private XacmlAttribute GetProcessElementAttribute(Instance instance)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(TaskAttributeId), false);
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), instance.Process.CurrentTask.ElementId));
return(attribute);
}
private XacmlAttribute GetOrgAttribute(Instance instance)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(_orgAttributeId), false);
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), instance.Org));
return(attribute);
}
private List <XacmlContextAttributes> GetXacmlContextAttributesWithOrgAndApp(bool existingApp = true)
{
List <XacmlContextAttributes> xacmlContexts = new List <XacmlContextAttributes>();
XacmlContextAttributes xacmlContext = new XacmlContextAttributes(new Uri(XacmlConstants.MatchAttributeCategory.Resource));
XacmlAttribute xacmlAttributeOrg = new XacmlAttribute(new Uri("urn:altinn:org"), true);
xacmlAttributeOrg.AttributeValues.Add(new XacmlAttributeValue(new Uri("urn:altinn:org"), ORG));
xacmlContext.Attributes.Add(xacmlAttributeOrg);
xacmlContexts.Add(xacmlContext);
XacmlContextAttributes xacmlContext2 = new XacmlContextAttributes(new Uri(XacmlConstants.MatchAttributeCategory.Resource));
XacmlAttribute xacmlAttributeApp = new XacmlAttribute(new Uri("urn:altinn:app"), true);
if (existingApp)
{
xacmlAttributeApp.AttributeValues.Add(new XacmlAttributeValue(new Uri("urn:altinn:app"), APP));
}
else
{
xacmlAttributeApp.AttributeValues.Add(new XacmlAttributeValue(new Uri("urn:altinn:app"), "dummy-app"));
}
xacmlContext2.Attributes.Add(xacmlAttributeApp);
xacmlContexts.Add(xacmlContext2);
return(xacmlContexts);
}
private static void AssertEqual(XacmlAttribute expected, XacmlAttribute actual)
{
Assert.Equal(expected.AttributeId, actual.AttributeId);
Assert.Equal(expected.IncludeInResult, actual.IncludeInResult);
Assert.Equal(expected.Issuer, actual.Issuer);
Assert.Equal(expected.AttributeValues.Count, actual.AttributeValues.Count);
}
private XacmlAttribute GetAppAttribute(Instance instance)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(AppAttributeId), false);
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), instance.AppId.Split('/')[1]));
return(attribute);
}
/// <remarks>
/// used only for XACML 3.0
/// </remarks>
public IEnumerable <XmlNode> GetAttributeByXPath(Uri xpathVersion, string xpathExpression, Uri category, Uri contextSelectorId = null, IDictionary <string, string> namespaces = null)
{
if (xpathVersion == null)
{
throw new ArgumentNullException(nameof(xpathVersion));
}
if (xpathExpression == null)
{
throw new ArgumentNullException(nameof(xpathExpression));
}
if (xpathExpression.Length == 0)
{
throw new ArgumentException("Value cannot be empty.", nameof(xpathExpression));
}
if (category == null)
{
throw new ArgumentNullException(nameof(category));
}
var xpath = this.xpathProcessor[xpathVersion.ToString()];
if (contextSelectorId != null)
{
// PROFILE - Multiple Decision Profile - #POL01 - #SPEC2744
XacmlAttribute attribute = this.request.Attributes.First(o => string.Equals(o.Category.OriginalString, category.OriginalString))
.Attributes.FirstOrDefault(o => string.Equals(o.AttributeId.OriginalString, contextSelectorId.OriginalString));
if (attribute == null)
{
throw new XacmlIndeterminateException("Cannot find attribute with name: " + contextSelectorId);
}
XacmlAttributeValue xPathExpressionDataTypeAttribute = attribute.AttributeValues.FirstOrDefault(o => string.Equals(o.DataType.OriginalString, "urn:oasis:names:tc:xacml:3.0:data-type:xpathExpression"));
if (xPathExpressionDataTypeAttribute == null)
{
throw new XacmlIndeterminateException("Cannot find attribute with name: " + contextSelectorId);
}
// IEnumerable<XmlNode> nodes = XPathProcessor.Get().GetValue(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xPathExpressionDataTypeAttribute.Value, namespaces)
IEnumerable <XmlNode> nodes = xpath.Invoke(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xPathExpressionDataTypeAttribute.Value, namespaces);
List <XmlNode> result = new List <XmlNode>();
foreach (XmlNode node in nodes)
{
XmlDocument doc = new XmlDocument();
doc.LoadXml(node.OuterXml);
result.AddRange(xpath.Invoke(doc, @"/*", xpathExpression, namespaces));
}
return(result);
}
else
{
return(xpath.Invoke(this.requestDocument, string.Format(@"//*[local-name()='Attributes'][@Category='{0}']/*[local-name()='Content']/*", category), xpathExpression, namespaces));
}
}
private XacmlAttribute GetEndEventAttribute(Instance instance)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(endEventAttributeId), false);
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), instance.Process.EndEvent));
return(attribute);
}
/// <summary>
/// Gets the user id from the XacmlContextRequest subject attribute
/// </summary>
/// <param name="request">The Xacml Context Request</param>
/// <returns>The user id of the subject</returns>
public int GetSubjectUserId(XacmlContextRequest request)
{
XacmlContextAttributes subjectContextAttributes = request.GetSubjectAttributes();
XacmlAttribute subjectAttribute = subjectContextAttributes.Attributes.FirstOrDefault(a => a.AttributeId.OriginalString.Equals(XacmlRequestAttribute.UserAttribute));
return(Convert.ToInt32(subjectAttribute?.AttributeValues.FirstOrDefault()?.Value));
}
private static void ConvertCategoryAttributes(List <XacmlJsonCategory> categoryList, string categoryId, ICollection <XacmlContextAttributes> contextAttributes)
{
if (categoryList == null)
{
return;
}
foreach (XacmlJsonCategory subjectCategory in categoryList)
{
if (!string.IsNullOrEmpty(subjectCategory.CategoryId))
{
categoryId = subjectCategory.CategoryId;
}
XacmlContextAttributes xacmlContextAttributes = new XacmlContextAttributes(new Uri(categoryId));
XacmlAttribute xacmlAttribute = null;
ICollection <XacmlAttributeValue> attributeValues = new Collection <XacmlAttributeValue>();
foreach (XacmlJsonAttribute jsonAttribute in subjectCategory.Attribute)
{
if (xacmlAttribute == null)
{
xacmlAttribute = new XacmlAttribute(new Uri(jsonAttribute.AttributeId), jsonAttribute.IncludeInResult);
}
XacmlAttributeValue xacmlAttributeValue = new XacmlAttributeValue(new Uri(ConvertDataType(jsonAttribute)), jsonAttribute.Value);
xacmlAttribute.AttributeValues.Add(xacmlAttributeValue);
xacmlContextAttributes.Attributes.Add(xacmlAttribute);
}
contextAttributes.Add(xacmlContextAttributes);
}
}
private XacmlAttribute GetPartyAttribute(Instance instance)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(PartyAttributeId), false);
// When Party attribute is missing from input it is good to return it so PEP can get this information
attribute.IncludeInResult = true;
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), instance.InstanceOwner.PartyId));
return(attribute);
}
private XacmlAttribute GetRoleAttribute(List <Role> roles)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(_altinnRoleAttributeId), false);
foreach (Role role in roles)
{
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), role.Value));
}
return(attribute);
}
/// <summary>
/// Gets a XacmlAttribute model for a list of party ids
/// </summary>
/// <param name="partyIds">The list of party ids</param>
/// <returns>XacmlAttribute</returns>
protected XacmlAttribute GetPartyIdsAttribute(List <int> partyIds)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(XacmlRequestAttribute.PartyAttribute), false);
foreach (int partyId in partyIds)
{
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), partyId.ToString()));
}
return(attribute);
}
/// <summary>
/// Gets a XacmlAttribute model for the list of roletype codes
/// </summary>
/// <param name="roles">The list of roletype codes</param>
/// <returns>XacmlAttribute</returns>
protected XacmlAttribute GetRoleAttribute(List <Role> roles)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(XacmlRequestAttribute.RoleAttribute), false);
foreach (Role role in roles)
{
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), role.Value));
}
return(attribute);
}
private XacmlAttribute GetAttribute(string attributeId, string attributeValue)
{
XacmlAttribute attribute = new XacmlAttribute(new Uri(attributeId), false);
if (attributeId.Equals(XacmlRequestAttribute.PartyAttribute))
{
// When Party attribute is missing from input it is good to return it so PEP can get this information
attribute.IncludeInResult = true;
}
attribute.AttributeValues.Add(new XacmlAttributeValue(new Uri(XacmlConstants.DataTypes.XMLString), attributeValue));
return(attribute);
}
private static void WriteAttribute(XmlWriter writer, XacmlAttribute xacmlAttribute)
{
Guard.ArgumentNotNull(writer, nameof(writer));
Guard.ArgumentNotNull(xacmlAttribute, nameof(xacmlAttribute));
writer.WriteStartElement(XacmlConstants.Prefixes.Xacml, XacmlConstants.ElementNames.Attribute, Xacml30Constants.NameSpaces.Policy);
writer.WriteAttributeString(XacmlConstants.AttributeNames.AttributeId, xacmlAttribute.AttributeId.OriginalString);
writer.WriteAttributeString(XacmlConstants.AttributeNames.IncludeInResult, xacmlAttribute.IncludeInResult.ToString().ToLower());
if (xacmlAttribute.Issuer != null)
{
writer.WriteAttributeString(XacmlConstants.AttributeNames.Issuer, xacmlAttribute.Issuer);
}
foreach (XacmlAttributeValue attributeValue in xacmlAttribute.AttributeValues)
{
WriteAttributeValue(writer, attributeValue);
}
writer.WriteEndElement();
}
private List <XacmlContextAttributes> GetXacmlContextAttributesWithOrgAndApp()
{
List <XacmlContextAttributes> xacmlContexts = new List <XacmlContextAttributes>();
XacmlContextAttributes xacmlContext = new XacmlContextAttributes(new Uri(XacmlConstants.MatchAttributeCategory.Resource));
XacmlAttribute xacmlAttributeOrg = new XacmlAttribute(new Uri("urn:altinn:org"), true);
xacmlAttributeOrg.AttributeValues.Add(new XacmlAttributeValue(new Uri("urn:altinn:org"), "org"));
xacmlContext.Attributes.Add(xacmlAttributeOrg);
xacmlContexts.Add(xacmlContext);
XacmlContextAttributes xacmlContext2 = new XacmlContextAttributes(new Uri(XacmlConstants.MatchAttributeCategory.Resource));
XacmlAttribute xacmlAttributeApp = new XacmlAttribute(new Uri("urn:altinn:app"), true);
xacmlAttributeApp.AttributeValues.Add(new XacmlAttributeValue(new Uri("urn:altinn:app"), "app"));
xacmlContext2.Attributes.Add(xacmlAttributeApp);
xacmlContexts.Add(xacmlContext2);
return(xacmlContexts);
}
