public PolicyRule(AssertionsMatch assertionsMatch, IEnumerable<InputPolicyClaim> inputClaims, OutputPolicyClaim outputClaim) { if (outputClaim.CopyFromInput && inputClaims.Count() > 1) { throw new PolicyRuleException(Resources.CopyFromInputWithMultipleInputClaims); } this.AssertionsMatch = assertionsMatch; this.OutputClaim = outputClaim; this.InputClaims = new List<InputPolicyClaim>(); this.InputClaims.AddRange(inputClaims); }
public void ShouldAddRuleViaWCF() { ChannelFactory<IPolicyStore> factory = new ChannelFactory<IPolicyStore>(new BasicHttpBinding(), new EndpointAddress("http://localhost:3333/policystore")); IPolicyStore store = factory.CreateChannel(); var scope = store.RetrieveScopes().ElementAt(0); InputPolicyClaim inputClaim = new InputPolicyClaim(scope.Issuers.ElementAt(0), scope.ClaimTypes.ElementAt(0), "thevalue"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(scope.ClaimTypes.ElementAt(0), CopyFromConstants.InputValue); PolicyRule rule = new PolicyRule(AssertionsMatch.All, new[] { inputClaim }, outputClaim); store.AddPolicyRule(scope.Uri, rule); var updatedScope = store.RetrieveScopes().ElementAt(0); Assert.AreEqual(3, updatedScope.Rules.Count()); }
public void ShoudMatchInputClaimWithAssertionMatchAll() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.All, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value); }
public PolicyRule(AssertionsMatch assertionsMatch, IEnumerable <InputPolicyClaim> inputClaims, OutputPolicyClaim outputClaim) { if (outputClaim.CopyFromInput && inputClaims.Count() > 1) { throw new PolicyRuleException(Resources.CopyFromInputWithMultipleInputClaims); } this.AssertionsMatch = assertionsMatch; this.OutputClaim = outputClaim; this.InputClaims = new List <InputPolicyClaim>(); this.InputClaims.AddRange(inputClaims); }
public void ShouldMatchInputClaimAndCopyInputIssuerToOutputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); ClaimType inputClaimType = new ClaimType("http://myInputClaimType"); ClaimType outputClaimType = new ClaimType("http://myOutputClaimType"); Issuer issuer = new Issuer("http://myInputClaimIssuer"); InputPolicyClaim inputClaim = new InputPolicyClaim(issuer, inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(outputClaimType, string.Empty, CopyFromConstants.InputIssuer); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Value); }
public void ShouldOutputCorrectInputValue() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputPolicyClaim1 = new InputPolicyClaim(this.issuer, this.inputClaimType, "*"); ClaimType outputClaimType1 = new ClaimType("http://myOutputClaimType1"); OutputPolicyClaim outputPolicyClaim1 = new OutputPolicyClaim(outputClaimType1, "myOutputClaimValue"); PolicyRule policyRule1 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim1 }, outputPolicyClaim1); InputPolicyClaim inputPolicyClaim2 = new InputPolicyClaim(this.issuer, this.inputClaimType, "inputClaimValue"); ClaimType outputClaimType2 = new ClaimType("http://myOutputClaimType2"); OutputPolicyClaim outputPolicyClaim2 = new OutputPolicyClaim(outputClaimType2, string.Empty, CopyFromConstants.InputValue); PolicyRule policyRule2 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim2 }, outputPolicyClaim2); store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { policyRule1, policyRule2 }) }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "inputClaimValue", string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(2, evaluatedOutputClaims.Count()); var outputClaim1 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType1"); Assert.IsNotNull(outputClaim1); Assert.AreEqual("myOutputClaimValue", outputClaim1.Value); var outputClaim2 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType2"); Assert.IsNotNull(outputClaim2); Assert.AreEqual("inputClaimValue", outputClaim2.Value); }
public void ShouldMatchInputClaimValueInCaseInsensitiveFashion() { var store = new MockPolicyStore(); var scopeUri = new Uri("http://myScope"); var inputClaimValue = "myInputClaimValue"; var outputClaimValue = "myOutputClaimValue"; InputPolicyClaim inputClaim = new InputPolicyClaim( new Issuer("http://myInputClaimIssuer", "myInputClaimIssuer"), new ClaimType("http://myInputClaimType", "myInputClaimType"), inputClaimValue); OutputPolicyClaim outputClaim = new OutputPolicyClaim( new ClaimType("http://myOutputClaimType", "myOutputClaimType"), outputClaimValue); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); store.RetrieveScopesReturnValue = new List<PolicyScope> { new PolicyScope(scopeUri, new[] { rule }) }; var evaluator = new ClaimsPolicyEvaluator(store); var evaluatedOutputClaims = evaluator.Evaluate(scopeUri, new[] { new Claim("http://myInputClaimType", inputClaimValue.ToUpperInvariant(), string.Empty, "http://myInputClaimIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual(outputClaimValue, evaluatedOutputClaims.ElementAt(0).Value); }
private static XElement SerializeOutputClaim(OutputPolicyClaim outputPolicyClaim) { XElement outputElement = new XElement("output"); outputElement.SetAttributeValue("type", outputPolicyClaim.ClaimType.DisplayName); if (!string.IsNullOrEmpty(outputPolicyClaim.Value)) { outputElement.SetAttributeValue("value", outputPolicyClaim.Value); } if (outputPolicyClaim.CopyFromInput) { outputElement.SetAttributeValue("copyFrom", outputPolicyClaim.CopyFrom); } return outputElement; }