private static PolicySet GetResponsePolicySet(DelegationRequestPolicySet maskPolicySet, PolicySet evidencePolicySet) { var responsePolicySet = new PolicySet { MaxDelegationDepth = evidencePolicySet.MaxDelegationDepth, Target = evidencePolicySet.Target, Policies = new List <Policy>() }; foreach (var maskPolicy in maskPolicySet.Policies) { var matchingPolicies = evidencePolicySet.Policies.Where(e => IsMatchingPolicy(maskPolicy, e)); var responsePolicy = new Policy { Target = maskPolicy.Target, Rules = new List <PolicyRule>() }; var rule = PolicyRule.Permit(); if (!matchingPolicies.Any() || matchingPolicies.Any(e => AccessDeniedToContainers(maskPolicy, e))) { rule = PolicyRule.Deny(); } AddRuleAndPolicy(responsePolicySet, responsePolicy, rule); } return(responsePolicySet); }
public DelegationMask(IReadOnlyCollection <string> identifiers, string policyIssuer, string accessSubject, IReadOnlyCollection <string> attributes, IReadOnlyCollection <string> actions, string resourceType, string serviceProvider) { var policy = new Policy { Target = new PolicyTarget { Resource = new PolicyTargetResource { Type = resourceType, Identifiers = identifiers.ToList(), Attributes = attributes.ToList() }, Actions = actions.ToList(), Environment = new PolicyTargetEnvironment { ServiceProviders = new List <string> { serviceProvider } } }, Rules = new List <PolicyRule> { PolicyRule.Permit() } }; var policySet = new DelegationRequestPolicySet { Policies = new List <Policy> { policy } }; var request = new DelegationRequest { PolicyIssuer = policyIssuer, Target = new Target { AccessSubject = accessSubject }, PolicySets = new List <DelegationRequestPolicySet> { policySet } }; DelegationRequest = request; }
public DelegationMask(string containerId, string policyIssuer, string accessSubject, IReadOnlyCollection <string> attributes, string action, string resourceType = "CONTAINER.DATA") { var policy = new Policy { Target = new PolicyTarget { Resource = new PolicyTargetResource { Type = resourceType, Identifiers = new List <string> { containerId.ToUpper(CultureInfo.CurrentCulture) }, Attributes = attributes.ToList() }, Actions = new List <string> { action.ToUpper(CultureInfo.CurrentCulture) } }, Rules = new List <PolicyRule> { PolicyRule.Permit() } }; var policySet = new DelegationRequestPolicySet { Policies = new List <Policy> { policy } }; var request = new DelegationRequest { PolicyIssuer = policyIssuer, Target = new Target { AccessSubject = accessSubject }, PolicySets = new List <DelegationRequestPolicySet> { policySet } }; DelegationRequest = request; }
public DelegationMask(string containerId, string policyIssuer, string accessSubject, string attribute, string action) { var type = "CONTAINER.DATA"; var policy = new Policy { Target = new PolicyTarget { Resource = new PolicyTargetResource { Type = type, Identifiers = new List <string>() { containerId.ToUpper() }, Attributes = new List <string>() { type + ".ATTRIBUTE." + attribute?.ToUpper() } }, Actions = new List <string>() { "ISHARE." + action.ToUpper() }, }, Rules = new List <PolicyRule>() { PolicyRule.Permit() } }; var policySet = new DelegationRequestPolicySet { Policies = new List <Policy>() { policy } }; var request = new DelegationRequest { PolicyIssuer = policyIssuer, Target = new Target { AccessSubject = accessSubject }, PolicySets = new List <DelegationRequestPolicySet>() { policySet } }; DelegationRequest = request; }
public ValidationResult Validate(DelegationMask delegationMask) { var policySets = delegationMask.DelegationRequest.PolicySets; for (int i = 0; i < policySets.Count; i++) { var policies = policySets[i].Policies; for (int j = 0; j < policies.Count; j++) { if (!policies[j].Rules.Any(r => r.Effect == PolicyRule.Permit().Effect)) { return(ValidationResult.Invalid( "delegationRequest.policySets[" + i + "].policies[" + j + "] does not contain a rule with the Effect 'Permit'")); } } } return(ValidationResult.Valid()); }