/// <summary>
/// Gets the security status of the current user and enables features based on their status.
/// </summary>
/// <returns>true if the current user has sufficient permission to use the application.</returns>
/// <remarks>
/// This method uses the <see cref="SecurityComponent(User)"/> to grab security roles from the
/// Data Integration Hub on PCI-DB. It closes frmMain if an error occurs.
/// </remarks>
private bool LoginCurrentUser()
{
// Attempt to log the user in
try
{
#if DEBUG
CurrentUser = new User(Environment.UserDomainName + "\\" + "khalberg");
#else
CurrentUser = new User(Environment.UserDomainName + "\\" + Environment.UserName);
#endif
Security = new SecurityComponent(CurrentUser);
lblLoginStatus.Text = "You are logged in as: " + CurrentUser.DomainName;
if (Security.IsAdmin() == false)
{
lblSettings.Enabled = false;
lblSettings.Visible = false;
}
if (Security.IsUser() == false && Security.IsAdmin() == false)
{
MessageBox.Show("You do not sufficient security privileges to use this application. Please see your system administrator.");
return(false);
}
}
catch (Exception ex)
{
return(false);
}
BeginCurrentSession();
return(true);
}
private void AcceptConnected(IUser peer, IReadStream readStream,
IWriteStream writeStream)
{
var publicKey = readStream.ShiftRight <string>();
var key = ID + "_" + SystemUtil.CreateRandomString(Ssfi.CryptoConfig.CryptonKeyLength);
var encryptKey = Ssfi.Security.EncryptAesKey(key, publicKey);
var securityComponent = SecurityComponent.GetObject();
securityComponent.AesKey = key;
securityComponent.Encryptkey = encryptKey;
peer.AddComponent <ISecurityComponent>(securityComponent);
Logger.Debug($"添加{nameof(ISecurityComponent)}组件!");
writeStream.ShiftRight((ushort)encryptKey.Length);
Logger.Debug("EncryptKey Length:" + encryptKey.Length);
writeStream.ShiftRight(encryptKey);
writeStream.ShiftRight(string.Join(";", RpcMethodIds));
var tmp = readStream.Clone();
_serverSocket.AddEvent(() => {
try {
_acceptAction.Invoke(peer, readStream);
} catch (Exception e) {
Logger.Error(e);
}
tmp.Dispose();
});
}
/// <summary>
/// Represents the main form of the VSP application.
/// </summary>
public frmMain()
{
InitializeComponent();
this.MaximumSize = Screen.PrimaryScreen.WorkingArea.Size;
#region IMessageFilter Methods
//Add controls to move the form
Application.AddMessageFilter(this);
controlsToMove.Add(this.lblFormHeader);
controlsToMove.Add(this.panel6);
controlsToMove.Add(this.panel10);
controlsToMove.Add(this.pnlMainHeader);
#endregion
if (!ConnectionSucceeded())
{
return;
}
bool isAccessUser = LoginCurrentUser();
if (isAccessUser == false)
{
Environment.Exit(1);
return;
}
SecurityComponent securityComponent = new SecurityComponent(CurrentUser);
if (securityComponent.IsAdmin() == false)
{
lblSettings.Visible = false;
lblQA.Visible = false;
}
HandleAppVersion();
//Start app with the dashboard tab
tabMain.SelectedIndex = 8;
CurrentTabLabel = lblClients; // Clients tab label
highlightSelectedTabLabel(CurrentTabLabel);
SetDefaultComboBoxValues();
}
private void AddProxyOAuthSecurityService(ListedCapabilityStatement statement, string authorizeRouteName, string tokenRouteName)
{
EnsureArg.IsNotNull(statement, nameof(statement));
EnsureArg.IsNotNullOrWhiteSpace(authorizeRouteName, nameof(authorizeRouteName));
EnsureArg.IsNotNullOrWhiteSpace(tokenRouteName, nameof(tokenRouteName));
ListedRestComponent restComponent = statement.Rest.Server();
SecurityComponent security = restComponent.Security ?? new SecurityComponent();
var codableConceptInfo = new CodableConceptInfo();
security.Service.Add(codableConceptInfo);
codableConceptInfo.Coding.Add(_modelInfoProvider.Version == FhirSpecification.Stu3
? Constants.RestfulSecurityServiceStu3OAuth
: Constants.RestfulSecurityServiceOAuth);
Uri tokenEndpoint = _urlResolver.ResolveRouteNameUrl(tokenRouteName, null);
Uri authorizationEndpoint = _urlResolver.ResolveRouteNameUrl(authorizeRouteName, null);
var smartExtension = new
{
url = Constants.SmartOAuthUriExtension,
extension = new[]
{
new
{
url = Constants.SmartOAuthUriExtensionToken,
valueUri = tokenEndpoint,
},
new
{
url = Constants.SmartOAuthUriExtensionAuthorize,
valueUri = authorizationEndpoint,
},
},
};
security.Extension.Add(JObject.FromObject(smartExtension));
restComponent.Security = security;
}
private void PeerConnected(IUser peer, IReadStream readStream)
{
var length = readStream.ShiftRight <ushort>();
var data = readStream.ShiftRight(length);
var bytes = new byte[data.Count];
Buffer.BlockCopy(data.Buffer, data.Offset, bytes, 0, bytes.Length);
var buffer = Ssfi.Security.DecryptAesKey(bytes, _keys);
var aesKey = buffer.toString();
var securityComponent = SecurityComponent.GetObject();
securityComponent.AesKey = aesKey;
peer.AddComponent <ISecurityComponent>(securityComponent);
Logger.Debug($"添加{nameof(ISecurityComponent)}组件!");
try {
_connectedAction?.Invoke(peer, readStream);
} catch (Exception e) {
Logger.Error(e);
}
}
private static void AddOAuthSecurityService(ListedCapabilityStatement statement, string authority, IHttpClientFactory httpClientFactory, ILogger logger)
{
EnsureArg.IsNotNull(statement, nameof(statement));
EnsureArg.IsNotNull(authority, nameof(authority));
EnsureArg.IsNotNull(httpClientFactory, nameof(httpClientFactory));
ListedRestComponent restComponent = statement.Rest.Server();
SecurityComponent security = restComponent.Security ?? new SecurityComponent();
var codableConceptInfo = new Core.Models.CodableConceptInfo();
security.Service.Add(codableConceptInfo);
codableConceptInfo.Coding.Add(Constants.RestfulSecurityServiceOAuth.ToCoding());
var openIdConfigurationUrl = $"{authority}/.well-known/openid-configuration";
HttpResponseMessage openIdConfigurationResponse;
using (HttpClient httpClient = httpClientFactory.CreateClient())
{
try
{
openIdConfigurationResponse = httpClient.GetAsync(new Uri(openIdConfigurationUrl)).GetAwaiter().GetResult();
}
catch (Exception ex)
{
logger.LogWarning(ex, $"There was an exception while attempting to read the OpenId Configuration from \"{openIdConfigurationUrl}\".");
throw new OpenIdConfigurationException();
}
}
if (openIdConfigurationResponse.IsSuccessStatusCode)
{
JObject openIdConfiguration = JObject.Parse(openIdConfigurationResponse.Content.ReadAsStringAsync().GetAwaiter().GetResult());
string tokenEndpoint, authorizationEndpoint;
try
{
tokenEndpoint = openIdConfiguration["token_endpoint"].Value <string>();
authorizationEndpoint = openIdConfiguration["authorization_endpoint"].Value <string>();
}
catch (Exception ex)
{
logger.LogWarning(ex, $"There was an exception while attempting to read the endpoints from \"{openIdConfigurationUrl}\".");
throw new OpenIdConfigurationException();
}
var smartExtension = new
{
url = Constants.SmartOAuthUriExtension,
extension = new[]
{
new
{
url = Constants.SmartOAuthUriExtensionToken,
valueUri = tokenEndpoint,
},
new
{
url = Constants.SmartOAuthUriExtensionAuthorize,
valueUri = authorizationEndpoint,
},
},
};
security.Extension.Add(JObject.FromObject(smartExtension));
}
else
{
logger.LogWarning($"The OpenId Configuration request from \"{openIdConfigurationUrl}\" returned an {openIdConfigurationResponse.StatusCode} status code.");
throw new OpenIdConfigurationException();
}
restComponent.Security = security;
}
private void AddOAuthSecurityService(ListedCapabilityStatement statement)
{
ListedRestComponent restComponent = statement.Rest.Server();
SecurityComponent security = restComponent.Security ?? new SecurityComponent();
var codableConceptInfo = new CodableConceptInfo();
security.Service.Add(codableConceptInfo);
codableConceptInfo.Coding.Add(_modelInfoProvider.Version == FhirSpecification.Stu3
? Constants.RestfulSecurityServiceStu3OAuth
: Constants.RestfulSecurityServiceOAuth);
var openIdConfigurationUrl = $"{_securityConfiguration.Authentication.Authority}/.well-known/openid-configuration";
HttpResponseMessage openIdConfigurationResponse;
using (HttpClient httpClient = _httpClientFactory.CreateClient())
{
try
{
openIdConfigurationResponse = httpClient.GetAsync(new Uri(openIdConfigurationUrl)).GetAwaiter().GetResult();
}
catch (Exception ex)
{
_logger.LogWarning(ex, "There was an exception while attempting to read the OpenId Configuration from \"{openIdConfigurationUrl}\".", openIdConfigurationUrl);
throw new OpenIdConfigurationException();
}
}
if (openIdConfigurationResponse.IsSuccessStatusCode)
{
JObject openIdConfiguration = JObject.Parse(openIdConfigurationResponse.Content.ReadAsStringAsync().GetAwaiter().GetResult());
string tokenEndpoint, authorizationEndpoint;
try
{
tokenEndpoint = openIdConfiguration["token_endpoint"].Value <string>();
authorizationEndpoint = openIdConfiguration["authorization_endpoint"].Value <string>();
}
catch (Exception ex)
{
_logger.LogWarning(ex, "There was an exception while attempting to read the endpoints from \"{openIdConfigurationUrl}\".", openIdConfigurationUrl);
throw new OpenIdConfigurationException();
}
var smartExtension = new
{
url = Constants.SmartOAuthUriExtension,
extension = new[]
{
new
{
url = Constants.SmartOAuthUriExtensionToken,
valueUri = tokenEndpoint,
},
new
{
url = Constants.SmartOAuthUriExtensionAuthorize,
valueUri = authorizationEndpoint,
},
},
};
security.Extension.Add(JObject.FromObject(smartExtension));
}
else
{
_logger.LogWarning("The OpenId Configuration request from \"{openIdConfigurationUrl}\" returned an {statusCode} status code.", openIdConfigurationUrl, openIdConfigurationResponse.StatusCode);
throw new OpenIdConfigurationException();
}
restComponent.Security = security;
}
