public async Task <DelegationEvidence> GetDelegation(DelegationMask mask) { _logger.LogInformation("Get delegation for {policyIssuer} and {target}", mask?.DelegationRequest?.PolicyIssuer, mask?.DelegationRequest?.Target?.AccessSubject); var jObjectMask = TransformToJObject(mask); var accessToken = await GetAccessToken(new ClientAssertion(_partyDetailsOptions.ClientId, _authorizationRegistryClientOptions.ClientId)) ; JObject response; try { response = await _authorizationRegistryClientOptions.BaseUri .AppendPathSegment("delegation") .WithOAuthBearerToken(accessToken) .PostJsonAsync(jObjectMask) .ReceiveJson <JObject>() ; return(GetDelegationEvidenceFromResponse(response)); } catch (Exception ex) { _logger.LogInformation("Get delegation returns {delegationResponse}", ex.Message); return(null); } }
private static JObject TransformToJObject(DelegationMask mask) { var serializedMask = JsonConvert.SerializeObject(mask, new JsonSerializerSettings { ContractResolver = new CamelCasePropertyNamesContractResolver(), NullValueHandling = Newtonsoft.Json.NullValueHandling.Ignore }); return(JsonConvert.DeserializeObject <JObject>(serializedMask)); }
public async Task <ActionResult <DelegationEvidence> > Translate([FromBody] DelegationMask delegation_mask) { var result = await TranslateDelegation(delegation_mask); if (result.Value == null) { return(result.Result); } return(result.Value.DelegationEvidence); }
public DelegationTranslationTestResponse Translate(DelegationMask delegationMask, string policy) { var delegationEvidence = JsonConvert.DeserializeObject <DelegationTranslationTestResponse>(policy); var delegationResponse = PrepareResponse(delegationEvidence); foreach (var maskPolicySet in delegationMask.DelegationRequest.PolicySets) { foreach (var evidencePolicySet in delegationEvidence.DelegationEvidence.PolicySets) { var responsePolicySet = GetResponsePolicySet(maskPolicySet, evidencePolicySet); delegationResponse.DelegationEvidence.PolicySets.Add(responsePolicySet); } } return(delegationResponse); }
public ValidationResult Validate(DelegationMask delegationMask) { var policySets = delegationMask.DelegationRequest.PolicySets; for (int i = 0; i < policySets.Count; i++) { var policies = policySets[i].Policies; for (int j = 0; j < policies.Count; j++) { if (!policies[j].Rules.Any(r => r.Effect == PolicyRule.Permit().Effect)) { return(ValidationResult.Invalid( "delegationRequest.policySets[" + i + "].policies[" + j + "] does not contain a rule with the Effect 'Permit'")); } } } return(ValidationResult.Valid()); }
public async Task <IdentityResult> Validate(DelegationMask mask) { try { if (mask.PreviousSteps != null) { foreach (var step in mask.PreviousSteps) { var assertion = _assertionParser.Parse(step); var result = await _assertionParser.ValidateAsync(assertion); if (!result.Success || !_defaultJwtValidator.IsValid(step, mask.DelegationRequest.Target.AccessSubject, // client id should be access subject _context.HttpContext.User.GetRequestingClientId() // audience should be the requester id )) { return(IdentityResult.Failed(new IdentityError { Code = "previous_steps_validation_error" })); } if (mask.DelegationRequest.Target.AccessSubject != assertion.JwtToken.Issuer) { return(IdentityResult.Failed(new IdentityError { Code = "invalid_delegation_assertion_pair" })); } } } return(IdentityResult.Success); } catch (Exception ex) { _logger.LogWarning(ex, "Exception while authorizing previous steps"); return(IdentityResult.Failed(new IdentityError { Code = "previous_steps_validation_error", Description = ex.Message })); } }
public async Task <DelegationClientTranslationResponse> GetDelegation(DelegationMask mask) { var jObjectMask = TransformToJobject(mask); var accessToken = await GetAccessToken(new ClientAssertion(_clientId, _clientId, $"{_authorizationRegistryBaseUrl}connect/token")) .ConfigureAwait(false); var response = await _authorizationRegistryBaseUrl .AppendPathSegment("delegation") .WithOAuthBearerToken(accessToken) .PostJsonAsync(jObjectMask) .ReceiveJson <JObject>() .ConfigureAwait(false); var delegationEvidence = GetDelegationEvidenceFromResponse(response); if (!IsPermitRule(delegationEvidence)) { return(DelegationClientTranslationResponse.Deny()); } return(DelegationClientTranslationResponse.Permit(delegationEvidence)); }
public async Task <ActionResult <DelegationTranslationTestResponse> > TestDelegationTranslation([FromBody] DelegationMask delegationMask) { var validationResult = _delegationMaskValidationService.Validate(delegationMask); if (!validationResult.Success) { return(BadRequest(new { error = validationResult.Error })); } var delegation = await _delegationService .GetBySubject(delegationMask.DelegationRequest.Target.AccessSubject, delegationMask.DelegationRequest.PolicyIssuer) .ConfigureAwait(false); if (delegation == null) { return(NotFound()); } var delegationResponse = _delegationTranslateService.Translate(delegationMask, delegation.Policy); return(delegationResponse); }
private async Task <ActionResult <DelegationTranslationTestResponse> > TranslateDelegation(DelegationMask delegationMask) { var stepsValidation = await _previousStepsValdiationService.Validate(delegationMask); if (!stepsValidation.Succeeded) { return(BadRequest(stepsValidation.Errors)); } var validationResult = _delegationMaskValidationService.Validate(delegationMask); if (!validationResult.Success) { return(BadRequest(new { error = validationResult.Error })); } var delegation = await _delegationService .GetBySubject(delegationMask.DelegationRequest.Target.AccessSubject, delegationMask.DelegationRequest.PolicyIssuer) ; if (delegation == null) { return(NotFound()); } var delegationResponse = _delegationTranslateService.Translate(delegationMask, delegation.Policy); return(delegationResponse); }