Beispiel #1
0
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            if (_pepSettings.DisablePEP)
            {
                return(new XacmlJsonResponse
                {
                    Response = new List <XacmlJsonResult>()
                    {
                        new XacmlJsonResult
                        {
                            Decision = XacmlContextDecision.Permit.ToString(),
                        }
                    },
                });
            }

            try
            {
                XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
                decisionRequest = await Enrich(decisionRequest);

                Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();

                XacmlPolicy policy = await GetPolicyAsync(decisionRequest);

                XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);

                return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
            }
            catch
            {
            }

            return(null);
        }
Beispiel #2
0
        private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model)
        {
            XacmlContextRequest request = null;

            if (Request.ContentType.Contains("application/json"))
            {
                XacmlJsonRequestRoot jsonRequest;
                jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot));
                request     = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request);
            }
            else if (Request.ContentType.Contains("application/xml"))
            {
                using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent)))
                {
                    request = XacmlParser.ReadContextRequest(reader);
                }
            }

            return(request);
        }
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            try
            {
                XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
                decisionRequest = await Enrich(decisionRequest);

                Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();

                XacmlPolicy policy = await GetPolicyAsync(decisionRequest);

                XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);

                return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
            }
            catch
            {
            }

            return(null);
        }
        private async Task <XacmlJsonResponse> Authorize(XacmlJsonRequest decisionRequest)
        {
            if (decisionRequest.MultiRequests == null || decisionRequest.MultiRequests.RequestReference == null ||
                decisionRequest.MultiRequests.RequestReference.Count < 2)
            {
                XacmlContextRequest  request     = XacmlJsonXmlConverter.ConvertRequest(decisionRequest);
                XacmlContextResponse xmlResponse = await Authorize(request);

                return(XacmlJsonXmlConverter.ConvertResponse(xmlResponse));
            }
            else
            {
                XacmlJsonResponse multiResponse = new XacmlJsonResponse();
                foreach (XacmlJsonRequestReference xacmlJsonRequestReference in decisionRequest.MultiRequests.RequestReference)
                {
                    XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();

                    foreach (string refer in xacmlJsonRequestReference.ReferenceId)
                    {
                        List <XacmlJsonCategory> resourceCategoriesPart = decisionRequest.Resource.Where(i => i.Id.Equals(refer)).ToList();

                        if (resourceCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.Resource == null)
                            {
                                jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
                        }

                        List <XacmlJsonCategory> subjectCategoriesPart = decisionRequest.AccessSubject.Where(i => i.Id.Equals(refer)).ToList();

                        if (subjectCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.AccessSubject == null)
                            {
                                jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
                        }

                        List <XacmlJsonCategory> actionCategoriesPart = decisionRequest.Action.Where(i => i.Id.Equals(refer)).ToList();

                        if (actionCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.Action == null)
                            {
                                jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
                        }
                    }

                    XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));

                    XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);

                    if (multiResponse.Response == null)
                    {
                        multiResponse.Response = new List <XacmlJsonResult>();
                    }

                    multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
                }

                return(multiResponse);
            }
        }
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            string jsonResponse = string.Empty;

            if (xacmlJsonRequest.Request.MultiRequests != null)
            {
                try
                {
                    Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();
                    XacmlJsonResponse multiResponse = new XacmlJsonResponse();
                    foreach (XacmlJsonRequestReference xacmlJsonRequestReference in xacmlJsonRequest.Request.MultiRequests.RequestReference)
                    {
                        XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();

                        foreach (string refer in xacmlJsonRequestReference.ReferenceId)
                        {
                            IEnumerable <XacmlJsonCategory> resourceCategoriesPart = xacmlJsonRequest.Request.Resource.Where(i => i.Id.Equals(refer));

                            if (resourceCategoriesPart != null && resourceCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.Resource == null)
                                {
                                    jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
                            }

                            IEnumerable <XacmlJsonCategory> subjectCategoriesPart = xacmlJsonRequest.Request.AccessSubject.Where(i => i.Id.Equals(refer));

                            if (subjectCategoriesPart != null && subjectCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.AccessSubject == null)
                                {
                                    jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
                            }

                            IEnumerable <XacmlJsonCategory> actionCategoriesPart = xacmlJsonRequest.Request.Action.Where(i => i.Id.Equals(refer));

                            if (actionCategoriesPart != null && actionCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.Action == null)
                                {
                                    jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
                            }
                        }

                        XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));

                        XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);

                        if (multiResponse.Response == null)
                        {
                            multiResponse.Response = new List <XacmlJsonResult>();
                        }

                        multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
                    }

                    return(multiResponse);
                }
                catch
                {
                }
            }
            else if (xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => (a.AttributeId == "urn:altinn:userid" && a.Value == "1")) ||
                     xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => a.AttributeId == "urn:altinn:org"))
            {
                jsonResponse = File.ReadAllText("data/response_permit.json");
            }
            else
            {
                jsonResponse = File.ReadAllText("data/response_deny.json");
            }

            XacmlJsonResponse response = JsonConvert.DeserializeObject <XacmlJsonResponse>(jsonResponse);

            return(response);
        }