private static IEnumerable<Claim> MapClaims(IEnumerable<Claim> inputClaims, PolicyScope mappingScope) { List<Claim> mappedClaims = new List<Claim>(); foreach (PolicyRule rule in mappingScope.Rules) { IEnumerable<Claim> matchingInputClaims = MatchesRule(rule, inputClaims); if (matchingInputClaims != null && matchingInputClaims.Any()) { foreach (var matchingInputClaim in matchingInputClaims) { string outputValue; if (rule.OutputClaim.CopyFromInput) { if (rule.InputClaims.ElementAt(0).Value != Wildcard) { if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue)) { outputValue = rule.InputClaims.ElementAt(0).Value; } else { outputValue = rule.InputClaims.ElementAt(0).Issuer.DisplayName; } } else { if (rule.OutputClaim.CopyFrom.ToUpperInvariant().Equals(CopyFromConstants.InputValue)) { outputValue = matchingInputClaim.Value; } else { var issuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.Issuer); outputValue = issuer != null ? issuer.DisplayName : matchingInputClaim.Issuer; } } } else { outputValue = rule.OutputClaim.Value; } var originalIssuer = mappingScope.Issuers.FirstOrDefault(i => i.Uri == matchingInputClaim.OriginalIssuer); string originalIssuerDisplayName = originalIssuer != null ? originalIssuer.DisplayName : matchingInputClaim.Issuer; mappedClaims.Add( new Claim( rule.OutputClaim.ClaimType.FullName, outputValue, matchingInputClaim.ValueType, matchingInputClaim.Issuer, originalIssuerDisplayName)); } } } return mappedClaims; }
public void ShouldMatchInputClaim() { var store = new MockPolicyStore(); ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store); InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim"); OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue"); PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim); var policyScope = new PolicyScope(new Uri("http://myScope"), new[] { rule }); policyScope.AddIssuer(new Issuer("http://originalIssuer", string.Empty, "OriginalIssuer")); store.RetrieveScopesReturnValue = new List<PolicyScope>() { policyScope }; IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer", "http://originalIssuer") }); Assert.IsNotNull(evaluatedOutputClaims); Assert.AreEqual(1, evaluatedOutputClaims.Count()); Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType); Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value); Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Issuer); Assert.AreEqual("OriginalIssuer", evaluatedOutputClaims.ElementAt(0).OriginalIssuer); }
private static XElement SerializeScope(PolicyScope scope) { XElement scopeElement = new XElement("scope"); scopeElement.SetAttributeValue("uri", scope.Uri.ToString()); XElement claimTypesElement = new XElement("claimTypes"); scopeElement.Add(claimTypesElement); foreach (var claimType in scope.ClaimTypes) { claimTypesElement.Add(SerializaClaimType(claimType)); } XElement issuersElement = new XElement("issuers"); scopeElement.Add(issuersElement); foreach (var issuer in scope.Issuers) { issuersElement.Add(SerializaIssuer(issuer)); } XElement rulesElement = new XElement("rules"); scopeElement.Add(rulesElement); foreach (var rule in scope.Rules) { rulesElement.Add(SerializaRule(rule)); } return scopeElement; }
private static PolicyScope RetrieveScope(XElement scopeElement) { IDictionary<string, string> claimTypes = RetrieveReferences(scopeElement.Element("claimTypes"), "claimType", "displayName", "fullName"); IDictionary<string, Issuer> issuers = new Dictionary<string, Issuer>(); PolicyScope scope = new PolicyScope(new Uri(scopeElement.Attribute("uri").Value), new List<PolicyRule>()); var issuerElements = scopeElement.Element("issuers").Descendants("issuer"); foreach (var item in issuerElements) { Issuer issuer = new Issuer( item.Attribute("uri").Value, item.Attribute("thumbprint").Value.ToUpperInvariant(), item.Attribute("displayName").Value); scope.AddIssuer(issuer); issuers.Add(issuer.DisplayName, issuer); } foreach (var item in claimTypes) { scope.AddClaimType(new ClaimType(item.Value, item.Key)); } foreach (XElement ruleElement in scopeElement.Element("rules").Descendants("rule")) { AssertionsMatch assertionsMatch = RetrieveRuleAssertionsMatch(ruleElement); IEnumerable<InputPolicyClaim> inputClaims = RetrieveInputClaims(ruleElement, issuers, claimTypes); OutputPolicyClaim outputClaim = RetrieveOutputClaim(ruleElement, claimTypes); scope.AddRule(new PolicyRule(assertionsMatch, inputClaims, outputClaim)); } return scope; }
private static PolicyScope RetrievePolicyScope() { var scope = new PolicyScope(new Uri("http://localhost/tests")); scope.ClaimTypes.Add(sampleClaimType); scope.Issuers.Add(sampleIssuer); return scope; }