public async Task <SOAPEnvelope <SAMLResponseBody> > BuildFallbackSession()
{
var request = BuildFallbackSAMLRequest();
var httpResult = await _soapClient.Send(request, new Uri(_options.StsUrl), "urn:be:fgov:ehealth:sts:protocol:v1:RequestSecureToken");
var xml = await httpResult.Content.ReadAsStringAsync();
httpResult.EnsureSuccessStatusCode();
_cachedSession = SOAPEnvelope <SAMLResponseBody> .Deserialize(xml);
return(_cachedSession);
}
public async Task <KGSSGetKeyResponseContent> GetKeyFromKGSS(string keyId, SAMLAssertion assertion)
{
var orgAuthCertificate = _keyStoreManager.GetOrgAuthCertificate();
var orgEtk = await _etkService.GetOrgETK();
var kgssEtk = await _etkService.GetKgssETK();
var getKeyRequestContent = new KGSSGetKeyRequestContent
{
KeyIdentifier = keyId,
ETK = orgEtk.ETK
};
var contentInfoPayload = Encoding.UTF8.GetBytes(getKeyRequestContent.Serialize().ToString());
var sealedContentInfoPayload = TripleWrapper.Seal(contentInfoPayload, orgAuthCertificate, kgssEtk.Certificate);
var issueInstant = DateTime.UtcNow;
var soapRequest = SOAPRequestBuilder <KGSSGetKeyRequestBody> .New(new KGSSGetKeyRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = new KGSSGetKeyRequest
{
SealedKeyRequest = new KGSSSealedKeyRequest
{
SealedContent = Convert.ToBase64String(sealedContentInfoPayload)
}
}
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgAuthCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.KgssUrl), null);
result.EnsureSuccessStatusCode();
var xml = await result.Content.ReadAsStringAsync();
var response = SOAPEnvelope <KGSSGetKeyResponseBody> .Deserialize(xml);
var certificates = new List <X509Certificate2>
{
orgAuthCertificate.Certificate,
_keyStoreManager.GetOrgETKCertificate().Certificate
};
var unsealedPayload = TripleWrapper.Unseal(Convert.FromBase64String(response.Body.GetKeyResponse.SealedKeyResponse.SealedContent), certificates.ToCertificateCollection());
return(KGSSGetKeyResponseContent.Deserialize(unsealedPayload));
}
public async Task FindAmpp(DICSFindAmppRequest request)
{
var issueInstant = DateTime.UtcNow;
request.IssueInstant = issueInstant;
var orgAuthCertificate = _keyStoreManager.GetOrgAuthCertificate();
var soapRequest = SOAPRequestBuilder <DICSFindAmppRequestBody> .New(new DICSFindAmppRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = request
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddBinarySecurityToken(orgAuthCertificate.Certificate)
.AddReferenceToBinarySecurityToken()
.SignWithCertificate(orgAuthCertificate)
.Build();
var httpResult = await _soapClient.Send(soapRequest, new Uri(_options.DicsUrl), "urn:be:fgov:ehealth:dics:protocol:v5:findAmpp");
var xml = await httpResult.Content.ReadAsStringAsync();
httpResult.EnsureSuccessStatusCode();
}
public async Task <SOAPEnvelope <EHealthBoxGetInfoResponseBody> > GetBoxInfo(EHealthBoxGetInfoRequest request, SAMLAssertion assertion)
{
var issueInstant = DateTime.UtcNow;
var orgCertificate = _keyStoreManager.GetOrgAuthCertificate();
var soapRequest = SOAPRequestBuilder <EHealthBoxGetInfoRequestBody> .New(new EHealthBoxGetInfoRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = request
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgCertificate)
.Build();
var httpResult = await _soapClient.Send(soapRequest, new Uri(_options.EHealthboxConsultation), "urn:be:fgov:ehealth:ehbox:consultation:protocol:v3:getBoxInfo");
var xml = await httpResult.Content.ReadAsStringAsync();
httpResult.EnsureSuccessStatusCode();
var result = SOAPEnvelope <EHealthBoxGetInfoResponseBody> .Deserialize(xml);
return(result);
}
public async Task <ETKModel> GetETK(ETKIdentifier etkIdentifier)
{
var result = await _etkStore.Get(etkIdentifier.Type, etkIdentifier.Value, etkIdentifier.ApplicationId);
if (result != null)
{
return(result);
}
var request = new SOAPEnvelope <ETKGetRequestBody>
{
Body = new ETKGetRequestBody
{
Request = new ETKGetRequest
{
SearchCriteria = new ETKSearchCriteria
{
Identifier = etkIdentifier
}
}
}
};
var httpResponse = await _soapClient.Send(request, new Uri(_options.EtkUrl), null);
httpResponse.EnsureSuccessStatusCode();
var xml = await httpResponse.Content.ReadAsStringAsync();
var etkResponse = SOAPEnvelope <ETKGetResponseBody> .Deserialize(xml);
var signedCms = new SignedCms();
signedCms.Decode(Convert.FromBase64String(etkResponse.Body.GetETKResponse.ETK));
var cert = new X509Certificate2(signedCms.ContentInfo.Content);
await _etkStore.Add(etkIdentifier.Type, etkIdentifier.Value, etkIdentifier.ApplicationId, cert, etkResponse.Body.GetETKResponse.ETK);
result = new ETKModel(cert, etkResponse.Body.GetETKResponse.ETK);
return(result);
}
public async Task <GetPrescriptionResult> GetPrescription(string rid, SAMLAssertion assertion)
{
var orgCertificate = _keyStoreManager.GetOrgAuthCertificate();
var issueInstant = DateTime.UtcNow;
var recipeETK = await _etkService.GetRecipeETK();
var symKey = new TripleDESCryptoServiceProvider
{
Padding = PaddingMode.None,
Mode = CipherMode.ECB
};
var getPrescriptionParameter = new GetPrescriptionForPrescriberParameter
{
Rid = rid,
SymmKey = Convert.ToBase64String(symKey.Key)
};
var serializedPrescriptionParameter = Encoding.UTF8.GetBytes(getPrescriptionParameter.Serialize().SerializeToString(false, true));
byte[] sealedContent = TripleWrapper.Seal(serializedPrescriptionParameter, orgCertificate, recipeETK.Certificate);
var getPrescriptionRequest = new GetPrescriptionRequest
{
Id = $"id{Guid.NewGuid().ToString()}",
IssueInstant = issueInstant,
ProgramId = _options.ProductName,
SecuredGetPrescriptionRequest = new SecuredContentType
{
SecuredContent = Convert.ToBase64String(sealedContent)
}
};
var soapRequest = SOAPRequestBuilder <GetPrescriptionRequestBody> .New(new GetPrescriptionRequestBody
{
Id = $"id-{Guid.NewGuid().ToString()}",
Request = getPrescriptionRequest
})
.AddTimestamp(issueInstant, issueInstant.AddHours(1))
.AddSAMLAssertion(assertion)
.AddReferenceToSAMLAssertion()
.SignWithCertificate(orgCertificate)
.Build();
var result = await _soapClient.Send(soapRequest, new Uri(_options.PrescriberUrl), "urn:be:fgov:ehealth:recipe:protocol:v4:getPrescription");
var xml = await result.Content.ReadAsStringAsync();
result.EnsureSuccessStatusCode();
var response = SOAPEnvelope <GetPrescriptionResponseBody> .Deserialize(xml);
var securedContent = response.Body.GetPrescriptionResponse.SecuredGetPrescriptionResponse.SecuredContent;
byte[] decrypted;
using (var decryptor = symKey.CreateDecryptor())
{
var payload = Convert.FromBase64String(securedContent);
decrypted = decryptor.TransformFinalBlock(payload, 0, payload.Length);
}
xml = Encoding.UTF8.GetString(decrypted).ClearBadFormat();
var prescriptionResult = GetPrescriptionForPrescriberResult.Deserialize(xml);
var kgssResponse = await _kgssService.GetKeyFromKGSS(prescriptionResult.EncryptionKeyId, assertion);
var unsealed = TripleWrapper.Unseal(Convert.FromBase64String(prescriptionResult.Prescription), Convert.FromBase64String(kgssResponse.NewKey));
var decompressed = Decompress(unsealed);
return(new GetPrescriptionResult
{
Status = prescriptionResult.Status.Code,
CreationDate = prescriptionResult.CreationDate,
FeedbackAllowed = prescriptionResult.FeedbackAllowed,
PatientId = prescriptionResult.PatientId,
ExpirationDate = prescriptionResult.ExpirationDate,
Rid = prescriptionResult.Rid,
KmehrmessageType = Encoding.UTF8.GetString(decompressed).Deserialize <kmehrmessageType>()
});
}