public static XacmlJsonRequestRoot CreateDecisionRequest(AuthorizationHandlerContext context, AppAccessRequirement requirement, RouteData routeData) { XacmlJsonRequest request = new XacmlJsonRequest(); request.AccessSubject = new List <XacmlJsonCategory>(); request.Action = new List <XacmlJsonCategory>(); request.Resource = new List <XacmlJsonCategory>(); string instanceGuid = routeData.Values[ParamInstanceGuid] as string; string app = routeData.Values[ParamApp] as string; string org = routeData.Values[ParamOrg] as string; string instanceOwnerPartyId = routeData.Values[ParamInstanceOwnerPartyId] as string; if (string.IsNullOrWhiteSpace(app) && string.IsNullOrWhiteSpace(org)) { string appId = routeData.Values[ParamAppId] as string; if (appId != null) { org = appId.Split("/")[0]; app = appId.Split("/")[1]; } } request.AccessSubject.Add(CreateSubjectCategory(context.User.Claims)); request.Action.Add(CreateActionCategory(requirement.ActionType)); request.Resource.Add(CreateResourceCategory(org, app, instanceOwnerPartyId, instanceGuid)); XacmlJsonRequestRoot jsonRequest = new XacmlJsonRequestRoot() { Request = request }; return(jsonRequest); }
/// <summary> /// Create XACML request for multiple /// </summary> /// <param name="user">The user</param> /// <param name="events">The list of events</param> /// <returns></returns> public static XacmlJsonRequestRoot CreateMultiDecisionRequest(ClaimsPrincipal user, List <CloudEvent> events) { List <string> actionTypes = new List <string> { "read" }; if (user == null) { throw new ArgumentNullException(nameof(user)); } XacmlJsonRequest request = new XacmlJsonRequest { AccessSubject = new List <XacmlJsonCategory>() }; request.AccessSubject.Add(CreateMultipleSubjectCategory(user.Claims)); request.Action = CreateMultipleActionCategory(actionTypes); request.Resource = CreateMultipleResourceCategory(events); request.MultiRequests = CreateMultiRequestsCategory(request.AccessSubject, request.Action, request.Resource); XacmlJsonRequestRoot jsonRequest = new XacmlJsonRequestRoot() { Request = request }; return(jsonRequest); }
/// <summary> /// Create a decision Request based on a cloud event and subject /// </summary> public static XacmlJsonRequestRoot CreateDecisionRequest(CloudEvent cloudEvent, string subject) { XacmlJsonRequest request = new XacmlJsonRequest(); request.AccessSubject = new List <XacmlJsonCategory>(); request.Action = new List <XacmlJsonCategory>(); request.Resource = new List <XacmlJsonCategory>(); string org = null; string app = null; string instanceOwnerPartyId = null; string instanceGuid = null; string[] pathParams = cloudEvent.Source.AbsolutePath.Split("/"); if (pathParams.Length > 5) { org = pathParams[1]; app = pathParams[2]; instanceOwnerPartyId = pathParams[4]; instanceGuid = pathParams[5]; } request.AccessSubject.Add(CreateSubjectCategory(subject)); request.Action.Add(CreateActionCategory("read")); request.Resource.Add(CreateEventsResourceCategory(org, app, instanceOwnerPartyId, instanceGuid)); XacmlJsonRequestRoot jsonRequest = new XacmlJsonRequestRoot() { Request = request }; return(jsonRequest); }
public void CreateXacmlJsonRequest_TC02() { // Arrange & Act XacmlJsonRequestRoot requestRoot = DecisionHelper.CreateXacmlJsonRequest(org, app, CreateUserClaims(true), actionType, partyId, null); XacmlJsonRequest request = requestRoot.Request; // Assert Assert.Equal(2, request.AccessSubject[0].Attribute.Count); Assert.Single(request.Action[0].Attribute); Assert.Equal(3, request.Resource[0].Attribute.Count); }
/// <summary> /// Converts JSON request. /// </summary> /// <param name="xacmlJsonRequest">The JSON Request.</param> /// <returns></returns> public static XacmlContextRequest ConvertRequest(XacmlJsonRequest xacmlJsonRequest) { Guard.ArgumentNotNull(xacmlJsonRequest, nameof(xacmlJsonRequest)); ICollection <XacmlContextAttributes> contextAttributes = new Collection <XacmlContextAttributes>(); ConvertCategoryAttributes(xacmlJsonRequest.AccessSubject, XacmlConstants.MatchAttributeCategory.Subject, contextAttributes); ConvertCategoryAttributes(xacmlJsonRequest.Action, XacmlConstants.MatchAttributeCategory.Action, contextAttributes); ConvertCategoryAttributes(xacmlJsonRequest.Resource, XacmlConstants.MatchAttributeCategory.Resource, contextAttributes); ConvertCategoryAttributes(xacmlJsonRequest.Category, null, contextAttributes); XacmlContextRequest xacmlContextRequest = new XacmlContextRequest(false, false, contextAttributes); return(xacmlContextRequest); }
/// <summary> /// Create decision request based for policy decision point. /// </summary> /// <param name="org">Unique identifier of the organisation responsible for the app.</param> /// <param name="app">Application identifier which is unique within an organisation.</param> /// <param name="user">Claims principal user.</param> /// <param name="actionType">Policy action type i.e. read, write, delete, instantiate.</param> /// <param name="instanceOwnerPartyId">Unique id of the party that is the owner of the instance.</param> /// <param name="instanceGuid">Unique id to identify the instance.</param> /// <returns>The decision request.</returns> public static XacmlJsonRequestRoot CreateDecisionRequest(string org, string app, ClaimsPrincipal user, string actionType, int instanceOwnerPartyId, Guid?instanceGuid) { XacmlJsonRequest request = new XacmlJsonRequest(); request.AccessSubject = new List <XacmlJsonCategory>(); request.Action = new List <XacmlJsonCategory>(); request.Resource = new List <XacmlJsonCategory>(); request.AccessSubject.Add(CreateSubjectCategory(user.Claims)); request.Action.Add(CreateActionCategory(actionType)); request.Resource.Add(CreateResourceCategory(org, app, instanceOwnerPartyId.ToString(), instanceGuid.ToString())); XacmlJsonRequestRoot jsonRequest = new XacmlJsonRequestRoot() { Request = request }; return(jsonRequest); }
public static XacmlJsonRequestRoot CreateXacmlJsonRequestRoot(AuthorizationHandlerContext context, AppAccessRequirement requirement, RouteData routeData) { XacmlJsonRequest request = new XacmlJsonRequest(); request.AccessSubject = new List <XacmlJsonCategory>(); request.Action = new List <XacmlJsonCategory>(); request.Resource = new List <XacmlJsonCategory>(); string instanceGuid = routeData.Values[ParamInstanceGuid] as string; string app = routeData.Values[ParamApp] as string; string org = routeData.Values[ParamOrg] as string; string instanceOwnerPartyId = routeData.Values[ParamInstanceOwnerPartyId] as string; request.AccessSubject.Add(CreateSubjectCategory(context.User.Claims)); request.Action.Add(CreateActionCategory(requirement.ActionType)); request.Resource.Add(CreateResourceCategory(org, app, instanceOwnerPartyId, instanceGuid)); XacmlJsonRequestRoot jsonRequest = new XacmlJsonRequestRoot() { Request = request }; return(jsonRequest); }
private async Task <XacmlJsonResponse> Authorize(XacmlJsonRequest decisionRequest) { if (decisionRequest.MultiRequests == null || decisionRequest.MultiRequests.RequestReference == null || decisionRequest.MultiRequests.RequestReference.Count < 2) { XacmlContextRequest request = XacmlJsonXmlConverter.ConvertRequest(decisionRequest); XacmlContextResponse xmlResponse = await Authorize(request); return(XacmlJsonXmlConverter.ConvertResponse(xmlResponse)); } else { XacmlJsonResponse multiResponse = new XacmlJsonResponse(); foreach (XacmlJsonRequestReference xacmlJsonRequestReference in decisionRequest.MultiRequests.RequestReference) { XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest(); foreach (string refer in xacmlJsonRequestReference.ReferenceId) { List <XacmlJsonCategory> resourceCategoriesPart = decisionRequest.Resource.Where(i => i.Id.Equals(refer)).ToList(); if (resourceCategoriesPart.Count > 0) { if (jsonMultiRequestPart.Resource == null) { jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart); } List <XacmlJsonCategory> subjectCategoriesPart = decisionRequest.AccessSubject.Where(i => i.Id.Equals(refer)).ToList(); if (subjectCategoriesPart.Count > 0) { if (jsonMultiRequestPart.AccessSubject == null) { jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart); } List <XacmlJsonCategory> actionCategoriesPart = decisionRequest.Action.Where(i => i.Id.Equals(refer)).ToList(); if (actionCategoriesPart.Count > 0) { if (jsonMultiRequestPart.Action == null) { jsonMultiRequestPart.Action = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Action.AddRange(actionCategoriesPart); } } XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart)); XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse); if (multiResponse.Response == null) { multiResponse.Response = new List <XacmlJsonResult>(); } multiResponse.Response.Add(xacmlJsonResponsePart.Response.First()); } return(multiResponse); } }
public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest) { string jsonResponse = string.Empty; if (xacmlJsonRequest.Request.MultiRequests != null) { try { Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint(); XacmlJsonResponse multiResponse = new XacmlJsonResponse(); foreach (XacmlJsonRequestReference xacmlJsonRequestReference in xacmlJsonRequest.Request.MultiRequests.RequestReference) { XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest(); foreach (string refer in xacmlJsonRequestReference.ReferenceId) { IEnumerable <XacmlJsonCategory> resourceCategoriesPart = xacmlJsonRequest.Request.Resource.Where(i => i.Id.Equals(refer)); if (resourceCategoriesPart != null && resourceCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.Resource == null) { jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart); } IEnumerable <XacmlJsonCategory> subjectCategoriesPart = xacmlJsonRequest.Request.AccessSubject.Where(i => i.Id.Equals(refer)); if (subjectCategoriesPart != null && subjectCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.AccessSubject == null) { jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart); } IEnumerable <XacmlJsonCategory> actionCategoriesPart = xacmlJsonRequest.Request.Action.Where(i => i.Id.Equals(refer)); if (actionCategoriesPart != null && actionCategoriesPart.Count() > 0) { if (jsonMultiRequestPart.Action == null) { jsonMultiRequestPart.Action = new List <XacmlJsonCategory>(); } jsonMultiRequestPart.Action.AddRange(actionCategoriesPart); } } XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart)); XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse); if (multiResponse.Response == null) { multiResponse.Response = new List <XacmlJsonResult>(); } multiResponse.Response.Add(xacmlJsonResponsePart.Response.First()); } return(multiResponse); } catch { } } else if (xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => (a.AttributeId == "urn:altinn:userid" && a.Value == "1")) || xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => a.AttributeId == "urn:altinn:org")) { jsonResponse = File.ReadAllText("data/response_permit.json"); } else { jsonResponse = File.ReadAllText("data/response_deny.json"); } XacmlJsonResponse response = JsonConvert.DeserializeObject <XacmlJsonResponse>(jsonResponse); return(response); }