public async Task <IEnumerable <AuthorizationResponse> > Execute(IEnumerable <GetAuthorizationActionParameter> parameters, string clientId)
{
var result = new List <AuthorizationResponse>();
var rptLifeTime = await _configurationService.GetRptLifeTime();
// 1. Check parameters.
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(nameof(clientId));
}
// 2. Retrieve the tickets.
_umaServerEventSource.StartGettingAuthorization(JsonConvert.SerializeObject(parameters));
var tickets = await _ticketRepository.Get(parameters.Select(p => p.TicketId));
var rptLst = new List <Rpt>();
// 3. Check parameters.
foreach (var parameter in parameters)
{
var json = JsonConvert.SerializeObject(parameter);
if (string.IsNullOrWhiteSpace(parameter.TicketId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, PostAuthorizationNames.TicketId));
}
var ticket = tickets.FirstOrDefault(t => t.Id == parameter.TicketId);
if (ticket == null)
{
throw new BaseUmaException(ErrorCodes.InvalidTicket,
string.Format(ErrorDescriptions.TheTicketDoesntExist, parameter.TicketId));
}
if (ticket.ClientId != clientId)
{
throw new BaseUmaException(ErrorCodes.InvalidTicket, ErrorDescriptions.TheTicketIssuerIsDifferentFromTheClient);
}
if (ticket.ExpirationDateTime < DateTime.UtcNow)
{
throw new BaseUmaException(ErrorCodes.ExpiredTicket, ErrorDescriptions.TheTicketIsExpired);
}
_umaServerEventSource.CheckAuthorizationPolicy(json);
var authorizationResult = await _authorizationPolicyValidator.IsAuthorized(ticket, clientId, parameter.ClaimTokenParameters);
if (authorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
_umaServerEventSource.RequestIsNotAuthorized(json);
result.Add(new AuthorizationResponse
{
AuthorizationPolicyResult = authorizationResult.Type,
ErrorDetails = authorizationResult.ErrorDetails
});
continue;
}
var rpt = new Rpt
{
Value = Guid.NewGuid().ToString(),
TicketId = ticket.Id,
ResourceSetId = ticket.ResourceSetId,
CreateDateTime = DateTime.UtcNow,
ExpirationDateTime = DateTime.UtcNow.AddSeconds(rptLifeTime)
};
rptLst.Add(rpt);
result.Add(new AuthorizationResponse
{
AuthorizationPolicyResult = AuthorizationPolicyResultEnum.Authorized,
Rpt = rpt.Value
});
_umaServerEventSource.RequestIsAuthorized(json);
}
// 4. Persist the RPTs.
if (rptLst.Any())
{
await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.TheRptCannotBeInserted,
() => _rptRepository.Insert(rptLst));
}
return(result);
}
