Exemplo n.º 1
0
        public SecurityDevice CreateDevice(SecurityDevice device)
        {
            this.m_traceSource.TraceEvent(TraceEventType.Verbose, 0, "Creating device {0}", device);

            var persistenceService = ApplicationContext.Current.GetService <IDataPersistenceService <SecurityDevice> >();

            if (persistenceService == null)
            {
                throw new InvalidOperationException($"{nameof(IDataPersistenceService<SecurityDevice>)} not found");
            }

            device.DeviceSecret = ApplicationContext.Current.GetService <IPasswordHashingService>().EncodePassword(device.DeviceSecret);

            var createdDevice = persistenceService.Insert(device, AuthenticationContext.Current.Principal, TransactionMode.Commit);

            this.SecurityResourceCreated?.Invoke(this, new SecurityAuditDataEventArgs(createdDevice));

            base.Insert(new DeviceEntity
            {
                ManufacturerModelName = device.Name,
                SecurityDevice        = createdDevice,
                StatusConceptKey      = StatusKeys.Active
            });

            return(createdDevice);
        }
Exemplo n.º 2
0
        public static void Initialize(TestContext context)
        {
            // Force load of the DLL
            var p = FirebirdSql.Data.FirebirdClient.FbCharset.Ascii;

            TestApplicationContext.TestAssembly = typeof(TestMessageParsing).Assembly;
            TestApplicationContext.Initialize(context.DeploymentDirectory);

            // Create the test harness device / application
            var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
            var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
            var metadataService    = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();

            AuthenticationContext.Current = new AuthenticationContext(AuthenticationContext.SystemPrincipal);
            // Create device
            var dev = new SecurityDevice()
            {
                DeviceSecret = "DEVICESECRET",
                Name         = "TEST_HARNESS|TEST"
            };

            dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            dev = securityDevService.Insert(dev);

            var app = new SecurityApplication()
            {
                Name = "TEST_HARNESS",
                ApplicationSecret = "APPLICATIONSECRET"
            };

            app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
            app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
            app = securityAppService.Insert(app);
            metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("TEST", "TEST", "1.2.3.4.5.6.7")
            {
                IsUnique = true,
                AssigningApplicationKey = app.Key
            });

            // Add another application for security checks
            dev = new SecurityDevice()
            {
                DeviceSecret = "DEVICESECRET2",
                Name         = "TEST_HARNESS2|TEST"
            };
            dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            dev = securityDevService.Insert(dev);

            app = new SecurityApplication()
            {
                Name = "TEST_HARNESS2",
                ApplicationSecret = "APPLICATIONSECRET2"
            };
            app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
            app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
            app = securityAppService.Insert(app);
        }
Exemplo n.º 3
0
 /// <summary>
 /// Initializes a new instance of the <see cref="SecurityDeviceInfo"/> class
 /// with a specific <see cref="SecurityDevice"/> instance.
 /// </summary>
 /// <param name="device">The security device instance.</param>
 public SecurityDeviceInfo(SecurityDevice device)
 {
     this.Id           = device.Key;
     this.Name         = device.Name;
     this.DeviceSecret = device.DeviceSecret;
     this.Device       = device;
     this.Policies     = device.Policies.Select(p => new SecurityPolicyInfo(p)).ToList();
 }
Exemplo n.º 4
0
        public SecurityDevice SaveDevice(SecurityDevice device)
        {
            var persistenceService = ApplicationContext.Current.GetService <IDataPersistenceService <SecurityDevice> >();

            if (persistenceService == null)
            {
                throw new InvalidOperationException($"{nameof(IDataPersistenceService<SecurityDevice>)} not found");
            }
            this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(device));

            return(persistenceService.Update(device, AuthenticationContext.Current.Principal, TransactionMode.Commit));
        }
Exemplo n.º 5
0
        /// <summary>
        /// Create the specified authority
        /// </summary>
        public static void CreateAuthority(string nsid, string oid, string applicationName, byte[] deviceSecret)
        {
            // Create the test harness device / application
            var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
            var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
            var metadataService    = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();

            AuthenticationContext.Current = new AuthenticationContext(AuthenticationContext.SystemPrincipal);
            string pubId  = $"{applicationName}|TEST";
            var    device = securityDevService.Find(o => o.Name == pubId).FirstOrDefault();

            if (device == null)
            {
                device = new SecurityDevice()
                {
                    DeviceSecret = BitConverter.ToString(deviceSecret).Replace("-", ""),
                    Name         = $"{applicationName}|TEST"
                };
                device.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
                device = securityDevService.Insert(device);
            }

            // Application
            var app = securityAppService.Find(o => o.Name == applicationName).FirstOrDefault();

            if (app == null)
            {
                app = new SecurityApplication()
                {
                    Name = applicationName,
                    ApplicationSecret = BitConverter.ToString(deviceSecret).Replace("-", "")
                };
                app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
                app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
                app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
                app = securityAppService.Insert(app);
            }

            // Create AA
            var aa = metadataService.Get(nsid);

            if (aa == null)
            {
                aa = new SanteDB.Core.Model.DataTypes.AssigningAuthority(nsid, nsid, oid)
                {
                    AssigningApplicationKey = app.Key,
                    IsUnique = true
                };
                metadataService.Insert(aa);
            }
        }
Exemplo n.º 6
0
 /// <summary>
 /// Force refresh of data model
 /// </summary>
 public override void Refresh()
 {
     base.Refresh();
     this.m_securityDevice = null;
 }
Exemplo n.º 7
0
 /// <summary>
 /// Force reloading of delay load properties
 /// </summary>
 public override void Refresh()
 {
     base.Refresh();
     this.m_assigningDevice = null;
 }
Exemplo n.º 8
0
        /// <summary>
        /// Get active policies for the specified securable type
        /// </summary>
        public IEnumerable <IPolicyInstance> GetPolicies(object securable)
        {
            if (securable is DbSecurityDevice)
            {
                securable = new SecurityDevice()
                {
                    Key = (securable as DbSecurityDevice).Key
                }
            }
            ;
            else if (securable is DbSecurityUser)
            {
                securable = new SecurityUser()
                {
                    Key = (securable as DbSecurityUser).Key
                }
            }
            ;

            // Security device
            if (securable is SecurityDevice)
            {
                var secDev = securable as SecurityDevice;
                var conn   = this.CreateConnection();
                using (conn.Lock())
                {
                    return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_device_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE device_id = ?", secDev.Key.Value.ToByteArray())
                           .Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
                           .ToList());
                }
            }
            else if (securable is SecurityRole)
            {
                var secRole = securable as SecurityRole;
                var conn    = this.CreateConnection();
                using (conn.Lock())
                {
                    return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_role_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE role_id = ?", secRole.Key.Value.ToByteArray())
                           .Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
                           .ToList());
                }
            }

            else if (securable is SecurityApplication)
            {
                var secApp = securable as SecurityApplication;
                var conn   = this.CreateConnection();
                using (conn.Lock())
                {
                    return(conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_application_policy INNER JOIN security_policy ON (policy_id = security_policy.uuid) WHERE application_id = ?", secApp.Key.Value.ToByteArray())
                           .Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType))
                           .ToList());
                }
            }
            else if (securable is IPrincipal || securable is IIdentity)
            {
                var identity = (securable as IPrincipal)?.Identity ?? securable as IIdentity;

                // Is the identity a claims identity? If yes, we just use the claims made in the policy
                if (identity is SanteDBClaimsIdentity && (identity as IClaimsIdentity).Claims.Any(o => o.Type == SanteDBClaimTypes.SanteDBGrantedPolicyClaim && o.Value != "*"))
                {
                    return((identity as IClaimsIdentity).Claims.Where(o => o.Type == SanteDBClaimTypes.SanteDBGrantedPolicyClaim).Select(
                               o => new GenericPolicyInstance(new GenericPolicy(Guid.Empty, o.Value, "ClaimPolicy", false), PolicyGrantType.Grant)
                               ));
                }

                var conn = this.CreateConnection();
                using (conn.Lock())
                {
                    if (identity is IDeviceIdentity)
                    {
                        var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_device_policy INNER JOIN security_device ON (security_device_policy.device_id = security_device.uuid) INNER JOIN security_policy ON (security_policy.uuid = security_device_policy.policy_id) WHERE lower(security_device.public_id) = lower(?)",
                                                                                                          identity.Name).ToList();
                        return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
                    }
                    else
                    {
                        var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM security_user_role INNER JOIN security_role_policy ON (security_role_policy.role_id = security_user_role.role_id) INNER JOIN security_policy ON (security_policy.uuid = security_role_policy.policy_id) INNER JOIN security_user ON (security_user_role.user_id = security_user.uuid) WHERE lower(security_user.username) = lower(?)",
                                                                                                          identity.Name).ToList();
                        return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
                    }
                }
            }
            else if (securable is Act)
            {
                var pAct = securable as Act;
                var conn = this.CreateConnection();
                using (conn.Lock())
                {
                    var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM act_security_policy INNER JOIN security_policy ON (security_policy.uuid = act_security_policy.policy_id) WHERE act_id = ?",
                                                                                                      pAct.Key.Value.ToByteArray()).ToList();

                    return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
                }
            }
            else if (securable is Entity)
            {
                var pEntity = securable as Entity;
                var conn    = this.CreateConnection();
                using (conn.Lock())
                {
                    var policyRaw = conn.Query <DbSecurityPolicy.DbSecurityPolicyInstanceQueryResult>("SELECT security_policy.*, grant_type FROM entity_security_policy INNER JOIN security_policy ON (security_policy.uuid = entity_security_policy.policy_id) WHERE entity_id = ?",
                                                                                                      pEntity.Key.Value.ToByteArray()).ToList();
                    return(policyRaw.Select(o => new GenericPolicyInstance(new GenericPolicy(o.Key, o.Oid, o.Name, o.CanOverride), (PolicyGrantType)o.GrantType)));
                }
            }
            else
            {
                return(new List <IPolicyInstance>());
            }
        }
Exemplo n.º 9
0
 public SecurityDevice CreateDevice(SecurityDevice device)
 {
     throw new NotSupportedException();
 }
 public SecurityDevice CreateDevice(SecurityDevice device)
 {
     throw new NotImplementedException();
 }
Exemplo n.º 11
0
        public void Initialize()
        {
            // Force load of the DLL
            var p = FirebirdSql.Data.FirebirdClient.FbCharset.Ascii;

            TestApplicationContext.TestAssembly = typeof(TestMessageParsing).Assembly;
            TestApplicationContext.Initialize(TestContext.CurrentContext.TestDirectory);

            // Create the test harness device / application
            var securityDevService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityDevice> >();
            var securityAppService = ApplicationServiceContext.Current.GetService <IRepositoryService <SecurityApplication> >();
            var metadataService    = ApplicationServiceContext.Current.GetService <IAssigningAuthorityRepositoryService>();

            this.m_serviceManager = ApplicationServiceContext.Current.GetService <IServiceManager>();

            AuthenticationContext.EnterSystemContext();

            // Create device
            var dev = new SecurityDevice()
            {
                DeviceSecret = "DEVICESECRET",
                Name         = "TEST_HARNESS|TEST"
            };

            dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            securityDevService.Insert(dev);

            // Create device
            dev = new SecurityDevice()
            {
                DeviceSecret = "DEVICESECRET",
                Name         = "TEST_HARNESS|MASTER"
            };
            dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            dev.AddPolicy("1.3.6.1.4.1.33349.3.1.5.9.2.6");
            securityDevService.Insert(dev);

            var app = new SecurityApplication()
            {
                Name = "TEST_HARNESS",
                ApplicationSecret = "APPLICATIONSECRET"
            };

            app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
            app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
            app = securityAppService.Insert(app);
            metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("TEST", "TEST", "1.2.3.4.5.6.7")
            {
                IsUnique = true,
                AssigningApplicationKey = app.Key
            });

            metadataService.Insert(new Core.Model.DataTypes.AssigningAuthority("SSN", "US Social Security Number", "2.16.840.1.113883.4.1")
            {
                IsUnique = false,
                Url      = "http://hl7.org/fhir/sid/us-ssn",
                AssigningApplicationKey = app.Key
            });

            // Add another application for security checks
            dev = new SecurityDevice()
            {
                DeviceSecret = "DEVICESECRET2",
                Name         = "TEST_HARNESS2|TEST"
            };

            dev.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            securityDevService.Insert(dev);

            app = new SecurityApplication()
            {
                Name = "TEST_HARNESS2",
                ApplicationSecret = "APPLICATIONSECRET2"
            };

            app.AddPolicy(PermissionPolicyIdentifiers.LoginAsService);
            app.AddPolicy(PermissionPolicyIdentifiers.UnrestrictedClinicalData);
            app.AddPolicy(PermissionPolicyIdentifiers.ReadMetadata);
            securityAppService.Insert(app);
        }