internal string GetRuleXmlFromPolicyRule(PolicyRule policyRule)
{
return(new RuleSerializer().SaveRuleToString(policyRule));
}
/// <summary>
/// Serialize to a JSON object
/// </summary>
public new void SerializeJson(Utf8JsonWriter writer, JsonSerializerOptions options, bool includeStartObject = true)
{
if (includeStartObject)
{
writer.WriteStartObject();
}
if (!string.IsNullOrEmpty(ResourceType))
{
writer.WriteString("resourceType", (string)ResourceType !);
}
((Fhir.R4.Models.DomainResource) this).SerializeJson(writer, options, false);
if ((Identifier != null) && (Identifier.Count != 0))
{
writer.WritePropertyName("identifier");
writer.WriteStartArray();
foreach (Identifier valIdentifier in Identifier)
{
valIdentifier.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if (!string.IsNullOrEmpty(Status))
{
writer.WriteString("status", (string)Status !);
}
if (_Status != null)
{
writer.WritePropertyName("_status");
_Status.SerializeJson(writer, options);
}
if (Scope != null)
{
writer.WritePropertyName("scope");
Scope.SerializeJson(writer, options);
}
if ((Category != null) && (Category.Count != 0))
{
writer.WritePropertyName("category");
writer.WriteStartArray();
foreach (CodeableConcept valCategory in Category)
{
valCategory.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if (Patient != null)
{
writer.WritePropertyName("patient");
Patient.SerializeJson(writer, options);
}
if (!string.IsNullOrEmpty(DateTime))
{
writer.WriteString("dateTime", (string)DateTime !);
}
if (_DateTime != null)
{
writer.WritePropertyName("_dateTime");
_DateTime.SerializeJson(writer, options);
}
if ((Performer != null) && (Performer.Count != 0))
{
writer.WritePropertyName("performer");
writer.WriteStartArray();
foreach (Reference valPerformer in Performer)
{
valPerformer.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if ((Organization != null) && (Organization.Count != 0))
{
writer.WritePropertyName("organization");
writer.WriteStartArray();
foreach (Reference valOrganization in Organization)
{
valOrganization.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if (SourceAttachment != null)
{
writer.WritePropertyName("sourceAttachment");
SourceAttachment.SerializeJson(writer, options);
}
if (SourceReference != null)
{
writer.WritePropertyName("sourceReference");
SourceReference.SerializeJson(writer, options);
}
if ((Policy != null) && (Policy.Count != 0))
{
writer.WritePropertyName("policy");
writer.WriteStartArray();
foreach (ConsentPolicy valPolicy in Policy)
{
valPolicy.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if (PolicyRule != null)
{
writer.WritePropertyName("policyRule");
PolicyRule.SerializeJson(writer, options);
}
if ((Verification != null) && (Verification.Count != 0))
{
writer.WritePropertyName("verification");
writer.WriteStartArray();
foreach (ConsentVerification valVerification in Verification)
{
valVerification.SerializeJson(writer, options, true);
}
writer.WriteEndArray();
}
if (Provision != null)
{
writer.WritePropertyName("provision");
Provision.SerializeJson(writer, options);
}
if (includeStartObject)
{
writer.WriteEndObject();
}
}
private static void AddRuleAndPolicy(PolicySet responsePolicySet, Policy responsePolicy, PolicyRule rule)
{
responsePolicy.Rules.Add(rule);
responsePolicySet.Policies.Add(responsePolicy);
}
private async Task <AuthorizationPolicyResult> CheckClaims(
PolicyRule authorizationPolicy,
List <ClaimTokenParameter> claimTokenParameters)
{
if (authorizationPolicy.Claims == null ||
!authorizationPolicy.Claims.Any())
{
return(null);
}
if (claimTokenParameters == null ||
!claimTokenParameters.Any(c => c.Format == IdTokenType))
{
return(GetNeedInfoResult(authorizationPolicy.Claims));
}
var idToken = claimTokenParameters.First(c => c.Format == IdTokenType);
var jwsPayload = await _jwtTokenParser.UnSign(idToken.Token);
if (jwsPayload == null)
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized
});
}
foreach (var claim in authorizationPolicy.Claims)
{
var payload = jwsPayload
.FirstOrDefault(j => j.Key == claim.Type);
if (payload.Equals(default(KeyValuePair <string, object>)))
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized
});
}
if (claim.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Role)
{
IEnumerable <string> roles = null;
if (payload.Value is string)
{
roles = payload.Value.ToString().Split(',');
}
else
{
var arr = payload.Value as object[];
var jArr = payload.Value as JArray;
if (arr != null)
{
roles = arr.Select(c => c.ToString());
}
if (jArr != null)
{
roles = jArr.Select(c => c.ToString());
}
}
if (roles == null || !roles.Any(v => claim.Value == v))
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized
});
}
}
else
{
if (payload.Value.ToString() != claim.Value)
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized
});
}
}
}
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.Authorized
});
}
public void RemovePolicyRule(Uri scopeUri, PolicyRule rule)
{
throw new NotImplementedException();
}
public void AddPolicyRule(Uri scope, PolicyRule rule)
{
throw new NotImplementedException();
}
private async Task <AuthorizationPolicyResult> ExecuteAuthorizationPolicyRule(TicketLineParameter ticketLineParameter, PolicyRule authorizationPolicy, ClaimTokenParameter claimTokenParameter)
{
// 1. Check can access to the scope
if (ticketLineParameter.Scopes.Any(s => !authorizationPolicy.Scopes.Contains(s)))
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized
});
}
// 2. Check clients are correct
var clientAuthorizationResult = CheckClients(authorizationPolicy, ticketLineParameter);
if (clientAuthorizationResult != null &&
clientAuthorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
return(clientAuthorizationResult);
}
// 3. Check claims are correct
var claimAuthorizationResult = await CheckClaims(authorizationPolicy, claimTokenParameter).ConfigureAwait(false);
if (claimAuthorizationResult != null && claimAuthorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
return(claimAuthorizationResult);
}
// 4. Check the resource owner consent is needed
if (authorizationPolicy.IsResourceOwnerConsentNeeded && !ticketLineParameter.IsAuthorizedByRo)
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.RequestSubmitted
});
}
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.Authorized
});
}
