Exemplos de código com XacmlRule, Abc.Xacml.Policy em C# (CSharp)

Exemplo n.º 1

0

Exibir arquivo

Arquivo: XacmlProtocolSerializerFixture.cs Projeto: abc-software/abc.xacml

        public void WritePolicy_11() {
            var subject = new XacmlSubject(
                new XacmlSubjectMatch[] 
                {  
                    new XacmlSubjectMatch(
                        new Uri("http://www.MatchId.www"),
                        new XacmlAttributeValue(new Uri("http://www.DataType.www")), 
                        new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www") })
                });

            var target = new XacmlTarget(subject, null, null);
            XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicySetId.www"), new Uri("http://www.PolicyCombiningAlgId.www"), target);
            xacmlPolicySet.Description = "description string";
            xacmlPolicySet.XPathVersion = Xacml10Constants.XPathVersions.Xpath10;
            
            XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), new XacmlTarget()) {
                Description = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };

            XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) {
                Description = "xacmlRule description"
            };

            xacmlPolicy.Rules.Add(xacmlRule);
            XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"));
            XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment });
            xacmlPolicy.Obligations.Add(xacmlObligation);

            xacmlPolicySet.Policies.Add(xacmlPolicy);

            StringBuilder builder = new StringBuilder();
            using (XmlWriter writer = XmlWriter.Create(builder)) {
                var serializer = new Xacml10ProtocolSerializer();
                serializer.WritePolicySet(writer, xacmlPolicySet);
            }

            string xml = builder.ToString();
            ValidateMessage(xml, @"..\..\_Data\cs-xacml-schema-policy-01.xsd");
        }

Exemplo n.º 2

0

Exibir arquivo

Arquivo: XacmlProtocolSerializerFixture.cs Projeto: abc-software/abc.xacml

        public void WritePolicy_20() {
            var subject = new XacmlSubject(
                new XacmlSubjectMatch[] 
                {  
                    new XacmlSubjectMatch(
                        new Uri("http://www.MatchId.www"),
                        new XacmlAttributeValue(new Uri("http://www.DataType.www")), 
                        new XacmlSubjectAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false, Category = new Uri("http://www.subjectCategory.www")}
                        )
                });

            var resource = new XacmlResource(
            new XacmlResourceMatch[] 
                { 
                    new XacmlResourceMatch(
                        new Uri("http://www.MatchId.www"), 
                        new XacmlAttributeValue(new Uri("http://www.DataType.www") /*, "xxxx" */), 
                        new XacmlResourceAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")) { Issuer = "String", MustBePresent = false} 
                        )
                });

            var action = new XacmlAction(
                new XacmlActionMatch[] 
                { 
                    new XacmlActionMatch(
                        new Uri("http://www.MatchId.www"), 
                        new XacmlAttributeValue(new Uri("http://www.DataType.www")), 
                        new XacmlActionAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")){ Issuer = "String", MustBePresent = false} 
                        )
                });

            var target = new XacmlTarget(subject, resource, action, null);

            // new Uri("http://www.PolicySetId.www")
            XacmlPolicySet xacmlPolicySet = new XacmlPolicySet(new Uri("http://www.PolicyCombiningAlgId.www"), target) {
                Description = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };
            
            ////#region Policy
            XacmlEnvironment env = new XacmlEnvironment(
                new XacmlEnvironmentMatch[]
                {
                    new XacmlEnvironmentMatch(
                        new Uri("http://www.EnvironmentMatchIdId.www"), 
                        new XacmlAttributeValue(new Uri("http://www.AttributValue.www")), 
                        new XacmlEnvironmentAttributeDesignator(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www")){ Issuer = "String", MustBePresent = false} 
                        )
                });

            XacmlTarget targetWithEnvironment = new XacmlTarget(null, null, null, new XacmlEnvironment[] { env });

            XacmlPolicy xacmlPolicy = new XacmlPolicy(new Uri("http://www.PolicyId.www"), new Uri("http://www.RuleCombiningAlgId.www"), targetWithEnvironment) {
                Description = "description string",
                XPathVersion = Xacml10Constants.XPathVersions.Xpath10,
            };

            XacmlRule xacmlRule = new XacmlRule("http://www.RuleId.www", XacmlEffectType.Permit) {
                Description = "xacmlRule description"
            };

            xacmlPolicy.Rules.Add(xacmlRule);

            XacmlAttributeAssignment xacmlAttributeAssignment = new XacmlAttributeAssignment(new Uri("http://www.AttributeId.www"), new Uri("http://www.DataType.www"));
            XacmlObligation xacmlObligation = new XacmlObligation(new Uri("http://www.ObligationId.www"), XacmlEffectType.Permit, new XacmlAttributeAssignment[] { xacmlAttributeAssignment });
            xacmlPolicy.Obligations.Add(xacmlObligation);

            xacmlPolicySet.Policies.Add(xacmlPolicy);

            StringBuilder builder = new StringBuilder();
            using (XmlWriter writer = XmlWriter.Create(builder)) {
                var serializer = new Xacml20ProtocolSerializer();
                serializer.WritePolicySet(writer, xacmlPolicySet);
            }

            string xml = builder.ToString();
            ValidateMessage(xml, @"..\..\_Data\access_control-xacml-2.0-policy-schema-os.xsd");
        }

Exemplo n.º 3

0

Exibir arquivo

Arquivo: Xacml30ProtocolSerializer.cs Projeto: abc-software/abc.xacml

        /// <summary>
        /// Reads the rule.
        /// </summary>
        /// <param name="reader">The reader.</param>
        /// <returns></returns>
        /// <exception cref="System.Xml.XmlException">
        /// RuleId IsNullOrEmpty
        /// or
        /// Effect IsNullEmpty
        /// </exception>
        /// <exception cref="XacmlSerializationException">Wrong XacmlEffectType value</exception>
        protected override XacmlRule ReadRule(XmlReader reader) {
            Contract.Requires<ArgumentNullException>(reader != null, "reader");
            Contract.Requires<XmlException>(reader.IsStartElement(XacmlConstants.ElementNames.Rule, this.version.NamespacePolicy));

            var gaRuleId = reader.GetAttribute("RuleId");

            if (string.IsNullOrEmpty(gaRuleId)) {
                throw new XmlException("RuleId IsNullOrEmpty");
            }

            var gaEffect = reader.GetAttribute("Effect");
            XacmlEffectType effectType = XacmlEffectType.Deny;
            if (string.Equals(gaEffect, "Deny", StringComparison.OrdinalIgnoreCase)) {
                effectType = XacmlEffectType.Deny;
            }
            else if (string.Equals(gaEffect, "Permit", StringComparison.OrdinalIgnoreCase)) {
                effectType = XacmlEffectType.Permit;
            }
            else {
                throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new XacmlSerializationException("Wrong XacmlEffectType value"));
            }


            if (string.IsNullOrEmpty(gaEffect)) {
                throw Diagnostic.DiagnosticTools.ExceptionUtil.ThrowHelperError(new XmlException("Effect IsNullEmpty"));
            }
            reader.ReadStartElement(XacmlConstants.ElementNames.Rule, this.version.NamespacePolicy);

            string description = null;
            if (reader.IsStartElement(XacmlConstants.ElementNames.Description, this.version.NamespacePolicy)) {
                description = reader.ReadElementContentAsString(XacmlConstants.ElementNames.Description, this.version.NamespacePolicy);
            }

            XacmlTarget target = null;
            if (reader.IsStartElement(XacmlConstants.ElementNames.Target, this.version.NamespacePolicy)) {
                target = this.ReadTarget(reader);
            }

            XacmlExpression condition = null;
            if (reader.IsStartElement(XacmlConstants.ElementNames.Condition, this.version.NamespacePolicy)) {
                condition = this.ReadCondition(reader);
            }

            XacmlRule result = new XacmlRule(gaRuleId, effectType) { Description = description, Target = target, Condition = condition };
            if (reader.IsStartElement(XacmlConstants.ElementNames.ObligationExpressions, this.version.NamespacePolicy)) {
                reader.ReadStartElement(XacmlConstants.ElementNames.ObligationExpressions, this.version.NamespacePolicy);
                this.ReadList(result.Obligations, XacmlConstants.ElementNames.ObligationExpression, this.version.NamespacePolicy, this.ReadObligationExpression, reader, isRequired: true);
                reader.ReadEndElement();
            }

            if (reader.IsStartElement(XacmlConstants.ElementNames.AdviceExpressions, this.version.NamespacePolicy)) {
                reader.ReadStartElement(XacmlConstants.ElementNames.AdviceExpressions, this.version.NamespacePolicy);
                this.ReadList(result.Advices, XacmlConstants.ElementNames.AdviceExpression, this.version.NamespacePolicy, this.ReadAdviceExpression, reader, isRequired: true);
                reader.ReadEndElement();
            }

            reader.ReadEndElement();
            return result;
        }

Exemplo n.º 4

0

Exibir arquivo

Arquivo: Xacml30ProtocolSerializer.cs Projeto: abc-software/abc.xacml

        /// <summary>
        /// Writes the rule.
        /// </summary>
        /// <param name="writer">The writer.</param>
        /// <param name="data">The data.</param>
        protected override void WriteRule(XmlWriter writer, XacmlRule data) {
            writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Rule, this.version.NamespacePolicy);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.RuleId, data.RuleId);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.Effect, data.Effect.ToString());

            if (data.Description != null) {
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Description, this.version.NamespacePolicy, data.Description);
            }

            if (data.Target != null) {
                this.WriteTarget(writer, data.Target);
            }

            if (data.Condition != null) {
                this.WriteCondition(writer, data.Condition);
            }

            if (data.Obligations.Count > 0) {
                writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.ObligationExpressions, this.version.NamespacePolicy);

                foreach (XacmlObligationExpression ex in data.Obligations) {
                    this.WriteObligationExpression(writer, ex);
                }

                writer.WriteEndElement();
            }

            if (data.Advices.Count > 0) {
                writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.AdviceExpressions, this.version.NamespacePolicy);

                foreach (XacmlAdviceExpression ex in data.Advices) {
                    this.WriteAdviceExpression(writer, ex);
                }

                writer.WriteEndElement();
            }

            writer.WriteEndElement();
        }

Exemplo n.º 5

0

Exibir arquivo

Arquivo: EvaluationEngine.cs Projeto: abc-software/abc.xacml

        /// <summary>
        ///
        /// </summary>
        /// <param name="rule"></param>
        /// <param name="policy"></param>
        /// <returns>Rezultats un Rule Effect type, lai varētu korrekti piemerot Rule Combined Algorithms</returns>
        protected virtual Tuple<XacmlDecisionResult, string> RuleEvaluate(XacmlRule rule) {
            Contract.Requires<ArgumentNullException>(rule != null);

            ///// <Target>            <Condition>         <Rule>
            ///// "Match"             "True"              Effect
            ///// "Match"             "False"             "NotApplicable"
            ///// "Match"             "Indeterminate"     "Indeterminate"
            ///// "NoMatch"           Don`t care          "NotApplicable"
            ///// "Indeternimate"     Don`t care          "Indeterminate"

            // Target
            // If this element is omitted, then the target for the <Rule> SHALL be defined by the <Target> element of the enclosing <Policy> element.
            XacmlTarget target = rule.Target ?? this.currentEvaluatingPolicy.Target;
            XacmlMatchResult targetResult = this.TargetEvaluate(target);

            if (targetResult == XacmlMatchResult.NoMatch) {
                return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.NotApplicable, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
            }

            if (targetResult == XacmlMatchResult.Indeterminate) {
                return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.Indeterminate, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
            }

            // Condition
            // if XACML v 1.0
            // The condition value SHALL be "True" if the <Condition> element is absent
            bool? conditionResult = true;
            if (rule.Condition != null) {
                conditionResult = this.ConditionEvaluate(rule.Condition);
            }

            // Target is Match
            XacmlDecisionResult ruleResult;
            if (!conditionResult.HasValue) {
                ruleResult = XacmlDecisionResult.Indeterminate;
            }
            else if (conditionResult.Value) {
                ruleResult = (XacmlDecisionResult)(Enum.Parse(typeof(XacmlDecisionResult), Enum.GetName(typeof(XacmlEffectType), rule.Effect)));
            }
            else {
                ruleResult = XacmlDecisionResult.NotApplicable;
            }

            return new Tuple<XacmlDecisionResult, string>(ruleResult, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
        }

Exemplo n.º 6

0

Exibir arquivo

Arquivo: EvaluationEngine30.cs Projeto: abc-software/abc.xacml

        protected override Tuple<XacmlDecisionResult, string> RuleEvaluate(XacmlRule rule) {
            ///// <Target>                        <Condition>         <Rule>
            ///// "Match" or no target            "True"              Effect
            ///// "Match" or no target            "False"             "NotApplicable"
            ///// "Match" or no target            "Indeterminate"     “Indeterminate{P}” if the Effect is Permit, or “Indeterminate{D}” if the Effect is Deny
            ///// "NoMatch"                        Don`t care          "NotApplicable"
            ///// "Indeternimate"                  Don`t care          “Indeterminate{P}” if the Effect is Permit, or “Indeterminate{D}” if the Effect is Deny
            XacmlDecisionResult ruleResult = XacmlDecisionResult.Indeterminate;

            // Wrap for Obligations and Advice, read more on AttributeAssignmentsWrapper class description
            using (AttributeAssignmentsWrapper<XacmlObligation> obligationWrapper = new AttributeAssignmentsWrapper<XacmlObligation>(() => this.obligations, o => this.obligations = o, () => ruleResult)) {
                using (AttributeAssignmentsWrapper<XacmlAdvice> adviceWrapper = new AttributeAssignmentsWrapper<XacmlAdvice>(() => this.advices, o => this.advices = o, () => ruleResult)) {
                    // Target
                    // If this element is omitted, then the target for the <Rule> SHALL be defined by the <Target> element of the enclosing <Policy> element.
                    XacmlTarget target = rule.Target ?? this.currentEvaluatingPolicy.Target;
                    XacmlMatchResult targetResult = this.TargetEvaluate(target);

                    if (targetResult == XacmlMatchResult.NoMatch) {
                        return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.NotApplicable, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                    }

                    if (targetResult == XacmlMatchResult.Indeterminate) {
                        return new Tuple<XacmlDecisionResult, string>(rule.Effect == XacmlEffectType.Permit ? XacmlDecisionResult.IndeterminateP : XacmlDecisionResult.IndeterminateD, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                    }

                    // Condition
                    // if XACML v 1.0
                    // The condition value SHALL be "True" if the <Condition> element is absent
                    bool? conditionResult = true;
                    if (rule.Condition != null) {
                        conditionResult = this.ConditionEvaluate(rule.Condition);
                    }

                    // Target is Match
                    if (!conditionResult.HasValue) {
                        ruleResult = rule.Effect == XacmlEffectType.Permit ? XacmlDecisionResult.IndeterminateP : XacmlDecisionResult.IndeterminateD;
                    }
                    else if (conditionResult.Value) {
                        ruleResult = (XacmlDecisionResult)(Enum.Parse(typeof(XacmlDecisionResult), Enum.GetName(typeof(XacmlEffectType), rule.Effect)));
                    }
                    else {
                        ruleResult = XacmlDecisionResult.NotApplicable;
                    }

                    // Permit
                    if (ruleResult == XacmlDecisionResult.Permit) {
                        if (rule.Obligations.Count > 0) {
                            IEnumerable<XacmlObligationExpression> obligationsWithPermit = rule.Obligations.Where(o => o.FulfillOn == XacmlEffectType.Permit);
                            foreach (XacmlObligationExpression expression in obligationsWithPermit) {
                                List<XacmlAttributeAssignment> attributeAssigments = new List<XacmlAttributeAssignment>();
                                foreach (XacmlAttributeAssignmentExpression ex in expression.AttributeAssignmentExpressions) {
                                    IEnumerable<XacmlAttributeAssignment> assignment = this.AttributeAssignmentExpressionEvaluate(ex);
                                    // ja Indeterminate, tad rezultāts arī
                                    if (assignment == null) {
                                        return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.Indeterminate, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                                    }

                                    attributeAssigments.AddRange(assignment);
                                }

                                XacmlObligation obligation = new XacmlObligation(expression.ObligationId, attributeAssigments);
                                this.obligations[expression.FulfillOn].Add(obligation);
                            }
                        }

                        if (rule.Advices.Count > 0) {
                            IEnumerable<XacmlAdviceExpression> advicesWithPermit = rule.Advices.Where(o => o.AppliesTo == XacmlEffectType.Permit);
                            foreach (XacmlAdviceExpression expression in advicesWithPermit) {
                                List<XacmlAttributeAssignment> attributeAssigments = new List<XacmlAttributeAssignment>();
                                foreach (XacmlAttributeAssignmentExpression ex in expression.AttributeAssignmentExpressions) {
                                    IEnumerable<XacmlAttributeAssignment> assignment = this.AttributeAssignmentExpressionEvaluate(ex);
                                    // ja Indeterminate, tad rezultāts arī
                                    if (assignment == null) {
                                        return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.Indeterminate, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                                    }

                                    attributeAssigments.AddRange(assignment);
                                }

                                XacmlAdvice advice = new XacmlAdvice(expression.AdviceId, attributeAssigments);
                                this.advices[expression.AppliesTo].Add(advice);
                            }
                        }
                    }

                    // Deny
                    if (ruleResult == XacmlDecisionResult.Deny) {
                        if (rule.Obligations.Count > 0) {
                            IEnumerable<XacmlObligationExpression> obligationsWithPermit = rule.Obligations.Where(o => o.FulfillOn == XacmlEffectType.Deny);
                            foreach (XacmlObligationExpression expression in obligationsWithPermit) {
                                List<XacmlAttributeAssignment> attributeAssigments = new List<XacmlAttributeAssignment>();
                                foreach (XacmlAttributeAssignmentExpression ex in expression.AttributeAssignmentExpressions) {
                                    IEnumerable<XacmlAttributeAssignment> assignment = this.AttributeAssignmentExpressionEvaluate(ex);
                                    // ja Indeterminate, tad rezultāts arī
                                    if (assignment == null) {
                                        return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.Indeterminate, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                                    }

                                    attributeAssigments.AddRange(assignment);
                                }

                                XacmlObligation obligation = new XacmlObligation(expression.ObligationId, attributeAssigments);
                                this.obligations[expression.FulfillOn].Add(obligation);
                            }
                        }

                        if (rule.Advices.Count > 0) {
                            IEnumerable<XacmlAdviceExpression> advicesWithPermit = rule.Advices.Where(o => o.AppliesTo == XacmlEffectType.Deny);
                            foreach (XacmlAdviceExpression expression in advicesWithPermit) {
                                List<XacmlAttributeAssignment> attributeAssigments = new List<XacmlAttributeAssignment>();
                                foreach (XacmlAttributeAssignmentExpression ex in expression.AttributeAssignmentExpressions) {
                                    IEnumerable<XacmlAttributeAssignment> assignment = this.AttributeAssignmentExpressionEvaluate(ex);
                                    // ja Indeterminate, tad rezultāts arī
                                    if (assignment == null) {
                                        return new Tuple<XacmlDecisionResult, string>(XacmlDecisionResult.Indeterminate, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
                                    }

                                    attributeAssigments.AddRange(assignment);
                                }

                                XacmlAdvice advice = new XacmlAdvice(expression.AdviceId, attributeAssigments);
                                this.advices[expression.AppliesTo].Add(advice);
                            }
                        }
                    }
                }
            }

            return new Tuple<XacmlDecisionResult, string>(ruleResult, Enum.GetName(typeof(XacmlEffectType), rule.Effect));
        }

Exemplo n.º 7

0

Exibir arquivo

Arquivo: XacmlProtocolSerializerWrite.cs Projeto: abc-software/abc.xacml

        /// <summary>
        /// protected virtual void WriteRule
        /// </summary>
        /// <param name="writer">XmlWriter writer</param>
        /// <param name="data">XacmlRule data</param>
        protected virtual void WriteRule(XmlWriter writer, XacmlRule data) {
            Contract.Requires<ArgumentNullException>(writer != null);
            Contract.Requires<ArgumentNullException>(data != null);

            writer.WriteStartElement(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Rule, this.version.NamespacePolicy);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.RuleId, data.RuleId);
            writer.WriteAttributeString(XacmlConstants.AttributeNames.Effect, data.Effect.ToString());

            if (data.Description != null) {
                writer.WriteElementString(XacmlConstants.Prefixes.Policy, XacmlConstants.ElementNames.Description, this.version.NamespacePolicy, data.Description);
            }

            if (data.Target != null) {
                this.WriteTarget(writer, data.Target);
            }

            if (data.Condition != null) {
                this.WriteCondition(writer, data.Condition);
            }

            writer.WriteEndElement();
        }

Exemplos de Abc.Xacml.Policy XacmlRule em C# (CSharp)