/// <summary> /// Creates a new CombinerParameterElement using the XmlReader instance provided. /// </summary> /// <param name="reader">The XmlReader instance positioned at the CombinerParameterElement node.</param> /// <param name="nodeName">The name of the node for this combiner parameter item.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> protected CombinerParameterElement(XmlReader reader, string nodeName, XacmlVersion schemaVersion) : base(XacmlSchema.Policy, schemaVersion) { if (reader == null) { throw new ArgumentNullException("reader"); } if (reader.LocalName == nodeName && ValidateSchema(reader, schemaVersion)) { // Read the attributes if (reader.HasAttributes) { // Load all the attributes while (reader.MoveToNextAttribute()) { if (reader.LocalName == PolicySchema2.CombinerParameterElement.ParameterName) { _parameterName = reader.GetAttribute(PolicySchema2.CombinerParameterElement.ParameterName); } else { AttributeFound(reader); } } reader.MoveToElement(); } // Read the rule contents. while (reader.Read()) { switch (reader.LocalName) { case PolicySchema2.CombinerParameterElement.AttributeValue: _attributeValue = new AttributeValueElement(reader, schemaVersion); break; } if (reader.LocalName == PolicySchema2.CombinerParameterElement.CombinerParameter && reader.NodeType == XmlNodeType.EndElement) { break; } } } else { throw new Exception(Resource.ResourceManager[Resource.MessageKey.exc_invalid_node_name, reader.LocalName]); } }
/// <summary> /// Evaluates the variable into a value. /// </summary> /// <param name="context">The contex of the evaluation.</param> /// <returns>The value of the function.</returns> public EvaluationValue Evaluate(EvaluationContext context) { if (context == null) { throw new ArgumentNullException("context"); } context.Trace("Evaluating variable"); context.AddIndent(); try { if (_variableDefinition.Expression is pol.ApplyElement) { context.Trace("Apply within condition."); // There is a nested apply un this policy a new Apply will be created and also // evaluated. It's return value will be used as the processed argument. Apply _childApply = new Apply((pol.ApplyElement)_variableDefinition.Expression); // Evaluate the Apply _value = _childApply.Evaluate(context); context.TraceContextValues(); return(_value); } else if (_variableDefinition.Expression is pol.FunctionElement) { throw new NotImplementedException("FunctionElement"); //TODO: } else if (_variableDefinition.Expression is pol.VariableReferenceElement) { pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement; VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition; context.TraceContextValues(); if (!variableDef.IsEvaluated) { return(variableDef.Evaluate(context)); } else { return(variableDef.Value); } } else if (_variableDefinition.Expression is pol.AttributeValueElementReadWrite) { // The AttributeValue does not need to be processed context.Trace("Attribute value {0}", _variableDefinition.Expression.ToString()); pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression; pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(att.DataType, att.Contents, att.SchemaVersion); _value = new EvaluationValue( attributeValue.GetTypedValue(attributeValue.GetType(context), 0), attributeValue.GetType(context)); return(_value); } else if (_variableDefinition.Expression is pol.AttributeDesignatorBase) { // Resolve the AttributeDesignator using the EvaluationEngine public methods. context.Trace("Processing attribute designator: {0}", _variableDefinition.Expression.ToString()); pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression; BagValue bag = EvaluationEngine.Resolve(context, attrDes); // If the attribute was not resolved by the EvaluationEngine search the // attribute in the context document, also using the EvaluationEngine public // methods. if (bag.BagSize == 0) { if (_variableDefinition.Expression is pol.SubjectAttributeDesignatorElement) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes); if (attrib != null) { context.Trace("Adding subject attribute designator: {0}", attrib.ToString()); bag.Add(attrib); } } else if (_variableDefinition.Expression is pol.ResourceAttributeDesignatorElement) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes); if (attrib != null) { context.Trace("Adding resource attribute designator {0}", attrib.ToString()); bag.Add(attrib); } } else if (_variableDefinition.Expression is pol.ActionAttributeDesignatorElement) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes); if (attrib != null) { context.Trace("Adding action attribute designator {0}", attrib.ToString()); bag.Add(attrib); } } else if (_variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute(context, attrDes); if (attrib != null) { context.Trace("Adding environment attribute designator {0}", attrib.ToString()); bag.Add(attrib); } } } // If the argument was not found and the attribute must be present this is // a MissingAttribute situation so set the flag. Otherwise add the attribute // to the processed arguments. if (bag.BagSize == 0 && attrDes.MustBePresent) { context.Trace("Attribute is missing"); context.IsMissingAttribute = true; context.AddMissingAttribute(attrDes); _value = EvaluationValue.Indeterminate; } else { _value = new EvaluationValue(bag, bag.GetType(context)); } return(_value); } else if (_variableDefinition.Expression is pol.AttributeSelectorElement) { // Resolve the XPath query using the EvaluationEngine public methods. context.Trace("Attribute selector"); try { pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression; BagValue bag = EvaluationEngine.Resolve(context, attributeSelector); if (bag.Elements.Count == 0 && attributeSelector.MustBePresent) { context.Trace("Attribute is missing"); context.IsMissingAttribute = true; context.AddMissingAttribute(attributeSelector); _value = EvaluationValue.Indeterminate; } else { _value = new EvaluationValue(bag, bag.GetType(context)); } } catch (EvaluationException e) { context.Trace("ERR: {0}", e.Message); context.ProcessingError = true; _value = EvaluationValue.Indeterminate; } return(_value); } throw new NotSupportedException("internal error"); } finally { _isEvaluated = true; context.RemoveIndent(); } }
/// <summary> /// Evaluates the variable into a value. /// </summary> /// <param name="context">The contex of the evaluation.</param> /// <returns>The value of the function.</returns> public EvaluationValue Evaluate( EvaluationContext context ) { if (context == null) throw new ArgumentNullException("context"); context.Trace( "Evaluating variable" ); context.AddIndent(); try { if( _variableDefinition.Expression is pol.ApplyElement ) { context.Trace( "Apply within condition." ); // There is a nested apply un this policy a new Apply will be created and also // evaluated. It's return value will be used as the processed argument. Apply _childApply = new Apply( (pol.ApplyElement)_variableDefinition.Expression ); // Evaluate the Apply _value = _childApply.Evaluate( context ); context.TraceContextValues(); return _value; } else if( _variableDefinition.Expression is pol.FunctionElement ) { throw new NotImplementedException( "FunctionElement" ); //TODO: } else if( _variableDefinition.Expression is pol.VariableReferenceElement ) { pol.VariableReferenceElement variableRef = _variableDefinition.Expression as pol.VariableReferenceElement; VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition; context.TraceContextValues(); if( !variableDef.IsEvaluated ) { return variableDef.Evaluate( context ); } else { return variableDef.Value; } } else if( _variableDefinition.Expression is pol.AttributeValueElementReadWrite ) { // The AttributeValue does not need to be processed context.Trace( "Attribute value {0}", _variableDefinition.Expression.ToString() ); pol.AttributeValueElementReadWrite att = (pol.AttributeValueElementReadWrite)_variableDefinition.Expression; pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( att.DataType, att.Contents, att.SchemaVersion ); _value = new EvaluationValue( attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ), attributeValue.GetType( context ) ); return _value; } else if( _variableDefinition.Expression is pol.AttributeDesignatorBase ) { // Resolve the AttributeDesignator using the EvaluationEngine public methods. context.Trace( "Processing attribute designator: {0}", _variableDefinition.Expression.ToString() ); pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)_variableDefinition.Expression; BagValue bag = EvaluationEngine.Resolve( context, attrDes ); // If the attribute was not resolved by the EvaluationEngine search the // attribute in the context document, also using the EvaluationEngine public // methods. if( bag.BagSize == 0 ) { if( _variableDefinition.Expression is pol.SubjectAttributeDesignatorElement ) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes ); if( attrib != null ) { context.Trace( "Adding subject attribute designator: {0}", attrib.ToString() ); bag.Add( attrib ); } } else if( _variableDefinition.Expression is pol.ResourceAttributeDesignatorElement ) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes ); if( attrib != null ) { context.Trace( "Adding resource attribute designator {0}", attrib.ToString() ); bag.Add( attrib ); } } else if( _variableDefinition.Expression is pol.ActionAttributeDesignatorElement ) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes ); if( attrib != null ) { context.Trace( "Adding action attribute designator {0}", attrib.ToString() ); bag.Add( attrib ); } } else if( _variableDefinition.Expression is pol.EnvironmentAttributeDesignatorElement ) { ctx.AttributeElement attrib = EvaluationEngine.GetAttribute( context, attrDes ); if( attrib != null ) { context.Trace( "Adding environment attribute designator {0}", attrib.ToString() ); bag.Add( attrib ); } } } // If the argument was not found and the attribute must be present this is // a MissingAttribute situation so set the flag. Otherwise add the attribute // to the processed arguments. if( bag.BagSize == 0 && attrDes.MustBePresent ) { context.Trace( "Attribute is missing" ); context.IsMissingAttribute = true; context.AddMissingAttribute( attrDes ); _value = EvaluationValue.Indeterminate; } else { _value = new EvaluationValue( bag, bag.GetType( context ) ); } return _value; } else if( _variableDefinition.Expression is pol.AttributeSelectorElement ) { // Resolve the XPath query using the EvaluationEngine public methods. context.Trace( "Attribute selector" ); try { pol.AttributeSelectorElement attributeSelector = (pol.AttributeSelectorElement)_variableDefinition.Expression; BagValue bag = EvaluationEngine.Resolve( context, attributeSelector ); if( bag.Elements.Count == 0 && attributeSelector.MustBePresent ) { context.Trace( "Attribute is missing" ); context.IsMissingAttribute = true; context.AddMissingAttribute( attributeSelector ); _value = EvaluationValue.Indeterminate; } else { _value = new EvaluationValue( bag, bag.GetType( context ) ); } } catch( EvaluationException e ) { context.Trace( "ERR: {0}", e.Message ); context.ProcessingError = true; _value = EvaluationValue.Indeterminate; } return _value; } throw new NotSupportedException( "internal error" ); } finally { _isEvaluated = true; context.RemoveIndent(); } }
/// <summary> /// Creates a new PolicyCombinerParameter using the provided argument values. /// </summary> /// <param name="parameterName">The parameter name.</param> /// <param name="attributeValue">The attribute value.</param> /// <param name="policyIdRef">The policy Id reference.</param> /// <param name="version">The version of the schema that was used to validate.</param> public PolicyCombinerParameterElement(string parameterName, AttributeValueElement attributeValue, Uri policyIdRef, XacmlVersion version) : base(parameterName, attributeValue, version) { _policyIdRef = policyIdRef; }
/// <summary> /// Resolves the AttributeSelector in the context document using the XPath sentence. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <param name="attributeSelector">The attribute selector.</param> /// <returns>A bag of values with the contents of the node.</returns> public static BagValue Resolve( EvaluationContext context, pol.AttributeSelectorElement attributeSelector ) { BagValue bagValue = new BagValue( GetDataType( attributeSelector.DataType ) ); ctx.ResourceContentElement content = (ctx.ResourceContentElement)context.CurrentResource.ResourceContent; if( content != null ) { XmlDocument doc = context.ContextDocument.XmlDocument; if( context.ContextDocument.XmlNamespaceManager == null ) { context.ContextDocument.AddNamespaces( context.PolicyDocument.Namespaces ); } try { string xpath = attributeSelector.RequestContextPath; XmlNodeList nodeList = doc.DocumentElement.SelectNodes( xpath, context.ContextDocument.XmlNamespaceManager ); if( nodeList != null ) { foreach( XmlNode node in nodeList ) { pol.AttributeValueElement ave = new pol.AttributeValueElement( attributeSelector.DataType, node.InnerText, attributeSelector.SchemaVersion ); bagValue.Add( ave ); } } } catch( XPathException e ) { context.Trace( Resource.TRACE_ERROR, e.Message ); bagValue = new BagValue( GetDataType( attributeSelector.DataType ) ); } } return bagValue; }
/// <summary> /// Creates a new RuleCombinerParameter using the provided argument values. /// </summary> /// <param name="parameterName">The parameter name.</param> /// <param name="attributeValue">The attribute value.</param> /// <param name="ruleIdRef">The rule Id reference.</param> /// <param name="version">The version of the schema that was used to validate.</param> public RuleCombinerParameterElement(string parameterName, AttributeValueElement attributeValue, Uri ruleIdRef, XacmlVersion version) : base(parameterName, attributeValue, version) { _ruleIdRef = ruleIdRef; }
/// <summary> /// This method overrides the ApplyBase method in order to provide extra validations /// required in the condition evaluation, for example the final return value should be a /// boolean value. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <returns>The EvaluationValue with the results of the condition evaluation.</returns> public override EvaluationValue Evaluate(EvaluationContext context) { if (context == null) { throw new ArgumentNullException("context"); } context.Trace("Evaluating condition"); context.AddIndent(); try { // Iterate through the arguments, the IExpressionType is a mark interface foreach (inf.IExpression arg in ApplyDefinition.Arguments) { if (arg is pol.ApplyElement) { context.Trace("Apply within condition."); // There is a nested apply un this policy a new Apply will be created and also // evaluated. It's return value will be used as the processed argument. Apply _childApply = new Apply((pol.ApplyElement)arg); // Evaluate the Apply EvaluationValue retVal = _childApply.Evaluate(context); return(retVal); } else if (arg is pol.FunctionElementReadWrite) { throw new NotImplementedException("FunctionElement"); //TODO: } else if (arg is pol.VariableReferenceElement) { pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement; VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[variableRef.VariableId] as VariableDefinition; if (!variableDef.IsEvaluated) { return(variableDef.Evaluate(context)); } else { return(variableDef.Value); } } else if (arg is pol.AttributeValueElementReadWrite) { // The AttributeValue does not need to be processed context.Trace("Attribute value {0}", arg.ToString()); pol.AttributeValueElement attributeValue = new pol.AttributeValueElement(((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion); return(new EvaluationValue( attributeValue.GetTypedValue(attributeValue.GetType(context), 0), attributeValue.GetType(context))); } else if (arg is pol.AttributeDesignatorBase) { // Returning an empty bag, since the condition is not supposed to work with a bag context.Trace("Processing attribute designator: {0}", arg.ToString()); pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg; BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrDes.DataType)); return(new EvaluationValue(bag, bag.GetType(context))); } else if (arg is pol.AttributeSelectorElement) { // Returning an empty bag, since the condition is not supposed to work with a bag context.Trace("Attribute selector"); pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg; BagValue bag = new BagValue(EvaluationEngine.GetDataType(attrSel.DataType)); return(new EvaluationValue(bag, bag.GetType(context))); } } throw new NotSupportedException("internal error"); } finally { context.TraceContextValues(); context.RemoveIndent(); } }
/// <summary> /// This method overrides the ApplyBase method in order to provide extra validations /// required in the condition evaluation, for example the final return value should be a /// boolean value. /// </summary> /// <param name="context">The evaluation context instance.</param> /// <returns>The EvaluationValue with the results of the condition evaluation.</returns> public override EvaluationValue Evaluate( EvaluationContext context ) { if (context == null) throw new ArgumentNullException("context"); context.Trace( "Evaluating condition" ); context.AddIndent(); try { // Iterate through the arguments, the IExpressionType is a mark interface foreach( inf.IExpression arg in ApplyDefinition.Arguments ) { if( arg is pol.ApplyElement ) { context.Trace( "Apply within condition." ); // There is a nested apply un this policy a new Apply will be created and also // evaluated. It's return value will be used as the processed argument. Apply _childApply = new Apply( (pol.ApplyElement)arg ); // Evaluate the Apply EvaluationValue retVal = _childApply.Evaluate( context ); return retVal; } else if( arg is pol.FunctionElementReadWrite ) { throw new NotImplementedException( "FunctionElement" ); //TODO: } else if( arg is pol.VariableReferenceElement ) { pol.VariableReferenceElement variableRef = arg as pol.VariableReferenceElement; VariableDefinition variableDef = context.CurrentPolicy.VariableDefinition[ variableRef.VariableId ] as VariableDefinition; if( !variableDef.IsEvaluated ) { return variableDef.Evaluate( context ); } else { return variableDef.Value; } } else if( arg is pol.AttributeValueElementReadWrite ) { // The AttributeValue does not need to be processed context.Trace( "Attribute value {0}", arg.ToString() ); pol.AttributeValueElement attributeValue = new pol.AttributeValueElement( ((pol.AttributeValueElementReadWrite)arg).DataType, ((pol.AttributeValueElementReadWrite)arg).Contents, ((pol.AttributeValueElementReadWrite)arg).SchemaVersion ); return new EvaluationValue( attributeValue.GetTypedValue( attributeValue.GetType( context ), 0 ), attributeValue.GetType( context ) ); } else if( arg is pol.AttributeDesignatorBase ) { // Returning an empty bag, since the condition is not supposed to work with a bag context.Trace( "Processing attribute designator: {0}", arg.ToString() ); pol.AttributeDesignatorBase attrDes = (pol.AttributeDesignatorBase)arg; BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrDes.DataType ) ); return new EvaluationValue( bag, bag.GetType( context ) ); } else if( arg is pol.AttributeSelectorElement ) { // Returning an empty bag, since the condition is not supposed to work with a bag context.Trace( "Attribute selector" ); pol.AttributeSelectorElement attrSel = (pol.AttributeSelectorElement)arg; BagValue bag = new BagValue( EvaluationEngine.GetDataType( attrSel.DataType ) ); return new EvaluationValue( bag, bag.GetType( context ) ); } } throw new NotSupportedException( "internal error" ); } finally { context.TraceContextValues(); context.RemoveIndent(); } }
/// <summary> /// Creates a new CombinerParameter using the provided argument values. /// </summary> /// <param name="parameterName">The parameter name.</param> /// <param name="attributeValue">The attribute value.</param> /// <param name="schemaVersion">The version of the schema that was used to validate.</param> public CombinerParameterElement(string parameterName, AttributeValueElement attributeValue, XacmlVersion schemaVersion) : base(XacmlSchema.Policy, schemaVersion) { _parameterName = parameterName; _attributeValue = attributeValue; }