public void ValidateResponse_TC02() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = "2" }; obligation.AttributeAssignment.Add(authenticationAttribute); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligation); // Act bool result = DecisionHelper.ValidateResponse(response.Response, CreateUserClaims(false)); // Assert Assert.True(result); }
public void ValidatePdpDecision_TC08() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevel = "3"; XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = minAuthLevel }; obligation.AttributeAssignment.Add(authenticationAttribute); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligation); // Act EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false)); // Assert Assert.False(result.Authorized); Assert.Contains(AltinnObligations.RequiredAuthenticationLevel, result.FailedObligations.Keys); Assert.Equal(minAuthLevel, result.FailedObligations[AltinnObligations.RequiredAuthenticationLevel]); }
private static XacmlJsonObligationOrAdvice ConvertObligation(XacmlObligation obligation) { XacmlJsonObligationOrAdvice xacmlJsonObligationOrAdvice = new XacmlJsonObligationOrAdvice(); xacmlJsonObligationOrAdvice.Id = obligation.ObligationId.OriginalString; xacmlJsonObligationOrAdvice.AttributeAssignment = ConvertToAttributeAssignments(obligation.AttributeAssignment); return(xacmlJsonObligationOrAdvice); }
public void ValidatePdpDecision_TC10() { // Arrange XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult xacmlJsonResult = new XacmlJsonResult(); xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(xacmlJsonResult); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevel = "4"; XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = minAuthLevel }; obligation.AttributeAssignment.Add(authenticationAttribute); XacmlJsonObligationOrAdvice obligationOrg = new XacmlJsonObligationOrAdvice(); obligationOrg.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); string minAuthLevelOrg = "2"; XacmlJsonAttributeAssignment authenticationAttributeOrg = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel-org", Value = minAuthLevelOrg }; obligationOrg.AttributeAssignment.Add(authenticationAttributeOrg); xacmlJsonResult.Obligations = new List <XacmlJsonObligationOrAdvice>(); xacmlJsonResult.Obligations.Add(obligationOrg); xacmlJsonResult.Obligations.Add(obligation); // Act EnforcementResult result = DecisionHelper.ValidatePdpDecisionDetailed(response.Response, CreateUserClaims(false, "ttd")); // Assert Assert.True(result.Authorized); Assert.Null(result.FailedObligations); }
private XacmlJsonResponse AddObligationWithMinAuthLv(XacmlJsonResponse response, string minAuthLv) { // Add obligation to result with a minimum authentication level attribute XacmlJsonResult result = response.Response[0]; XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = minAuthLv }; obligation.AttributeAssignment.Add(authenticationAttribute); result.Obligations = new List <XacmlJsonObligationOrAdvice>(); result.Obligations.Add(obligation); return(response); }
public Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest) { List <XacmlJsonCategory> resources = xacmlJsonRequest.Request.Resource; XacmlJsonAttribute attribute = resources.Select(r => r.Attribute.Find(a => a.Value.Equals("endring-av-navn"))).FirstOrDefault(); // Create response and result XacmlJsonResponse response = new XacmlJsonResponse(); response.Response = new List <XacmlJsonResult>(); XacmlJsonResult result = new XacmlJsonResult(); if (attribute != null) { // Set decision to permit result.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(result); return(Task.FromResult(response)); } XacmlJsonAttribute attribute2 = resources.Select(r => r.Attribute.Find(a => a.Value.Equals("multiple-results"))).FirstOrDefault(); if (attribute2 != null) { // Set decision to permit result.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(result); response.Response.Add(new XacmlJsonResult()); return(Task.FromResult(response)); } XacmlJsonAttribute attribute3 = resources.Select(r => r.Attribute.Find(a => a.Value.Equals("auth-level-2"))).FirstOrDefault(); if (attribute3 != null) { // Set decision to permit result.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(result); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = "2" }; obligation.AttributeAssignment.Add(authenticationAttribute); result.Obligations = new List <XacmlJsonObligationOrAdvice>(); result.Obligations.Add(obligation); return(Task.FromResult(response)); } XacmlJsonAttribute attribute4 = resources.Select(r => r.Attribute.Find(a => a.Value.Equals("auth-level-3"))).FirstOrDefault(); if (attribute4 != null) { // Set decision to permit result.Decision = XacmlContextDecision.Permit.ToString(); response.Response.Add(result); // Add obligation to result with a minimum authentication level attribute XacmlJsonObligationOrAdvice obligation = new XacmlJsonObligationOrAdvice(); obligation.AttributeAssignment = new List <XacmlJsonAttributeAssignment>(); XacmlJsonAttributeAssignment authenticationAttribute = new XacmlJsonAttributeAssignment() { Category = "urn:altinn:minimum-authenticationlevel", Value = "3" }; obligation.AttributeAssignment.Add(authenticationAttribute); result.Obligations = new List <XacmlJsonObligationOrAdvice>(); result.Obligations.Add(obligation); return(Task.FromResult(response)); } // Set decision to deny result.Decision = XacmlContextDecision.Deny.ToString(); response.Response.Add(result); return(Task.FromResult(response)); }
private static void AssertEqual(XacmlJsonObligationOrAdvice expected, XacmlJsonObligationOrAdvice actual) { Assert.Equal(expected.AttributeAssignment.Count, actual.AttributeAssignment.Count); AssertEqual(expected.AttributeAssignment.FirstOrDefault(), actual.AttributeAssignment.FirstOrDefault()); }