/// <summary>
        /// Initializes a new instance of the <see cref="PolicyInformationPoint"/> class.
        /// </summary>
        /// <param name="request">The request.</param>
        /// <param name="requestDoc">The request document.</param>
        public PolicyInformationPoint(XacmlContextRequest request, XmlDocument requestDoc) {
            Contract.Requires<ArgumentNullException>(request != null);
            Contract.Requires<ArgumentNullException>(requestDoc != null);

            this.request = request;
            this.attributesProcessor = AttributesProcessor.Instance;
            this.xpathProcessor = XPathProcessor.Instance;
            this.requestDocument = requestDoc;
        }
        public void WriteRequest_11()
        {
            var s = new XacmlContextSubject(new XacmlContextAttribute(new Uri("uri:action"), new Uri("uri:type"), new XacmlContextAttributeValue()));
            var r = new XacmlContextResource(new XacmlContextAttribute(new Uri("uri:action"), new Uri("uri:type"), new XacmlContextAttributeValue()));
            var a = new XacmlContextAction(new XacmlContextAttribute(new Uri("uri:action"), new Uri("uri:type"), new XacmlContextAttributeValue()));
            var request = new XacmlContextRequest(r, a, s);

            StringBuilder builder = new StringBuilder();
            using (XmlWriter writer = XmlWriter.Create(builder))
            {
                var serializer = new Xacml10ProtocolSerializer();
                serializer.WriteContextRequest(writer, request);
            }

            string xml = builder.ToString();
            ValidateMessage(xml, @"..\..\_Data\cs-xacml-schema-context-01.xsd");
        }
        /// <summary>
        /// public void WriteRequest
        /// </summary>
        /// <param name="writer">XmlWriter writer</param>
        /// <param name="data">XacmlContextRequest data</param>
        public virtual void WriteContextRequest(XmlWriter writer, XacmlContextRequest data) {
            Contract.Requires<ArgumentNullException>(writer != null);
            Contract.Requires<ArgumentNullException>(data != null);

            writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.Request, this.version.NamespaceContext);

            // Subject
            foreach (var subject in data.Subjects) {
                this.WriteContextSubject(writer, subject);
            }

            this.WriteContextResource(writer, data.Resources.First());

            this.WriteContextAction(writer, data.Action);

            if (data.Environment != null) {
                this.WriteContextEnvironment(writer, data.Environment);
            }

            writer.WriteEndElement();
        }
Exemplo n.º 4
0
        public override XacmlContextResponse Evaluate(XacmlContextRequest request, XmlDocument requestDoc = null) {
            this.advices = new Dictionary<XacmlEffectType, List<XacmlAdvice>>()
            {
                { XacmlEffectType.Permit, new List<XacmlAdvice>() },
                { XacmlEffectType.Deny, new List<XacmlAdvice>() }
            };

            this.applicablePolicies = new Dictionary<XacmlEffectType, List<XacmlContextPolicyIdReference>>()
            {
                { XacmlEffectType.Permit, new List<XacmlContextPolicyIdReference>() },
                { XacmlEffectType.Deny, new List<XacmlContextPolicyIdReference>() }
            };

            this.applicablePolicySets = new Dictionary<XacmlEffectType, List<XacmlContextPolicySetIdReference>>()
            {
                { XacmlEffectType.Permit, new List<XacmlContextPolicySetIdReference>() },
                { XacmlEffectType.Deny, new List<XacmlContextPolicySetIdReference>() }
            };

            return base.Evaluate(request, requestDoc);
        }
        public virtual XacmlContextRequest ReadContextRequest(XmlReader reader) {
            Contract.Requires<ArgumentNullException>(reader != null, "reader");

            if (!XacmlProtocolSerializer.CanReadContext(reader, XacmlConstants.ElementNames.Request, this.version.NamespaceContext)) {
                throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new InvalidOperationException());
            }

            reader.ReadStartElement(XacmlConstants.ElementNames.Request, this.version.NamespaceContext);

            List<XacmlContextSubject> subjects = new List<XacmlContextSubject>();
            this.ReadList(subjects, XacmlConstants.ElementNames.Subject, this.version.NamespaceContext, ReadContextSubject, reader, isRequired: true);

            XacmlContextRequest result = new XacmlContextRequest(
                this.ReadRequired(XacmlConstants.ElementNames.Resource, this.version.NamespaceContext, this.ReadContextResource, reader),
                this.ReadRequired(XacmlConstants.ElementNames.Action, this.version.NamespaceContext, this.ReadContextAction, reader),
                subjects
                );

            result.Environment = this.ReadOptional(XacmlConstants.ElementNames.Environment, this.version.NamespaceContext, this.ReadContextEnvironment, reader);

            reader.ReadEndElement();

            return result;
        }
Exemplo n.º 6
0
        protected override IEnumerable<XacmlContextResult> RequestEvaluate(XacmlContextRequest request) {
            // MultiRequests element in a Request
            if (request.RequestReferences.Count > 0) {
                var results = new List<XacmlContextResult>(request.RequestReferences.Count);
                foreach (var reference in request.RequestReferences) {
                    var refAttributes = request.Attributes.Where(x => reference.AttributeReferences.Contains(x.Id));
                    if (refAttributes.Count() != reference.AttributeReferences.Count) {
                        throw new XacmlInvalidSyntaxException("<RequestReference> contains an invalid reference.");
                    }

                    var refRequest = new XacmlContextRequest(request.ReturnPolicyIdList, false, refAttributes) { XPathVersion = request.XPathVersion };
                    results.AddRange(this.RequestEvaluate(refRequest));
                }

                return results;
            }

            // multiple instances of an Attributes element with the same category ID
            var category = request.Attributes
                .GroupBy(o => o.Category.OriginalString)
                .Where(x => x.Count() > 1)
                .Select(o => o.Key).FirstOrDefault();
            if (category != null) {
                var results = new List<XacmlContextResult>();
                var otherAttributes = request.Attributes.Where(x => x.Category.OriginalString != category);
                foreach (XacmlContextAttributes categoryAttribute in request.Attributes.Where(o => o.Category.OriginalString == category)) {
                    var refAttributes = otherAttributes.Concat(new XacmlContextAttributes[] { categoryAttribute });
                    var refRequest = new XacmlContextRequest(request.ReturnPolicyIdList, false, refAttributes) { XPathVersion = request.XPathVersion };
                    results.AddRange(this.RequestEvaluate(refRequest));
                }

                return results;
            }

            return base.RequestEvaluate(request);
        }
        /// <summary>
        /// Writes the context request.
        /// </summary>
        /// <param name="writer">The writer.</param>
        /// <param name="data">The data.</param>
        public override void WriteContextRequest(XmlWriter writer, XacmlContextRequest data) {
            writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.Request, this.version.NamespaceContext);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.ReturnPolicyIdList, data.ReturnPolicyIdList.ToString());
            writer.WriteAttributeString(XacmlConstants.AttributeNames.CombinedDecision, data.CombinedDecision.ToString());

            if (data.XPathVersion != null) {
                writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.RequestDefaults, this.version.NamespacePolicy);
                writer.WriteElementString(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.XPathVersion, this.version.NamespacePolicy, data.XPathVersion.OriginalString);
                writer.WriteEndElement();
            }

            foreach (XacmlContextAttributes attr in data.Attributes) {
                this.WriteContextAttributes(writer, attr);
            }

            if (data.RequestReferences.Count > 0) {
                writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.MultiRequests, this.version.NamespaceContext);

                foreach (var referCol in data.RequestReferences) {
                    writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.RequestReference, this.version.NamespaceContext);

                    foreach (string refer in referCol.AttributeReferences) {
                        writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.AttributesReference, this.version.NamespaceContext);
                        writer.WriteAttributeString(XacmlConstants.AttributeNames.ReferenceId, refer);
                        writer.WriteEndElement();
                    }

                    writer.WriteEndElement();
                }

                writer.WriteEndElement();
            }

            writer.WriteEndElement();
        }
        /// <summary>
        /// Reads the context request.
        /// </summary>
        /// <param name="reader">The reader.</param>
        /// <returns></returns>
        /// <exception cref="System.InvalidOperationException"></exception>
        public override XacmlContextRequest ReadContextRequest(XmlReader reader) {
            Contract.Requires<ArgumentNullException>(reader != null, "reader");

            if (!XacmlProtocolSerializer.CanReadContext(reader, XacmlConstants.ElementNames.Request, this.version.NamespaceContext)) {
                throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new InvalidOperationException());
            }

            bool returnPolicyIdList = this.ReadAttribute<bool>(reader, XacmlConstants.AttributeNames.ReturnPolicyIdList);

            //PROFILE - Multiple Decision Profile - #POL01 - #SPEC2760
            bool combinedDecision = this.ReadAttribute<bool>(reader, XacmlConstants.AttributeNames.CombinedDecision);
            if (combinedDecision) {
                throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new Abc.Xacml.Runtime.XacmlInvalidDataTypeException("Multiple Decision Profile not implemented"));
            }

            reader.ReadStartElement(XacmlConstants.ElementNames.Request, this.version.NamespaceContext);

            Uri pathVersion = null;
            if (reader.IsStartElement(XacmlConstants.ElementNames.RequestDefaults, this.version.NamespacePolicy)) {
                reader.ReadStartElement(XacmlConstants.ElementNames.RequestDefaults, this.version.NamespacePolicy);
                if (!reader.IsStartElement(XacmlConstants.ElementNames.XPathVersion, this.version.NamespacePolicy)) {
                    throw new XmlException("XPathVerison NotStartElement");
                }

                pathVersion = new Uri(reader.ReadElementContentAsString(XacmlConstants.ElementNames.XPathVersion, this.version.NamespacePolicy), UriKind.RelativeOrAbsolute);
                reader.ReadEndElement();
            }

            List<XacmlContextAttributes> attributes = new List<XacmlContextAttributes>();
            this.ReadList<XacmlContextAttributes>(attributes, XacmlConstants.ElementNames.Attributes, this.version.NamespaceContext, this.ReadContextAttributes, reader, isRequired: true);

            XacmlContextRequest result = new XacmlContextRequest(returnPolicyIdList, combinedDecision, attributes) {
                XPathVersion = pathVersion
            };

            if (reader.IsStartElement(XacmlConstants.ElementNames.MultiRequests, this.version.NamespacePolicy)) {
                reader.ReadStartElement(XacmlConstants.ElementNames.MultiRequests, this.version.NamespaceContext);

                this.ReadList<XacmlContextRequestReference>(result.RequestReferences, XacmlConstants.ElementNames.RequestReference, this.version.NamespaceContext,
                    o => {
                        reader.ReadStartElement(XacmlConstants.ElementNames.RequestReference, this.version.NamespaceContext);
                        ICollection<string> refer = new List<string>();
                        this.ReadList<string>(refer, XacmlConstants.ElementNames.AttributesReference, this.version.NamespaceContext,
                            b => {
                                var referenceId = this.ReadAttribute<string>(b, XacmlConstants.AttributeNames.ReferenceId);
                                b.Read();
                                return referenceId;
                            },
                            o, isRequired: true);
                        reader.ReadEndElement();
                        return new XacmlContextRequestReference(refer);
                    }, reader, isRequired: true);

                reader.ReadEndElement();
            }

            reader.ReadEndElement();

            return result;
        }
Exemplo n.º 9
0
        /// <summary>
        /// Evaluates the specified request.
        /// </summary>
        /// <param name="request">The request.</param>
        /// <param name="requestDoc">The request document.</param>
        /// <returns>The response.</returns>
        public virtual XacmlContextResponse Evaluate(XacmlContextRequest request, XmlDocument requestDoc) {
            Contract.Requires<ArgumentNullException>(request != null);
            Contract.Requires<ArgumentNullException>(requestDoc != null);

            this.requestDoc = requestDoc;
            this.obligations = new Dictionary<XacmlEffectType, List<XacmlObligation>>()
            {
                { XacmlEffectType.Permit, new List<XacmlObligation>() },
                { XacmlEffectType.Deny, new List<XacmlObligation>() }
            };

            return new XacmlContextResponse(this.RequestEvaluate(request));
        }
Exemplo n.º 10
0
        protected virtual IEnumerable<XacmlContextResult> RequestEvaluate(XacmlContextRequest request) {
            Contract.Requires<ArgumentNullException>(request != null);
            Contract.Assert(this.requestDoc != null);

            this.pip = new PolicyInformationPoint(request, this.requestDoc);

            // Hierarchical resources
            /*
            var scopeAttribute = request.Resources.SelectMany(x => x.Attributes).FirstOrDefault(y => y.AttributeId.OriginalString == "urn:oasis:names:tc:xacml:1.0:resource:scope");
            if (scopeAttribute != null) {
                
                var resourceAttrubute = request.Resources.SelectMany(x => x.Attributes).FirstOrDefault(y => y.AttributeId.OriginalString == "urn:oasis:names:tc:xacml:1.0:resource:resource-id");
                if (resourceAttrubute == null) {
                    // TODO: throw new XacmlPo
                }

                var resource = new XacmlContextResource(resourceAttrubute); 

                var refRequest = new XacmlContextRequest(resource, request.Action, request.Subjects);
                return this.RequestEvaluate(refRequest);
            }
             */ 

            XacmlContextResult result = null;
            try {
                XacmlDecisionResult decisionResult; 
                if (this.policySet != null) {
                    decisionResult = this.PolicySetEvaluate(this.policySet);
                }
                else if (this.policy != null) {
                    decisionResult = this.PolicyEvaluate(this.policy);
                }
                else {
                    throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new InvalidOperationException("Policy missing"));
                }

                result = this.MakeResult(decisionResult, new XacmlContextStatus(XacmlContextStatusCode.Success));
            }
            catch (XacmlException ex) {
                Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(ex);
                result = this.MakeResult(XacmlDecisionResult.Indeterminate, new XacmlContextStatus(new XacmlContextStatusCode(ex.StatusCode)) { StatusMessage = ex.Message });
            }

            return new XacmlContextResult[] { result };
        }
        /// <summary>
        /// Writes the context request.
        /// </summary>
        /// <param name="writer">The writer.</param>
        /// <param name="data">The data.</param>
        public override void WriteContextRequest(XmlWriter writer, XacmlContextRequest data) {
            writer.WriteStartElement(XacmlConstants.Prefixes.Context, XacmlConstants.ElementNames.Request, this.version.NamespaceContext);

            // Subject
            foreach (var subject in data.Subjects) {
                this.WriteContextSubject(writer, subject);
            }

            foreach (var resource in data.Resources) {
                this.WriteContextResource(writer, resource);
            }

            this.WriteContextAction(writer, data.Action);

            this.WriteContextEnvironment(writer, data.Environment);

            writer.WriteEndElement();
        }