/// <summary> /// Initializes a new instance of the <see cref="XacmlPolicySet"/> class. /// </summary> /// <param name="policySetId">The policy set identifier.</param> /// <param name="policyCombiningAlgId">The policy combining alg identifier.</param> /// <param name="target">The target.</param> public XacmlPolicySet(Uri policySetId, Uri policyCombiningAlgId, XacmlTarget target) { Contract.Requires<ArgumentNullException>(policySetId != null); Contract.Requires<ArgumentNullException>(policyCombiningAlgId != null); Contract.Requires<ArgumentNullException>(target != null); this.policySetId = policySetId; this.policyCombiningAlgId = policyCombiningAlgId; this.target = target; }
private static void AssertTargetEqual(XacmlTarget expected, XacmlTarget actual) { if (expected == null) { Assert.Null(actual); } else { Assert.NotNull(actual); AssertCollections(expected.AnyOf, actual.AnyOf, AssertAnyOfEqual); } }
private static void AddAttributeMatchesToRule(XacmlTarget xacmlTarget, Rule rule) { foreach (XacmlAnyOf anyOf in xacmlTarget.AnyOf) { foreach (XacmlAllOf allOf in anyOf.AllOf) { foreach (XacmlMatch xacmlMatch in allOf.Matches) { AddAttributeMatchToRule(xacmlMatch, rule); } } } }
private static void WriteTarget(XmlWriter writer, XacmlTarget xacmlTarget) { Guard.ArgumentNotNull(writer, nameof(writer)); Guard.ArgumentNotNull(xacmlTarget, nameof(xacmlTarget)); writer.WriteStartElement(XacmlConstants.Prefixes.Xacml, XacmlConstants.ElementNames.Target, Xacml30Constants.NameSpaces.Policy); foreach (XacmlAnyOf xacmlAnyOf in xacmlTarget.AnyOf) { WriteAnyOf(writer, xacmlAnyOf); } writer.WriteEndElement(); }
public void WritePolicy_11() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var target = new XacmlTarget(subject, null, null); XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicySetId.www"), new Uri("http://www.PolicyCombiningAlgId.www"), target); xacmlPolicySet.Description = "description string"; xacmlPolicySet.XPathVersion = Xacml10Constants.XPathVersions.Xpath10; XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), new XacmlTarget()) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml10ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, Path.Combine(TestCasePath, "cs-xacml-schema-context-01.xsd")); }
public void WritePolicy_11() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var target = new XacmlTarget(subject, null, null); XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicySetId.www"), new Uri("http://www.PolicyCombiningAlgId.www"), target); xacmlPolicySet.Description = "description string"; xacmlPolicySet.XPathVersion = Xacml10Constants.XPathVersions.Xpath10; XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), new XacmlTarget()) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml10ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, @"..\..\_Data\cs-xacml-schema-policy-01.xsd"); }
public void WritePolicy_20() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www")} ) }); var resource = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false} ) }); var action = new XacmlAction( new XacmlActionMatch[] { new XacmlActionMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlActionAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")){ Issuer = "String", MustBePresent = false} ) }); var target = new XacmlTarget(subject, resource, action, null); // new Uri("http://www.PolicySetId.www") XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicyCombiningAlgId.www"), target) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; ////#region Policy XacmlEnvironment env = new XacmlEnvironment( new XacmlEnvironmentMatch[] { new XacmlEnvironmentMatch( new Uri("http://www.EnvironmentMatchIdId.www"), new XacmlAttributeValue(new Uri("http://www.AttributValue.www")), new XacmlEnvironmentAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")){ Issuer = "String", MustBePresent = false} ) }); XacmlTarget targetWithEnvironment = new XacmlTarget(null, null, null, new XacmlEnvironment[] { env }); XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), targetWithEnvironment) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml20ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, @"..\..\_Data\access_control-xacml-2.0-policy-schema-os.xsd"); }
public void WritePolicy_20() { var subject = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") } ) }); var resource = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); var action = new XacmlAction( new XacmlActionMatch[] { new XacmlActionMatch( new Uri("http://www.MatchId.www"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlActionAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); var target = new XacmlTarget(subject, resource, action, null); // new Uri("http://www.PolicySetId.www") XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicyCombiningAlgId.www"), target) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; ////#region Policy XacmlEnvironment env = new XacmlEnvironment( new XacmlEnvironmentMatch[] { new XacmlEnvironmentMatch( new Uri("http://www.EnvironmentMatchIdId.www"), new XacmlAttributeValue(new Uri("http://www.AttributValue.www")), new XacmlEnvironmentAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); XacmlTarget targetWithEnvironment = new XacmlTarget(null, null, null, new XacmlEnvironment[] { env }); XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), targetWithEnvironment) { Description = "description string", XPathVersion = Xacml10Constants.XPathVersions.Xpath10, }; XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) { Description = "xacmlRule description" }; xacmlPolicy.Rules.Add(xacmlRule); XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")); XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment }); xacmlPolicy.Obligations.Add(xacmlObligation); xacmlPolicySet.Policies.Add(xacmlPolicy); StringBuilder builder = new StringBuilder(); using (XmlWriter writer = XmlWriter.Create(builder)) { var serializer = new Xacml20ProtocolSerializer(); serializer.WritePolicySet(writer, xacmlPolicySet); } string xml = builder.ToString(); ValidateMessage(xml, Path.Combine(TestCasePath, "access_control-xacml-2.0-policy-schema-os.xsd")); }
/// <summary> /// Reads the policy set. /// </summary> /// <param name="reader">The reader.</param> /// <returns></returns> /// <exception cref="System.InvalidOperationException"></exception> public virtual XacmlPolicySet ReadPolicySet(XmlReader reader) { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } if (!this.CanRead(reader, XacmlConstants.ElementNames.PolicySet)) { throw ThrowHelperXml(reader, "XML message is not valid."); } // Collect namespaces IDictionary <string, string> nsMgr = new Dictionary <string, string>(); for (int i = 0; i < reader.AttributeCount; i++) { reader.MoveToAttribute(i); if (reader.Prefix == "xmlns") { nsMgr.Add(reader.LocalName, reader.Value); } } Uri gaPolicySetId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicySetId); Uri gaPolicyCombiningAlgId = this.ReadAttribute <Uri>(reader, XacmlConstants.AttributeNames.PolicyCombiningAlgId); reader.ReadStartElement(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy); string description = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy)) { description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy); } // PolicySetDefault string xpathVersion = null; if (reader.IsStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.PolicySetDefaults, this.Version.NamespacePolicy); if (!reader.IsStartElement(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy)) { throw ThrowHelperXml(reader, "XPathVerison NotStartElement"); } xpathVersion = reader.ReadElementContentAsString(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy); reader.ReadEndElement(); } XacmlTarget target = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy)) { target = ReadTarget(reader); } XacmlPolicySet policySet = new XacmlPolicySet(gaPolicySetId, gaPolicyCombiningAlgId, target) { Description = description, XPathVersion = xpathVersion != null ? new Uri(xpathVersion) : null, }; policySet.Namespaces = nsMgr; IDictionary <Tuple <string, string>, Action> dicts = new Dictionary <Tuple <string, string>, Action>() { { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySet, this.Version.NamespacePolicy), () => policySet.PolicySets.Add(this.ReadPolicySet(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.Policy, this.Version.NamespacePolicy), () => policySet.Policies.Add(this.ReadPolicy(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.PolicySetIdReference, this.Version.NamespacePolicy), () => policySet.PolicySetIdReferences.Add(this.ReadPolicySetIdReference(reader)) }, { new Tuple <string, string>(XacmlConstants.ElementNames.PolicyIdReference, this.Version.NamespacePolicy), () => policySet.PolicyIdReferences.Add(this.ReadPolicyIdReference(reader)) }, }; this.ReadChoiceMultiply(reader, dicts); if (reader.IsStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy); this.ReadList(policySet.Obligations, XacmlConstants.ElementNames.Obligation, this.Version.NamespacePolicy, ReadObligation, reader); // end obligations reader.ReadEndElement(); } return(policySet); }
public void Add() { var target = new XacmlTarget(); var subject1 = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://subject1"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var subject2 = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://subject2"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var resource1 = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://resource1"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false} ) }); var resource2 = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://resource1"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false} ) }); { target.AnyOf.Add(new XacmlAnyOf(new XacmlAllOf[] { subject1 })); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(1, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); Assert.AreEqual(new Uri("http://subject1"), target.Subjects.First().Matches.First().MatchId); } { target.Subjects.Add(subject2); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(2, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); } { target.AnyOf.Add(new XacmlAnyOf(new XacmlAllOf[] { resource1 })); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(3, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(1, target.Resources.Count); } { target.Resources.Add(resource2); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(4, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(2, target.Resources.Count); foreach (var res in target.Resources) { } Assert.AreEqual(true, target.Resources.Contains(resource1)); } { target.Subjects.Remove(subject1); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(3, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(2, target.Resources.Count); } { target.Resources.Clear(); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(1, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); } }
/// <summary> /// Writes the target. /// </summary> /// <param name="writer">The writer.</param> /// <param name="data">The data.</param> protected override void WriteTarget(XmlWriter writer, XacmlTarget data) { //// Start Target writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Target, this.version.NamespacePolicy); foreach (ICollection<ICollection<XacmlMatch>> anyOf in data.AnyOf) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy); foreach (ICollection<XacmlMatch> allOf in anyOf) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AllOf, this.version.NamespacePolicy); foreach (XacmlMatch match in allOf) { this.WriteMatch(writer, match); } writer.WriteEndElement(); } writer.WriteEndElement(); } //// End Target writer.WriteEndElement(); }
/// <summary> /// Reads the target. /// </summary> /// <param name="reader">The reader.</param> /// <returns></returns> /// <exception cref="System.Xml.XmlException">Target should contain AnyOf or be empty</exception> protected override XacmlTarget ReadTarget(XmlReader reader) { Contract.Requires<ArgumentNullException>(reader != null, "reader"); Contract.Requires<XmlException>(reader.IsStartElement(XacmlConstants.ElementNames.Target, this.version.NamespacePolicy)); if (reader.IsEmptyElement) { reader.Read(); return new XacmlTarget(null); } reader.ReadStartElement(XacmlConstants.ElementNames.Target, this.version.NamespacePolicy); XacmlTarget target = new XacmlTarget(null); // AnyOf if (!reader.IsStartElement(XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy)) { throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new XmlException("Target should contain AnyOf or be empty")); } //this.ReadList<ICollection<ICollection<XacmlMatch>>>(target.AnyOf, XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy, // a => { // a.ReadStartElement(XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy); // ICollection<ICollection<XacmlMatch>> am = new List<ICollection<XacmlMatch>>(); // this.ReadList<ICollection<XacmlMatch>>(am, XacmlConstants.ElementNames.AllOf, this.version.NamespacePolicy, // o => { // o.ReadStartElement(XacmlConstants.ElementNames.AllOf, this.version.NamespacePolicy); // ICollection<XacmlMatch> m = new List<XacmlMatch>(); // this.ReadList<XacmlMatch>(m, XacmlConstants.ElementNames.Match, this.version.NamespacePolicy, this.ReadMatch, o, true); // o.ReadEndElement(); // return m; // }, a, true); // a.ReadEndElement(); // return am; // }, reader, false); this.ReadList<XacmlAnyOf>(target.AnyOf, XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy, a => { a.ReadStartElement(XacmlConstants.ElementNames.AnyOf, this.version.NamespacePolicy); ICollection<XacmlAllOf> am = new List<XacmlAllOf>(); this.ReadList<XacmlAllOf>(am, XacmlConstants.ElementNames.AllOf, this.version.NamespacePolicy, o => { o.ReadStartElement(XacmlConstants.ElementNames.AllOf, this.version.NamespacePolicy); ICollection<XacmlMatch> m = new List<XacmlMatch>(); this.ReadList<XacmlMatch>(m, XacmlConstants.ElementNames.Match, this.version.NamespacePolicy, this.ReadMatch, o, true); o.ReadEndElement(); return new XacmlAllOf(m); }, a, true); a.ReadEndElement(); return new XacmlAnyOf(am); }, reader, false); reader.ReadEndElement(); return target; }
/// <summary> /// Initializes a new instance of the <see cref="XacmlPolicySet"/> class. /// </summary> /// <param name="policyCombiningAlgId">The policy combining alg identifier.</param> /// <param name="target">The target.</param> public XacmlPolicySet(Uri policyCombiningAlgId, XacmlTarget target) : this(XacmlUtils.GeneratePolicySetId(), policyCombiningAlgId, target) { Contract.Requires<ArgumentNullException>(policyCombiningAlgId != null); Contract.Requires<ArgumentNullException>(target != null); }
/// <summary> /// Reads the rule. /// </summary> /// <param name="reader">The reader.</param> /// <returns></returns> /// <exception cref="System.Xml.XmlException"> /// Rule NotStartElement /// or /// RuleId IsNullOrEmpty /// or /// Effect IsNullEmpty /// </exception> /// <exception cref="XacmlSerializationException">Wrong XacmlEffectType value</exception> protected virtual XacmlRule ReadRule(XmlReader reader) { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } if (!reader.IsStartElement(XacmlConstants.ElementNames.Rule, this.Version.NamespacePolicy)) { throw ThrowHelperXml(reader, "Rule NotStartElement"); } var gaRuleId = reader.GetAttribute("RuleId"); if (string.IsNullOrEmpty(gaRuleId)) { throw ThrowHelperXml(reader, "RuleId IsNullOrEmpty"); } var gaEffect = reader.GetAttribute("Effect"); if (string.IsNullOrEmpty(gaEffect)) { throw ThrowHelperXml(reader, "Effect IsNullEmpty"); } XacmlEffectType effectType = XacmlEffectType.Deny; if (string.Equals(gaEffect, "Deny", StringComparison.OrdinalIgnoreCase)) { effectType = XacmlEffectType.Deny; } else if (string.Equals(gaEffect, "Permit", StringComparison.OrdinalIgnoreCase)) { effectType = XacmlEffectType.Permit; } else { throw ThrowHelperXml(reader, "Wrong XacmlEffectType value"); } reader.ReadStartElement(XacmlConstants.ElementNames.Rule, this.Version.NamespacePolicy); string description = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy)) { description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy); } XacmlTarget target = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy)) { target = this.ReadTarget(reader); } XacmlExpression condition = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Condition, this.Version.NamespacePolicy)) { condition = this.ReadCondition(reader); } reader.ReadEndElement(); return(new XacmlRule(gaRuleId, effectType) { Description = description, Target = target, Condition = condition }); }
protected virtual XacmlMatchResult TargetEvaluate(XacmlTarget target) { Contract.Requires<ArgumentNullException>(target != null); //// Subjects ///// <Subject> values <Subjects> Value ///// At least one “Match” “Match” ///// None matches and at “Indeterminate” ///// least one “Indeterminate” ///// All “No match” “No match” XacmlMatchResult subjectResult = XacmlMatchResult.NoMatch; if (target.Subjects.Count == 0) subjectResult = XacmlMatchResult.Match; foreach (XacmlSubject subj in target.Subjects) { ///// <SubjectMatch> values <Subject> Value ///// All “True” “Match” ///// No “False” and at least “Indeterminate” ///// one “Indeterminate” ///// At least one “False” “No match” XacmlMatchResult matchResult = XacmlMatchResult.Match; foreach (XacmlSubjectMatch match in subj.Matches) { bool? mres = this.SubjectMatchEvaluation(match); if (!mres.HasValue) { matchResult = XacmlMatchResult.Indeterminate; } else { if (!mres.Value) { matchResult = XacmlMatchResult.NoMatch; break; } } } if (matchResult == XacmlMatchResult.Indeterminate) { subjectResult = XacmlMatchResult.Indeterminate; } else { if (matchResult == XacmlMatchResult.Match) { subjectResult = XacmlMatchResult.Match; break; } } } // Resources ///// <Resource> values <Resources> Value ///// At least one “Match” “Match” ///// None matches and at “Indeterminate” ///// least one “Indeterminate” ///// All “No match” “No match” XacmlMatchResult resourceResult = XacmlMatchResult.NoMatch; if (target.Resources.Count == 0) resourceResult = XacmlMatchResult.Match; foreach (XacmlResource res in target.Resources) { ///// <ResourceMatch> values <Resource> Value ///// All “True” “Match” ///// No “False” and at least “Indeterminate” ///// one “Indeterminate” ///// At least one “False” “No match” XacmlMatchResult matchResult = XacmlMatchResult.Match; foreach (XacmlResourceMatch match in res.Matches) { bool? mres = this.ResourceMatchEvaluation(match); if (!mres.HasValue) { matchResult = XacmlMatchResult.Indeterminate; } else { if (!mres.Value) { matchResult = XacmlMatchResult.NoMatch; break; } } } if (matchResult == XacmlMatchResult.Indeterminate) { resourceResult = XacmlMatchResult.Indeterminate; } else { if (matchResult == XacmlMatchResult.Match) { resourceResult = XacmlMatchResult.Match; break; } } } // Actions ///// <Action> values <Actions> Value ///// At least one “Match” “Match” ///// None matches and at “Indeterminate” ///// least one “Indeterminate” ///// All “No match” “No match” XacmlMatchResult actionsResult = XacmlMatchResult.NoMatch; if (target.Actions.Count == 0) actionsResult = XacmlMatchResult.Match; foreach (XacmlAction act in target.Actions) { ///// <ActionMatch> values <Action> Value ///// All “True” “Match” ///// No “False” and at least “Indeterminate” ///// one “Indeterminate” ///// At least one “False” “No match” XacmlMatchResult matchResult = XacmlMatchResult.Match; foreach (XacmlActionMatch match in act.Matches) { bool? mres = this.ActionMatchEvaluation(match); if (!mres.HasValue) { matchResult = XacmlMatchResult.Indeterminate; } else { if (!mres.Value) { matchResult = XacmlMatchResult.NoMatch; break; } } } if (matchResult == XacmlMatchResult.Indeterminate) { actionsResult = XacmlMatchResult.Indeterminate; } else { if (matchResult == XacmlMatchResult.Match) { actionsResult = XacmlMatchResult.Match; break; } } } // Environments ///// <Environment> values <Environments> Value ///// At least one “Match” “Match” ///// None matches and at “Indeterminate” ///// least one “Indeterminate” ///// All “No match” “No match” XacmlMatchResult environmentResult = XacmlMatchResult.NoMatch; if (target.Environments.Count == 0) environmentResult = XacmlMatchResult.Match; foreach (XacmlEnvironment env in target.Environments) { ///// <EnvironmentMatch> values <Environment> Value ///// All “True” “Match” ///// No “False” and at least “Indeterminate” ///// one “Indeterminate” ///// At least one “False” “No match” XacmlMatchResult matchResult = XacmlMatchResult.Match; foreach (XacmlEnvironmentMatch match in env.Matches) { bool? mres = this.EnvironmentMatchEvaluation(match); if (!mres.HasValue) { matchResult = XacmlMatchResult.Indeterminate; } else { if (!mres.Value) { matchResult = XacmlMatchResult.NoMatch; break; } } } if (matchResult == XacmlMatchResult.Indeterminate) { environmentResult = XacmlMatchResult.Indeterminate; } else { if (matchResult == XacmlMatchResult.Match) { environmentResult = XacmlMatchResult.Match; break; } } } ///// Any "Indeterminate" "Indeterminate" ///// Any "No Match" "No Match" ///// All Match "Match" XacmlMatchResult targetMatchResult; if (subjectResult == XacmlMatchResult.Indeterminate || resourceResult == XacmlMatchResult.Indeterminate || actionsResult == XacmlMatchResult.Indeterminate || environmentResult == XacmlMatchResult.Indeterminate) { targetMatchResult = XacmlMatchResult.Indeterminate; } else if (subjectResult == XacmlMatchResult.NoMatch || resourceResult == XacmlMatchResult.NoMatch || actionsResult == XacmlMatchResult.NoMatch || environmentResult == XacmlMatchResult.NoMatch) { targetMatchResult = XacmlMatchResult.NoMatch; } else { targetMatchResult = XacmlMatchResult.Match; } return targetMatchResult; }
/// <summary> /// protected virtual void WriteTarget /// </summary> /// <param name="writer">XmlWriter writer</param> /// <param name="data">XacmlTarget data</param> protected virtual void WriteTarget(XmlWriter writer, XacmlTarget data) { if (writer == null) { throw new ArgumentNullException(nameof(writer)); } if (data == null) { throw new ArgumentNullException(nameof(data)); } //// Start Target writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy); //// Start Subjects writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subjects, this.Version.NamespacePolicy); if (data.Subjects.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnySubject, this.Version.NamespacePolicy, string.Empty); } else { foreach (var subject in data.Subjects) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subject, this.Version.NamespacePolicy); foreach (var subjectMatch in subject.Matches) { this.WriteMatch(writer, subjectMatch); } writer.WriteEndElement(); } } //// End Subjects writer.WriteEndElement(); //// Start Resources writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resources, this.Version.NamespacePolicy); if (data.Resources.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnyResource, this.Version.NamespacePolicy, string.Empty); } else { foreach (var resource in data.Resources) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resource, this.Version.NamespacePolicy); foreach (var resourceMatch in resource.Matches) { this.WriteMatch(writer, resourceMatch); } writer.WriteEndElement(); } } //// End Resources writer.WriteEndElement(); //// Start Actions writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Actions, this.Version.NamespacePolicy); if (data.Actions.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnyAction, this.Version.NamespacePolicy, string.Empty); } else { foreach (var action in data.Actions) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Action, this.Version.NamespacePolicy); foreach (var actionMatch in action.Matches) { this.WriteMatch(writer, actionMatch); } writer.WriteEndElement(); } } //// End Actions writer.WriteEndElement(); if (data.Environments != null && data.Environments.Count > 0) { throw new InvalidOperationException("Environments property just for version 2.0 or higher"); } //// End Target writer.WriteEndElement(); }
protected override XacmlMatchResult TargetEvaluate(XacmlTarget target) { if (target.AnyOf.Count == 0) { return XacmlMatchResult.Match; } //// <AnyOf> values Target value //// All “Match” “Match” //// At least one “No Match” "No Match" //// Otherwise “Indeterminate” XacmlMatchResult result = XacmlMatchResult.Match; foreach (XacmlAnyOf anyOf in target.AnyOf) { //// <AllOf> values <AnyOf> Value //// At least one “Match” “Match” //// None matches and at least one “Indeterminate” “Indeterminate” //// All “No match” “No match” XacmlMatchResult anyOfResult = XacmlMatchResult.NoMatch; foreach (XacmlAllOf allOf in anyOf.AllOf) { //// <Match> values <AllOf> Value //// All “True” “Match” //// No “False” and at least one “Indeterminate” “Indeterminate” //// At least one “False” “No match” XacmlMatchResult allOfResult = XacmlMatchResult.Match; foreach (XacmlMatch match in allOf.Matches) { bool? matchResult = this.MatchEvaluation(match); // indeterminate if (!matchResult.HasValue) { allOfResult = XacmlMatchResult.Indeterminate; } else if (!matchResult.Value) { allOfResult = XacmlMatchResult.NoMatch; break; } } if (allOfResult == XacmlMatchResult.Match) { anyOfResult = XacmlMatchResult.Match; break; } if (allOfResult == XacmlMatchResult.Indeterminate) { anyOfResult = XacmlMatchResult.Indeterminate; } } if (anyOfResult == XacmlMatchResult.NoMatch) { result = XacmlMatchResult.NoMatch; break; } if (anyOfResult == XacmlMatchResult.Indeterminate) { result = XacmlMatchResult.Indeterminate; } } return result; }
/// <summary> /// protected virtual void WriteTarget /// </summary> /// <param name="writer">XmlWriter writer</param> /// <param name="data">XacmlTarget data</param> protected virtual void WriteTarget(XmlWriter writer, XacmlTarget data) { Contract.Requires<ArgumentNullException>(writer != null); Contract.Requires<ArgumentNullException>(data != null); //// Start Target writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Target, this.version.NamespacePolicy); //// Start Subjects writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subjects, this.version.NamespacePolicy); if (data.Subjects.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnySubject, this.version.NamespacePolicy, string.Empty); } else { foreach (var subject in data.Subjects) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subject, this.version.NamespacePolicy); foreach (var subjectMatch in subject.Matches) { this.WriteMatch(writer, subjectMatch); } writer.WriteEndElement(); } } //// End Subjects writer.WriteEndElement(); //// Start Resources writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resources, this.version.NamespacePolicy); if (data.Resources.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnyResource, this.version.NamespacePolicy, string.Empty); } else { foreach (var resource in data.Resources) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resource, this.version.NamespacePolicy); foreach (var resourceMatch in resource.Matches) { this.WriteMatch(writer, resourceMatch); } writer.WriteEndElement(); } } //// End Resources writer.WriteEndElement(); //// Start Actions writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Actions, this.version.NamespacePolicy); if (data.Actions.Count == 0) { writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AnyAction, this.version.NamespacePolicy, string.Empty); } else { foreach (var action in data.Actions) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Action, this.version.NamespacePolicy); foreach (var actionMatch in action.Matches) { this.WriteMatch(writer, actionMatch); } writer.WriteEndElement(); } } //// End Actions writer.WriteEndElement(); if (data.Environments != null && data.Environments.Count > 0) { throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new XacmlSerializationException("Environments property just for version 2.0 or higher")); } //// End Target writer.WriteEndElement(); }
/// <summary> /// Writes the target. /// </summary> /// <param name="writer">The writer.</param> /// <param name="data">The data.</param> protected override void WriteTarget(XmlWriter writer, XacmlTarget data) { Contract.Requires<ArgumentNullException>(writer != null); Contract.Requires<ArgumentNullException>(data != null); //// Start Target writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Target, this.version.NamespacePolicy); if (data.Subjects.Count() > 0) { //// Start Subjects writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subjects, this.version.NamespacePolicy); foreach (var subject in data.Subjects) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Subject, this.version.NamespacePolicy); foreach (XacmlSubjectMatch subjectMatch in subject.Matches) { this.WriteMatch(writer, subjectMatch); } writer.WriteEndElement(); } //// End Subjects writer.WriteEndElement(); } if (data.Resources.Count() > 0) { //// Start Resources writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resources, this.version.NamespacePolicy); foreach (var resource in data.Resources) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Resource, this.version.NamespacePolicy); foreach (var resourceMatch in resource.Matches) { this.WriteMatch(writer, resourceMatch); } writer.WriteEndElement(); } //// End Resources writer.WriteEndElement(); } if (data.Actions.Count() > 0) { //// Start Actions writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Actions, this.version.NamespacePolicy); foreach (var action in data.Actions) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Action, this.version.NamespacePolicy); foreach (var actionMatch in action.Matches) { this.WriteMatch(writer, actionMatch); } writer.WriteEndElement(); } //// End Actions writer.WriteEndElement(); } if (data.Environments.Count() > 0) { //// Start Environment writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Environments, this.version.NamespacePolicy); foreach (var environment in data.Environments) { writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Environment, this.version.NamespacePolicy); foreach (var environmentMatch in environment.Matches) { this.WriteMatch(writer, environmentMatch); } writer.WriteEndElement(); } //// End Actions writer.WriteEndElement(); } //// End Target writer.WriteEndElement(); }
public void Add() { var target = new XacmlTarget(); var subject1 = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://subject1"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var subject2 = new XacmlSubject( new XacmlSubjectMatch[] { new XacmlSubjectMatch( new Uri("http://subject2"), new XacmlAttributeValue(new Uri("http://www.DataType.www")), new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") }) }); var resource1 = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://resource1"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); var resource2 = new XacmlResource( new XacmlResourceMatch[] { new XacmlResourceMatch( new Uri("http://resource1"), new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false } ) }); { target.AnyOf.Add(new XacmlAnyOf(new XacmlAllOf[] { subject1 })); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(1, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); Assert.AreEqual(new Uri("http://subject1"), target.Subjects.First().Matches.First().MatchId); } { target.Subjects.Add(subject2); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(2, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); } { target.AnyOf.Add(new XacmlAnyOf(new XacmlAllOf[] { resource1 })); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(3, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(1, target.Resources.Count); } { target.Resources.Add(resource2); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(4, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(2, target.Subjects.Count); Assert.AreEqual(2, target.Resources.Count); foreach (var res in target.Resources) { } Assert.AreEqual(true, target.Resources.Contains(resource1)); } { target.Subjects.Remove(subject1); Assert.AreEqual(2, target.AnyOf.Count); Assert.AreEqual(3, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(2, target.Resources.Count); } { target.Resources.Clear(); Assert.AreEqual(1, target.AnyOf.Count); Assert.AreEqual(1, target.AnyOf.SelectMany(x => x.AllOf).Count()); Assert.AreEqual(1, target.Subjects.Count); Assert.AreEqual(0, target.Resources.Count); } }
/// <summary> /// Reads the policy. /// </summary> /// <param name="reader">The reader.</param> /// <returns></returns> /// <exception cref="System.InvalidOperationException"></exception> /// <exception cref="System.Xml.XmlException"> /// PolicyId IsNullOrEmpty /// or /// RuleCombiningAlgId IsNullOrEmpty /// </exception> public virtual XacmlPolicy ReadPolicy(XmlReader reader) { if (reader == null) { throw new ArgumentNullException(nameof(reader)); } IDictionary <string, string> nsMgr = new Dictionary <string, string>(); for (int i = 0; i < reader.AttributeCount; i++) { reader.MoveToAttribute(i); if (reader.Prefix == "xmlns") { nsMgr.Add(reader.LocalName, reader.Value); } } if (!this.CanRead(reader, XacmlConstants.ElementNames.Policy)) { throw ThrowHelperXml(reader, "XML message is not valid."); } var gaPolicyId = reader.GetAttribute("PolicyId"); if (string.IsNullOrEmpty(gaPolicyId)) { throw ThrowHelperXml(reader, "PolicyId IsNullOrEmpty"); } var gaRuleCombiningAlgId = reader.GetAttribute("RuleCombiningAlgId"); if (string.IsNullOrEmpty(gaRuleCombiningAlgId)) { throw ThrowHelperXml(reader, "RuleCombiningAlgId IsNullOrEmpty"); } reader.ReadStartElement(XacmlConstants.ElementNames.Policy, this.Version.NamespacePolicy); string description = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy)) { description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.Version.NamespacePolicy); } // PolicySetDefault string xpathVersion = null; if (reader.IsStartElement(XacmlConstants.ElementNames.PolicyDefaults, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.PolicyDefaults, this.Version.NamespacePolicy); if (!reader.IsStartElement(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy)) { throw ThrowHelperXml(reader, "XPathVerison NotStartElement"); } xpathVersion = reader.ReadElementContentAsString(XacmlConstants.ElementNames.XPathVersion, this.Version.NamespacePolicy); reader.ReadEndElement(); } XacmlTarget target = null; if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.Version.NamespacePolicy)) { target = ReadTarget(reader); } XacmlPolicy policy = new XacmlPolicy(new Uri(gaPolicyId, UriKind.RelativeOrAbsolute), new Uri(gaRuleCombiningAlgId, UriKind.RelativeOrAbsolute), target) { Description = description, XPathVersion = xpathVersion != null ? new Uri(xpathVersion) : null, }; policy.Namespaces = nsMgr; XacmlRule rule = null; while (reader.IsStartElement(XacmlConstants.ElementNames.Rule, this.Version.NamespacePolicy)) { rule = ReadRule(reader); policy.Rules.Add(rule); } if (reader.IsStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy)) { reader.ReadStartElement(XacmlConstants.ElementNames.Obligations, this.Version.NamespacePolicy); this.ReadList(policy.Obligations, XacmlConstants.ElementNames.Obligation, this.Version.NamespacePolicy, ReadObligation, reader, isRequired: true); // end obligations reader.ReadEndElement(); } // end policy reader.ReadEndElement(); return(policy); }