/// <summary>
/// Creates a new Result using the provided information.
/// </summary>
/// <param name="resourceId">The resource id for this result.</param>
/// <param name="decision">The decission of the evaluation.</param>
/// <param name="status">The status with information about the execution.</param>
/// <param name="obligations">The list of obligations</param>
/// <param name="schemaVersion">The version of the schema that was used to validate.</param>
public ResultElement(string resourceId, rtm.Decision decision, StatusElement status, pol.ObligationCollection obligations, XacmlVersion schemaVersion)
: base(XacmlSchema.Context, schemaVersion)
{
_resourceId = resourceId;
_decision = decision;
// If the status is null, create an empty status
if (status == null)
{
_status = new StatusElement(null, null, null, schemaVersion);
}
else
{
_status = status;
}
// If the obligations are null, leave the empty ObligationCollection.
if (obligations != null)
{
_obligations = obligations;
}
}
/// <summary>
/// Process the obligations for the policy.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
private void ProcessObligations(EvaluationContext context)
{
_obligations = new pol.ObligationCollection();
if (_evaluationValue != Decision.Indeterminate &&
_evaluationValue != Decision.NotApplicable &&
_policySet.Obligations != null &&
_policySet.Obligations.Count != 0)
{
foreach (pol.ObligationElement obl in _policySet.Obligations)
{
if ((obl.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny) ||
(obl.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit))
{
context.Trace("Adding obligation: {0} ", obl.ObligationId);
_obligations.Add(obl);
}
}
// Get all obligations from child policies
foreach (IMatchEvaluable child in _policies)
{
IObligationsContainer oblig = child as IObligationsContainer;
if (oblig != null && oblig.Obligations != null)
{
foreach (pol.ObligationElement childObligation in oblig.Obligations)
{
if ((childObligation.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny) ||
(childObligation.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit))
{
_obligations.Add(childObligation);
}
}
}
}
}
}
/// <summary>
/// Creates a new Result using the provided information.
/// </summary>
/// <param name="resourceId">The resource id for this result.</param>
/// <param name="decision">The decission of the evaluation.</param>
/// <param name="status">The status with information about the execution.</param>
/// <param name="obligations">The list of obligations</param>
/// <param name="schemaVersion">The version of the schema that was used to validate.</param>
public ResultElement( string resourceId, rtm.Decision decision, StatusElement status, pol.ObligationCollection obligations, XacmlVersion schemaVersion )
: base( XacmlSchema.Context, schemaVersion )
{
_resourceId = resourceId;
_decision = decision;
// If the status is null, create an empty status
if( status == null )
{
_status = new StatusElement( null, null, null, schemaVersion );
}
else
{
_status = status;
}
// If the obligations are null, leave the empty ObligationCollection.
if( obligations != null )
{
_obligations = obligations;
}
}
/// <summary>
/// Evaluates the policy.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The decission result for this policy.</returns>
public Decision Evaluate( EvaluationContext context )
{
if (context == null) throw new ArgumentNullException("context");
context.Trace( "Evaluating policy: {0}", _policy.Description );
context.AddIndent();
context.CurrentPolicy = this;
try
{
// Evaluate the variables
if( this._policy.SchemaVersion == XacmlVersion.Version20 )
{
if( _variables == null )
{
context.Trace( "Evaluating variables..." );
_variables = new Hashtable();
foreach( pol.VariableDefinitionElement variableDef in _policy.VariableDefinitions.Values )
{
VariableDefinition variable = new VariableDefinition( variableDef );
_variables.Add( variableDef.Id, variable );
}
}
}
// Matches the target.
TargetEvaluationValue targetEvaluationValue = Match( context );
// If the target matches.
if( targetEvaluationValue == TargetEvaluationValue.Match )
{
context.Trace( "Rule combination algorithm: {0}", _policy.RuleCombiningAlgorithm );
// Evaluate all rules and apply rule combination
inf.IRuleCombiningAlgorithm rca = EvaluationEngine.CreateRuleCombiningAlgorithm( _policy.RuleCombiningAlgorithm );
_evaluationValue = rca.Evaluate( context, _rules );
}
else if( targetEvaluationValue == TargetEvaluationValue.NoMatch )
{
_evaluationValue = Decision.NotApplicable;
}
else if( targetEvaluationValue == TargetEvaluationValue.Indeterminate )
{
_evaluationValue = Decision.Indeterminate;
}
context.Trace( "Policy: {0}", _evaluationValue );
// Copy all the obligations.
_obligations = new pol.ObligationCollection();
if( _evaluationValue != Decision.Indeterminate &&
_evaluationValue != Decision.NotApplicable &&
_policy.Obligations != null && _policy.Obligations.Count != 0 )
{
foreach( pol.ObligationElement obl in _policy.Obligations )
{
if( ( obl.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny ) ||
( obl.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit ) )
{
context.Trace( "Adding obligation: {0} ", obl.ObligationId );
_obligations.Add( obl );
}
}
}
return _evaluationValue;
}
finally
{
context.RemoveIndent();
context.CurrentPolicy = null;
}
}
/// <summary>
/// Evaluates the policy.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
/// <returns>The decission result for this policy.</returns>
public Decision Evaluate(EvaluationContext context)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
context.Trace("Evaluating policy: {0}", _policy.Description);
context.AddIndent();
context.CurrentPolicy = this;
try
{
// Evaluate the variables
if (this._policy.SchemaVersion == XacmlVersion.Version20)
{
if (_variables == null)
{
context.Trace("Evaluating variables...");
_variables = new Hashtable();
foreach (pol.VariableDefinitionElement variableDef in _policy.VariableDefinitions.Values)
{
VariableDefinition variable = new VariableDefinition(variableDef);
_variables.Add(variableDef.Id, variable);
}
}
}
// Matches the target.
TargetEvaluationValue targetEvaluationValue = Match(context);
// If the target matches.
if (targetEvaluationValue == TargetEvaluationValue.Match)
{
context.Trace("Rule combination algorithm: {0}", _policy.RuleCombiningAlgorithm);
// Evaluate all rules and apply rule combination
inf.IRuleCombiningAlgorithm rca = EvaluationEngine.CreateRuleCombiningAlgorithm(_policy.RuleCombiningAlgorithm);
_evaluationValue = rca.Evaluate(context, _rules);
}
else if (targetEvaluationValue == TargetEvaluationValue.NoMatch)
{
_evaluationValue = Decision.NotApplicable;
}
else if (targetEvaluationValue == TargetEvaluationValue.Indeterminate)
{
_evaluationValue = Decision.Indeterminate;
}
context.Trace("Policy: {0}", _evaluationValue);
// Copy all the obligations.
_obligations = new pol.ObligationCollection();
if (_evaluationValue != Decision.Indeterminate &&
_evaluationValue != Decision.NotApplicable &&
_policy.Obligations != null && _policy.Obligations.Count != 0)
{
foreach (pol.ObligationElement obl in _policy.Obligations)
{
if ((obl.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny) ||
(obl.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit))
{
context.Trace("Adding obligation: {0} ", obl.ObligationId);
_obligations.Add(obl);
}
}
}
return(_evaluationValue);
}
finally
{
context.RemoveIndent();
context.CurrentPolicy = null;
}
}
/// <summary>
/// Process the obligations for the policy.
/// </summary>
/// <param name="context">The evaluation context instance.</param>
private void ProcessObligations(EvaluationContext context)
{
_obligations = new pol.ObligationCollection();
if (_evaluationValue != Decision.Indeterminate &&
_evaluationValue != Decision.NotApplicable &&
_policySet.Obligations != null &&
_policySet.Obligations.Count != 0)
{
foreach (pol.ObligationElement obl in _policySet.Obligations)
{
if ((obl.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny) ||
(obl.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit))
{
context.Trace("Adding obligation: {0} ", obl.ObligationId);
_obligations.Add(obl);
}
}
// Get all obligations from child policies
foreach (IMatchEvaluable child in _policies)
{
IObligationsContainer oblig = child as IObligationsContainer;
if (oblig != null && oblig.Obligations != null)
{
foreach (pol.ObligationElement childObligation in oblig.Obligations)
{
if ((childObligation.FulfillOn == pol.Effect.Deny && _evaluationValue == Decision.Deny) ||
(childObligation.FulfillOn == pol.Effect.Permit && _evaluationValue == Decision.Permit))
{
_obligations.Add(childObligation);
}
}
}
}
}
}
