Added multitest (#890)

* Added multitest

* Fixed scope

test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/AltinnResourceRegistryMulti0012Request.json

@@ -0,0 +1,101 @@
+{
+  "Request": {
+    "ReturnPolicyIdList": true,
+    "AccessSubject": [
+      {
+        "Id": "s1",
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:person:identifier-no",
+            "Value": "01039012345"
+          }
+        ]
+      }
+    ],
+    "Action": [
+      {
+        "Id": "a1",
+        "Attribute": [
+          {
+            "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+            "Value": "read",
+            "DataType": "http://www.w3.org/2001/XMLSchema#string",
+            "IncludeInResult": true
+          }
+        ]
+      }
+    ],
+    "Resource": [
+      {
+        "Id": "r1",
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-externalpdp-resource1",
+            "IncludeInResult": true
+          },
+          {
+            "AttributeId": "urn:altinn:organization:identifier-no",
+            "Value": "897069651",
+            "IncludeInResult": true
+          }
+        ]
+      },
+      {
+        "Id": "r2",
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-externalpdp-resource1",
+            "IncludeInResult": true
+          },
+          {
+            "AttributeId": "urn:altinn:organization:identifier-no",
+            "Value": "950474084",
+            "IncludeInResult": true
+          }
+        ]
+      },
+      {
+        "Id": "r3",
+        "Attribute": [
+          {
+            "AttributeId": "urn:altinn:resource",
+            "Value": "ttd-externalpdp-resource3",
+            "IncludeInResult": true
+          },
+          {
+            "AttributeId": "urn:altinn:organization:identifier-no",
+            "Value": "950474084",
+            "IncludeInResult": true
+          }
+        ]
+      }
+    ],
+    "MultiRequests": {
+      "RequestReference": [
+        {
+          "ReferenceId": [
+            "s1",
+            "a1",
+            "r1"
+          ]
+        },
+        {
+          "ReferenceId": [
+            "s1",
+            "a1",
+            "r2"
+          ]
+        },
+        {
+          "ReferenceId": [
+            "s1",
+            "a1",
+            "r3"
+          ]
+        }
+      ]
+    }
+  }
+}

test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/AltinnResourceRegistryMulti0012Response.json

@@ -0,0 +1,140 @@
+{
+  "Response": [
+    {
+      "Decision": "Permit",
+      "Status": {
+        "StatusCode": {
+          "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
+        }
+      },
+      "Obligations": [
+        {
+          "id": "urn:altinn:obligation:authenticationLevel1",
+          "attributeAssignment": [
+
+            {
+              "attributeId": "urn:altinn:obligation-assignment:1",
+              "value": "2",
+              "category": "urn:altinn:minimum-authenticationlevel",
+              "dataType": "http://www.w3.org/2001/XMLSchema#integer",
+              "issuer": null
+            }
+          ]
+        }
+      ],
+      "Category": [
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:action",
+          "Attribute": [
+            {
+              "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "read"
+            }
+          ]
+        },
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
+          "Attribute": [
+            {
+              "AttributeId": "urn:altinn:resource",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "ttd-externalpdp-resource1"
+            },
+            {
+              "AttributeId": "urn:altinn:organization:identifier-no",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "897069651"
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "Decision": "Permit",
+      "Status": {
+        "StatusCode": {
+          "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
+        }
+      },
+      "Obligations": [
+        {
+          "id": "urn:altinn:obligation:authenticationLevel1",
+          "attributeAssignment": [
+            {
+              "attributeId": "urn:altinn:obligation-assignment:1",
+              "value": "2",
+              "category": "urn:altinn:minimum-authenticationlevel",
+              "dataType": "http://www.w3.org/2001/XMLSchema#integer",
+              "issuer": null
+            }
+          ]
+        }
+      ],
+      "Category": [
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:action",
+          "Attribute": [
+            {
+              "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "read"
+            }
+          ]
+        },
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
+          "Attribute": [
+            {
+              "AttributeId": "urn:altinn:resource",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "ttd-externalpdp-resource1"
+            },
+            {
+              "AttributeId": "urn:altinn:organization:identifier-no",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "950474084"
+            }
+          ]
+        }
+
+      ]
+    },
+    {
+      "Decision": "NotApplicable",
+      "Status": {
+        "StatusCode": {
+          "Value": "urn:oasis:names:tc:xacml:1.0:status:ok"
+        }
+      },
+      "Category": [
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:action",
+          "Attribute": [
+            {
+              "AttributeId": "urn:oasis:names:tc:xacml:1.0:action:action-id",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "read"
+            }
+          ]
+        },
+        {
+          "CategoryId": "urn:oasis:names:tc:xacml:3.0:attribute-category:resource",
+          "Attribute": [
+            {
+              "AttributeId": "urn:altinn:resource",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "ttd-externalpdp-resource3"
+            },
+            {
+              "AttributeId": "urn:altinn:organization:identifier-no",
+              "DataType": "http://www.w3.org/2001/XMLSchema#string",
+              "Value": "950474084"
+            }
+          ]
+        }
+
+      ]
+    }
+  ]
+}

test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/ttd-externalpdp-resource3/policy.xml

@@ -0,0 +1,58 @@
+<?xml version="1.0" encoding="utf-8"?>
+<xacml:Policy xmlns:xsl="http://www.w3.org/2001/XMLSchema-instance" xmlns:xacml="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" PolicyId="urn:altinn:example:policyid:1" Version="1.0" RuleCombiningAlgId="urn:oasis:names:tc:xacml:3.0:rule-combining-algorithm:deny-overrides">
+	<xacml:Target/>
+	<xacml:Rule RuleId="urn:altinn:example:ruleid:1" Effect="Permit">
+		<xacml:Description>A rule giving user with role REGNA or DAGL and the ttd the right to pulish and subscribe to events registered to the altinn.test.events resource</xacml:Description>
+		<xacml:Target>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">LEDE</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:3.0:function:string-equal-ignore-case">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">DAGL</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:rolecode" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:org" Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ttd-externalpdp-resource3</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:altinn:resource" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+			<xacml:AnyOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+				<xacml:AllOf>
+					<xacml:Match MatchId="urn:oasis:names:tc:xacml:1.0:function:string-equal">
+						<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">write</xacml:AttributeValue>
+						<xacml:AttributeDesignator AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id" Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action" DataType="http://www.w3.org/2001/XMLSchema#string" MustBePresent="false"/>
+					</xacml:Match>
+				</xacml:AllOf>
+			</xacml:AnyOf>
+		</xacml:Target>
+	</xacml:Rule>
+	<xacml:ObligationExpressions>
+		<xacml:ObligationExpression FulfillOn="Permit" ObligationId="urn:altinn:obligation:1">
+			<xacml:AttributeAssignmentExpression AttributeId="urn:altinn:obligation-assignment:1" Category="urn:altinn:minimum-authenticationlevel">
+				<xacml:AttributeValue DataType="http://www.w3.org/2001/XMLSchema#integer">2</xacml:AttributeValue>
+			</xacml:AttributeAssignmentExpression>
+		</xacml:ObligationExpression>
+	</xacml:ObligationExpressions>
+</xacml:Policy>

test/IntegrationTests/ExternalDecisionTest.cs

@@ -238,6 +238,26 @@ public async Task PDPExternal_Decision_SystemUserWithAppDelegation_Permit()
             AssertionUtil.AssertEqual(expected, contextResponse);
         }
 
+        /// <summary>
+        /// Multi request scenario for 3 authorization checks in one request
+        /// </summary>
+        [Fact]
+        public async Task PDPExternal_Decision_AltinnResourceRegistryMulti0012()
+        {
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
+            string testCase = "AltinnResourceRegistryMulti0012";
+            HttpClient client = GetTestClient();
+            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateXacmlRequestExternal(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+        }
+
         /// <summary>
         /// Scenario where systemuser has received delegation, but request includes multiple subjects as org and orgnumber. Should NOT give Permit. 
         /// </summary>