public void Dispose() { XacmlDecisionResult result = this.resultGetter(); IDictionary <XacmlEffectType, List <T> > dict = this.reference.Value; if (result == XacmlDecisionResult.Permit && dict.ContainsKey(XacmlEffectType.Permit)) { if (!this.savedOriginalCollection.ContainsKey(XacmlEffectType.Permit)) { this.savedOriginalCollection.Add(XacmlEffectType.Permit, new List <T>()); } this.savedOriginalCollection[XacmlEffectType.Permit].AddRange(dict[XacmlEffectType.Permit]); } if (result == XacmlDecisionResult.Deny && dict.ContainsKey(XacmlEffectType.Deny)) { if (!this.savedOriginalCollection.ContainsKey(XacmlEffectType.Deny)) { this.savedOriginalCollection.Add(XacmlEffectType.Deny, new List <T>()); } this.savedOriginalCollection[XacmlEffectType.Deny].AddRange(dict[XacmlEffectType.Deny]); } this.reference.Value = savedOriginalCollection; }
public static XacmlDecisionResult PolicyFirstApplicable(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams) { foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > resultDataFunc in results) { Tuple <XacmlDecisionResult, string> resultData = (Tuple <XacmlDecisionResult, string>)resultDataFunc.Item2["evaluate"](); XacmlDecisionResult result = resultData.Item1; if (result == XacmlDecisionResult.Deny) { return(XacmlDecisionResult.Deny); } if (result == XacmlDecisionResult.Permit) { return(XacmlDecisionResult.Permit); } if (result == XacmlDecisionResult.NotApplicable) { continue; } if (result == XacmlDecisionResult.Indeterminate || result == XacmlDecisionResult.IndeterminateD || result == XacmlDecisionResult.IndeterminateP || result == XacmlDecisionResult.IndeterminateDP) { return(XacmlDecisionResult.Indeterminate); } } return(XacmlDecisionResult.NotApplicable); }
public static XacmlDecisionResult RuleDenyOverrides(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams) { bool atLeastOneError = false; bool potentialDeny = false; bool atLeastOnePermit = false; foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > resultDataFunc in results) { Tuple <XacmlDecisionResult, string> resultData = (Tuple <XacmlDecisionResult, string>)resultDataFunc.Item2["evaluate"](); XacmlDecisionResult result = resultData.Item1; if (result == XacmlDecisionResult.Deny) { return(XacmlDecisionResult.Deny); } if (result == XacmlDecisionResult.Permit) { atLeastOnePermit = true; continue; } if (result == XacmlDecisionResult.NotApplicable) { continue; } if (result == XacmlDecisionResult.Indeterminate) { atLeastOneError = true; if (resultData.Item2 == "Deny") { potentialDeny = true; } continue; } } if (potentialDeny) { return(XacmlDecisionResult.Indeterminate); } if (atLeastOnePermit) { return(XacmlDecisionResult.Permit); } if (atLeastOneError) { return(XacmlDecisionResult.Indeterminate); } return(XacmlDecisionResult.NotApplicable); }
public static XacmlDecisionResult PermitUnlessDeny_30(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams) { foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > elem in results) { Tuple <XacmlDecisionResult, string> decisionRes = (Tuple <XacmlDecisionResult, string>)elem.Item2["evaluate"](); XacmlDecisionResult decision = decisionRes.Item1; if (decision == XacmlDecisionResult.Deny) { return(XacmlDecisionResult.Deny); } } return(XacmlDecisionResult.Permit); }
protected virtual XacmlContextResult MakeResult(XacmlDecisionResult decision, XacmlContextStatus status) { XacmlContextDecision resultDecision = XacmlContextDecision.NotApplicable; switch (decision) { case XacmlDecisionResult.Deny: resultDecision = XacmlContextDecision.Deny; break; case XacmlDecisionResult.Indeterminate: case XacmlDecisionResult.IndeterminateD: case XacmlDecisionResult.IndeterminateP: case XacmlDecisionResult.IndeterminateDP: resultDecision = XacmlContextDecision.Indeterminate; break; case XacmlDecisionResult.Permit: resultDecision = XacmlContextDecision.Permit; break; } var result = new XacmlContextResult(resultDecision) { Status = status, }; if (decision == XacmlDecisionResult.Permit) { foreach (var obligation in this.obligations[XacmlEffectType.Permit]) { result.Obligations.Add(obligation); } } if (decision == XacmlDecisionResult.Deny) { foreach (var obligation in this.obligations[XacmlEffectType.Deny]) { result.Obligations.Add(obligation); } } return result; }
public static XacmlDecisionResult PermitOvverides_30(IEnumerable <Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > > results, IEnumerable <XacmlCombinerParameter> additionalParams) { bool atLeastOneErrorD = false; bool atLeastOneErrorP = false; bool atLeastOneErrorDP = false; bool atLeastOneDeny = false; foreach (Tuple <IEnumerable <XacmlCombinerParameter>, IDictionary <string, Func <object> > > elem in results) { Tuple <XacmlDecisionResult, string> decisionRes = (Tuple <XacmlDecisionResult, string>)elem.Item2["evaluate"](); XacmlDecisionResult decision = decisionRes.Item1; if (decision == XacmlDecisionResult.Deny) { atLeastOneDeny = true; continue; } if (decision == XacmlDecisionResult.Permit) { return(XacmlDecisionResult.Permit); } if (decision == XacmlDecisionResult.NotApplicable) { continue; } if (decision == XacmlDecisionResult.IndeterminateD) { atLeastOneErrorD = true; continue; } if (decision == XacmlDecisionResult.IndeterminateP) { atLeastOneErrorP = true; continue; } if (decision == XacmlDecisionResult.IndeterminateDP) { atLeastOneErrorDP = true; continue; } } if (atLeastOneErrorDP) { return(XacmlDecisionResult.IndeterminateDP); } if (atLeastOneErrorP && (atLeastOneErrorD || atLeastOneDeny)) { return(XacmlDecisionResult.IndeterminateDP); } if (atLeastOneErrorP) { return(XacmlDecisionResult.IndeterminateP); } if (atLeastOneDeny) { return(XacmlDecisionResult.Deny); } if (atLeastOneErrorD) { return(XacmlDecisionResult.IndeterminateD); } return(XacmlDecisionResult.NotApplicable); }
protected XacmlDecisionResult SpecifyCombiningAlgorithmResult(XacmlDecisionResult combAlgRes) { switch (combAlgRes) { case XacmlDecisionResult.NotApplicable: return XacmlDecisionResult.NotApplicable; case XacmlDecisionResult.Permit: return XacmlDecisionResult.IndeterminateP; case XacmlDecisionResult.Deny: return XacmlDecisionResult.IndeterminateD; case XacmlDecisionResult.Indeterminate: return XacmlDecisionResult.IndeterminateDP; case XacmlDecisionResult.IndeterminateDP: return XacmlDecisionResult.IndeterminateDP; case XacmlDecisionResult.IndeterminateP: return XacmlDecisionResult.IndeterminateP; case XacmlDecisionResult.IndeterminateD: return XacmlDecisionResult.IndeterminateD; default: return XacmlDecisionResult.IndeterminateDP; } }
protected override XacmlContextResult MakeResult(XacmlDecisionResult decision, XacmlContextStatus status) { XacmlContextDecision resultDecision = XacmlContextDecision.NotApplicable; switch (decision) { case XacmlDecisionResult.Deny: resultDecision = XacmlContextDecision.Deny; break; case XacmlDecisionResult.Indeterminate: case XacmlDecisionResult.IndeterminateD: case XacmlDecisionResult.IndeterminateP: case XacmlDecisionResult.IndeterminateDP: resultDecision = XacmlContextDecision.Indeterminate; break; case XacmlDecisionResult.Permit: resultDecision = XacmlContextDecision.Permit; break; } //PROFILE - Multiple Decision Profile - #POL01 (Fists()) var result = new XacmlContextResult(resultDecision) { Status = status, }; foreach (var attribute in this.pip.GetAttributesWithIncludeInResult()) { result.Attributes.Add(attribute); }; if (decision == XacmlDecisionResult.Permit) { foreach (var obligation in this.obligations[XacmlEffectType.Permit]) { result.Obligations.Add(obligation); } foreach (var advice in this.advices[XacmlEffectType.Permit]) { result.Advices.Add(advice); } if (pip.ReturnPolicyIdList()) { foreach (var policyIdReferences in this.applicablePolicies[XacmlEffectType.Permit]) { result.PolicyIdReferences.Add(policyIdReferences); } foreach (var policySetIdReferences in this.applicablePolicySets[XacmlEffectType.Permit]) { result.PolicySetIdReferences.Add(policySetIdReferences); } } } if (decision == XacmlDecisionResult.Deny) { foreach (var obligation in this.obligations[XacmlEffectType.Deny]) { result.Obligations.Add(obligation); } foreach (var advice in this.advices[XacmlEffectType.Deny]) { result.Advices.Add(advice); } if (pip.ReturnPolicyIdList()) { foreach (var policyIdReferences in this.applicablePolicies[XacmlEffectType.Deny]) { result.PolicyIdReferences.Add(policyIdReferences); } foreach (var policySetIdReferences in this.applicablePolicySets[XacmlEffectType.Deny]) { result.PolicySetIdReferences.Add(policySetIdReferences); } } } return result; }