public SecurityDevice CreateDevice(SecurityDevice device)
{
this.m_traceSource.TraceEvent(TraceEventType.Verbose, 0, "Creating device {0}", device);
var persistenceService = ApplicationContext.Current.GetService <IDataPersistenceService <SecurityDevice> >();
if (persistenceService == null)
{
throw new InvalidOperationException($"{nameof(IDataPersistenceService<SecurityDevice>)} not found");
}
device.DeviceSecret = ApplicationContext.Current.GetService <IPasswordHashingService>().EncodePassword(device.DeviceSecret);
var createdDevice = persistenceService.Insert(device, AuthenticationContext.Current.Principal, TransactionMode.Commit);
this.SecurityResourceCreated?.Invoke(this, new SecurityAuditDataEventArgs(createdDevice));
base.Insert(new DeviceEntity
{
ManufacturerModelName = device.Name,
SecurityDevice = createdDevice,
StatusConceptKey = StatusKeys.Active
});
return(createdDevice);
}
public static void Initialize(TestContext context)
{
// Force load of the DLL
var p = FirebirdSql.Data.FirebirdClient.FbCharset.Ascii;
TestApplicationContext.TestAssembly = typeof(TestMessageParsing).Assembly;
TestApplicationContext.Initialize(context.DeploymentDirectory);
// Create the test harness device / application
var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
var metadataService = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();
AuthenticationContext.Current = new AuthenticationContext(AuthenticationContext.SystemPrincipal);
// Create device
var dev = new SecurityDevice()
{
DeviceSecret = "DEVICESECRET",
Name = "TEST_HARNESS|TEST"
};
dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
dev = securityDevService.Insert(dev);
var app = new SecurityApplication()
{
Name = "TEST_HARNESS",
ApplicationSecret = "APPLICATIONSECRET"
};
app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
app = securityAppService.Insert(app);
metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("TEST", "TEST", "1.2.3.4.5.6.7")
{
IsUnique = true,
AssigningApplicationKey = app.Key
});
// Add another application for security checks
dev = new SecurityDevice()
{
DeviceSecret = "DEVICESECRET2",
Name = "TEST_HARNESS2|TEST"
};
dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
dev = securityDevService.Insert(dev);
app = new SecurityApplication()
{
Name = "TEST_HARNESS2",
ApplicationSecret = "APPLICATIONSECRET2"
};
app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
app = securityAppService.Insert(app);
}
/// <summary>
/// Initializes a new instance of the <see cref="SecurityDeviceInfo"/> class
/// with a specific <see cref="SecurityDevice"/> instance.
/// </summary>
/// <param name="device">The security device instance.</param>
public SecurityDeviceInfo(SecurityDevice device)
{
this.Id = device.Key;
this.Name = device.Name;
this.DeviceSecret = device.DeviceSecret;
this.Device = device;
this.Policies = device.Policies.Select(p => new SecurityPolicyInfo(p)).ToList();
}
public SecurityDevice SaveDevice(SecurityDevice device)
{
var persistenceService = ApplicationContext.Current.GetService <IDataPersistenceService <SecurityDevice> >();
if (persistenceService == null)
{
throw new InvalidOperationException($"{nameof(IDataPersistenceService<SecurityDevice>)} not found");
}
this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(device));
return(persistenceService.Update(device, AuthenticationContext.Current.Principal, TransactionMode.Commit));
}
/// <summary>
/// Create the specified authority
/// </summary>
public static void CreateAuthority(string nsid, string oid, string applicationName, byte[] deviceSecret)
{
// Create the test harness device / application
var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
var metadataService = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();
AuthenticationContext.Current = new AuthenticationContext(AuthenticationContext.SystemPrincipal);
string pubId = $"{applicationName}|TEST";
var device = securityDevService.Find(o => o.Name == pubId).FirstOrDefault();
if (device == null)
{
device = new SecurityDevice()
{
DeviceSecret = BitConverter.ToString(deviceSecret).Replace("-", ""),
Name = $"{applicationName}|TEST"
};
device.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
device = securityDevService.Insert(device);
}
// Application
var app = securityAppService.Find(o => o.Name == applicationName).FirstOrDefault();
if (app == null)
{
app = new SecurityApplication()
{
Name = applicationName,
ApplicationSecret = BitConverter.ToString(deviceSecret).Replace("-", "")
};
app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
app = securityAppService.Insert(app);
}
// Create AA
var aa = metadataService.Get(nsid);
if (aa == null)
{
aa = new SanteDB.Core.Model.DataTypes.AssigningAuthority(nsid, nsid, oid)
{
AssigningApplicationKey = app.Key,
IsUnique = true
};
metadataService.Insert(aa);
}
}
/// <summary>
/// Force refresh of data model
/// </summary>
public override void Refresh()
{
base.Refresh();
this.m_securityDevice = null;
}
/// <summary>
/// Force reloading of delay load properties
/// </summary>
public override void Refresh()
{
base.Refresh();
this.m_assigningDevice = null;
}
/// <summary>
/// Get active policies for the specified securable type
/// </summary>
public IEnumerable <IPolicyInstance> GetPolicies(object securable)
{
if (securable is DbSecurityDevice)
{
securable = new SecurityDevice()
{
Key = (securable as DbSecurityDevice).Key
}
}
;
else if (securable is DbSecurityUser)
{
securable = new SecurityUser()
{
Key = (securable as DbSecurityUser).Key
}
}
;
// Security device
if (securable is SecurityDevice)
{
var secDev = securable as SecurityDevice;
var conn = this.CreateConnection();
using (conn.Lock())
{
return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_device_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE device_id = ?", secDev.Key.Value.ToByteArray())
.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
.ToList());
}
}
else if (securable is SecurityRole)
{
var secRole = securable as SecurityRole;
var conn = this.CreateConnection();
using (conn.Lock())
{
return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_role_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE role_id = ?", secRole.Key.Value.ToByteArray())
.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
.ToList());
}
}
else if (securable is SecurityApplication)
{
var secApp = securable as SecurityApplication;
var conn = this.CreateConnection();
using (conn.Lock())
{
return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_application_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE application_id = ?", secApp.Key.Value.ToByteArray())
.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
.ToList());
}
}
else if (securable is IPrincipal || securable is IIdentity)
{
var identity = (securable as IPrincipal)?.Identity ?? securable as IIdentity;
// Is the identity a claims identity? If yes, we just use the claims made in the policy
if (identity is SanteDBClaimsIdentity && (identity as IClaimsIdentity).Claims.Any(o => o.Type == SanteDBClaimTypes.SanteDBGrantedPolicyClaim && o.Value != "*"))
{
return((identity as IClaimsIdentity).Claims.Where(o => o.Type == SanteDBClaimTypes.SanteDBGrantedPolicyClaim).Select(
o => new GenericPolicyInstance(new GenericPolicy(Guid.Empty, o.Value, "ClaimPolicy", false), PolicyGrantType.Grant)
));
}
var conn = this.CreateConnection();
using (conn.Lock())
{
if (identity is IDeviceIdentity)
{
var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_device_policy INNER JOIN security_device ON (security_device_policy.device_id = security_device.uuid) INNER JOIN security_policy ON (security_policy.uuid = security_device_policy.policy_id) WHERE lower(security_device.public_id) = lower(?)",
identity.Name).ToList();
return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
}
else
{
var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_user_role INNER JOIN security_role_policy ON (security_role_policy.role_id = security_user_role.role_id) INNER JOIN security_policy ON (security_policy.uuid = security_role_policy.policy_id) INNER JOIN security_user ON (security_user_role.user_id = security_user.uuid) WHERE lower(security_user.username) = lower(?)",
identity.Name).ToList();
return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
}
}
}
else if (securable is Act)
{
var pAct = securable as Act;
var conn = this.CreateConnection();
using (conn.Lock())
{
var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM act_security_policy INNER JOIN security_policy ON (security_policy.uuid = act_security_policy.policy_id) WHERE act_id = ?",
pAct.Key.Value.ToByteArray()).ToList();
return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
}
}
else if (securable is Entity)
{
var pEntity = securable as Entity;
var conn = this.CreateConnection();
using (conn.Lock())
{
var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM entity_security_policy INNER JOIN security_policy ON (security_policy.uuid = entity_security_policy.policy_id) WHERE entity_id = ?",
pEntity.Key.Value.ToByteArray()).ToList();
return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
}
}
else
{
return(new List <IPolicyInstance>());
}
}
public SecurityDevice CreateDevice(SecurityDevice device)
{
throw new NotSupportedException();
}
public SecurityDevice CreateDevice(SecurityDevice device)
{
throw new NotImplementedException();
}
public void Initialize()
{
// Force load of the DLL
var p = FirebirdSql.Data.FirebirdClient.FbCharset.Ascii;
TestApplicationContext.TestAssembly = typeof(TestMessageParsing).Assembly;
TestApplicationContext.Initialize(TestContext.CurrentContext.TestDirectory);
// Create the test harness device / application
var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
var metadataService = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();
this.m_serviceManager = ApplicationServiceContext.Current.GetService <IServiceManager>();
AuthenticationContext.EnterSystemContext();
// Create device
var dev = new SecurityDevice()
{
DeviceSecret = "DEVICESECRET",
Name = "TEST_HARNESS|TEST"
};
dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
securityDevService.Insert(dev);
// Create device
dev = new SecurityDevice()
{
DeviceSecret = "DEVICESECRET",
Name = "TEST_HARNESS|MASTER"
};
dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
dev.AddPolicy("1.3.6.1.4.1.33349.3.1.5.9.2.6");
securityDevService.Insert(dev);
var app = new SecurityApplication()
{
Name = "TEST_HARNESS",
ApplicationSecret = "APPLICATIONSECRET"
};
app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
app = securityAppService.Insert(app);
metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("TEST", "TEST", "1.2.3.4.5.6.7")
{
IsUnique = true,
AssigningApplicationKey = app.Key
});
metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("SSN", "US Social Security Number", "2.16.840.1.113883.4.1")
{
IsUnique = false,
Url = "http://hl7.org/fhir/sid/us-ssn",
AssigningApplicationKey = app.Key
});
// Add another application for security checks
dev = new SecurityDevice()
{
DeviceSecret = "DEVICESECRET2",
Name = "TEST_HARNESS2|TEST"
};
dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
securityDevService.Insert(dev);
app = new SecurityApplication()
{
Name = "TEST_HARNESS2",
ApplicationSecret = "APPLICATIONSECRET2"
};
app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
securityAppService.Insert(app);
}
