/// <summary> /// Evauluat the condition. /// </summary> /// <param name="request">The xacml context request.</param> /// <returns>The match result.</returns> public XacmlAttributeMatchResult EvaluateCondition(XacmlContextRequest request) { Type conditionType = this.Condition.Property.GetType(); if (conditionType == typeof(XacmlFunction)) { return XacmlAttributeMatchResult.NoMatch; } else if (conditionType == typeof(XacmlApply)) { XacmlApply xacmlApply = this.Condition.Property as XacmlApply; return xacmlApply.Evalute(request); } return XacmlAttributeMatchResult.NoMatch; }
private Dictionary<string, ICollection<XacmlAttribute>> GetCategoryAttributes(XacmlContextRequest request, string category) { Dictionary<string, ICollection<XacmlAttribute>> categoryAttributes = new Dictionary<string, ICollection<XacmlAttribute>>(); foreach (XacmlContextAttributes attributes in request.Attributes) { if (attributes.Category.Equals(category)) { foreach (XacmlAttribute attribute in attributes.Attributes) { if (categoryAttributes.Keys.Contains(attribute.AttributeId.OriginalString)) { categoryAttributes[attribute.AttributeId.OriginalString].Add(attribute); } else { ICollection<XacmlAttribute> newCollection = new Collection<XacmlAttribute>(); newCollection.Add(attribute); categoryAttributes.Add(attribute.AttributeId.OriginalString, newCollection); } } } } return categoryAttributes; }
/// <summary> /// Match Policy Attributes and request attributes of the same category. /// </summary> /// <param name="request">The request.</param> /// <param name="category">The attribute category.</param> /// <returns>The match result.</returns> public XacmlAttributeMatchResult MatchAttributes(XacmlContextRequest request, string category) { Dictionary<string, ICollection<XacmlAttribute>> requestAttributes = this.GetCategoryAttributes(request, category); XacmlAttributeMatchResult xacmlAttributeMatchResult = XacmlAttributeMatchResult.NoMatch; if (this.Target == null) { // If the rules does not have any target, it is a match anyway return XacmlAttributeMatchResult.Match; } bool foundCategoryInAnyOf = false; foreach (XacmlAnyOf anyOf in this.Target.AnyOf) { foreach (XacmlAllOf allOf in anyOf.AllOf) { bool allAttributesInAllOfMatched = true; bool matchinAttributeCategoryFoundInAllOf = false; foreach (XacmlMatch xacmlMatch in allOf.Matches) { if (xacmlMatch.AttributeDesignator.Category.Equals(category)) { matchinAttributeCategoryFoundInAllOf = true; if (requestAttributes.ContainsKey(xacmlMatch.AttributeDesignator.AttributeId.OriginalString)) { bool attributeValueMatched = false; foreach (XacmlAttribute xacmlAttribute in requestAttributes[xacmlMatch.AttributeDesignator.AttributeId.OriginalString]) { foreach (XacmlAttributeValue attValue in xacmlAttribute.AttributeValues) { if (xacmlMatch.IsMatch(attValue)) { attributeValueMatched = true; break; } } } if (!attributeValueMatched) { allAttributesInAllOfMatched = false; } } else { allAttributesInAllOfMatched = false; if (xacmlMatch.AttributeDesignator.MustBePresent.HasValue && xacmlMatch.AttributeDesignator.MustBePresent.Value) { xacmlAttributeMatchResult = XacmlAttributeMatchResult.RequiredAttributeMissing; } } } } if (allAttributesInAllOfMatched && matchinAttributeCategoryFoundInAllOf) { // All allOff matches for attributes in a anyOff did match. xacmlAttributeMatchResult = XacmlAttributeMatchResult.Match; } if (matchinAttributeCategoryFoundInAllOf) { foundCategoryInAnyOf = true; } } } if (!foundCategoryInAnyOf) { // If none of the attributes in policy is for this category it is for any attributes of this category return XacmlAttributeMatchResult.Match; } return xacmlAttributeMatchResult; }