internal string GetRuleXmlFromPolicyRule(PolicyRule policyRule) { return(new RuleSerializer().SaveRuleToString(policyRule)); }
/// <summary> /// Serialize to a JSON object /// </summary> public new void SerializeJson(Utf8JsonWriter writer, JsonSerializerOptions options, bool includeStartObject = true) { if (includeStartObject) { writer.WriteStartObject(); } if (!string.IsNullOrEmpty(ResourceType)) { writer.WriteString("resourceType", (string)ResourceType !); } ((Fhir.R4.Models.DomainResource) this).SerializeJson(writer, options, false); if ((Identifier != null) && (Identifier.Count != 0)) { writer.WritePropertyName("identifier"); writer.WriteStartArray(); foreach (Identifier valIdentifier in Identifier) { valIdentifier.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if (!string.IsNullOrEmpty(Status)) { writer.WriteString("status", (string)Status !); } if (_Status != null) { writer.WritePropertyName("_status"); _Status.SerializeJson(writer, options); } if (Scope != null) { writer.WritePropertyName("scope"); Scope.SerializeJson(writer, options); } if ((Category != null) && (Category.Count != 0)) { writer.WritePropertyName("category"); writer.WriteStartArray(); foreach (CodeableConcept valCategory in Category) { valCategory.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if (Patient != null) { writer.WritePropertyName("patient"); Patient.SerializeJson(writer, options); } if (!string.IsNullOrEmpty(DateTime)) { writer.WriteString("dateTime", (string)DateTime !); } if (_DateTime != null) { writer.WritePropertyName("_dateTime"); _DateTime.SerializeJson(writer, options); } if ((Performer != null) && (Performer.Count != 0)) { writer.WritePropertyName("performer"); writer.WriteStartArray(); foreach (Reference valPerformer in Performer) { valPerformer.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if ((Organization != null) && (Organization.Count != 0)) { writer.WritePropertyName("organization"); writer.WriteStartArray(); foreach (Reference valOrganization in Organization) { valOrganization.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if (SourceAttachment != null) { writer.WritePropertyName("sourceAttachment"); SourceAttachment.SerializeJson(writer, options); } if (SourceReference != null) { writer.WritePropertyName("sourceReference"); SourceReference.SerializeJson(writer, options); } if ((Policy != null) && (Policy.Count != 0)) { writer.WritePropertyName("policy"); writer.WriteStartArray(); foreach (ConsentPolicy valPolicy in Policy) { valPolicy.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if (PolicyRule != null) { writer.WritePropertyName("policyRule"); PolicyRule.SerializeJson(writer, options); } if ((Verification != null) && (Verification.Count != 0)) { writer.WritePropertyName("verification"); writer.WriteStartArray(); foreach (ConsentVerification valVerification in Verification) { valVerification.SerializeJson(writer, options, true); } writer.WriteEndArray(); } if (Provision != null) { writer.WritePropertyName("provision"); Provision.SerializeJson(writer, options); } if (includeStartObject) { writer.WriteEndObject(); } }
private static void AddRuleAndPolicy(PolicySet responsePolicySet, Policy responsePolicy, PolicyRule rule) { responsePolicy.Rules.Add(rule); responsePolicySet.Policies.Add(responsePolicy); }
private async Task <AuthorizationPolicyResult> CheckClaims( PolicyRule authorizationPolicy, List <ClaimTokenParameter> claimTokenParameters) { if (authorizationPolicy.Claims == null || !authorizationPolicy.Claims.Any()) { return(null); } if (claimTokenParameters == null || !claimTokenParameters.Any(c => c.Format == IdTokenType)) { return(GetNeedInfoResult(authorizationPolicy.Claims)); } var idToken = claimTokenParameters.First(c => c.Format == IdTokenType); var jwsPayload = await _jwtTokenParser.UnSign(idToken.Token); if (jwsPayload == null) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.NotAuthorized }); } foreach (var claim in authorizationPolicy.Claims) { var payload = jwsPayload .FirstOrDefault(j => j.Key == claim.Type); if (payload.Equals(default(KeyValuePair <string, object>))) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.NotAuthorized }); } if (claim.Type == SimpleIdentityServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Role) { IEnumerable <string> roles = null; if (payload.Value is string) { roles = payload.Value.ToString().Split(','); } else { var arr = payload.Value as object[]; var jArr = payload.Value as JArray; if (arr != null) { roles = arr.Select(c => c.ToString()); } if (jArr != null) { roles = jArr.Select(c => c.ToString()); } } if (roles == null || !roles.Any(v => claim.Value == v)) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.NotAuthorized }); } } else { if (payload.Value.ToString() != claim.Value) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.NotAuthorized }); } } } return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.Authorized }); }
public void RemovePolicyRule(Uri scopeUri, PolicyRule rule) { throw new NotImplementedException(); }
public void AddPolicyRule(Uri scope, PolicyRule rule) { throw new NotImplementedException(); }
private async Task <AuthorizationPolicyResult> ExecuteAuthorizationPolicyRule(TicketLineParameter ticketLineParameter, PolicyRule authorizationPolicy, ClaimTokenParameter claimTokenParameter) { // 1. Check can access to the scope if (ticketLineParameter.Scopes.Any(s => !authorizationPolicy.Scopes.Contains(s))) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.NotAuthorized }); } // 2. Check clients are correct var clientAuthorizationResult = CheckClients(authorizationPolicy, ticketLineParameter); if (clientAuthorizationResult != null && clientAuthorizationResult.Type != AuthorizationPolicyResultEnum.Authorized) { return(clientAuthorizationResult); } // 3. Check claims are correct var claimAuthorizationResult = await CheckClaims(authorizationPolicy, claimTokenParameter).ConfigureAwait(false); if (claimAuthorizationResult != null && claimAuthorizationResult.Type != AuthorizationPolicyResultEnum.Authorized) { return(claimAuthorizationResult); } // 4. Check the resource owner consent is needed if (authorizationPolicy.IsResourceOwnerConsentNeeded && !ticketLineParameter.IsAuthorizedByRo) { return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.RequestSubmitted }); } return(new AuthorizationPolicyResult { Type = AuthorizationPolicyResultEnum.Authorized }); }