public function boot()
{
parent::boot();
//Initialize Config storage for Xacml library
Config::set(Config::ATTRIBUTE_FINDER, $this->container->get('galmi_xacml.pip'));
Config::set(Config::FUNC_REGISTRY, $this->container->get('galmi_xacml_func_registry'));
Config::set(Config::COMBINING_ALGORITHM_REGISTRY, $this->container->get('galmi_xacml_combining_algorithm_registry'));
}
public function testMissingKey()
{
try {
\Galmi\Xacml\Config::get('test2');
} catch (\Exception $e) {
$this->assertEquals("Key test2 not exists.", $e->getMessage());
}
}
public function testEvaluate4()
{
$attributeId = 'Subject.id';
$request = $this->createRequest();
$attributeFinder = $this->getMockBuilder('stdClass')->setMethods(['getValue'])->getMock();
$attributeFinder->method('getValue')->willReturnCallback(function () {
throw new \Exception();
});
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::ATTRIBUTE_FINDER, $attributeFinder);
$attributeDesignator = new \Galmi\Xacml\Expression\AttributeDesignator($attributeId, false);
$this->assertEquals(\Galmi\Xacml\Match::INDETERMINATE, $attributeDesignator->evaluate($request));
}
/**
* Retrieve attributeId value using AttributeFinder
*
* @inheritdoc
*/
public function evaluate(Request $request)
{
try {
$attributeFinder = Config::get(Config::ATTRIBUTE_FINDER);
$value = $attributeFinder->getValue($request, $this->attributeId);
} catch (\Exception $e) {
return Match::INDETERMINATE;
}
if ($value == null && $this->mustBePresent) {
return Match::INDETERMINATE;
}
return $value;
}
public function testEvaluate()
{
$request = new \Galmi\Xacml\Request();
$request->set('Subject.role', 'Manager');
$attributeFinder = $this->getMockBuilder('stdClass')->setMethods(['getValue'])->getMock();
$attributeFinder->method('getValue')->will($this->returnCallback(function () {
/** @var \Galmi\Xacml\Request $request */
$request = func_get_arg(0);
$attributeId = func_get_arg(1);
return $request->get($attributeId);
}));
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::ATTRIBUTE_FINDER, $attributeFinder);
$match = new \Galmi\Xacml\Match('Subject.role', 'Manager');
$this->assertTrue($match->evaluate($request), 'Test match evaluation');
}
public function testEvaluate3()
{
$request = new \Galmi\Xacml\Request();
$funcFactory = new \Galmi\Xacml\FuncRegistry();
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::FUNC_REGISTRY, $funcFactory);
$apply1 = new \Galmi\Xacml\Expression\Apply('string-equal');
$expression11 = new \Galmi\Xacml\Expression\AttributeValue('expression 1');
$expression12 = new \Galmi\Xacml\Expression\AttributeValue('expression 1');
$apply1->addExpression($expression11);
$apply1->addExpression($expression12);
$apply2 = new \Galmi\Xacml\Expression\Apply('string-equal');
$expression21 = new \Galmi\Xacml\Expression\AttributeValue('expression 2');
$expression22 = new \Galmi\Xacml\Expression\AttributeValue('expression 1');
$apply2->addExpression($expression21);
$apply2->addExpression($expression22);
$apply = new \Galmi\Xacml\Expression\Apply('func-and');
$apply->addExpression($apply1);
$apply->addExpression($apply2);
$this->assertEquals(false, $apply->evaluate($request));
}
/**
* -----------------------------------------------------------------------------------------
* | Target | Condition | Rule Value |
* -----------------------------------------------------------------------------------------
* | “Match” or no target | “Indeterminate” | “Indeterminate{P}” if the Effect is Permit, |
* | | | or “Indeterminate{D}” if the Effect is Deny |
* -----------------------------------------------------------------------------------------
*/
public function testEvaluate3()
{
$request = $this->createRequest();
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::ATTRIBUTE_FINDER, $this->createAttributeFinder());
$matchRole = new \Galmi\Xacml\Match('Subject.role', 'Manager');
$allOf = new \Galmi\Xacml\TargetAllOf();
$allOf->addMatch($matchRole);
$anyOf = new \Galmi\Xacml\TargetAnyOf();
$anyOf->addTargetAllOf($allOf);
$target = new \Galmi\Xacml\Target();
$target->addTargetAnyOf($anyOf);
$applyMock = $this->getMockForAbstractClass('\\Galmi\\Xacml\\Expression');
$applyMock->method('evaluate')->willReturn(\Galmi\Xacml\Match::INDETERMINATE);
$rule = new \Galmi\Xacml\Rule();
$rule->setEffect(\Galmi\Xacml\Decision::PERMIT);
$rule->setTarget($target);
$rule->setCondition($applyMock);
$this->assertEquals(\Galmi\Xacml\Decision::INDETERMINATE_P, $rule->evaluate($request));
$rule = new \Galmi\Xacml\Rule();
$rule->setEffect(\Galmi\Xacml\Decision::DENY);
$rule->setTarget($target);
$rule->setCondition($applyMock);
$this->assertEquals(\Galmi\Xacml\Decision::INDETERMINATE_D, $rule->evaluate($request));
}
protected function addAlgorithmFactory($algorithm)
{
$combiningAlgorithmFactory = $this->getMockBuilder('\\Galmi\\Xacml\\CombiningAlgorithmRegistry')->setMethods(['get'])->getMock();
$combiningAlgorithmFactory->method('get')->willReturn($algorithm);
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::COMBINING_ALGORITHM_REGISTRY, $combiningAlgorithmFactory);
}
/**
* Get function from functionId
*
* @return \Galmi\Xacml\Func\FuncInterface
* @throws \Galmi\Xacml\Exception\FunctionNotFoundException
*/
public function getFunc()
{
$funcFactory = Config::get(Config::FUNC_REGISTRY);
return $funcFactory->get($this->functionId);
}
/**
* Test 8
*
* Subject.role == Array()
*
* Result = Indeterminate
*
*/
public function testEvaluate8()
{
$request = $this->createRequest();
\Galmi\Xacml\Config::set(\Galmi\Xacml\Config::ATTRIBUTE_FINDER, $this->createAttributeFinder());
$matchMock = $this->getMockBuilder('\\Galmi\\Xacml\\Match')->setConstructorArgs(array('Subject.role', 'Manager'))->getMock();
$matchMock->method('evaluate')->willReturn(\Galmi\Xacml\Match::INDETERMINATE);
$allOf = new \Galmi\Xacml\TargetAllOf();
$allOf->addMatch($matchMock);
$anyOf = new \Galmi\Xacml\TargetAnyOf();
$anyOf->addTargetAllOf($allOf);
$target = new \Galmi\Xacml\Target();
$target->addTargetAnyOf($anyOf);
$this->assertEquals(\Galmi\Xacml\Match::INDETERMINATE, $target->evaluate($request), 'Test 8 is Indeterminate');
}
public function __construct()
{
$this->funcFactory = Config::get(Config::FUNC_REGISTRY);
}