private string BuildDisplayName(ClaimType claimType)
{
if (string.IsNullOrEmpty(claimType.DisplayName) || this.ClaimTypes.Any(ct => ct.DisplayName == claimType.DisplayName))
{
var unique = false;
var auxFullName = claimType.FullName;
var displayName = string.Empty;
if (auxFullName.EndsWith("/", StringComparison.OrdinalIgnoreCase))
{
auxFullName = auxFullName.Remove(auxFullName.Length - 1);
}
while (auxFullName.Length > 0 && !unique)
{
var slashIndex = auxFullName.LastIndexOf("/", StringComparison.OrdinalIgnoreCase);
displayName += auxFullName.Substring(slashIndex + 1);
unique = this.ClaimTypes.All(ct => ct.DisplayName != displayName);
auxFullName = auxFullName.Remove(slashIndex);
}
return(unique ? displayName : claimType.FullName);
}
return(claimType.DisplayName);
}
private string GenerateClaimTypeDisplayName(ClaimType claimType)
{
var existingClaimType = this.ClaimTypes.FirstOrDefault(ct => ct.Equals(claimType));
if (existingClaimType != null)
{
return(existingClaimType.DisplayName);
}
return(this.BuildDisplayName(claimType));
}
public void AddPolicyRuleShouldPassIfExistingScope()
{
XmlPolicyStore store = new XmlPolicyStore("My Xml Store Path", new MockXmlRepository(@".\content\claimMappings-PassingTest2.xml"));
int initialScopeCount = store.RetrieveScopes().Count();
IList<InputPolicyClaim> inputClaims = new List<InputPolicyClaim>();
Issuer issuer = new Issuer("http://myIssuer1");
ClaimType claimType = new ClaimType("http://myClaimType", "myClaimType");
inputClaims.Add(new InputPolicyClaim(issuer, claimType, "nicolas"));
PolicyRule newRule = new PolicyRule(AssertionsMatch.Any, inputClaims, new OutputPolicyClaim(claimType, string.Empty, CopyFromConstants.InputValue));
store.AddPolicyRule(new Uri("http://localhost/1"), newRule);
int expectedScopeCount = initialScopeCount;
Assert.AreEqual(expectedScopeCount, store.RetrieveScopes().Count());
Assert.AreEqual(2, store.RetrieveScopes().ElementAt(0).Rules.Count());
}
public OutputPolicyClaim(ClaimType claimType, string value, string copyFrom)
: base(claimType, value)
{
if (value == "*")
{
throw new PolicyClaimException(Resources.WildcardOnOutputClaim);
}
if (!string.IsNullOrEmpty(copyFrom) && !string.IsNullOrEmpty(value))
{
throw new PolicyClaimException(Resources.CopyFromInputAndValueSet);
}
if (string.IsNullOrEmpty(copyFrom) && string.IsNullOrEmpty(value))
{
throw new PolicyClaimException(Resources.NoOutputValueSet);
}
this.CopyFrom = copyFrom;
}
public OutputPolicyClaim(ClaimType claimType, string value, string copyFrom)
: base(claimType, value)
{
if (value == "*")
{
throw new PolicyClaimException(Resources.WildcardOnOutputClaim);
}
if (!string.IsNullOrEmpty(copyFrom) && !string.IsNullOrEmpty(value))
{
throw new PolicyClaimException(Resources.CopyFromInputAndValueSet);
}
if (string.IsNullOrEmpty(copyFrom) && string.IsNullOrEmpty(value))
{
throw new PolicyClaimException(Resources.NoOutputValueSet);
}
this.CopyFrom = copyFrom;
}
public void ShouldMatchInputClaimAndCopyInputIssuerToOutputValue()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
ClaimType inputClaimType = new ClaimType("http://myInputClaimType");
ClaimType outputClaimType = new ClaimType("http://myOutputClaimType");
Issuer issuer = new Issuer("http://myInputClaimIssuer");
InputPolicyClaim inputClaim = new InputPolicyClaim(issuer, inputClaimType, "myInputClaim");
OutputPolicyClaim outputClaim = new OutputPolicyClaim(outputClaimType, string.Empty, CopyFromConstants.InputIssuer);
PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);
store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Value);
}
public void ShouldPassEvaluateRuleIfCopyOutputValueFromInputIssuer()
{
var store = new XmlPolicyStore("My Xml Store Path", new MockXmlRepository(@"content\integrationTest2.xml"));
PolicyScope scope = store.RetrieveScope(new Uri("http://localhost/1"));
var issuer = scope.Issuers.ElementAt(0);
IList<InputPolicyClaim> inputClaims = new List<InputPolicyClaim>();
ClaimType claimType = new ClaimType("http://myClaimType", "myClaimType");
inputClaims.Add(new InputPolicyClaim(issuer, claimType, "*"));
PolicyRule newRule = new PolicyRule(AssertionsMatch.Any, inputClaims, new OutputPolicyClaim(claimType, string.Empty, CopyFromConstants.InputIssuer));
store.AddPolicyRule(new Uri("http://localhost/1"), newRule);
string claimValue = "myInputClaimValue33";
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
Claim inputClaim = new Claim("http://myClaimType", claimValue, string.Empty, "http://myIssuer1");
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://localhost/1"), new[] { inputClaim });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual("http://myClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
}
public void AddPolicyRuleShouldAddNewOutputClaimTypeIfDoesNotExists()
{
XmlPolicyStore store = new XmlPolicyStore("My Xml Store Path", new MockXmlRepository(@".\content\claimMappings-PassingTest3.xml"));
var scopeUri = new Uri("http://localhost/1");
IList<InputPolicyClaim> inputClaims = new List<InputPolicyClaim>();
Issuer issuer = new Issuer("http://myIssuer1", "6f7051ece706096ac5a05ecb1860e2151c11b491", "myIssuer1");
ClaimType claimType = new ClaimType("http://myClaimType", "myClaimType");
inputClaims.Add(new InputPolicyClaim(issuer, claimType, "nicolas"));
ClaimType newClaimType = new ClaimType("http://newClaimType", "myNewClaimType");
PolicyRule newRule = new PolicyRule(AssertionsMatch.Any, inputClaims, new OutputPolicyClaim(newClaimType, string.Empty, CopyFromConstants.InputValue));
store.AddPolicyRule(scopeUri, newRule);
var scope = store.RetrieveScope(scopeUri);
Assert.AreEqual(2, scope.ClaimTypes.Count);
Assert.AreEqual(newClaimType.FullName, scope.ClaimTypes.ElementAt(1).FullName);
Assert.AreEqual(newClaimType.DisplayName, scope.ClaimTypes.ElementAt(1).DisplayName);
}
public void AddPolicyRuleShouldThrowIfNotExistingScope()
{
XmlPolicyStore store = new XmlPolicyStore("My Xml Store Path", new MockXmlRepository(@".\content\claimMappings-PassingTest2.xml"));
IList<InputPolicyClaim> inputClaims = new List<InputPolicyClaim>();
Issuer issuer = new Issuer("http://myIssuer1");
ClaimType claimType = new ClaimType("http://myClaimType", "myClaimType");
inputClaims.Add(new InputPolicyClaim(issuer, claimType, "nicolas"));
PolicyRule newRule = new PolicyRule(AssertionsMatch.Any, inputClaims, new OutputPolicyClaim(claimType, string.Empty, CopyFromConstants.InputValue));
store.AddPolicyRule(new Uri("http://notExistingScope/1"), newRule);
}
private string BuildDisplayName(ClaimType claimType)
{
if (string.IsNullOrEmpty(claimType.DisplayName) || this.ClaimTypes.Any(ct => ct.DisplayName == claimType.DisplayName))
{
var unique = false;
var auxFullName = claimType.FullName;
var displayName = string.Empty;
if (auxFullName.EndsWith("/", StringComparison.OrdinalIgnoreCase))
{
auxFullName = auxFullName.Remove(auxFullName.Length - 1);
}
while (auxFullName.Length > 0 && !unique)
{
var slashIndex = auxFullName.LastIndexOf("/", StringComparison.OrdinalIgnoreCase);
displayName += auxFullName.Substring(slashIndex + 1);
unique = this.ClaimTypes.All(ct => ct.DisplayName != displayName);
auxFullName = auxFullName.Remove(slashIndex);
}
return unique ? displayName : claimType.FullName;
}
return claimType.DisplayName;
}
protected PolicyClaim(ClaimType claimType, string value)
{
this.ClaimType = claimType;
this.Value = value;
}
public InputPolicyClaim(Issuer issuer, ClaimType claimType, string value)
: base(claimType, value)
{
this.Issuer = issuer;
}
public void ShouldOutputCorrectInputValue()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
InputPolicyClaim inputPolicyClaim1 = new InputPolicyClaim(this.issuer, this.inputClaimType, "*");
ClaimType outputClaimType1 = new ClaimType("http://myOutputClaimType1");
OutputPolicyClaim outputPolicyClaim1 = new OutputPolicyClaim(outputClaimType1, "myOutputClaimValue");
PolicyRule policyRule1 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim1 }, outputPolicyClaim1);
InputPolicyClaim inputPolicyClaim2 = new InputPolicyClaim(this.issuer, this.inputClaimType, "inputClaimValue");
ClaimType outputClaimType2 = new ClaimType("http://myOutputClaimType2");
OutputPolicyClaim outputPolicyClaim2 = new OutputPolicyClaim(outputClaimType2, string.Empty, CopyFromConstants.InputValue);
PolicyRule policyRule2 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim2 }, outputPolicyClaim2);
store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { policyRule1, policyRule2 }) };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "inputClaimValue", string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(2, evaluatedOutputClaims.Count());
var outputClaim1 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType1");
Assert.IsNotNull(outputClaim1);
Assert.AreEqual("myOutputClaimValue", outputClaim1.Value);
var outputClaim2 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType2");
Assert.IsNotNull(outputClaim2);
Assert.AreEqual("inputClaimValue", outputClaim2.Value);
}
public void ShouldThrowIfScopeIsNotFoundOnStore()
{
var store = new MockPolicyStore();
Issuer issuer = new Issuer("http://myIssuer", "myIssuer");
ClaimType myClaimType = new ClaimType("http://myClaimType", "myClaimType");
store.RetrieveScopesReturnValue =
new List<PolicyScope>()
{
new PolicyScope(
new Uri("http://mappedScope"),
new[] { new PolicyRule(AssertionsMatch.All, new[] { new InputPolicyClaim(issuer, myClaimType, "myClaimValue") }, new OutputPolicyClaim(myClaimType, string.Empty, CopyFromConstants.InputValue)) })
};
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
evaluator.Evaluate(new Uri("http://unmappedScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim") });
}
private static OutputPolicyClaim RetrieveOutputClaim(XElement ruleElement, IDictionary<string, string> claimTypes)
{
string outputTypeDisplayName = ruleElement.Element("output").Attribute("type").Value;
string outputClaimValue = string.Empty;
if (ruleElement.Element("output").Attribute("value") != null)
{
outputClaimValue = ruleElement.Element("output").Attribute("value").Value;
}
string copyFrom = string.Empty;
if (ruleElement.Element("output").Attribute("copyFrom") != null)
{
copyFrom = ruleElement.Element("output").Attribute("copyFrom").Value.ToUpperInvariant();
}
if (!claimTypes.ContainsKey(outputTypeDisplayName))
{
throw new PolicyClaimException(string.Format(CultureInfo.CurrentUICulture, Resources.ClaimTypeNotDefined, outputTypeDisplayName));
}
ClaimType claimType = new ClaimType(claimTypes[outputTypeDisplayName], outputTypeDisplayName);
return new OutputPolicyClaim(claimType, outputClaimValue, copyFrom);
}
private static XElement SerializaClaimType(ClaimType claimType)
{
XElement claimTypeElement = new XElement("claimType");
claimTypeElement.SetAttributeValue("fullName", claimType.FullName);
claimTypeElement.SetAttributeValue("displayName", claimType.DisplayName);
return claimTypeElement;
}
public void AddClaimType(ClaimType claimType)
{
claimType.DisplayName = this.GenerateClaimTypeDisplayName(claimType);
this.ClaimTypes.Add(claimType);
}
private static IEnumerable<InputPolicyClaim> RetrieveInputClaims(XElement ruleElement, IDictionary<string, Issuer> issuers, IDictionary<string, string> claimTypes)
{
List<InputPolicyClaim> inputClaims = new List<InputPolicyClaim>();
foreach (XElement inputClaimElement in ruleElement.Element("input").Descendants("claim"))
{
string inputClaimValue = inputClaimElement.Attribute("value").Value;
string inputIssuerDisplayName = inputClaimElement.Attribute("issuer").Value;
string inputTypeDisplayName = inputClaimElement.Attribute("type").Value;
if (!issuers.ContainsKey(inputIssuerDisplayName))
{
throw new PolicyClaimException(string.Format(CultureInfo.CurrentUICulture, Resources.IssuerNotDefined, inputIssuerDisplayName));
}
if (!claimTypes.ContainsKey(inputTypeDisplayName))
{
throw new PolicyClaimException(string.Format(CultureInfo.CurrentUICulture, Resources.ClaimTypeNotDefined, inputTypeDisplayName));
}
Issuer issuer = issuers[inputIssuerDisplayName];
ClaimType claimType = new ClaimType(claimTypes[inputTypeDisplayName], inputTypeDisplayName);
inputClaims.Add(new InputPolicyClaim(issuer, claimType, inputClaimValue));
}
return inputClaims;
}
public OutputPolicyClaim(ClaimType claimType, string value)
: this(claimType, value, string.Empty)
{
this.CopyFrom = string.Empty;
}
public OutputPolicyClaim(ClaimType claimType, string value)
: this(claimType, value, string.Empty)
{
this.CopyFrom = string.Empty;
}
public void AddClaimType(ClaimType claimType)
{
claimType.DisplayName = this.GenerateClaimTypeDisplayName(claimType);
this.ClaimTypes.Add(claimType);
}
public void AddRuleShouldSetTheRightClaimTypeDisplayName()
{
var scope = RetrievePolicyScope();
var inputClaimType = new ClaimType("http://tests/sampleclaimtype/", string.Empty);
var inputClaim = new InputPolicyClaim(sampleIssuer, inputClaimType, "new sample value");
var rule = new PolicyRule(AssertionsMatch.Any, new List<InputPolicyClaim> { inputClaim }, GetSampleOutputClaim());
Assert.AreEqual(string.Empty, inputClaimType.DisplayName);
Assert.AreEqual(1, scope.ClaimTypes.Count);
scope.AddRule(rule);
Assert.AreEqual(sampleClaimType.DisplayName, inputClaimType.DisplayName);
Assert.AreEqual(1, scope.ClaimTypes.Count);
}
public InputPolicyClaim(Issuer issuer, ClaimType claimType, string value)
: base(claimType, value)
{
this.Issuer = issuer;
}
protected PolicyClaim(ClaimType claimType, string value)
{
this.ClaimType = claimType;
this.Value = value;
}
private string GenerateClaimTypeDisplayName(ClaimType claimType)
{
var existingClaimType = this.ClaimTypes.FirstOrDefault(ct => ct.Equals(claimType));
if (existingClaimType != null)
{
return existingClaimType.DisplayName;
}
return this.BuildDisplayName(claimType);
}