/// <summary>
/// Evauluat the condition.
/// </summary>
/// <param name="request">The xacml context request.</param>
/// <returns>The match result.</returns>
public XacmlAttributeMatchResult EvaluateCondition(XacmlContextRequest request)
{
Type conditionType = this.Condition.Property.GetType();
if (conditionType == typeof(XacmlFunction))
{
return XacmlAttributeMatchResult.NoMatch;
}
else if (conditionType == typeof(XacmlApply))
{
XacmlApply xacmlApply = this.Condition.Property as XacmlApply;
return xacmlApply.Evalute(request);
}
return XacmlAttributeMatchResult.NoMatch;
}
private Dictionary<string, ICollection<XacmlAttribute>> GetCategoryAttributes(XacmlContextRequest request, string category)
{
Dictionary<string, ICollection<XacmlAttribute>> categoryAttributes = new Dictionary<string, ICollection<XacmlAttribute>>();
foreach (XacmlContextAttributes attributes in request.Attributes)
{
if (attributes.Category.Equals(category))
{
foreach (XacmlAttribute attribute in attributes.Attributes)
{
if (categoryAttributes.Keys.Contains(attribute.AttributeId.OriginalString))
{
categoryAttributes[attribute.AttributeId.OriginalString].Add(attribute);
}
else
{
ICollection<XacmlAttribute> newCollection = new Collection<XacmlAttribute>();
newCollection.Add(attribute);
categoryAttributes.Add(attribute.AttributeId.OriginalString, newCollection);
}
}
}
}
return categoryAttributes;
}
/// <summary>
/// Match Policy Attributes and request attributes of the same category.
/// </summary>
/// <param name="request">The request.</param>
/// <param name="category">The attribute category.</param>
/// <returns>The match result.</returns>
public XacmlAttributeMatchResult MatchAttributes(XacmlContextRequest request, string category)
{
Dictionary<string, ICollection<XacmlAttribute>> requestAttributes = this.GetCategoryAttributes(request, category);
XacmlAttributeMatchResult xacmlAttributeMatchResult = XacmlAttributeMatchResult.NoMatch;
if (this.Target == null)
{
// If the rules does not have any target, it is a match anyway
return XacmlAttributeMatchResult.Match;
}
bool foundCategoryInAnyOf = false;
foreach (XacmlAnyOf anyOf in this.Target.AnyOf)
{
foreach (XacmlAllOf allOf in anyOf.AllOf)
{
bool allAttributesInAllOfMatched = true;
bool matchinAttributeCategoryFoundInAllOf = false;
foreach (XacmlMatch xacmlMatch in allOf.Matches)
{
if (xacmlMatch.AttributeDesignator.Category.Equals(category))
{
matchinAttributeCategoryFoundInAllOf = true;
if (requestAttributes.ContainsKey(xacmlMatch.AttributeDesignator.AttributeId.OriginalString))
{
bool attributeValueMatched = false;
foreach (XacmlAttribute xacmlAttribute in requestAttributes[xacmlMatch.AttributeDesignator.AttributeId.OriginalString])
{
foreach (XacmlAttributeValue attValue in xacmlAttribute.AttributeValues)
{
if (xacmlMatch.IsMatch(attValue))
{
attributeValueMatched = true;
break;
}
}
}
if (!attributeValueMatched)
{
allAttributesInAllOfMatched = false;
}
}
else
{
allAttributesInAllOfMatched = false;
if (xacmlMatch.AttributeDesignator.MustBePresent.HasValue && xacmlMatch.AttributeDesignator.MustBePresent.Value)
{
xacmlAttributeMatchResult = XacmlAttributeMatchResult.RequiredAttributeMissing;
}
}
}
}
if (allAttributesInAllOfMatched && matchinAttributeCategoryFoundInAllOf)
{
// All allOff matches for attributes in a anyOff did match.
xacmlAttributeMatchResult = XacmlAttributeMatchResult.Match;
}
if (matchinAttributeCategoryFoundInAllOf)
{
foundCategoryInAnyOf = true;
}
}
}
if (!foundCategoryInAnyOf)
{
// If none of the attributes in policy is for this category it is for any attributes of this category
return XacmlAttributeMatchResult.Match;
}
return xacmlAttributeMatchResult;
}
