/// <summary> /// Creates a new Status class using the XmlReade instance provided. /// </summary> /// <param name="reader">The XmlReader instance positioned at the Status node.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusElement(XmlReader reader, XacmlVersion schemaVersion) : base(XacmlSchema.Context, schemaVersion) { if (reader == null) { throw new ArgumentNullException("reader"); } if (reader.LocalName == ContextSchema.StatusElement.Status) { while (reader.Read()) { switch (reader.LocalName) { case ContextSchema.StatusElement.StatusCode: _statusCode = new StatusCodeElement(reader, schemaVersion); break; case ContextSchema.StatusElement.StatusMessage: _statusMessage = reader.ReadElementString(); break; case ContextSchema.StatusElement.StatusDetail: _statusDetail = reader.ReadElementString(); break; } if (reader.LocalName == ContextSchema.StatusElement.Status && reader.NodeType == XmlNodeType.EndElement) { break; } } } }
/// <summary> /// Creates a StatusCode using an XmlReader instance provided. /// </summary> /// <param name="reader">The XmlReader instance positioned at the StatusCode node.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusCodeElement( XmlReader reader, XacmlVersion schemaVersion ) : base( XacmlSchema.Context, schemaVersion ) { if (reader == null) throw new ArgumentNullException("reader"); if( reader.LocalName == ContextSchema.StatusElement.StatusCode ) { _value = reader.GetAttribute( ContextSchema.StatusElement.Value ); if( !reader.IsEmptyElement ) { while( reader.Read() ) { switch( reader.LocalName ) { case ContextSchema.StatusElement.StatusCode: _statusCode = new StatusCodeElement( reader, schemaVersion ); break; } if( reader.LocalName == ContextSchema.StatusElement.StatusCode && reader.NodeType == XmlNodeType.EndElement ) { break; } } } } else { throw new Exception( Resource.ResourceManager[ Resource.MessageKey.exc_invalid_node_name, reader.LocalName ] ); } }
/// <summary> /// Creates a Status using the supplied values. /// </summary> /// <param name="statusCode">The status code.</param> /// <param name="statusMessage">The status message.</param> /// <param name="statusDetail">The status detail.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusElement(StatusCodeElement statusCode, string statusMessage, string statusDetail, XacmlVersion schemaVersion) : base(XacmlSchema.Context, schemaVersion) { _statusCode = statusCode; _statusMessage = statusMessage; _statusDetail = statusDetail; }
/// <summary> /// Creates a Status using the supplied values. /// </summary> /// <param name="statusCode">The status code.</param> /// <param name="statusMessage">The status message.</param> /// <param name="statusDetail">The status detail.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusElement( StatusCodeElement statusCode, string statusMessage, string statusDetail, XacmlVersion schemaVersion ) : base( XacmlSchema.Context, schemaVersion ) { _statusCode = statusCode; _statusMessage = statusMessage; _statusDetail = statusDetail; }
/// <summary> /// Creates a StatusCode using an XmlReader instance provided. /// </summary> /// <param name="reader">The XmlReader instance positioned at the StatusCode node.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusCodeElement(XmlReader reader, XacmlVersion schemaVersion) : base(XacmlSchema.Context, schemaVersion) { if (reader == null) { throw new ArgumentNullException("reader"); } if (reader.LocalName == ContextSchema.StatusElement.StatusCode) { _value = reader.GetAttribute(ContextSchema.StatusElement.Value); if (!reader.IsEmptyElement) { while (reader.Read()) { switch (reader.LocalName) { case ContextSchema.StatusElement.StatusCode: _statusCode = new StatusCodeElement(reader, schemaVersion); break; } if (reader.LocalName == ContextSchema.StatusElement.StatusCode && reader.NodeType == XmlNodeType.EndElement) { break; } } } } else { throw new Exception(Resource.ResourceManager[Resource.MessageKey.exc_invalid_node_name, reader.LocalName]); } }
/// <summary> /// Evaluate the context document using a specified policy /// </summary> /// <param name="policyDocument">The policy instance</param> /// <param name="contextDocument">The context document instance</param> /// <returns>The response document</returns> public ctx.ResponseElement Evaluate( pol.PolicyDocument policyDocument, ctx.ContextDocument contextDocument ) { if (policyDocument == null) throw new ArgumentNullException("policyDocument"); if (contextDocument == null) throw new ArgumentNullException("contextDocument"); EvaluationContext context = new EvaluationContext( this, policyDocument, (ctx.ContextDocument)contextDocument ) ; context.Trace( "Start evaluation" ); context.AddIndent(); if ( policyDocument == null || contextDocument == null ) { // If a validation error was found a response is created with the syntax error message ctx.ResponseElement response = new ctx.ResponseElement( new ctx.ResultElement[] { new ctx.ResultElement( null, Decision.Indeterminate, new ctx.StatusElement( new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ), null, null, policyDocument.Version ), null, policyDocument.Version ) }, policyDocument.Version ); return response; } // Check if both documents are valid if( !policyDocument.IsValidDocument || !contextDocument.IsValidDocument ) { // If a validation error was found a response is created with the syntax error message ctx.ResponseElement response = new ctx.ResponseElement( new ctx.ResultElement[] { new ctx.ResultElement( null, Decision.Indeterminate, new ctx.StatusElement( new ctx.StatusCodeElement( StatusCodes.SyntaxError, null, policyDocument.Version ), null, null, policyDocument.Version ), null, policyDocument.Version ) }, policyDocument.Version ); return response; } // Create a new response contextDocument.Response = new ctx.ResponseElement( (ctx.ResultElement[])null, policyDocument.Version ); try { // Create the evaluable policy intance IMatchEvaluable policy = null; if( policyDocument.PolicySet != null ) { policy = new PolicySet( this, (pol.PolicySetElement)policyDocument.PolicySet ); } else if( policyDocument.Policy != null ) { policy = new Policy( (pol.PolicyElement)policyDocument.Policy ); } // Evaluate the policy or policy set if( policy != null ) { // Creates the evaluable policy set if( policy.AllResources.Count == 0 ) { policy.AllResources.Add( "" ); } string requestedResourceString = String.Empty; Uri requestedResource = null; foreach( ctx.ResourceElement resource in contextDocument.Request.Resources ) { // Keep the requested resource if( resource.IsHierarchical ) { foreach( ctx.AttributeElement attribute in resource.Attributes ) { if( attribute.AttributeId == ResourceElement.ResourceId ) { if( context.PolicyDocument.Version == XacmlVersion.Version10 || context.PolicyDocument.Version == XacmlVersion.Version11 ) { requestedResourceString = attribute.AttributeValues[0].Contents; } else { if( attribute.AttributeValues.Count > 1 ) { throw new NotSupportedException( "resources contains a bag of values" ); } requestedResourceString = attribute.AttributeValues[0].Contents; } } } if( !string.IsNullOrEmpty(requestedResourceString) ) { requestedResource = new Uri( requestedResourceString ); } } // Iterate through the policy resources evaluating each resource in the context document request foreach( string resourceName in policy.AllResources ) { bool mustEvaluate; if( resource.IsHierarchical ) { //Validate if the resource is hierarchically desdendant or children //of the requested resource Uri policyResource = new Uri( resourceName ); if( !(mustEvaluate = requestedResource.Equals( policyResource ) ) ) { // Perform the hierarchical evaluation if( resource.ResourceScopeValue == ctx.ResourceScope.Children ) { mustEvaluate = typ.AnyUri.IsChildrenOf( requestedResource, policyResource ); } else if( resource.ResourceScopeValue == ctx.ResourceScope.Descendants ) { mustEvaluate = typ.AnyUri.IsDescendantOf( requestedResource, policyResource ); } } if( mustEvaluate ) { foreach( ctx.AttributeElementReadWrite attribute in context.CurrentResource.Attributes ) { if( attribute.AttributeId == ResourceElement.ResourceId ) { attribute.AttributeValues[0].Contents = resourceName; break; } } } } else { context.CurrentResource = resource; mustEvaluate = true; } if( mustEvaluate ) { // Evaluates the policy set Decision decision = policy.Evaluate( context ); // Create a status code using the policy execution state ctx.StatusCodeElement scode; if( context.IsMissingAttribute ) { scode = new ctx.StatusCodeElement( StatusCodes.MissingAttribute, null, policyDocument.Version ); } else if( context.ProcessingError ) { scode = new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ); } else { scode = new ctx.StatusCodeElement( StatusCodes.OK, null, policyDocument.Version ); } //Stop the iteration if there is not a hierarchical request if( !resource.IsHierarchical ) { // Ussually when a single resource is requested the ResourceId is not specified in the result IObligationsContainer oblig = policy as IObligationsContainer; contextDocument.Response.Results.Add( new ctx.ResultElement( "", decision, new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) ); break; } else { // Adding a resource for each requested resource, using the resourceName as the resourceId of the result IObligationsContainer oblig = policy as IObligationsContainer; contextDocument.Response.Results.Add( new ctx.ResultElement( resourceName, decision, new ctx.StatusElement( scode, "", "", policyDocument.Version ), oblig.Obligations, policyDocument.Version ) ); } } // if( mustEvaluate ) } // foreach( string resourceName in policy.AllResources ) } } //if( policy != null ) } catch( EvaluationException e ) { // If a validation error was found a response is created with the syntax error message contextDocument.Response = new ctx.ResponseElement( new ctx.ResultElement[] { new ctx.ResultElement( null, Decision.Indeterminate, new ctx.StatusElement( new ctx.StatusCodeElement( StatusCodes.ProcessingError, null, policyDocument.Version ), e.Message, e.StackTrace, policyDocument.Version ), null, policyDocument.Version ) }, policyDocument.Version ); } return contextDocument.Response; }
/// <summary> /// Creates a status code using the values supplied. /// </summary> /// <param name="value">The value of the status code.</param> /// <param name="statusCode">Another inner status code.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusCodeElement( string value, StatusCodeElement statusCode, XacmlVersion schemaVersion ) : base( XacmlSchema.Context, schemaVersion ) { _value = value; _statusCode = statusCode; }
/// <summary> /// Creates a new Status class using the XmlReade instance provided. /// </summary> /// <param name="reader">The XmlReader instance positioned at the Status node.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusElement( XmlReader reader, XacmlVersion schemaVersion ) : base( XacmlSchema.Context, schemaVersion ) { if (reader == null) throw new ArgumentNullException("reader"); if( reader.LocalName == ContextSchema.StatusElement.Status ) { while( reader.Read() ) { switch( reader.LocalName ) { case ContextSchema.StatusElement.StatusCode: _statusCode = new StatusCodeElement( reader, schemaVersion ); break; case ContextSchema.StatusElement.StatusMessage: _statusMessage = reader.ReadElementString(); break; case ContextSchema.StatusElement.StatusDetail: _statusDetail = reader.ReadElementString(); break; } if( reader.LocalName == ContextSchema.StatusElement.Status && reader.NodeType == XmlNodeType.EndElement ) { break; } } } }
/// <summary> /// Creates a status code using the values supplied. /// </summary> /// <param name="value">The value of the status code.</param> /// <param name="statusCode">Another inner status code.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public StatusCodeElement(string value, StatusCodeElement statusCode, XacmlVersion schemaVersion) : base(XacmlSchema.Context, schemaVersion) { _value = value; _statusCode = statusCode; }