public void ShoudMatchInputClaimWithAssertionMatchAll()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
InputPolicyClaim inputClaim = new InputPolicyClaim(this.issuer, this.inputClaimType, "myInputClaim");
OutputPolicyClaim outputClaim = new OutputPolicyClaim(this.outputClaimType, "myOutputClaimValue");
PolicyRule rule = new PolicyRule(AssertionsMatch.All, new[] { inputClaim }, outputClaim);
store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
Assert.AreEqual("myOutputClaimValue", evaluatedOutputClaims.ElementAt(0).Value);
}
public void AddRuleShouldAddClaimTypeIfDoesNotExists()
{
var scope = RetrievePolicyScope();
var claimFullName = "http://tests/newsampleclaimtype/";
var inputClaim = new InputPolicyClaim(sampleIssuer, new ClaimType(claimFullName, string.Empty), "new sample value");
var rule = new PolicyRule(AssertionsMatch.Any, new List<InputPolicyClaim> { inputClaim }, GetSampleOutputClaim());
Assert.AreEqual(1, scope.ClaimTypes.Count);
scope.AddRule(rule);
Assert.AreEqual(2, scope.ClaimTypes.Count);
var result = scope.ClaimTypes.ElementAt(1);
Assert.AreEqual(claimFullName, result.FullName);
Assert.AreEqual("newsampleclaimtype", result.DisplayName);
}
public void ShouldMatchInputClaimAndCopyInputIssuerToOutputValue()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
ClaimType inputClaimType = new ClaimType("http://myInputClaimType");
ClaimType outputClaimType = new ClaimType("http://myOutputClaimType");
Issuer issuer = new Issuer("http://myInputClaimIssuer");
InputPolicyClaim inputClaim = new InputPolicyClaim(issuer, inputClaimType, "myInputClaim");
OutputPolicyClaim outputClaim = new OutputPolicyClaim(outputClaimType, string.Empty, CopyFromConstants.InputIssuer);
PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);
store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { rule }) };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "myInputClaim", string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual("http://myOutputClaimType", evaluatedOutputClaims.ElementAt(0).ClaimType);
Assert.AreEqual("http://myInputClaimIssuer", evaluatedOutputClaims.ElementAt(0).Value);
}
public void ShouldOutputCorrectInputValue()
{
var store = new MockPolicyStore();
ClaimsPolicyEvaluator evaluator = new ClaimsPolicyEvaluator(store);
InputPolicyClaim inputPolicyClaim1 = new InputPolicyClaim(this.issuer, this.inputClaimType, "*");
ClaimType outputClaimType1 = new ClaimType("http://myOutputClaimType1");
OutputPolicyClaim outputPolicyClaim1 = new OutputPolicyClaim(outputClaimType1, "myOutputClaimValue");
PolicyRule policyRule1 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim1 }, outputPolicyClaim1);
InputPolicyClaim inputPolicyClaim2 = new InputPolicyClaim(this.issuer, this.inputClaimType, "inputClaimValue");
ClaimType outputClaimType2 = new ClaimType("http://myOutputClaimType2");
OutputPolicyClaim outputPolicyClaim2 = new OutputPolicyClaim(outputClaimType2, string.Empty, CopyFromConstants.InputValue);
PolicyRule policyRule2 = new PolicyRule(AssertionsMatch.Any, new[] { inputPolicyClaim2 }, outputPolicyClaim2);
store.RetrieveScopesReturnValue = new List<PolicyScope>() { new PolicyScope(new Uri("http://myScope"), new[] { policyRule1, policyRule2 }) };
IEnumerable<Claim> evaluatedOutputClaims = evaluator.Evaluate(new Uri("http://myScope"), new[] { new Claim("http://myInputClaimType", "inputClaimValue", string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(2, evaluatedOutputClaims.Count());
var outputClaim1 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType1");
Assert.IsNotNull(outputClaim1);
Assert.AreEqual("myOutputClaimValue", outputClaim1.Value);
var outputClaim2 = evaluatedOutputClaims.FirstOrDefault(c => c.ClaimType == "http://myOutputClaimType2");
Assert.IsNotNull(outputClaim2);
Assert.AreEqual("inputClaimValue", outputClaim2.Value);
}
public void ShouldMatchInputClaimValueInCaseInsensitiveFashion()
{
var store = new MockPolicyStore();
var scopeUri = new Uri("http://myScope");
var inputClaimValue = "myInputClaimValue";
var outputClaimValue = "myOutputClaimValue";
InputPolicyClaim inputClaim = new InputPolicyClaim(
new Issuer("http://myInputClaimIssuer", "myInputClaimIssuer"),
new ClaimType("http://myInputClaimType", "myInputClaimType"),
inputClaimValue);
OutputPolicyClaim outputClaim = new OutputPolicyClaim(
new ClaimType("http://myOutputClaimType", "myOutputClaimType"),
outputClaimValue);
PolicyRule rule = new PolicyRule(AssertionsMatch.Any, new[] { inputClaim }, outputClaim);
store.RetrieveScopesReturnValue = new List<PolicyScope> { new PolicyScope(scopeUri, new[] { rule }) };
var evaluator = new ClaimsPolicyEvaluator(store);
var evaluatedOutputClaims = evaluator.Evaluate(scopeUri, new[] { new Claim("http://myInputClaimType", inputClaimValue.ToUpperInvariant(), string.Empty, "http://myInputClaimIssuer") });
Assert.IsNotNull(evaluatedOutputClaims);
Assert.AreEqual(1, evaluatedOutputClaims.Count());
Assert.AreEqual(outputClaimValue, evaluatedOutputClaims.ElementAt(0).Value);
}
public void AddRuleThrowsIfIssuerOfInputClaimIsNull()
{
var scope = RetrievePolicyScope();
var inputClaim = new InputPolicyClaim(null, sampleClaimType, "sample value");
var rule = new PolicyRule(AssertionsMatch.Any, new List<InputPolicyClaim> { inputClaim }, GetSampleOutputClaim());
scope.AddRule(rule);
}
public void AddRuleThrowsIfIssuerOfInputClaimDoesNotExists()
{
var scope = RetrievePolicyScope();
var newIssuer = new Issuer("http://newsampleissuer");
var inputClaim = new InputPolicyClaim(newIssuer, sampleClaimType, "sample value");
var rule = new PolicyRule(AssertionsMatch.Any, new List<InputPolicyClaim> { inputClaim }, GetSampleOutputClaim());
scope.AddRule(rule);
}
public void AddRuleShouldSetTheRightClaimTypeDisplayName()
{
var scope = RetrievePolicyScope();
var inputClaimType = new ClaimType("http://tests/sampleclaimtype/", string.Empty);
var inputClaim = new InputPolicyClaim(sampleIssuer, inputClaimType, "new sample value");
var rule = new PolicyRule(AssertionsMatch.Any, new List<InputPolicyClaim> { inputClaim }, GetSampleOutputClaim());
Assert.AreEqual(string.Empty, inputClaimType.DisplayName);
Assert.AreEqual(1, scope.ClaimTypes.Count);
scope.AddRule(rule);
Assert.AreEqual(sampleClaimType.DisplayName, inputClaimType.DisplayName);
Assert.AreEqual(1, scope.ClaimTypes.Count);
}
private static XElement SerializeInputClaim(InputPolicyClaim claim)
{
XElement inputElement = new XElement("claim");
inputElement.SetAttributeValue("type", claim.ClaimType.DisplayName);
inputElement.SetAttributeValue("value", claim.Value);
inputElement.SetAttributeValue("issuer", claim.Issuer.DisplayName);
return inputElement;
}