public static DelegationClientTranslationResponse Permit(DelegationEvidence delegationEvidence)
{
return(new DelegationClientTranslationResponse
{
HasAccess = true,
DelegationEvidence = delegationEvidence
});
}
public DelegationEvidenceAssertion(string issuer, string subject, string audience, DelegationEvidence delegationEvidence)
{
Issuer = issuer;
Subject = subject;
Audience = audience;
JwtId = Guid.NewGuid().ToString("N");
IssuedAt = DateTime.UtcNow;
Expiration = DateTime.UtcNow.AddSeconds(30);
DelegationEvidence = delegationEvidence;
}
public string Create(DelegationEvidence delegationEvidence, string partyId)
{
var payload = BuildJwtPayload(delegationEvidence, partyId);
var privateKey = Encoding.UTF8.GetBytes(_configuration["MyDetails:PrivateKey"]);
var signingCredentials = new SigningCredentials(new SymmetricSecurityKey(privateKey), SecurityAlgorithms.HmacSha256Signature);
var writeToken = new JwtSecurityTokenHandler();
var jwtToken = new JwtSecurityToken(new JwtHeader(signingCredentials), payload);
return(writeToken.WriteToken(jwtToken));
}
private bool IsPermitRule(DelegationEvidence delegation)
{
foreach (var policySet in delegation.PolicySets)
{
foreach (var policy in policySet.Policies)
{
if (!policy.Rules.Any(rule => rule.Effect == "Permit"))
{
return(false);
}
}
}
return(true);
}
private JwtPayload BuildJwtPayload(DelegationEvidence delegationEvidence, string partyId)
{
var assertion = new DelegationEvidenceAssertion(
delegationEvidence.PolicyIssuer,
delegationEvidence.Target.AccessSubject,
partyId,
delegationEvidence);
var delegationEvidenceJson = JsonConvert.SerializeObject(assertion.DelegationEvidence,
new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
});
var delegationEvidenceDict = JsonConvert.DeserializeObject <JObject>(delegationEvidenceJson).ToDictionary();
var authorityAudience = $"{_configuration["OAuth2:AuthServerUrl"]}connect/token";
var claims = new List <Claim>
{
new Claim("iss", assertion.Issuer),
new Claim("sub", assertion.Subject),
new Claim("aud", authorityAudience),
new Claim("aud", assertion.Audience),
new Claim("jti", assertion.JwtId),
new Claim("iat", ConvertDateTimeToTimestamp(assertion.IssuedAt)),
new Claim("exp", ConvertDateTimeToTimestamp(assertion.Expiration))
};
var payload = new JwtPayload(claims)
{
{ "delegationEvidence", delegationEvidenceDict }
};
return(payload);
}
private static bool IsPermitRule(DelegationEvidence delegation) => delegation.PolicySets .SelectMany(policySet => policySet.Policies) .All(policy => policy.Rules.Any(rule => rule.Effect == "Permit"));
