public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
{
if (_pepSettings.DisablePEP)
{
return(new XacmlJsonResponse
{
Response = new List <XacmlJsonResult>()
{
new XacmlJsonResult
{
Decision = XacmlContextDecision.Permit.ToString(),
}
},
});
}
try
{
XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
decisionRequest = await Enrich(decisionRequest);
Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();
XacmlPolicy policy = await GetPolicyAsync(decisionRequest);
XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);
return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
}
catch
{
}
return(null);
}
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
{
try
{
if (Request.ContentType.Contains("application/json"))
{
return(await AuthorizeJsonRequest(model)); // lgtm [cs/user-controlled-bypass]
}
else
{
return(await AuthorizeXmlRequest(model)); // lgtm [cs/user-controlled-bypass]
}
}
catch
{
XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
{
Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
};
XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);
if (Request.ContentType.Contains("application/json"))
{
XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
return(Ok(jsonResult));
}
else
{
return(CreateResponse(xacmlContextResponse));
}
}
}
public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
{
try
{
if (Request.ContentType.Contains("application/json"))
{
return(await AuthorizeJsonRequest(model));
}
else
{
return(await AuthorizeXmlRequest(model));
}
}
catch (Exception ex)
{
_logger.LogError(ex, "// DecisionController // Decision // Unexpected Exception");
XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
{
Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
};
XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);
if (Request.ContentType.Contains("application/json"))
{
XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
return(Ok(jsonResult));
}
else
{
return(CreateResponse(xacmlContextResponse));
}
}
}
public ActionResult Post([FromBody] XacmlRequestApiModel model)
{
XacmlContextRequest request = null;
XacmlContextResponse xacmlContextResponse = null;
try
{
request = ParseApiBody(model);
}
catch (Exception)
{
XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
{
Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
};
xacmlContextResponse = new XacmlContextResponse(result);
}
if (request != null)
{
PolicyDecisionPoint pdp = new PolicyDecisionPoint(_contextHandler, _prp);
xacmlContextResponse = pdp.Authorize(request);
}
string accept = HttpContext.Request.Headers["Accept"];
if (!string.IsNullOrEmpty(accept) && accept.Equals("application/json"))
{
XacmlJsonResponse jsonReponse = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
return(Ok(jsonReponse));
}
StringBuilder builder = new StringBuilder();
using (XmlWriter writer = XmlWriter.Create(builder))
{
XacmlSerializer.WriteContextResponse(writer, xacmlContextResponse);
}
string xml = builder.ToString();
return(Content(xml));
}
private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model)
{
XacmlContextRequest request = null;
if (Request.ContentType.Contains("application/json"))
{
XacmlJsonRequestRoot jsonRequest;
jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot));
request = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request);
}
else if (Request.ContentType.Contains("application/xml"))
{
using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent)))
{
request = XacmlParser.ReadContextRequest(reader);
}
}
return(request);
}
public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
{
try
{
XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
decisionRequest = await Enrich(decisionRequest);
Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();
XacmlPolicy policy = await GetPolicyAsync(decisionRequest);
XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);
return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
}
catch
{
}
return(null);
}
private async Task <XacmlJsonResponse> Authorize(XacmlJsonRequest decisionRequest)
{
if (decisionRequest.MultiRequests == null || decisionRequest.MultiRequests.RequestReference == null ||
decisionRequest.MultiRequests.RequestReference.Count < 2)
{
XacmlContextRequest request = XacmlJsonXmlConverter.ConvertRequest(decisionRequest);
XacmlContextResponse xmlResponse = await Authorize(request);
return(XacmlJsonXmlConverter.ConvertResponse(xmlResponse));
}
else
{
XacmlJsonResponse multiResponse = new XacmlJsonResponse();
foreach (XacmlJsonRequestReference xacmlJsonRequestReference in decisionRequest.MultiRequests.RequestReference)
{
XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();
foreach (string refer in xacmlJsonRequestReference.ReferenceId)
{
List <XacmlJsonCategory> resourceCategoriesPart = decisionRequest.Resource.Where(i => i.Id.Equals(refer)).ToList();
if (resourceCategoriesPart.Count > 0)
{
if (jsonMultiRequestPart.Resource == null)
{
jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
}
List <XacmlJsonCategory> subjectCategoriesPart = decisionRequest.AccessSubject.Where(i => i.Id.Equals(refer)).ToList();
if (subjectCategoriesPart.Count > 0)
{
if (jsonMultiRequestPart.AccessSubject == null)
{
jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
}
List <XacmlJsonCategory> actionCategoriesPart = decisionRequest.Action.Where(i => i.Id.Equals(refer)).ToList();
if (actionCategoriesPart.Count > 0)
{
if (jsonMultiRequestPart.Action == null)
{
jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
}
}
XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));
XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);
if (multiResponse.Response == null)
{
multiResponse.Response = new List <XacmlJsonResult>();
}
multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
}
return(multiResponse);
}
}
public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
{
string jsonResponse = string.Empty;
if (xacmlJsonRequest.Request.MultiRequests != null)
{
try
{
Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();
XacmlJsonResponse multiResponse = new XacmlJsonResponse();
foreach (XacmlJsonRequestReference xacmlJsonRequestReference in xacmlJsonRequest.Request.MultiRequests.RequestReference)
{
XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();
foreach (string refer in xacmlJsonRequestReference.ReferenceId)
{
IEnumerable <XacmlJsonCategory> resourceCategoriesPart = xacmlJsonRequest.Request.Resource.Where(i => i.Id.Equals(refer));
if (resourceCategoriesPart != null && resourceCategoriesPart.Count() > 0)
{
if (jsonMultiRequestPart.Resource == null)
{
jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
}
IEnumerable <XacmlJsonCategory> subjectCategoriesPart = xacmlJsonRequest.Request.AccessSubject.Where(i => i.Id.Equals(refer));
if (subjectCategoriesPart != null && subjectCategoriesPart.Count() > 0)
{
if (jsonMultiRequestPart.AccessSubject == null)
{
jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
}
IEnumerable <XacmlJsonCategory> actionCategoriesPart = xacmlJsonRequest.Request.Action.Where(i => i.Id.Equals(refer));
if (actionCategoriesPart != null && actionCategoriesPart.Count() > 0)
{
if (jsonMultiRequestPart.Action == null)
{
jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
}
jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
}
}
XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));
XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);
if (multiResponse.Response == null)
{
multiResponse.Response = new List <XacmlJsonResult>();
}
multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
}
return(multiResponse);
}
catch
{
}
}
else if (xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => (a.AttributeId == "urn:altinn:userid" && a.Value == "1")) ||
xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => a.AttributeId == "urn:altinn:org"))
{
jsonResponse = File.ReadAllText("data/response_permit.json");
}
else
{
jsonResponse = File.ReadAllText("data/response_deny.json");
}
XacmlJsonResponse response = JsonConvert.DeserializeObject <XacmlJsonResponse>(jsonResponse);
return(response);
}
