw new ArgumentNullException(nameof(xpathVersion));
}
if (xpathExpression == null)
{
throw new ArgumentNullException(nameof(xpathExpression));
}
if (xpathExpression.Length == 0)
{
throw new ArgumentException("Value cannot be empty.", nameof(xpathExpression));
}
if (category == null)
{
throw new ArgumentNullException(nameof(category));
}
var xpath = this.xpathProcessor[xpathVersion.ToString()];
if (contextSelectorId != null)
{
// PROFILE - Multiple Decision Profile - #POL01 - #SPEC2744
XacmlAttribute attribute = this.request.Attributes.First(o => string.Equals(o.Category.OriginalString, category.OriginalString))
.Attributes.FirstOrDefault(o => string.Equals(o.AttributeId.OriginalString, contextSelectorId.OriginalString));
if (attribute == null)
{
throw new XacmlIndeterminateException("Cannot find attribute with name: " + contextSelectorId);
}
XacmlAttributeValue xPathExpressionDataTypeAttribute = attribute.AttributeValues.FirstOrDefault(o => string.Equals(o.DataType.OriginalString, "urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression"));
if (xPathExpressionDataTypeAttribute == null)
{
throw new XacmlIndeterminateException("Cannot find attribute with name: " + contextSelectorId);
}
// IEnumerable<XmlNode> nodes = XPathProcessor.Get().GetValue(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xPathExpressionDataTypeAttribute.Value, namespaces)
IEnumerable <XmlNode> nodes = xpath.Invoke(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xPathExpressionDataTypeAttribute.Value, namespaces);
List <XmlNode> result = new List <XmlNode>();
foreach (XmlNode node in nodes)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(node.OuterXml);
result.AddRange(xpath.Invoke(doc, @"/*", xpathExpression, namespaces));
}
return(result);
}
else
{
return(xpath.Invoke(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xpathExpression, namespaces));
}
}
private static void ConvertCategoryAttributes(List <XacmlJsonCategory> categoryList, string categoryId, ICollection <XacmlContextAttributes> contextAttributes)
{
if (categoryList == null)
{
return;
}
foreach (XacmlJsonCategory subjectCategory in categoryList)
{
if (!string.IsNullOrEmpty(subjectCategory.CategoryId))
{
categoryId = subjectCategory.CategoryId;
}
XacmlContextAttributes xacmlContextAttributes = new XacmlContextAttributes(new Uri(categoryId));
XacmlAttribute xacmlAttribute = null;
ICollection <XacmlAttributeValue> attributeValues = new Collection <XacmlAttributeValue>();
foreach (XacmlJsonAttribute jsonAttribute in subjectCategory.Attribute)
{
if (xacmlAttribute == null)
{
xacmlAttribute = new XacmlAttribute(new Uri(jsonAttribute.AttributeId), jsonAttribute.IncludeInResult);
}
XacmlAttributeValue xacmlAttributeValue = new XacmlAttributeValue(new Uri(ConvertDataType(jsonAttribute)), jsonAttribute.Value);
xacmlAttribute.AttributeValues.Add(xacmlAttributeValue);
xacmlContextAttributes.Attributes.Add(xacmlAttribute);
}
contextAttributes.Add(xacmlContextAttributes);
}
}
/// <summary>
/// protected virtual void WriteAttributeValue
/// </summary>
/// <param name="writer">XmlWriter writer</param>
/// <param name="data">XacmlAttributeValue data</param>
protected virtual void WriteAttributeValue(XmlWriter writer, XacmlAttributeValue data)
{
if (writer == null)
{
throw new ArgumentNullException(nameof(writer));
}
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AttributeValue, this.Version.NamespacePolicy);
writer.WriteAttributeString(XacmlConstants.AttributeNames.DataType, data.DataType.OriginalString);
if (data.Value != null)
{
writer.WriteString(data.Value);
}
else
{
this.WriteOpenElement(writer, (XacmlOpenElement)data);
}
writer.WriteEndElement();
}
private static void AssertAttributeValueEqual(XacmlAttributeValue expected, XacmlAttributeValue actual)
{
Assert.NotNull(actual);
Assert.NotNull(expected);
Assert.Equal(expected.DataType.OriginalString, actual.DataType.OriginalString);
Assert.Equal(expected.Value, actual.Value);
AssertCollections(expected.Attributes, actual.Attributes, AssertXAttributeEqual);
AssertCollections(expected.Elements, actual.Elements, AssertXElementEqual);
}
/// <summary>
/// Reads the attribute value.
/// </summary>
/// <param name="reader">The reader.</param>
/// <returns></returns>
/// <exception cref="System.Xml.XmlException">
/// AttributeValue NotStartElement
/// or
/// DataType IsNullOrEmpty
/// </exception>
protected virtual XacmlAttributeValue ReadAttributeValue(XmlReader reader)
{
if (reader == null)
{
throw new ArgumentNullException(nameof(reader));
}
if (!reader.IsStartElement(XacmlConstants.ElementNames.AttributeValue, this.Version.NamespacePolicy))
{
throw ThrowHelperXml(reader, "AttributeValue NotStartElement");
}
IDictionary <string, string> attributes = new Dictionary <string, string>();
var dataType = reader.GetAttribute(XacmlConstants.AttributeNames.DataType);
if (string.IsNullOrEmpty(dataType))
{
throw ThrowHelperXml(reader, "DataType IsNullOrEmpty");
}
while (reader.MoveToNextAttribute())
{
attributes.Add(reader.Name, reader.Value);
}
// Move the reader back to the element node.
reader.MoveToElement();
string value = null; //Any
if (dataType == "http://www.w3.org/2001/XMLSchema#string")
{
// Do not need to use Trim because it blank characters are important for Regular Expression
value = reader.ReadElementContentAsString();
}
else
{
value = reader.ReadInnerXml();
}
var attribute = new XacmlAttributeValue(new Uri(dataType, UriKind.RelativeOrAbsolute), value);
foreach (var item in attributes)
{
attribute.Attributes.Add(new System.Xml.Linq.XAttribute(item.Key, item.Value)); // UNDONE: namespace
}
return(attribute);
}
private static void WriteAttributeValue(XmlWriter writer, XacmlAttributeValue xacmlAttributeValue)
{
Guard.ArgumentNotNull(writer, nameof(writer));
Guard.ArgumentNotNull(xacmlAttributeValue, nameof(xacmlAttributeValue));
writer.WriteStartElement(XacmlConstants.Prefixes.Xacml, XacmlConstants.ElementNames.AttributeValue, Xacml30Constants.NameSpaces.Policy);
writer.WriteAttributeString(XacmlConstants.AttributeNames.DataType, xacmlAttributeValue.DataType.OriginalString);
if (xacmlAttributeValue.Value != null)
{
writer.WriteString(xacmlAttributeValue.Value);
}
else
{
WriteAnyElement(writer, (XacmlAnyElement)xacmlAttributeValue);
}
writer.WriteEndElement();
}
private static void ConvertCategoryAttributes(List <XacmlJsonCategory> categoryList, string categoryId, ICollection <XacmlContextAttributes> contextAttributes)
{
if (categoryList == null)
{
return;
}
foreach (XacmlJsonCategory category in categoryList)
{
if (!string.IsNullOrEmpty(category.CategoryId))
{
categoryId = category.CategoryId;
}
XacmlContextAttributes xacmlContextAttributes = new XacmlContextAttributes(new Uri(categoryId));
ICollection <XacmlAttributeValue> attributeValues = new Collection <XacmlAttributeValue>();
Dictionary <string, XacmlAttribute> attributeDictionary = new Dictionary <string, XacmlAttribute>();
foreach (XacmlJsonAttribute jsonAttribute in category.Attribute)
{
if (!attributeDictionary.ContainsKey(jsonAttribute.AttributeId))
{
attributeDictionary.Add(jsonAttribute.AttributeId, new XacmlAttribute(new Uri(jsonAttribute.AttributeId), jsonAttribute.IncludeInResult));
}
XacmlAttributeValue xacmlAttributeValue = new XacmlAttributeValue(new Uri(ConvertDataType(jsonAttribute)), jsonAttribute.Value);
attributeDictionary[jsonAttribute.AttributeId].AttributeValues.Add(xacmlAttributeValue);
}
foreach (KeyValuePair <string, XacmlAttribute> kvp in attributeDictionary)
{
xacmlContextAttributes.Attributes.Add(kvp.Value);
}
contextAttributes.Add(xacmlContextAttributes);
}
}
private void AddObligations(XacmlPolicy policy, XacmlContextResult result)
{
if (result.Decision.Equals(XacmlContextDecision.Permit))
{
if (policy.ObligationExpressions.Count > 0)
{
IEnumerable <XacmlObligationExpression> obligationsWithPermit = policy.ObligationExpressions.Where(o => o.FulfillOn == XacmlEffectType.Permit);
foreach (XacmlObligationExpression expression in obligationsWithPermit)
{
List <XacmlAttributeAssignment> attributeAssignments = new List <XacmlAttributeAssignment>();
foreach (XacmlAttributeAssignmentExpression ex in expression.AttributeAssignmentExpressions)
{
Type applyElemType = ex.Property.GetType();
if (applyElemType == typeof(XacmlAttributeValue))
{
XacmlAttributeValue attributeValue = ex.Property as XacmlAttributeValue;
XacmlAttributeAssignment attributeAssignment = new XacmlAttributeAssignment(ex.AttributeId, attributeValue.DataType, attributeValue.Value)
{
Category = ex.Category,
Issuer = ex.Issuer,
};
attributeAssignments.Add(attributeAssignment);
}
}
XacmlObligation obligation = new XacmlObligation(expression.ObligationId, attributeAssignments)
{
FulfillOn = XacmlEffectType.Permit,
};
result.Obligations.Add(obligation);
}
}
}
}
private static void AssertEqual(XacmlAttributeValue expected, XacmlAttributeValue actual)
{
Assert.Equal(expected.DataType, actual.DataType);
Assert.Equal(expected.Value, actual.Value, ignoreCase: true);
}
private static void AssertEqual(XacmlAttributeValue expected, XacmlAttributeValue actual)
{
Assert.Equal(expected.DataType, actual.DataType);
Assert.Equal(expected.Value.ToLower(), actual.Value.ToLower());
}
