Exemple #1
0
 /// <summary>
 /// Add a claim
 /// </summary>
 public void AddClaim(IClaim claim)
 {
     if (!this.m_claims.Any(c => c.Type == claim.Type && c.Value == claim.Value))
     {
         this.m_claims.Add(claim);
     }
 }
Exemple #2
0
 private IClaim GetTestClaim()
 {
     claim = new Claim();
     var claimant = MockRepository.GenerateStub<IClaimant>();
     claim.Claimant = claimant;
     return claim;
 }
Exemple #3
0
 public void Unclaim(IClaim claim)
 {
     BB.AssertNotNull(claim);
     BB.Assert(claims.Contains(claim));
     claim.Unclaim();
     claims.Remove(claim);
 }
Exemple #4
0
        public void Should_increase_original_premium_by_20_percent_when_driver_is_24()
        {
            const double expected            = 600.00;
            const double increaseAmount      = 0.2;
            const int    startingYoungAge    = 21;
            const int    endingYoungAge      = 25;
            const string driverName          = "name";
            const string occupation          = "occupation";
            const string secondDriverName    = "name2";
            const double premium             = 500.00;
            var          todayProvider       = new GenericStubProvider <DateTime>(new[] { DateTime.Today, DateTime.Today });
            var          driverDateOfBirth   = DateTime.Now.AddYears(-25);
            var          driversDateOfBirth  = DateTime.Now.AddYears(-40);
            var          driverClaims        = new IClaim[0];
            var          secondDriversClaims = new IClaim[0];
            var          driversAndPremiumToUpdatedPremiumForYoungDrivers = new DriversAndPremiumToUpdatedPremiumForYoungDrivers(startingYoungAge, endingYoungAge, todayProvider, increaseAmount);
            var          firstDriver       = new DriverStub(driverName, occupation, driverDateOfBirth, driverClaims);
            var          secondDriver      = new DriverStub(secondDriverName, occupation, driversDateOfBirth, secondDriversClaims);
            var          drivers           = new [] { firstDriver, secondDriver };
            var          driversAndPremium = new DriverAndPremium(firstDriver, premium);

            var actual = driversAndPremiumToUpdatedPremiumForYoungDrivers.Transform(driversAndPremium);

            Assert.AreEqual(expected, actual);
        }
Exemple #5
0
 /// <summary>
 /// Suppression d'un droit à l'utilisateur.
 /// </summary>
 /// <param name="claim">Droit.</param>
 public void RemoveClaim(IClaim claim)
 {
     if (claims.ContainsKey(claim.Id))
     {
         claims.Remove(claim.Id);
     }
 }
Exemple #6
0
 /// <summary>
 /// Ajout d'un droit.
 /// </summary>
 /// <param name="claim">Droit.</param>
 public void AddClaim(IClaim claim)
 {
     if (!claims.ContainsKey(claim.Id))
     {
         claims[claim.Id] = claim;
     }
 }
Exemple #7
0
 public LikeArticleController(IArticleRepository repo, IUserRepository userRepo, ILikeRepository likeRepo, IClaim clame)
 {
     _repo     = repo;
     _userRepo = userRepo;
     _likeRepo = likeRepo;
     _clame    = clame;
 }
Exemple #8
0
 public IClaim ClaimConfiguration(IClaim claim)
 {
     claim.Product = mSettings.Product;
     claim.Version = mSettings.Version;
     claim.Context = mSettings.Context;
     claim.Process = mSettings.Process;
     return(claim);
 }
Exemple #9
0
 public void Set <T>(IClaim <T> claim)
 {
     if (claims.ContainsKey(claim.Name))
     {
         claims[claim.Name] = claim;
     }
     else
     {
         claims.Add(claim.Name, claim);
     }
 }
Exemple #10
0
        public IClaim Read(Guid id)
        {
            var contacts             = _dbContext.contact.ToList();
            var vehicles             = _dbContext.vehicle.ToList();
            var claimContactVehicles = _dbContext.claimContactVehicle.ToList();

            Claim fromDb = _dbContext.claim.FirstOrDefault(x => x.ClaimId == id) ?? throw new Exception("Claim not found");

            IClaim viewModel = ConvertToViewModel(fromDb);

            return(viewModel);
        }
Exemple #11
0
        public string GetToken(IClaim credentialClaim)
        {
            var token = new JwtSecurityToken
                            (issuer: "http://www.example.com"
                            , audience: "MyAudience"
                            , claims: credentialClaim.GetClaims()
                            , notBefore: DateTime.UtcNow
                            , expires: DateTime.UtcNow.AddHours(24)
                            , signingCredentials: CreateSigningCredentials());

            var    tokenHandler = new JwtSecurityTokenHandler();
            string tokenString  = tokenHandler.WriteToken(token);

            return(tokenString);
        }
Exemple #12
0
 /// <summary>
 /// As date time
 /// </summary>
 public static DateTime AsDateTime(this IClaim me)
 {
     if (!DateTime.TryParse(me.Value, out var value))
     {
         if (Int32.TryParse(me.Value, out int offset))
         {
             value = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc).AddSeconds(offset).ToLocalTime();
         }
         else
         {
             throw new ArgumentOutOfRangeException(nameof(IClaim.Value));
         }
     }
     return(value);
 }
Exemple #13
0
        public void Should_return_original_premium_when_driver_is_not_an_Accountant()
        {
            const double expected                    = 500.00;
            const double decreaseAmount              = 0.1;
            const string driversName                 = "name";
            const string driversOccupation           = "Electrician";
            var          driversDateOfBirth          = DateTime.Now;
            var          driversClaims               = new IClaim[0];
            var          jobsWherePremiumIsDecreased = new [] { "Accountant" };
            var          driversAndPremiumToDecreasedPremiumBasedOnOccupationTransform = new DriversAndPremiumToDecreasedPremiumBasedOnOccupationTransform(jobsWherePremiumIsDecreased, decreaseAmount);
            var          firstDriver      = new DriverStub(driversName, driversOccupation, driversDateOfBirth, driversClaims);
            var          driverAndPremium = new DriverAndPremium(firstDriver, expected);

            var actual = driversAndPremiumToDecreasedPremiumBasedOnOccupationTransform.Transform(driverAndPremium);

            Assert.AreEqual(expected, actual);
        }
Exemple #14
0
        public void Should_return_original_premium_when_neither_driver_is_a_chauffeur()
        {
            const double increaseAmount              = 0.1;
            const double expected                    = 500.00;
            const string driversName                 = "name";
            const string driversOccupation           = "Mechanic";
            var          driversDateOfBirth          = DateTime.Now;
            var          driversClaims               = new IClaim[0];
            var          jobsWherePremiumIsIncreased = new [] { "Chauffeur" };
            var          driversAndPremiumToIncreasedPremiumBasedOnOccupationTransform = new DriversAndPremiumToIncreasedPremiumBasedOnOccupationTransform(jobsWherePremiumIsIncreased, increaseAmount);
            var          driver           = new DriverStub(driversName, driversOccupation, driversDateOfBirth, driversClaims);
            var          driverAndPremium = new DriverAndPremium(driver, expected);

            var actual = driversAndPremiumToIncreasedPremiumBasedOnOccupationTransform.Transform(driverAndPremium);

            Assert.AreEqual(expected, actual);
        }
Exemple #15
0
        public void Should_return_result_of_premium_after_adult_calculation()
        {
            const string name        = "name";
            const string occupation  = "occupation";
            const double expected    = 660.00;
            const double premium     = 500.00;
            var          claims      = new IClaim[0];
            var          dateOfBirth = DateTime.Now;
            var          driversAndPremiumToUpdatedPremiumForAdultDrivers     = new GenericStubTransform <DriverAndPremium, double>(expected);
            var          driversAndPremiumToUpdatedPremiumForYoungDrivers     = new GenericStubTransform <DriverAndPremium, double>(expected);
            var          driversAndPremiumToUpdatedPremiumBasedOnAgeTransform = new DriversAndPremiumToUpdatedPremiumBasedOnAgeTransform(driversAndPremiumToUpdatedPremiumForYoungDrivers, driversAndPremiumToUpdatedPremiumForAdultDrivers);
            var          driver = new DriverStub(name, occupation, dateOfBirth, claims);

            var actual = driversAndPremiumToUpdatedPremiumBasedOnAgeTransform.Transform(new DriverAndPremium(driver, premium));

            Assert.AreEqual(expected, actual);
        }
Exemple #16
0
        public void Should_return_the_result_of_driversAndPremiumToDecreasedPremiumBasedOnOccupationTransform()
        {
            const double premium            = 500.00;
            const string driverName         = "name";
            const string driverOccupation   = "occupation";
            var          driversDateOfBirth = DateTime.Now;
            var          claims             = new IClaim[0];
            var          drivers            = new DriverStub(driverName, driverOccupation, driversDateOfBirth, claims);
            const double expected           = 660.00;
            var          driversAndPremium  = new DriverAndPremium(drivers, premium);
            var          driversAndPremiumToIncreasedPremiumBasedOnOccupationTransform = new GenericStubTransform <DriverAndPremium, double>(premium);
            var          driversAndPremiumToDecreasedPremiumBasedOnOccupationTransform = new GenericStubTransform <DriverAndPremium, double>(expected);
            var          driversAndPremiumToUpdatedPremiumBasedOnOccupationTransform   = new DriversAndPremiumToUpdatedPremiumBasedOnOccupationTransform(driversAndPremiumToIncreasedPremiumBasedOnOccupationTransform, driversAndPremiumToDecreasedPremiumBasedOnOccupationTransform);

            var actual = driversAndPremiumToUpdatedPremiumBasedOnOccupationTransform.Transform(driversAndPremium);

            Assert.AreEqual(expected, actual);
        }
Exemple #17
0
        public void Should_return_original_premium_when_driver_is_younger_than_26()
        {
            const double increaseAmount    = 0.1;
            const int    startingAdultAge  = 26;
            const int    endingAdultAge    = 75;
            const string driverName        = "name";
            const string occupation        = "occupation";
            const double expected          = 500.00;
            var          todayProvider     = new GenericStubProvider <DateTime>(new[] { DateTime.Today, DateTime.Today });
            var          driverDateOfBirth = DateTime.Now.AddYears(-25);
            var          driverClaims      = new IClaim[0];
            var          driversAndPremiumToUpdatedPremiumForYoungDrivers = new DriversAndPremiumToUpdatedPremiumForAdultDrivers(startingAdultAge, endingAdultAge, todayProvider, increaseAmount);
            var          driver            = new DriverStub(driverName, occupation, driverDateOfBirth, driverClaims);
            var          driversAndPremium = new DriverAndPremium(driver, expected);

            var actual = driversAndPremiumToUpdatedPremiumForYoungDrivers.Transform(driversAndPremium);

            Assert.AreEqual(expected, actual);
        }
Exemple #18
0
#pragma warning restore CS0067
        /// <summary>
        /// Adds a claim to the current identity
        /// </summary>
        /// <param name="userName">The user identity to add the claim to</param>
        /// <param name="claim">The claim</param>
        /// <param name="principal">The princiapl asserting the claim</param>
        /// <remarks>Not implemented</remarks>
        public void AddClaim(string userName, IClaim claim, IPrincipal principal, TimeSpan?expiry = null)
        {
            throw new NotImplementedException();
        }
Exemple #19
0
        /// <summary>
        /// Initializes a new instance of the <see cref="TokenClaimsPrincipal"/> class.
        /// </summary>
        /// <param name="idToken">Token.</param>
        /// <param name="tokenType">Token type.</param>
        public TokenClaimsPrincipal(String accessToken, String idToken, String tokenType, String refreshToken) : base()
        {
            if (String.IsNullOrEmpty(idToken))
            {
                throw new ArgumentNullException(nameof(idToken));
            }
            else if (String.IsNullOrEmpty(tokenType))
            {
                throw new ArgumentNullException(nameof(tokenType));
            }
            else if (tokenType != "urn:ietf:params:oauth:token-type:jwt" &&
                     tokenType != "bearer")
            {
                throw new ArgumentOutOfRangeException(nameof(tokenType), "expected urn:ietf:params:oauth:token-type:jwt");
            }

            // Token
            this.m_idToken     = idToken;
            this.m_accessToken = accessToken;

            String[] tokenObjects = idToken.Split('.');
            // Correct each token to be proper B64 encoding
            for (int i = 0; i < tokenObjects.Length; i++)
            {
                tokenObjects[i] = tokenObjects[i].PadRight(tokenObjects[i].Length + (tokenObjects[i].Length % 4), '=').Replace("===", "=");
            }
            JObject headers = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(tokenObjects[0]))),
                    body    = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(tokenObjects[1])));


            // Attempt to get the certificate
            if (((String)headers["alg"]).StartsWith("RS"))
            {
                var cert = SecurityUtils.FindCertificate(X509FindType.FindByThumbprint, StoreLocation.CurrentUser, StoreName.My, headers["x5t"].ToString());
                //if (cert == null)
                //	throw new SecurityTokenException(SecurityTokenExceptionType.KeyNotFound, String.Format ("Cannot find certificate {0}", headers ["x5t"]));
                // TODO: Verify signature
            }
            else if (((String)headers["alg"]).StartsWith("HS"))
            {
                // TODO: Verify key
            }

            // Parse the jwt
            List <IClaim> claims = new List <IClaim>();

            foreach (var kf in body)
            {
                String claimName = kf.Key;
                if (!claimMap.TryGetValue(kf.Key, out claimName))
                {
                    claims.AddRange(this.ProcessClaim(kf, kf.Key));
                }
                else
                {
                    claims.AddRange(this.ProcessClaim(kf, claimName));
                }
            }

            IClaim expiryClaim    = claims.Find(o => o.Type == SanteDBClaimTypes.Expiration),
                   notBeforeClaim = claims.Find(o => o.Type == SanteDBClaimTypes.AuthenticationInstant);

            if (expiryClaim == null || notBeforeClaim == null)
            {
                throw new SecurityTokenException("Missing NBF or EXP claim");
            }
            else
            {
                DateTime expiry    = expiryClaim.AsDateTime().ToLocalTime(),
                         notBefore = notBeforeClaim.AsDateTime().ToLocalTime();

                if (expiry == null || expiry < DateTime.Now)
                {
                    throw new SecurityTokenException("Token expired");
                }
                else if (notBefore == null || Math.Abs(notBefore.Subtract(DateTime.Now).TotalMinutes) > 3)
                {
                    throw new SecurityTokenException("Token cannot yet be used (issued in the future)");
                }
            }
            this.RefreshToken = refreshToken;
            this.AddIdentity(new SanteDBClaimsIdentity(body["unique_name"]?.Value <String>().ToLower() ?? body["sub"]?.Value <String>().ToLower(), true, "OAUTH", claims));
        }
Exemple #20
0
 public ClaimController(IClaim claimService)
 {
     this.claimService = claimService;
 }
Exemple #21
0
 public void MakeClaim(IClaim claim) => claims.Add(claim);
Exemple #22
0
        /// <summary>
        /// Initializes a new instance of the <see cref="SanteDB.DisconnectedClient.Security.TokenClaimsPrincipal"/> class.
        /// </summary>
        /// <param name="idToken">Token.</param>
        /// <param name="tokenType">Token type.</param>
        public TokenClaimsPrincipal(String accessToken, String idToken, String tokenType, String refreshToken, OpenIdConfigurationInfo configuration) : base()
        {
            if (String.IsNullOrEmpty(idToken))
            {
                throw new ArgumentNullException(nameof(idToken));
            }
            else if (String.IsNullOrEmpty(tokenType))
            {
                throw new ArgumentNullException(nameof(tokenType));
            }
            else if (
                tokenType != "urn:santedb:session-info" &&
                tokenType != "urn:ietf:params:oauth:token-type:jwt" &&
                tokenType != "bearer")
            {
                throw new ArgumentOutOfRangeException(nameof(tokenType), "expected urn:ietf:params:oauth:token-type:jwt");
            }

            // Token
            this.m_idToken     = idToken;
            this.m_accessToken = accessToken;

            JObject tokenBody = null;

            if (tokenType == "urn:santedb:session-info")
            {
                tokenBody = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(idToken)));
            }
            else
            {
                String[] tokenObjects = idToken.Split('.');
                // Correct each token to be proper B64 encoding
                for (int i = 0; i < tokenObjects.Length; i++)
                {
                    tokenObjects[i] = tokenObjects[i].PadRight(tokenObjects[i].Length + (tokenObjects[i].Length % 4), '=').Replace("===", "=");
                }
                JObject headers = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(tokenObjects[0])));
                tokenBody = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(tokenObjects[1])));

                // Attempt to get the certificate
                if (((String)headers["alg"]).StartsWith("RS"))
                {
                    var cert = X509CertificateUtils.FindCertificate(X509FindType.FindByThumbprint, StoreLocation.CurrentUser, StoreName.My, headers["x5t"].ToString());
                    //if (cert == null)
                    //	throw new SecurityTokenException(SecurityTokenExceptionType.KeyNotFound, String.Format ("Cannot find certificate {0}", headers ["x5t"]));
                    // TODO: Verify signature
                }
                else if (((String)headers["alg"]).StartsWith("HS"))
                {
                    // TODO: Verfiy signature using our client secret
                }
            }

            // Parse the jwt
            List <IClaim> claims = new List <IClaim>();

            foreach (var kf in tokenBody)
            {
                String claimName = kf.Key;
                if (!claimMap.TryGetValue(kf.Key, out claimName))
                {
                    claims.AddRange(this.ProcessClaim(kf, kf.Key));
                }
                else
                {
                    claims.AddRange(this.ProcessClaim(kf, claimName));
                }
            }

            // Validate issuer
            if (configuration != null && !claims.Any(c => c.Type == "iss" && c.Value == configuration?.Issuer))
            {
                throw new SecurityTokenException(SecurityTokenExceptionType.InvalidIssuer, "Issuer mismatch");
            }

            // Validate validity
            IClaim expiryClaim    = claims.Find(o => o.Type == SanteDBClaimTypes.Expiration),
                   notBeforeClaim = claims.Find(o => o.Type == SanteDBClaimTypes.AuthenticationInstant);

            if (expiryClaim == null || notBeforeClaim == null)
            {
                throw new SecurityTokenException(SecurityTokenExceptionType.InvalidClaim, "Missing NBF or EXP claim");
            }
            else
            {
                DateTime expiry    = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc),
                         notBefore = new DateTime(1970, 1, 1, 0, 0, 0, DateTimeKind.Utc);
                expiry    = expiryClaim.AsDateTime();
                notBefore = notBeforeClaim.AsDateTime();

                if (expiry == null || expiry < DateTime.Now)
                {
                    throw new SecurityTokenException(SecurityTokenExceptionType.TokenExpired, "Token expired");
                }
                else if (notBefore == null || Math.Abs(notBefore.Subtract(DateTime.Now).TotalMinutes) > 3)
                {
                    throw new SecurityTokenException(SecurityTokenExceptionType.NotYetValid, $"Token cannot yet be used (issued {notBefore} but current time is {DateTime.Now})");
                }
            }
            this.RefreshToken = refreshToken;

            this.m_identities.Clear();
            this.m_identities.Add(new SanteDBClaimsIdentity(tokenBody["unique_name"]?.Value <String>() ?? tokenBody["sub"]?.Value <String>(), true, "OAUTH2", claims));
        }
Exemple #23
0
 /// <summary>
 /// Remove the specified claim
 /// </summary>
 public void RemoveClaim(IClaim claim)
 {
     this.m_claims.Remove(claim);
 }
Exemple #24
0
        /// <summary>
        /// Add a claim to the specified user
        /// </summary>
        public void AddClaim(string userName, IClaim claim, IPrincipal principal, TimeSpan?expire = null)
        {
            if (userName == null)
            {
                throw new ArgumentNullException(nameof(userName));
            }
            else if (claim == null)
            {
                throw new ArgumentNullException(nameof(claim));
            }

            this.VerifyPrincipal(principal, PermissionPolicyIdentifiers.AlterIdentity);

            try
            {
                using (var dataContext = this.m_configuration.Provider.GetWriteConnection())
                {
                    dataContext.Open();

                    var user = dataContext.FirstOrDefault <DbSecurityUser>(o => o.UserName.ToLower() == userName.ToLower());
                    if (user == null)
                    {
                        throw new KeyNotFoundException(userName);
                    }

                    lock (this.m_syncLock)
                    {
                        var existingClaim = dataContext.FirstOrDefault <DbUserClaim>(o => o.ClaimType == claim.Type && o.SourceKey == user.Key);

                        // Set the secret
                        if (existingClaim == null)
                        {
                            existingClaim = new DbUserClaim()
                            {
                                ClaimType  = claim.Type,
                                ClaimValue = claim.Value,
                                SourceKey  = user.Key
                            };
                            if (expire.HasValue)
                            {
                                existingClaim.ClaimExpiry = DateTime.Now.Add(expire.Value);
                            }
                            dataContext.Insert(existingClaim);
                        }
                        else
                        {
                            existingClaim.ClaimValue = claim.Value;
                            if (expire.HasValue)
                            {
                                existingClaim.ClaimExpiry = DateTime.Now.Add(expire.Value);
                            }
                            dataContext.Update(existingClaim);
                        }
                    }
                }
            }
            catch (Exception e)
            {
                this.m_traceSource.TraceEvent(EventLevel.Error, e.ToString());
                throw;
            }
        }
Exemple #25
0
        /// <summary>
        /// Determines whether the specified access token is authorized to access
        /// the specified claim.
        /// </summary>
        /// <param name="accessToken">The access token.</param>
        /// <param name="claim">The claim.</param>
        /// <returns><c>true</c> if the access token is authorized; otherwise <c>false</c>.</returns>
        public static bool HasClaim(string accessToken, IClaim claim)
        {
            var credentials = Cache.Get <Credentials>(accessToken);

            return(credentials.Claims.Any(c => c.Type == claim.Type && c.Value == claim.Value));
        }
Exemple #26
0
        /// <summary>
        /// Determines whether the specified header contains an authenticated Accesss Token,
        /// and whether the user has the necessary <see cref="Claim"/> (if defined).
        /// </summary>
        /// <param name="authorization">The authentication header.</param>
        /// <param name="claim">The required claim.</param>
        /// <param name="getUser">The delegate that will be called if the user associated with the access token is not cached.</param>
        /// <returns><c>200</c> when authenticated and authorized; <c>401</c> when unauthenticated; 403 when unauthorized.</returns>
        public static async Task <HttpStatusCode> IsAuthorized(AuthenticationHeaderValue authorization, IClaim claim, Func <string, Task <IClaimUser> > getUser)
        {
            var accessToken = GetAccessToken(authorization);

            if (!await ValidAccessToken(accessToken, getUser))
            {
                return(HttpStatusCode.Unauthorized);
            }

            return(claim == null || HasClaim(accessToken, claim) ? HttpStatusCode.OK : HttpStatusCode.Forbidden);
        }
Exemple #27
0
 public void Setup()
 {
     now = DateTime.Now;
     claim = GetTestClaim();
     testClaimTag = GetTestTag();
 }
Exemple #28
0
 /// <summary>
 /// Indique si l'utilisateur a un droit particulier.
 /// </summary>
 /// <param name="claim">Droit.</param>
 /// <returns>Indique si l'utilisateur a le droit particulier ou non.</returns>
 public bool Claim(IClaim claim)
 {
     return(claims.ContainsKey(claim.Id));
 }
Exemple #29
0
 /// <summary>
 /// Creates an instance of the claim based filter.
 /// </summary>
 /// <param name="type">The claim type.</param>
 /// <param name="value">The value of the claim <paramref name="type"/>.</param>
 public ClaimAttribute(string type, string value)
 {
     Claim = new Claim {
         Type = type, Value = value
     };
 }
Exemple #30
0
 public ClaimController(IClaim claim, UserManager <NewUser> userManager, RoleManager <IdentityRole> roleManager)
 {
     _claim       = claim;
     _userManager = userManager;
     _roleManager = roleManager;
 }