Beispiel #1
0
        public void ValidatePdpDecision_TC08()
        {
            // Arrange
            XacmlJsonResponse response = new XacmlJsonResponse();

            response.Response = new List <XacmlJsonResult>();
            XacmlJsonResult xacmlJsonResult = new XacmlJsonResult();

            xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString();
            response.Response.Add(xacmlJsonResult);

            // Add obligation to result with a minimum authentication level attribute
            XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice();

            obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
            string minAuthLevel = "3";
            XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment()
            {
                Category = "urn:altinn:minimum-authenticationlevel",
                Value    = minAuthLevel
            };

            obligation.AttributeAssignment.Add(authenticationAttribute);
            xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>();
            xacmlJsonResult.Obligations.Add(obligation);

            // Act
            EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false));

            // Assert
            Assert.False(result.Authorized);
            Assert.Contains(AltinnObligations.RequiredAuthenticationLevel, result.FailedObligations.Keys);
            Assert.Equal(minAuthLevel, result.FailedObligations[AltinnObligations.RequiredAuthenticationLevel]);
        }
        private async Task <EnforcementResult> AuthorizeAction(string org, string app, int partyId, string action)
        {
            EnforcementResult    enforcementResult = new EnforcementResult();
            XacmlJsonRequestRoot request           = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, action, partyId, null);
            XacmlJsonResponse    response          = await _pdp.GetDecisionForRequest(request);

            if (response?.Response == null)
            {
                _logger.LogInformation($"// Instances Controller // Authorization of action {action} failed with request: {JsonConvert.SerializeObject(request)}.");
                return(enforcementResult);
            }

            enforcementResult = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, HttpContext.User);
            return(enforcementResult);
        }
Beispiel #3
0
        public void ValidatePdpDecision_TC10()
        {
            // Arrange
            XacmlJsonResponse response = new XacmlJsonResponse();

            response.Response = new List <XacmlJsonResult>();
            XacmlJsonResult xacmlJsonResult = new XacmlJsonResult();

            xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString();
            response.Response.Add(xacmlJsonResult);

            // Add obligation to result with a minimum authentication level attribute
            XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice();

            obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
            string minAuthLevel = "4";
            XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment()
            {
                Category = "urn:altinn:minimum-authenticationlevel",
                Value    = minAuthLevel
            };

            obligation.AttributeAssignment.Add(authenticationAttribute);

            XacmlJsonObligationOrAdvice obligationOrg = new XacmlJsonObligationOrAdvice();

            obligationOrg.AttributeAssignment = new List <XacmlJsonAttributeAssignment>();
            string minAuthLevelOrg = "2";
            XacmlJsonAttributeAssignment authenticationAttributeOrg = new XacmlJsonAttributeAssignment()
            {
                Category = "urn:altinn:minimum-authenticationlevel-org",
                Value    = minAuthLevelOrg
            };

            obligationOrg.AttributeAssignment.Add(authenticationAttributeOrg);

            xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>();
            xacmlJsonResult.Obligations.Add(obligationOrg);
            xacmlJsonResult.Obligations.Add(obligation);

            // Act
            EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false, "ttd"));

            // Assert
            Assert.True(result.Authorized);
            Assert.Null(result.FailedObligations);
        }