예제 #1
0
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            if (_pepSettings.DisablePEP)
            {
                return(new XacmlJsonResponse
                {
                    Response = new List <XacmlJsonResult>()
                    {
                        new XacmlJsonResult
                        {
                            Decision = XacmlContextDecision.Permit.ToString(),
                        }
                    },
                });
            }

            try
            {
                XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
                decisionRequest = await Enrich(decisionRequest);

                Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();

                XacmlPolicy policy = await GetPolicyAsync(decisionRequest);

                XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);

                return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
            }
            catch
            {
            }

            return(null);
        }
예제 #2
0
        public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
        {
            try
            {
                if (Request.ContentType.Contains("application/json"))
                {
                    return(await AuthorizeJsonRequest(model)); // lgtm [cs/user-controlled-bypass]
                }
                else
                {
                    return(await AuthorizeXmlRequest(model)); // lgtm [cs/user-controlled-bypass]
                }
            }
            catch
            {
                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };

                XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);

                if (Request.ContentType.Contains("application/json"))
                {
                    XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                    return(Ok(jsonResult));
                }
                else
                {
                    return(CreateResponse(xacmlContextResponse));
                }
            }
        }
예제 #3
0
        public async Task <ActionResult> Post([FromBody] XacmlRequestApiModel model)
        {
            try
            {
                if (Request.ContentType.Contains("application/json"))
                {
                    return(await AuthorizeJsonRequest(model));
                }
                else
                {
                    return(await AuthorizeXmlRequest(model));
                }
            }
            catch (Exception ex)
            {
                _logger.LogError(ex, "// DecisionController // Decision // Unexpected Exception");

                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };

                XacmlContextResponse xacmlContextResponse = new XacmlContextResponse(result);

                if (Request.ContentType.Contains("application/json"))
                {
                    XacmlJsonResponse jsonResult = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                    return(Ok(jsonResult));
                }
                else
                {
                    return(CreateResponse(xacmlContextResponse));
                }
            }
        }
예제 #4
0
        public ActionResult Post([FromBody] XacmlRequestApiModel model)
        {
            XacmlContextRequest  request = null;
            XacmlContextResponse xacmlContextResponse = null;

            try
            {
                request = ParseApiBody(model);
            }
            catch (Exception)
            {
                XacmlContextResult result = new XacmlContextResult(XacmlContextDecision.Indeterminate)
                {
                    Status = new XacmlContextStatus(XacmlContextStatusCode.SyntaxError)
                };
                xacmlContextResponse = new XacmlContextResponse(result);
            }

            if (request != null)
            {
                PolicyDecisionPoint pdp = new PolicyDecisionPoint(_contextHandler, _prp);
                xacmlContextResponse = pdp.Authorize(request);
            }

            string accept = HttpContext.Request.Headers["Accept"];

            if (!string.IsNullOrEmpty(accept) && accept.Equals("application/json"))
            {
                XacmlJsonResponse jsonReponse = XacmlJsonXmlConverter.ConvertResponse(xacmlContextResponse);
                return(Ok(jsonReponse));
            }

            StringBuilder builder = new StringBuilder();

            using (XmlWriter writer = XmlWriter.Create(builder))
            {
                XacmlSerializer.WriteContextResponse(writer, xacmlContextResponse);
            }

            string xml = builder.ToString();

            return(Content(xml));
        }
예제 #5
0
        private XacmlContextRequest ParseApiBody(XacmlRequestApiModel model)
        {
            XacmlContextRequest request = null;

            if (Request.ContentType.Contains("application/json"))
            {
                XacmlJsonRequestRoot jsonRequest;
                jsonRequest = (XacmlJsonRequestRoot)JsonConvert.DeserializeObject(model.BodyContent, typeof(XacmlJsonRequestRoot));
                request     = XacmlJsonXmlConverter.ConvertRequest(jsonRequest.Request);
            }
            else if (Request.ContentType.Contains("application/xml"))
            {
                using (XmlReader reader = XmlReader.Create(new StringReader(model.BodyContent)))
                {
                    request = XacmlParser.ReadContextRequest(reader);
                }
            }

            return(request);
        }
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            try
            {
                XacmlContextRequest decisionRequest = XacmlJsonXmlConverter.ConvertRequest(xacmlJsonRequest.Request);
                decisionRequest = await Enrich(decisionRequest);

                Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();

                XacmlPolicy policy = await GetPolicyAsync(decisionRequest);

                XacmlContextResponse contextResponse = pdp.Authorize(decisionRequest, policy);

                return(XacmlJsonXmlConverter.ConvertResponse(contextResponse));
            }
            catch
            {
            }

            return(null);
        }
        private async Task <XacmlJsonResponse> Authorize(XacmlJsonRequest decisionRequest)
        {
            if (decisionRequest.MultiRequests == null || decisionRequest.MultiRequests.RequestReference == null ||
                decisionRequest.MultiRequests.RequestReference.Count < 2)
            {
                XacmlContextRequest  request     = XacmlJsonXmlConverter.ConvertRequest(decisionRequest);
                XacmlContextResponse xmlResponse = await Authorize(request);

                return(XacmlJsonXmlConverter.ConvertResponse(xmlResponse));
            }
            else
            {
                XacmlJsonResponse multiResponse = new XacmlJsonResponse();
                foreach (XacmlJsonRequestReference xacmlJsonRequestReference in decisionRequest.MultiRequests.RequestReference)
                {
                    XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();

                    foreach (string refer in xacmlJsonRequestReference.ReferenceId)
                    {
                        List <XacmlJsonCategory> resourceCategoriesPart = decisionRequest.Resource.Where(i => i.Id.Equals(refer)).ToList();

                        if (resourceCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.Resource == null)
                            {
                                jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
                        }

                        List <XacmlJsonCategory> subjectCategoriesPart = decisionRequest.AccessSubject.Where(i => i.Id.Equals(refer)).ToList();

                        if (subjectCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.AccessSubject == null)
                            {
                                jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
                        }

                        List <XacmlJsonCategory> actionCategoriesPart = decisionRequest.Action.Where(i => i.Id.Equals(refer)).ToList();

                        if (actionCategoriesPart.Count > 0)
                        {
                            if (jsonMultiRequestPart.Action == null)
                            {
                                jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
                            }

                            jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
                        }
                    }

                    XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));

                    XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);

                    if (multiResponse.Response == null)
                    {
                        multiResponse.Response = new List <XacmlJsonResult>();
                    }

                    multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
                }

                return(multiResponse);
            }
        }
        public async Task <XacmlJsonResponse> GetDecisionForRequest(XacmlJsonRequestRoot xacmlJsonRequest)
        {
            string jsonResponse = string.Empty;

            if (xacmlJsonRequest.Request.MultiRequests != null)
            {
                try
                {
                    Altinn.Authorization.ABAC.PolicyDecisionPoint pdp = new Altinn.Authorization.ABAC.PolicyDecisionPoint();
                    XacmlJsonResponse multiResponse = new XacmlJsonResponse();
                    foreach (XacmlJsonRequestReference xacmlJsonRequestReference in xacmlJsonRequest.Request.MultiRequests.RequestReference)
                    {
                        XacmlJsonRequest jsonMultiRequestPart = new XacmlJsonRequest();

                        foreach (string refer in xacmlJsonRequestReference.ReferenceId)
                        {
                            IEnumerable <XacmlJsonCategory> resourceCategoriesPart = xacmlJsonRequest.Request.Resource.Where(i => i.Id.Equals(refer));

                            if (resourceCategoriesPart != null && resourceCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.Resource == null)
                                {
                                    jsonMultiRequestPart.Resource = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.Resource.AddRange(resourceCategoriesPart);
                            }

                            IEnumerable <XacmlJsonCategory> subjectCategoriesPart = xacmlJsonRequest.Request.AccessSubject.Where(i => i.Id.Equals(refer));

                            if (subjectCategoriesPart != null && subjectCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.AccessSubject == null)
                                {
                                    jsonMultiRequestPart.AccessSubject = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.AccessSubject.AddRange(subjectCategoriesPart);
                            }

                            IEnumerable <XacmlJsonCategory> actionCategoriesPart = xacmlJsonRequest.Request.Action.Where(i => i.Id.Equals(refer));

                            if (actionCategoriesPart != null && actionCategoriesPart.Count() > 0)
                            {
                                if (jsonMultiRequestPart.Action == null)
                                {
                                    jsonMultiRequestPart.Action = new List <XacmlJsonCategory>();
                                }

                                jsonMultiRequestPart.Action.AddRange(actionCategoriesPart);
                            }
                        }

                        XacmlContextResponse partResponse = await Authorize(XacmlJsonXmlConverter.ConvertRequest(jsonMultiRequestPart));

                        XacmlJsonResponse xacmlJsonResponsePart = XacmlJsonXmlConverter.ConvertResponse(partResponse);

                        if (multiResponse.Response == null)
                        {
                            multiResponse.Response = new List <XacmlJsonResult>();
                        }

                        multiResponse.Response.Add(xacmlJsonResponsePart.Response.First());
                    }

                    return(multiResponse);
                }
                catch
                {
                }
            }
            else if (xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => (a.AttributeId == "urn:altinn:userid" && a.Value == "1")) ||
                     xacmlJsonRequest.Request.AccessSubject[0].Attribute.Exists(a => a.AttributeId == "urn:altinn:org"))
            {
                jsonResponse = File.ReadAllText("data/response_permit.json");
            }
            else
            {
                jsonResponse = File.ReadAllText("data/response_deny.json");
            }

            XacmlJsonResponse response = JsonConvert.DeserializeObject <XacmlJsonResponse>(jsonResponse);

            return(response);
        }