public async Task <KGSSGetKeyResponseContent> GetKeyFromKGSS(string keyId, SAMLAssertion assertion)
{
var orgAuthCertificate = _keyStoreManager.GetOrgAuthCertificate();
var orgEtk = await _etkService.GetOrgETK();
var kgssEtk = await _etkService.GetKgssETK();
var getKeyRequestContent = new KGSSGetKeyRequestContent
{
KeyIdentifier = keyId,
ETK = orgEtk.ETK
};
var contentInfoPayload = Encoding.UTF8.GetBytes(getKeyRequestContent.Serialize().ToString());
var sealedContentInfoPayload = TripleWrapper.Seal(contentInfoPayload, orgAuthCertificate, kgssEtk.Certificate);
var issueInstant = DateTime.UtcNow;
var soapRequest = SOAPRequestBuilder <KGSSGetKeyRequestBody> .New(new KGSSGetKeyRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = new KGSSGetKeyRequest
{
SealedKeyRequest = new KGSSSealedKeyRequest
{
SealedContent = Convert.ToBase64String(sealedContentInfoPayload)
}
}
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgAuthCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.KgssUrl), null);
result.EnsureSuccessStatusCode();
var xml = await result.Content.ReadAsStringAsync();
var response = SOAPEnvelope <KGSSGetKeyResponseBody> .Deserialize(xml);
var certificates = new List <X509Certificate2>
{
orgAuthCertificate.Certificate,
_keyStoreManager.GetOrgETKCertificate().Certificate
};
var unsealedPayload = TripleWrapper.Unseal(Convert.FromBase64String(response.Body.GetKeyResponse.SealedKeyResponse.SealedContent), certificates.ToCertificateCollection());
return(KGSSGetKeyResponseContent.Deserialize(unsealedPayload));
}
public async Task <KGSSGetNewKeyResponseContent> GetKGSS(List <CredentialType> credentials)
{
var orgAuthCertificate = _keyStoreManager.GetOrgAuthCertificate();
var orgEtk = await _etkService.GetOrgETK();
var kgssEtk = await _etkService.GetKgssETK();
var getNewRequestContent = new KGSSGetNewKeyRequestContent
{
AllowedReaders = credentials,
ETK = orgEtk.ETK
};
var contentInfoPayload = Encoding.UTF8.GetBytes(getNewRequestContent.Serialize().ToString());
var sealedContentInfoPayload = TripleWrapper.Seal(contentInfoPayload, orgAuthCertificate, kgssEtk.Certificate);
var request = new SOAPEnvelope <KGSSGetNewKeyRequestBody>
{
Body = new KGSSGetNewKeyRequestBody
{
Request = new KGSSGetNewKeyRequest
{
SealedNewKeyRequest = new KGSSSealedNewKeyRequest
{
SealedContent = Convert.ToBase64String(sealedContentInfoPayload)
}
}
}
};
var result = await _soapClient.Send(request, new Uri(_options.KgssUrl), null);
result.EnsureSuccessStatusCode();
var xml = await result.Content.ReadAsStringAsync();
var response = SOAPEnvelope <KGSSGetNewKeyResponseBody> .Deserialize(xml);
var certificates = new List <X509Certificate2>
{
orgAuthCertificate.Certificate,
_keyStoreManager.GetOrgETKCertificate().Certificate
};
var unsealedPayload = TripleWrapper.Unseal(Convert.FromBase64String(response.Body.GetNewKeyResponse.SealedNewKeyResponse.SealedContent), certificates.ToCertificateCollection());
return(KGSSGetNewKeyResponseContent.Deserialize(unsealedPayload));
}
public async Task <GetPrescriptionResult> GetPrescription(string rid, SAMLAssertion assertion)
{
var orgCertificate = _keyStoreManager.GetOrgAuthCertificate();
var issueInstant = DateTime.UtcNow;
var recipeETK = await _etkService.GetRecipeETK();
var symKey = new TripleDESCryptoServiceProvider
{
Padding = PaddingMode.None,
Mode = CipherMode.ECB
};
var getPrescriptionParameter = new GetPrescriptionForPrescriberParameter
{
Rid = rid,
SymmKey = Convert.ToBase64String(symKey.Key)
};
var serializedPrescriptionParameter = Encoding.UTF8.GetBytes(getPrescriptionParameter.Serialize().SerializeToString(false, true));
byte[] sealedContent = TripleWrapper.Seal(serializedPrescriptionParameter, orgCertificate, recipeETK.Certificate);
var getPrescriptionRequest = new GetPrescriptionRequest
{
Id = $"id{Guid.NewGuid().ToString()}",
IssueInstant = issueInstant,
ProgramId = _options.ProductName,
SecuredGetPrescriptionRequest = new SecuredContentType
{
SecuredContent = Convert.ToBase64String(sealedContent)
}
};
var soapRequest = SOAPRequestBuilder <GetPrescriptionRequestBody> .New(new GetPrescriptionRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = getPrescriptionRequest
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.PrescriberUrl), "urn:be:fgov:ehealth:recipe:protocol:v4:getPrescription");
var xml = await result.Content.ReadAsStringAsync();
result.EnsureSuccessStatusCode();
var response = SOAPEnvelope <GetPrescriptionResponseBody> .Deserialize(xml);
var securedContent = response.Body.GetPrescriptionResponse.SecuredGetPrescriptionResponse.SecuredContent;
byte[] decrypted;
using (var decryptor = symKey.CreateDecryptor())
{
var payload = Convert.FromBase64String(securedContent);
decrypted = decryptor.TransformFinalBlock(payload, 0, payload.Length);
}
xml = Encoding.UTF8.GetString(decrypted).ClearBadFormat();
var prescriptionResult = GetPrescriptionForPrescriberResult.Deserialize(xml);
var kgssResponse = await _kgssService.GetKeyFromKGSS(prescriptionResult.EncryptionKeyId, assertion);
var unsealed = TripleWrapper.Unseal(Convert.FromBase64String(prescriptionResult.Prescription), Convert.FromBase64String(kgssResponse.NewKey));
var decompressed = Decompress(unsealed);
return(new GetPrescriptionResult
{
Status = prescriptionResult.Status.Code,
CreationDate = prescriptionResult.CreationDate,
FeedbackAllowed = prescriptionResult.FeedbackAllowed,
PatientId = prescriptionResult.PatientId,
ExpirationDate = prescriptionResult.ExpirationDate,
Rid = prescriptionResult.Rid,
KmehrmessageType = Encoding.UTF8.GetString(decompressed).Deserialize <kmehrmessageType>()
});
}
public async Task <ListRidsHistoryResult> GetHistoryPrescriptions(string patientId, Page page, SAMLAssertion assertion)
{
var orgCertificate = _keyStoreManager.GetOrgAuthCertificate();
var issueInstant = DateTime.UtcNow;
var recipeETK = await _etkService.GetRecipeETK();
var symKey = new TripleDESCryptoServiceProvider();
symKey.Padding = PaddingMode.None;
symKey.Mode = CipherMode.ECB;
var listPrescriptionHistoryParameter = new ListPrescriptionHistoryParameter
{
PatientId = patientId,
Page = page,
SymmKey = Convert.ToBase64String(symKey.Key)
};
var serializedPrescriptionParameter = Encoding.UTF8.GetBytes(listPrescriptionHistoryParameter.Serialize().SerializeToString(false, true));
byte[] sealedContent = TripleWrapper.Seal(serializedPrescriptionParameter, orgCertificate, recipeETK.Certificate);
var listPrescriptionHistoryRequest = new ListPrescriptionHistoryRequest
{
Id = $"id{Guid.NewGuid().ToString()}",
IssueInstant = issueInstant,
ProgramId = _options.ProductName,
SecuredListRidsHistoryRequest = new SecuredContentType
{
SecuredContent = Convert.ToBase64String(sealedContent)
}
};
var soapRequest = SOAPRequestBuilder <ListPrescriptionHistoryRequestBody> .New(new ListPrescriptionHistoryRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = listPrescriptionHistoryRequest
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.PrescriberUrl), "urn:be:fgov:ehealth:recipe:protocol:v4:listRidsHistory");
result.EnsureSuccessStatusCode();
var xml = await result.Content.ReadAsStringAsync();
var response = SOAPEnvelope <ListPrescriptionHistoryResponseBody> .Deserialize(xml);
var securedContent = response.Body.ListPrescriptionHistoryResponse.SecuredListRidsHistoryResponse.SecuredContent;
byte[] decrypted;
using (var decryptor = symKey.CreateDecryptor())
{
var payload = Convert.FromBase64String(securedContent);
decrypted = decryptor.TransformFinalBlock(payload, 0, payload.Length);
}
xml = Encoding.UTF8.GetString(decrypted);
xml = xml.ClearBadFormat();
var res = ListRidsHistoryResult.Deserialize(xml);
return(res);
}
public async Task <CreatePrescriptionResult> CreatePrescription(string prescriptionType, string patientId, DateTime expirationDateTime, kmehrmessageType msgType, SAMLAssertion assertion)
{
var orgCertificate = _keyStoreManager.GetOrgAuthCertificate();
var recipeETK = await _etkService.GetRecipeETK();
var kgssResponse = await _kgssService.GetKGSS(new System.Collections.Generic.List <CredentialType>
{
new CredentialType
{
Namespace = Constants.AttributeStatementNamespaces.Identification,
Name = Constants.AttributeStatementNames.PersonSSIN,
Value = assertion.AttributeStatement.Attribute.First(_ => _.AttributeNamespace == EHealth.Constants.AttributeStatementNamespaces.Identification).AttributeValue
},
new CredentialType
{
Namespace = Constants.AttributeStatementNamespaces.Certified,
Name = assertion.AttributeStatement.Attribute.First(_ => _.AttributeNamespace == EHealth.Constants.AttributeStatementNamespaces.Certified).AttributeName
}
});
var prescriptionPayload = msgType.SerializeToByte(false, true);
var compressedPayload = Compress(prescriptionPayload);
byte[] encryptedPayload;
using (var aes = Aes.Create())
{
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
aes.KeySize = 128;
aes.Key = Convert.FromBase64String(kgssResponse.NewKey);
encryptedPayload = TripleWrapper.Seal(compressedPayload, orgCertificate, kgssResponse.NewKeyIdentifier, aes);
}
var symKey = new TripleDESCryptoServiceProvider
{
Padding = PaddingMode.None,
Mode = CipherMode.ECB
};
var prescriptionParameter = new CreatePrescriptionParameter
{
Prescription = Convert.ToBase64String(encryptedPayload),
PrescriptionType = prescriptionType,
FeedbackRequested = false,
KeyId = kgssResponse.NewKeyIdentifier,
SymmKey = Convert.ToBase64String(symKey.Key),
PatientId = patientId,
ExpirationDate = expirationDateTime.ToString("yyyy-MM-dd"),
Vision = ""
};
var serializedPrescriptionParameter = Encoding.UTF8.GetBytes(prescriptionParameter.Serialize().SerializeToString(false, true));
byte[] sealedContent = TripleWrapper.Seal(serializedPrescriptionParameter, orgCertificate, recipeETK.Certificate);
var issueInstant = DateTime.UtcNow;
var createPrescriptionRequest = new CreatePrescriptionRequest
{
IssueInstant = issueInstant,
Id = $"id{Guid.NewGuid().ToString()}",
ProgramId = "Medikit",
AdministrativeInformation = new CreatePrescriptionAdministrativeInformationType
{
KeyIdentifier = Convert.ToBase64String(ASCIIEncoding.ASCII.GetBytes(kgssResponse.NewKeyIdentifier)),
PrescriptionVersion = "kmehr_1.29",
ReferenceSourceVersion = "samv2:ABCDE999999999999",
PrescriptionType = prescriptionType
},
SecuredCreatePrescriptionRequest = new SecuredContentType
{
SecuredContent = Convert.ToBase64String(sealedContent)
}
};
var soapRequest = SOAPRequestBuilder <CreatePrescriptionRequestBody> .New(new CreatePrescriptionRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = createPrescriptionRequest
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.PrescriberUrl), "urn:be:fgov:ehealth:recipe:protocol:v4:createPrescription");
var xml = await result.Content.ReadAsStringAsync();
result.EnsureSuccessStatusCode();
var response = SOAPEnvelope <CreatePrescriptionResponseBody> .Deserialize(xml);
var securedContent = response.Body.CreatePrescriptionResponse.SecuredGetPrescriptionResponse.SecuredContent;
byte[] decrypted;
using (var decryptor = symKey.CreateDecryptor())
{
var payload = Convert.FromBase64String(securedContent);
decrypted = decryptor.TransformFinalBlock(payload, 0, payload.Length);
}
xml = Encoding.UTF8.GetString(decrypted);
xml = xml.ClearBadFormat();
return(CreatePrescriptionResult.Deserialize(xml));
}
