/// <summary> /// Evauluate the Apply. /// </summary> /// <param name="request">The context request.</param> /// <returns>The match result.</returns> public XacmlAttributeMatchResult Evalute(XacmlContextRequest request) { XacmlAttributeValue policyConditionAttributeValue = null; XacmlAttributeDesignator xacmlAttributeDesignator = null; XacmlApply xacmlApply = null; foreach (IXacmlExpression xacmlExpression in this.Parameters) { if (xacmlExpression.GetType() == typeof(XacmlAttributeValue)) { policyConditionAttributeValue = xacmlExpression as XacmlAttributeValue; } else if (xacmlExpression.GetType() == typeof(XacmlAttributeDesignator)) { xacmlAttributeDesignator = xacmlExpression as XacmlAttributeDesignator; } else if (xacmlExpression.GetType() == typeof(XacmlApply)) { xacmlApply = xacmlExpression as XacmlApply; } } if (xacmlAttributeDesignator == null && xacmlApply != null) { foreach (IXacmlExpression xacmlExpression in xacmlApply.Parameters) { if (xacmlExpression.GetType() == typeof(XacmlAttributeDesignator)) { xacmlAttributeDesignator = xacmlExpression as XacmlAttributeDesignator; } } } return(this.Evaluate(request, policyConditionAttributeValue, xacmlAttributeDesignator, xacmlApply)); }
/// <summary> /// Initializes a new instance of the <see cref="XacmlMatch"/> class. /// </summary> /// <param name="matchId">Specifies a matching function.The value of this attribute MUST be of type xs:anyURI with legal values documented in Section 7.6.</param> /// <param name="attributeValue">Embedded attribute value.</param> /// <param name="attributeSelector">MAY be used to identify one or more attribute values in a<Content/> element of the request context.</param> public XacmlMatch(Uri matchId, XacmlAttributeValue attributeValue, XacmlAttributeSelector attributeSelector) { Guard.ArgumentNotNull(matchId, nameof(matchId)); Guard.ArgumentNotNull(attributeValue, nameof(attributeValue)); Guard.ArgumentNotNull(attributeSelector, nameof(attributeSelector)); this.matchId = matchId; this.attributeValue = attributeValue; this.attributeSelector = attributeSelector; }
/// <summary> /// Matches the context attribute against the Policy. /// </summary> /// <param name="xacmlAttributeValue">A xacml attribute value</param> /// <returns>A boolean indicating it is a match</returns> public bool IsMatch(XacmlAttributeValue xacmlAttributeValue) { if (this.AttributeValue.DataType.OriginalString.Equals(xacmlAttributeValue.DataType.OriginalString)) { return(AttributeMatcher.MatchAttributes(this.AttributeValue.Value, xacmlAttributeValue.Value, this.MatchId.OriginalString)); } else { // Returns false if datatype is different even the values are the same return(false); } }
/// <summary> /// Initializes a new instance of the <see cref="XacmlCombinerParameter"/> class. /// </summary> /// <param name="parameterName">The identifier of the parameter.</param> /// <param name="attributeValue">The value of the parameter.</param> public XacmlCombinerParameter(string parameterName, XacmlAttributeValue attributeValue) { Guard.ArgumentNotNull(parameterName, nameof(parameterName)); if (parameterName.Length == 0) { throw new ArgumentException("Value cannot be empty.", nameof(parameterName)); } Guard.ArgumentNotNull(parameterName, nameof(parameterName)); this.parameterName = parameterName; this.attributeValue = attributeValue; }
private bool Match(Uri matchFunction, XacmlAttribute contextAttribute, XacmlAttributeValue policyConditionAttributeValue) { foreach (XacmlAttributeValue contextAttributeValue in contextAttribute.AttributeValues) { if (contextAttributeValue.MatchAttributeValues(matchFunction, policyConditionAttributeValue)) { return(true); } } return(false); }
/// <summary> /// Match Attribute value against input attribute value. /// </summary> /// <param name="matchFunction">The match function.</param> /// <param name="policyAttributeValue">The policy Attribute.</param> /// <returns>A bool indicating it is a match.</returns> public bool MatchAttributeValues(Uri matchFunction, XacmlAttributeValue policyAttributeValue) { return(AttributeMatcher.MatchAttributes(this.value, policyAttributeValue.Value, matchFunction.OriginalString)); }
private bool ValidateSingleElementInBagCondition(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlApply xacmlApply, XacmlAttributeDesignator attributeDesignator) { bool isSingleFunction = false; string applyfunction = this.FunctionId.OriginalString; if (xacmlApply != null) { applyfunction = xacmlApply.FunctionId.OriginalString; } switch (applyfunction) { case XacmlConstants.AttributeMatchFunction.IntegerOneAndOnly: isSingleFunction = true; break; case XacmlConstants.AttributeMatchFunction.DateOneAndOnly: isSingleFunction = true; break; case XacmlConstants.AttributeMatchFunction.DateTimeOneAndOnly: isSingleFunction = true; break; default: break; } if (!isSingleFunction) { return(true); } int attributeCount = this.GetBagSize(contextAttributes, attributeDesignator); if (attributeCount > 1) { return(false); } return(true); }
private XacmlAttributeMatchResult EvaluateBagSize(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlApply xacmlApply, XacmlAttributeDesignator attributeDesignator) { string applyfunction = xacmlApply.FunctionId.OriginalString; switch (applyfunction) { case XacmlConstants.AttributeBagFunction.TimeBagSize: case XacmlConstants.AttributeBagFunction.DateBagSize: case XacmlConstants.AttributeBagFunction.DateTimeBagSize: int bagSize = this.GetBagSize(contextAttributes, attributeDesignator); if (int.Parse(policyConditionAttributeValue.Value).Equals(bagSize)) { return(XacmlAttributeMatchResult.Match); } return(XacmlAttributeMatchResult.BagSizeConditionFailed); default: break; } return(XacmlAttributeMatchResult.BagSizeConditionFailed); }
private XacmlAttributeMatchResult Evalute(ICollection <XacmlContextAttributes> contextAttributes, XacmlAttributeValue policyConditionAttributeValue, XacmlAttributeDesignator attributeDesignator) { bool attributeWithCorrectAttributeIdFound = false; foreach (XacmlContextAttributes xacmlContextAttributes in contextAttributes) { foreach (XacmlAttribute attribute in xacmlContextAttributes.Attributes) { if (attribute.AttributeId.Equals(attributeDesignator.AttributeId)) { attributeWithCorrectAttributeIdFound = true; if (this.Match(this.FunctionId, attribute, policyConditionAttributeValue)) { return(XacmlAttributeMatchResult.Match); } } } } if (attributeWithCorrectAttributeIdFound) { return(XacmlAttributeMatchResult.NoMatch); } return(XacmlAttributeMatchResult.RequiredAttributeMissing); }
private XacmlAttributeMatchResult Evaluate(XacmlContextRequest contextRequest, XacmlAttributeValue policyConditionAttributeValue, XacmlAttributeDesignator attributeDesignator, XacmlApply xacmlApply) { ICollection <XacmlContextAttributes> xacmlContextAttributes = new Collection <XacmlContextAttributes>(); foreach (XacmlContextAttributes attributes in contextRequest.Attributes) { if (attributes.Category.Equals(attributeDesignator.Category)) { xacmlContextAttributes.Add(attributes); } } if (xacmlContextAttributes.Count == 0) { // No match for the condition in the attributes return(XacmlAttributeMatchResult.RequiredAttributeMissing); } if (!this.ValidateSingleElementInBagCondition(xacmlContextAttributes, policyConditionAttributeValue, xacmlApply, attributeDesignator)) { return(XacmlAttributeMatchResult.ToManyAttributes); } if (this.IsBagSizeCondition(xacmlApply)) { return(this.EvaluateBagSize(xacmlContextAttributes, policyConditionAttributeValue, xacmlApply, attributeDesignator)); } return(this.Evalute(xacmlContextAttributes, policyConditionAttributeValue, attributeDesignator)); }