public void ShortStringCompressionTest()
{
//Compress it
Span <byte> compressed = Compression.CompressString(ShortString, out int length);
Assert.AreEqual(ShortString.Length + 1, compressed.Length);
string decompressed = Compression.DecompressString(compressed, length);
Assert.AreEqual(ShortString, decompressed);
}
public void LongStringCompressionTest()
{
//Compress it
Span <byte> compressed = Compression.CompressString(LongString, out int length);
Assert.Less(compressed.Length, LongString.Length);
string decompressed = Compression.DecompressString(compressed, length);
Assert.AreEqual(LongString, decompressed);
}
public async Task <IActionResult> UploadNewChecklist(IFormFile checklistFile, string description = "")
{
try {
_logger.LogInformation("Calling UploadNewChecklist()");
var name = checklistFile.FileName;
string rawChecklist = string.Empty;
using (var reader = new StreamReader(checklistFile.OpenReadStream()))
{
rawChecklist = reader.ReadToEnd();
}
_logger.LogInformation("UploadNewChecklist() Making the template");
Template t = MakeTemplateRecord(rawChecklist);
if (t != null && !string.IsNullOrEmpty(description))
{
t.description = description;
}
// grab the user/system ID from the token if there which is *should* always be
var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
if (claim != null) // get the value
{
t.createdBy = Guid.Parse(claim.Value);
}
_logger.LogInformation("UploadNewChecklist() template created, saving to the database");
var record = await _TemplateRepo.AddTemplate(t);
_logger.LogInformation("Called UploadNewChecklist() and added checklists successfully");
if (record != null)
{
record.rawChecklist = ""; // remove this we do not need it here
}
// publish an audit event
_logger.LogInformation("UploadNewChecklist() publish an audit message on a new template {0}.", name);
Audit newAudit = GenerateAuditMessage(claim, "upload new template");
newAudit.message = string.Format("UploadNewChecklist() delete a single template {0}.", name);
newAudit.url = string.Format("POST checklistFile={0}", name);
_msgServer.Publish("openrmf.audit.save", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
_msgServer.Flush();
return(Ok(record));
}
catch (Exception ex) {
_logger.LogError(ex, "UploadNewChecklist() Error uploading template checklist file");
return(BadRequest());
}
}
static void Main(string[] args)
{
LogManager.Configuration = new XmlLoggingConfiguration($"{AppContext.BaseDirectory}nlog.config");
var logger = LogManager.GetLogger("openrmf_msg_controls");
ControlsDBContext _context;
// Create a new connection factory to create a connection.
ConnectionFactory cf = new ConnectionFactory();
// add the options for the server, reconnecting, and the handler events
Options opts = ConnectionFactory.GetDefaultOptions();
opts.MaxReconnect = -1;
opts.ReconnectWait = 2000;
opts.Name = "openrmf-msg-controls";
opts.Url = Environment.GetEnvironmentVariable("NATSSERVERURL");
opts.AsyncErrorEventHandler += (sender, events) =>
{
logger.Info("NATS client error. Server: {0}. Message: {1}. Subject: {2}", events.Conn.ConnectedUrl, events.Error, events.Subscription.Subject);
};
opts.ServerDiscoveredEventHandler += (sender, events) =>
{
logger.Info("A new server has joined the cluster: {0}", events.Conn.DiscoveredServers);
};
opts.ClosedEventHandler += (sender, events) =>
{
logger.Info("Connection Closed: {0}", events.Conn.ConnectedUrl);
};
opts.ReconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Reconnected: {0}", events.Conn.ConnectedUrl);
};
opts.DisconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Disconnected: {0}", events.Conn.ConnectedUrl);
};
// Creates a live connection to the NATS Server with the above options
IConnection c = cf.CreateConnection(opts);
var options = new DbContextOptionsBuilder <ControlsDBContext>().UseInMemoryDatabase("ControlSet").Options;
_context = new ControlsDBContext(options);
// setup the internal database
ControlsLoader.LoadControlsXML(_context);
// send back a full listing of controls based on the filter passed in
EventHandler <MsgHandlerEventArgs> getControls = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
var listing = _context.ControlSets.ToList();
var result = new List <ControlSet>(); // put all results in here
Filter filter = JsonConvert.DeserializeObject <Filter>(Encoding.UTF8.GetString(natsargs.Message.Data));
if (listing != null)
{
// figure out the impact level filter
if (filter != null && !string.IsNullOrEmpty(filter.impactLevel) && filter.impactLevel.Trim().ToLower() == "low")
{
result = listing.Where(x => x.lowimpact).ToList();
}
else if (filter != null && !string.IsNullOrEmpty(filter.impactLevel) && filter.impactLevel.Trim().ToLower() == "moderate")
{
result = listing.Where(x => x.moderateimpact).ToList();
}
else if (filter != null && !string.IsNullOrEmpty(filter.impactLevel) && filter.impactLevel.Trim().ToLower() == "high")
{
result = listing.Where(x => x.highimpact).ToList();
}
else
{
result = listing; // get all the data
}
// include things that are not P0 meaning not used, and that there is no low/moderate/high designation
// these should always be included where the combination of all "false" and not P0 = include them
result.AddRange(listing.Where(x => x.priority != "P0" && x.family.ToLower() != "pii" &&
!x.lowimpact && !x.moderateimpact && !x.highimpact).ToList());
// see if the PII filter is true, and if so add in the PII family by appending that to the result from above
if (filter.pii)
{
result.AddRange(listing.Where(x => !string.IsNullOrEmpty(x.family) && x.family.ToLower() == "pii").ToList());
}
}
// now publish it back out w/ the reply subject
string msg = JsonConvert.SerializeObject(result);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving controls for the filter sent {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// send back a full listing of controls based on the filter passed in
EventHandler <MsgHandlerEventArgs> getControlsByTerm = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
string term = Encoding.UTF8.GetString(natsargs.Message.Data);
string searchTerm = term.Replace(" ", ""); // get rid of things we do not need
string msg = "";
// find the control from the data passed in
var result = _context.ControlSets.Where(x => x.subControlNumber == searchTerm || x.number == searchTerm).ToList();
if (result != null && result.Count > 0)
{
msg = JsonConvert.SerializeObject(result.FirstOrDefault());
}
else // try to get the main family description and return that
{
int index = GetFirstIndex(term);
if (index < 0)
{
msg = "";
}
else // see if there is a family title we can pass back
{
searchTerm = term.Substring(0, index).Trim();
result = _context.ControlSets.Where(x => x.subControlNumber == searchTerm || x.number == searchTerm).ToList();
if (result != null && result.Count > 0)
{
msg = JsonConvert.SerializeObject(result.FirstOrDefault());
}
else
{
msg = "";
}
}
}
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving control for search term {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// The simple way to create an asynchronous subscriber
// is to simply pass the event in. Messages will start
// arriving immediately.
logger.Info("setting up the OpenRMF control subscription by filter");
IAsyncSubscription asyncControls = c.SubscribeAsync("openrmf.controls", getControls);
logger.Info("setting up the OpenRMF control subscription by filter");
IAsyncSubscription asyncControlByTerm = c.SubscribeAsync("openrmf.controls.search", getControlsByTerm);
}
public async Task <IActionResult> DeleteTemplate(string id)
{
try {
_logger.LogInformation("Calling DeleteTemplate({0})", id);
Template template = _TemplateRepo.GetTemplate(id).Result;
if (template != null)
{
_logger.LogInformation("Deleting Template {0}", id);
var deleted = await _TemplateRepo.RemoveTemplate(id);
if (deleted)
{
var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
// publish an audit event
_logger.LogInformation("DeleteTemplate() publish an audit message on a deleted template {0}.", id);
Audit newAudit = GenerateAuditMessage(claim, "delete template");
newAudit.message = string.Format("DeleteArtifact() delete a single template {0}.", id);
newAudit.url = string.Format("DELETE /{0}", id);
_msgServer.Publish("openrmf.audit.save", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
_msgServer.Flush();
return(Ok());
}
else
{
_logger.LogWarning("DeleteTemplate() Template id {0} not deleted correctly", id);
return(NotFound());
}
}
else
{
_logger.LogWarning("DeleteTemplate() Template id {0} not found", id);
return(NotFound());
}
}
catch (Exception ex) {
_logger.LogError(ex, "DeleteTemplate() Error Deleting Template {0}", id);
return(BadRequest());
}
}
static void Main(string[] args)
{
LogManager.Configuration = new XmlLoggingConfiguration($"{AppContext.BaseDirectory}nlog.config");
var logger = LogManager.GetLogger("openrmf_msg_compliance");
// load this one time for the service
// load the current XML document to get all CCI to NIST Major Controls
List <CciItem> cciItems = NistCciGenerator.LoadNistToCci();
// Create a new connection factory to create a connection.
ConnectionFactory cf = new ConnectionFactory();
// add the options for the server, reconnecting, and the handler events
Options opts = ConnectionFactory.GetDefaultOptions();
opts.MaxReconnect = -1;
opts.ReconnectWait = 2000;
opts.Name = "openrmf-msg-compliance";
opts.Url = Environment.GetEnvironmentVariable("NATSSERVERURL");
opts.AsyncErrorEventHandler += (sender, events) =>
{
logger.Info("NATS client error. Server: {0}. Message: {1}. Subject: {2}", events.Conn.ConnectedUrl, events.Error, events.Subscription.Subject);
};
opts.ServerDiscoveredEventHandler += (sender, events) =>
{
logger.Info("A new server has joined the cluster: {0}", events.Conn.DiscoveredServers);
};
opts.ClosedEventHandler += (sender, events) =>
{
logger.Info("Connection Closed: {0}", events.Conn.ConnectedUrl);
};
opts.ReconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Reconnected: {0}", events.Conn.ConnectedUrl);
};
opts.DisconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Disconnected: {0}", events.Conn.ConnectedUrl);
};
// Creates a live connection to the NATS Server with the above options
IConnection c = cf.CreateConnection(opts);
// get all the CCI items and send back
EventHandler <MsgHandlerEventArgs> getCCIListing = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
string msg = JsonConvert.SerializeObject(cciItems);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed CCI listing Data for the Compliance API");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving CCI full listing for the Compliance API");
}
};
// send back a full listing of CCI items based on the control passed in
EventHandler <MsgHandlerEventArgs> getCCIListingbyControl = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
string control = Encoding.UTF8.GetString(natsargs.Message.Data);
string msg = "";
if (!string.IsNullOrEmpty(control))
{
// with the full listing, to get the filtered list based on this control
var result = CCIListGenerator.GetCCIListing(control, cciItems);
// now publish it back out w/ the reply subject
msg = JsonConvert.SerializeObject(result);
}
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed CCI listing Data for the Read API for control=" + control);
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error getting the CCI listing for the Read API on control {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// send back a the references for a given CCI as well as its title
EventHandler <MsgHandlerEventArgs> getCCIReferences = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
string cciNumber = Encoding.UTF8.GetString(natsargs.Message.Data);
string msg = "";
if (!string.IsNullOrEmpty(cciNumber))
{
// with the full listing, to get the CCI item
var result = cciItems.Where(x => x.cciId == cciNumber).FirstOrDefault();
if (result != null)
{
// now publish it back out w/ the reply subject
msg = JsonConvert.SerializeObject(result);
}
}
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed CCI Reference Data for the Read API for CCI " + cciNumber);
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error getting the CCI listing for the Read API on control {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// The simple way to create an asynchronous subscriber
// is to simply pass the event in. Messages will start
// arriving immediately.
logger.Info("setting up the OpenRMF compliance CCI Listing subscription by filter");
IAsyncSubscription asyncNewCCI = c.SubscribeAsync("openrmf.compliance.cci", getCCIListing);
logger.Info("setting up the OpenRMF compliance CCI Listing by Control subscription by filter");
IAsyncSubscription asyncNewCCIControl = c.SubscribeAsync("openrmf.compliance.cci.control", getCCIListingbyControl);
logger.Info("setting up the OpenRMF compliance CCI References");
IAsyncSubscription asyncNewCCIReferences = c.SubscribeAsync("openrmf.compliance.cci.references", getCCIReferences);
}
static void Main(string[] args)
{
LogManager.Configuration = new XmlLoggingConfiguration($"{AppContext.BaseDirectory}nlog.config");
// setup the NLog name
var logger = LogManager.GetLogger("openrmf_msg_template");
// Create a new connection factory to create a connection.
ConnectionFactory cf = new ConnectionFactory();
// add the options for the server, reconnecting, and the handler events
Options opts = ConnectionFactory.GetDefaultOptions();
opts.MaxReconnect = -1;
opts.ReconnectWait = 1000;
opts.Name = "openrmf-msg-template";
opts.Url = Environment.GetEnvironmentVariable("NATSSERVERURL");
opts.AsyncErrorEventHandler += (sender, events) =>
{
logger.Info("NATS client error. Server: {0}. Message: {1}. Subject: {2}", events.Conn.ConnectedUrl, events.Error, events.Subscription.Subject);
};
opts.ServerDiscoveredEventHandler += (sender, events) =>
{
logger.Info("A new server has joined the cluster: {0}", events.Conn.DiscoveredServers);
};
opts.ClosedEventHandler += (sender, events) =>
{
logger.Info("Connection Closed: {0}", events.Conn.ConnectedUrl);
};
opts.ReconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Reconnected: {0}", events.Conn.ConnectedUrl);
};
opts.DisconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Disconnected: {0}", events.Conn.ConnectedUrl);
};
// Creates a live connection to the NATS Server with the above options
IConnection c = cf.CreateConnection(opts);
// send back a template checklist based on an individual ID
EventHandler <MsgHandlerEventArgs> readTemplate = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
Template temp = new Template();
// setup the MongoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database connection
TemplateRepository _templateRepo = new TemplateRepository(s);
temp = _templateRepo.GetTemplateByTitle(SanitizeString(Encoding.UTF8.GetString(natsargs.Message.Data))).Result;
if (temp == null) // try to get by the filename based on a Nessus SCAP scan
{
temp = _templateRepo.GetTemplateByFilename(SanitizeFilename(Encoding.UTF8.GetString(natsargs.Message.Data))).Result;
}
// when you serialize the \\ slash JSON chokes, so replace and regular \\ with 4 \\\\
// now setup the raw checklist class in a string to compress and send
string msg = "";
if (temp != null)
{
msg = temp.rawChecklist.Replace("\\", "\\\\").Replace("\t", "");
}
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Template raw checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving checklist record for template {0}\n", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// The simple way to create an asynchronous subscriber
// is to simply pass the event in. Messages will start
// arriving immediately.
logger.Info("setting up the openRMF template subscription");
IAsyncSubscription asyncNew = c.SubscribeAsync("openrmf.template.read", readTemplate);
}
static void Main(string[] args)
{
LogManager.Configuration = new XmlLoggingConfiguration($"{AppContext.BaseDirectory}nlog.config");
var logger = LogManager.GetLogger("openrmf_msg_checklist");
// Create a new connection factory to create a connection.
ConnectionFactory cf = new ConnectionFactory();
// add the options for the server, reconnecting, and the handler events
Options opts = ConnectionFactory.GetDefaultOptions();
opts.MaxReconnect = -1;
opts.ReconnectWait = 2000;
opts.Name = "openrmf-msg-checklist";
opts.Url = Environment.GetEnvironmentVariable("NATSSERVERURL");
opts.AsyncErrorEventHandler += (sender, events) =>
{
logger.Info("NATS client error. Server: {0}. Message: {1}. Subject: {2}", events.Conn.ConnectedUrl, events.Error, events.Subscription.Subject);
};
opts.ServerDiscoveredEventHandler += (sender, events) =>
{
logger.Info("A new server has joined the cluster: {0}", events.Conn.DiscoveredServers);
};
opts.ClosedEventHandler += (sender, events) =>
{
logger.Info("Connection Closed: {0}", events.Conn.ConnectedUrl);
};
opts.ReconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Reconnected: {0}", events.Conn.ConnectedUrl);
};
opts.DisconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Disconnected: {0}", events.Conn.ConnectedUrl);
};
// Creates a live connection to the NATS Server with the above options
IConnection c = cf.CreateConnection(opts);
// send back a checklist based on an individual ID
EventHandler <MsgHandlerEventArgs> readChecklist = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
Artifact art = new Artifact();
// setup the MongoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the MongoDB repo connection
ArtifactRepository _artifactRepo = new ArtifactRepository(s);
art = _artifactRepo.GetArtifact(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
// when you serialize the \\ slash JSON chokes, so replace and regular \\ with 4 \\\\
art.rawChecklist = art.rawChecklist.Replace("\\", "\\\\");
// now serialize the class into a string to compress and send
string msg = JsonConvert.SerializeObject(art);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving checklist record for artifactId {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// send back a checklist listing based on the system ID
EventHandler <MsgHandlerEventArgs> readSystemChecklists = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
IEnumerable <Artifact> arts;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo
ArtifactRepository _artifactRepo = new ArtifactRepository(s);
arts = _artifactRepo.GetSystemArtifacts(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
// remove the rawChecklist as we do not need all that data, just the main metadata for listing
foreach (Artifact a in arts)
{
a.rawChecklist = "";
}
// now publish it back out w/ the reply subject
string msg = JsonConvert.SerializeObject(arts);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving checklist record for artifactId {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// The simple way to create an asynchronous subscriber
// is to simply pass the event in. Messages will start
// arriving immediately.
logger.Info("setting up the openRMF checklist subscription");
IAsyncSubscription asyncNew = c.SubscribeAsync("openrmf.checklist.read", readChecklist);
logger.Info("setting up the openRMF system checklist listing subscription");
IAsyncSubscription asyncNewSystemChecklists = c.SubscribeAsync("openrmf.system.checklists.read", readSystemChecklists);
}
static void Main(string[] args)
{
LogManager.Configuration = new XmlLoggingConfiguration($"{AppContext.BaseDirectory}nlog.config");
var logger = LogManager.GetLogger("openrmf_msg_system");
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("LOGLEVEL"))) // default
{
LogManager.Configuration.Variables["logLevel"] = "Warn";
}
else if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("LOGLEVEL")))
{
switch (Environment.GetEnvironmentVariable("LOGLEVEL"))
{
case "5":
LogManager.Configuration.Variables["logLevel"] = "Critical";
break;
case "4":
LogManager.Configuration.Variables["logLevel"] = "Error";
break;
case "3":
LogManager.Configuration.Variables["logLevel"] = "Warn";
break;
case "2":
LogManager.Configuration.Variables["logLevel"] = "Info";
break;
case "1":
LogManager.Configuration.Variables["logLevel"] = "Debug";
break;
case "0":
LogManager.Configuration.Variables["logLevel"] = "Trace";
break;
default:
LogManager.Configuration.Variables["logLevel"] = "Warn";
break;
}
}
LogManager.ReconfigExistingLoggers();
// Create a new connection factory to create a connection.
ConnectionFactory cf = new ConnectionFactory();
// add the options for the server, reconnecting, and the handler events
Options opts = ConnectionFactory.GetDefaultOptions();
opts.MaxReconnect = -1;
opts.ReconnectWait = 2000;
opts.Name = "openrmf-msg-system";
opts.Url = Environment.GetEnvironmentVariable("NATSSERVERURL");
opts.AsyncErrorEventHandler += (sender, events) =>
{
logger.Info("NATS client error. Server: {0}. Message: {1}. Subject: {2}", events.Conn.ConnectedUrl, events.Error, events.Subscription.Subject);
};
opts.ServerDiscoveredEventHandler += (sender, events) =>
{
logger.Info("A new server has joined the cluster: {0}", events.Conn.DiscoveredServers);
};
opts.ClosedEventHandler += (sender, events) =>
{
logger.Info("Connection Closed: {0}", events.Conn.ConnectedUrl);
};
opts.ReconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Reconnected: {0}", events.Conn.ConnectedUrl);
};
opts.DisconnectedEventHandler += (sender, events) =>
{
logger.Info("Connection Disconnected: {0}", events.Conn.ConnectedUrl);
};
// Creates a live connection to the NATS Server with the above options
IConnection c = cf.CreateConnection(opts);
// update all artifact records w/ the new title of the system
// we save the title here for quicker data display when pulling a checklist record and metadata
// openrmf.system.update.{systemGroupId} -- update the title in the body for the Artifacts (used for quicker reading)
EventHandler <MsgHandlerEventArgs> updateSystemChecklistTitles = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
SystemGroup sg;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo for systems
SystemGroupRepository _systemGroupRepo = new SystemGroupRepository(s);
// setup the database repo for the Artifacts to cycle through
ArtifactRepository _artifactRepo = new ArtifactRepository(s);
string systemGroupId = natsargs.Message.Subject.Replace("openrmf.system.update.", "");
string systemTitle = Encoding.UTF8.GetString(natsargs.Message.Data);
bool artifactUpdate;
if (!string.IsNullOrEmpty(systemGroupId) && !string.IsNullOrEmpty(systemTitle))
{
sg = _systemGroupRepo.GetSystemGroup(systemGroupId).Result;
if (sg != null)
{
IEnumerable <Artifact> arts;
arts = _artifactRepo.GetSystemArtifacts(systemGroupId).Result;
foreach (Artifact a in arts)
{
// pull each record, update the systemTitle, save the artifact
a.systemTitle = systemTitle;
artifactUpdate = _artifactRepo.UpdateArtifact(a.InternalId.ToString(), a).Result;
if (!artifactUpdate)
{
logger.Warn("Warning: did not update the system title in Artifacts {0}: {1}", a.InternalId.ToString(), systemTitle);
}
}
}
else
{
logger.Warn("Warning: Invalid System Group ID when updating the system title in artifacts {0}", natsargs.Message.Subject);
}
}
else
{
logger.Warn("Warning: No System Group ID or Title when updating the system title in system {0} title {1}", natsargs.Message.Subject, Encoding.UTF8.GetString(natsargs.Message.Data));
}
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving system group record for system group id {0}", natsargs.Message.Subject);
}
};
// update the # of checklists up or down based on the add or delete
// openrmf.system.count.add -- increment the # of checklists in a system
// openrmf.system.count.delete -- decrement the # of checklists in a system
EventHandler <MsgHandlerEventArgs> updateSystemChecklistCount = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
SystemGroup sg;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo
SystemGroupRepository _systemGroupRepo = new SystemGroupRepository(s);
sg = _systemGroupRepo.GetSystemGroup(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
if (sg != null)
{
if (natsargs.Message.Subject.EndsWith(".add"))
{
var result = _systemGroupRepo.IncreaseSystemGroupCount(sg.InternalId.ToString());
}
else if (natsargs.Message.Subject.EndsWith(".delete"))
{
var myresult = _systemGroupRepo.DecreaseSystemGroupCount(sg.InternalId.ToString());
}
}
else
{
logger.Warn("Warning: bad System Group ID when updating the checklist count {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving system group record for system group id {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// update the date for the last system compliance ran
EventHandler <MsgHandlerEventArgs> updateSystemComplianceDate = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
SystemGroup sg;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo
SystemGroupRepository _systemGroupRepo = new SystemGroupRepository(s);
sg = _systemGroupRepo.GetSystemGroup(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
if (sg != null)
{
sg.lastComplianceCheck = DateTime.Now;
// update the date and get back to work!
var result = _systemGroupRepo.UpdateSystemGroup(Encoding.UTF8.GetString(natsargs.Message.Data), sg);
}
else
{
logger.Warn("Warning: bad System Group ID when updating the system group for Compliance Generation date {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error updating the system group record for the Compliance Generation date {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// openrmf.system.compliance
EventHandler <MsgHandlerEventArgs> getSystemGroupRecord = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
SystemGroup sg;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo
SystemGroupRepository _systemGroupRepo = new SystemGroupRepository(s);
sg = _systemGroupRepo.GetSystemGroup(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
if (sg != null)
{
sg.rawNessusFile = "";
string msg = JsonConvert.SerializeObject(sg);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed System Group Record");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
else
{
logger.Warn("Warning: bad System Group ID when requesting a System Group record {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(new SystemGroup()))));
c.Flush(); // flush the line
}
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error updating the system group record for the Compliance Generation date {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// send back a checklist based on an individual ID
EventHandler <MsgHandlerEventArgs> readChecklist = (sender, natsargs) =>
{
try {
// print the message
logger.Info("New NATS subject: {0}", natsargs.Message.Subject);
logger.Info("New NATS data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
Artifact art = new Artifact();
// setup the MongoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the MongoDB repo connection
ArtifactRepository _artifactRepo = new ArtifactRepository(s);
art = _artifactRepo.GetArtifact(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
// when you serialize the \\ slash JSON chokes, so replace and regular \\ with 4 \\\\
art.rawChecklist = art.rawChecklist.Replace("\\", "\\\\");
// now serialize the class into a string to compress and send
string msg = JsonConvert.SerializeObject(art);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving checklist record for artifactId {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
// send back a checklist listing based on the system ID
EventHandler <MsgHandlerEventArgs> readSystemChecklists = (sender, natsargs) =>
{
try {
// print the message
logger.Info("NATS Msg Checklists: {0}", natsargs.Message.Subject);
logger.Info("NATS Msg system data: {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
IEnumerable <Artifact> arts;
// setup the MondoDB connection
Settings s = new Settings();
if (string.IsNullOrEmpty(Environment.GetEnvironmentVariable("DBTYPE")) || Environment.GetEnvironmentVariable("DBTYPE").ToLower() == "mongo")
{
s.ConnectionString = Environment.GetEnvironmentVariable("DBCONNECTION");
s.Database = Environment.GetEnvironmentVariable("DB");
}
// setup the database repo
ArtifactRepository _artifactRepo = new ArtifactRepository(s);
arts = _artifactRepo.GetSystemArtifacts(Encoding.UTF8.GetString(natsargs.Message.Data)).Result;
// remove the rawChecklist as we do not need all that data, just the main metadata for listing
foreach (Artifact a in arts)
{
a.rawChecklist = "";
}
// now publish it back out w/ the reply subject
string msg = JsonConvert.SerializeObject(arts);
// publish back out on the reply line to the calling publisher
logger.Info("Sending back compressed Checklist Data");
c.Publish(natsargs.Message.Reply, Encoding.UTF8.GetBytes(Compression.CompressString(msg)));
c.Flush(); // flush the line
}
catch (Exception ex) {
// log it here
logger.Error(ex, "Error retrieving checklist record for artifactId {0}", Encoding.UTF8.GetString(natsargs.Message.Data));
}
};
logger.Info("setting up the OpenRMF System Update on Title subscription");
IAsyncSubscription asyncSystemChecklistTitle = c.SubscribeAsync("openrmf.system.update.>", updateSystemChecklistTitles);
logger.Info("setting up the OpenRMF System # checklists subscription");
IAsyncSubscription asyncSystemChecklistCount = c.SubscribeAsync("openrmf.system.count.>", updateSystemChecklistCount);
logger.Info("setting up the OpenRMF System Compliance generation date");
IAsyncSubscription asyncSystemComplianceDate = c.SubscribeAsync("openrmf.system.compliance", updateSystemComplianceDate);
logger.Info("setting up the OpenRMF System subscription");
IAsyncSubscription asyncSystemGroupRecord = c.SubscribeAsync("openrmf.system", getSystemGroupRecord);
// moved from the msg checklist in v1.8
logger.Info("setting up the openRMF checklist subscription");
IAsyncSubscription asyncNew = c.SubscribeAsync("openrmf.checklist.read", readChecklist);
logger.Info("setting up the openRMF system checklist listing subscription");
IAsyncSubscription asyncNewSystemChecklists = c.SubscribeAsync("openrmf.system.checklists.read", readSystemChecklists);
}
private async void MergeDbs(SQLiteAsyncConnection dbCon1, SQLiteAsyncConnection dbCon2, AndroidLogging logger)
{
try
{
var allDocFrom1 = await dbCon1.Table <DocumentModel>().ToListAsync();
var allDocFrom2 = await dbCon2.Table <DocumentModel>().ToListAsync();
logger.WritoToLog($"Gets all documents from Con1;");
foreach (var doc in allDocFrom1)
{
if ((await dbCon2.Table <DocumentModel>().FirstOrDefaultAsync(x => x.Identifier == doc.Identifier)) == null)
{
await dbCon2.InsertAsync(doc);
}
else
{
await dbCon2.UpdateAsync(doc);
}
}
logger.WritoToLog($"Insert/update all docs from Con1 to Con2;");
await dbCon1.DeleteAllAsync <DocumentModel>();
logger.WritoToLog($"Delete all docs form Con1;");
await dbCon1.InsertAllAsync(await dbCon2.Table <DocumentModel>().ToListAsync());
allDocFrom1 = await dbCon1.Table <DocumentModel>().ToListAsync();
var contacts = allDocFrom1.Where(x => x.Identifier == "3bd96c0d-816f-4502-ab9a-799c4f518564").FirstOrDefault();
string jsonDecompressed = Compression.DecompressString(contacts.JsonSmeDoc).Replace("Piazza di Monte Citorio, 121, 00186 Roma", "Piazza Venezia, 11, 00187 Roma");
contacts.JsonSmeDoc = Compression.CompressString(jsonDecompressed);
if (contacts != null)
{
if ((await dbCon1.Table <DocumentModel>().FirstOrDefaultAsync(x => x.Identifier == contacts.Identifier)) == null)
{
await dbCon1.InsertAsync(contacts);
}
else
{
await dbCon1.UpdateAsync(contacts);
}
}
allDocFrom1 = await dbCon1.Table <DocumentModel>().ToListAsync();
logger.WritoToLog($"Insert all docs form Con2 to Con1;");
logger.WritoToLog($"Merge completed!");
await dbCon2.CloseAsync();
File.Delete(dbCon2.DatabasePath);
}
catch (Exception ex)
{
logger.WritoToLog($"Exeption in Merger: {ex}");
}
}
public async Task <IActionResult> UploadNewChecklist(List <IFormFile> checklistFiles, string systemGroupId, string system)
{
try {
_logger.LogInformation("Calling UploadNewChecklist() with {0} checklists", checklistFiles.Count.ToString());
if (checklistFiles.Count > 0)
{
// grab the user/system ID from the token if there which is *should* always be
var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
// make sure the SYSTEM GROUP is valid here and then add the files...
SystemGroup sg;
SystemGroup recordSystem = null;
if (string.IsNullOrEmpty(systemGroupId))
{
sg = new SystemGroup();
sg.title = system;
sg.created = DateTime.Now;
if (claim != null && claim.Value != null)
{
sg.createdBy = Guid.Parse(claim.Value);
}
recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
}
else
{
sg = await _systemRepo.GetSystemGroup(systemGroupId);
if (sg == null)
{
sg = new SystemGroup();
sg.title = "None";
sg.created = DateTime.Now;
if (claim != null && claim.Value != null)
{
sg.createdBy = Guid.Parse(claim.Value);
}
recordSystem = _systemRepo.AddSystemGroup(sg).GetAwaiter().GetResult();
}
else
{
sg.updatedOn = DateTime.Now;
if (claim != null && claim.Value != null)
{
sg.updatedBy = Guid.Parse(claim.Value);
}
var updated = _systemRepo.UpdateSystemGroup(systemGroupId, sg).GetAwaiter().GetResult();
}
}
// result we send back
UploadResult uploadResult = new UploadResult();
// now go through the Checklists and set them up
foreach (IFormFile file in checklistFiles)
{
try {
string rawChecklist = string.Empty;
if (file.FileName.ToLower().EndsWith(".xml"))
{
// if an XML XCCDF SCAP scan file
_logger.LogInformation("UploadNewChecklist() parsing the SCAP Scan file for {0}.", file.FileName.ToLower());
using (var reader = new StreamReader(file.OpenReadStream()))
{
// read in the file
string xmlfile = reader.ReadToEnd();
// pull out the rule IDs and their results of pass or fail and the title/type of SCAP scan done
SCAPRuleResultSet results = SCAPScanResultLoader.LoadSCAPScan(xmlfile);
// get the rawChecklist data so we can move on
// generate a new checklist from a template based on the type and revision
rawChecklist = SCAPScanResultLoader.GenerateChecklistData(results);
}
}
else if (file.FileName.ToLower().EndsWith(".ckl"))
{
// if a CKL file
_logger.LogInformation("UploadNewChecklist() parsing the Checklist CKL file for {0}.", file.FileName.ToLower());
using (var reader = new StreamReader(file.OpenReadStream()))
{
rawChecklist = reader.ReadToEnd();
}
}
else
{
// log this is a bad file
return(BadRequest());
}
// clean up any odd data that can mess us up moving around, via JS, and such
_logger.LogInformation("UploadNewChecklist() sanitizing the checklist for {0}.", file.FileName.ToLower());
rawChecklist = SanitizeData(rawChecklist);
// create the new record for saving into the DB
Artifact newArtifact = MakeArtifactRecord(rawChecklist);
if (claim != null) // get the value
{
_logger.LogInformation("UploadNewChecklist() setting the created by ID of the checklist {0}.", file.FileName.ToLower());
newArtifact.createdBy = Guid.Parse(claim.Value);
if (sg.createdBy == Guid.Empty)
{
sg.createdBy = Guid.Parse(claim.Value);
}
else
{
sg.updatedBy = Guid.Parse(claim.Value);
}
}
// add the system record ID to the Artifact to know how to query it
_logger.LogInformation("UploadNewChecklist() setting the title of the checklist {0}.", file.FileName.ToLower());
if (recordSystem != null)
{
newArtifact.systemGroupId = recordSystem.InternalId.ToString();
// store the title for ease of use
newArtifact.systemTitle = recordSystem.title;
}
else
{
newArtifact.systemGroupId = sg.InternalId.ToString();
// store the title for ease of use
newArtifact.systemTitle = sg.title;
}
// save the artifact record and checklist to the database
_logger.LogInformation("UploadNewChecklist() saving the checklist {0} to the database", file.FileName.ToLower());
var record = await _artifactRepo.AddArtifact(newArtifact);
_logger.LogInformation("UploadNewChecklist() saved the checklist {0} to the database.", file.FileName.ToLower());
// add to the number of successful uploads
uploadResult.successful++;
// publish to the openrmf save new realm the new ID we can use
_logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for the scoring of it.", file.FileName.ToLower());
_msgServer.Publish("openrmf.checklist.save.new", Encoding.UTF8.GetBytes(record.InternalId.ToString()));
// publish to update the system checklist count
_logger.LogInformation("UploadNewChecklist() publish a message on a new checklist {0} for updating the count of checklists in the system.", file.FileName.ToLower());
_msgServer.Publish("openrmf.system.count.add", Encoding.UTF8.GetBytes(record.systemGroupId));
_msgServer.Flush();
// publish an audit event
_logger.LogInformation("UploadNewChecklist() publish an audit message on a new checklist {0}.", file.FileName.ToLower());
Audit newAudit = GenerateAuditMessage(claim, "add checklist");
newAudit.message = string.Format("UploadNewChecklist() uploaded a new checklist {0} in system group ({1}) {2}.", file.FileName.ToLower(), sg.InternalId.ToString(), sg.title);
newAudit.url = "POST /";
_msgServer.Publish("openrmf.audit.upload", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
_msgServer.Flush();
}
catch (Exception ex) {
// add to the list of failed uploads
uploadResult.failed++;
uploadResult.failedUploads.Add(file.FileName);
// log it
_logger.LogError(ex, "UploadNewChecklist() error on checklist file not parsing right: {0}.", file.FileName.ToLower());
// see if there are any left
}
}
_logger.LogInformation("Called UploadNewChecklist() with {0} checklists successfully", checklistFiles.Count.ToString());
return(Ok(uploadResult));
}
else
{
_logger.LogWarning("Called UploadNewChecklist() with NO checklists!");
return(BadRequest());
}
}
catch (Exception ex) {
_logger.LogError(ex, "Error uploading checklist file");
return(BadRequest());
}
}
public async Task <IActionResult> UpdateChecklist(string id, IFormFile checklistFile, string systemGroupId)
{
try {
_logger.LogInformation("Calling UpdateChecklist({0})", id);
//var name = checklistFile.FileName;
string rawChecklist = string.Empty;
if (checklistFile.FileName.ToLower().EndsWith(".xml"))
{
// if an XML XCCDF SCAP scan checklistFile
using (var reader = new StreamReader(checklistFile.OpenReadStream()))
{
// read in the checklistFile
string xmlfile = reader.ReadToEnd();
// pull out the rule IDs and their results of pass or fail and the title/type of SCAP scan done
SCAPRuleResultSet results = SCAPScanResultLoader.LoadSCAPScan(xmlfile);
// get the raw checklist from the msg checklist NATS reader
// update the rawChecklist data so we can move on
var record = await _artifactRepo.GetArtifact(id);
rawChecklist = SCAPScanResultLoader.UpdateChecklistData(results, record.rawChecklist, false);
}
}
else if (checklistFile.FileName.ToLower().EndsWith(".ckl"))
{
// if a CKL file
using (var reader = new StreamReader(checklistFile.OpenReadStream()))
{
rawChecklist = reader.ReadToEnd();
}
}
else
{
// log this is a bad checklistFile
return(BadRequest());
}
_logger.LogInformation("UpdateChecklist({0}) sanitizing the checklist XML", id);
rawChecklist = SanitizeData(rawChecklist);
// update and fill in the same info
Artifact newArtifact = MakeArtifactRecord(rawChecklist);
Artifact oldArtifact = await _artifactRepo.GetArtifact(id);
if (oldArtifact != null && oldArtifact.createdBy != Guid.Empty)
{
_logger.LogInformation("UpdateChecklist({0}) copying the old data into the new one to replace it", id);
// this is an update of an older one, keep the createdBy intact
newArtifact.createdBy = oldArtifact.createdBy;
// keep it a part of the same system group
if (!string.IsNullOrEmpty(oldArtifact.systemGroupId))
{
newArtifact.systemGroupId = oldArtifact.systemGroupId;
newArtifact.systemTitle = oldArtifact.systemTitle;
}
}
oldArtifact = null;
// grab the user/system ID from the token if there which is *should* always be
var claim = this.User.Claims.Where(x => x.Type == System.Security.Claims.ClaimTypes.NameIdentifier).FirstOrDefault();
if (claim != null) // get the value
{
_logger.LogInformation("UpdateChecklist({0}) getting the updated by ID", id);
newArtifact.updatedBy = Guid.Parse(claim.Value);
}
_logger.LogInformation("UpdateChecklist({0}) saving the new artifact record", id);
await _artifactRepo.UpdateArtifact(id, newArtifact);
// publish to the openrmf save new realm the new ID we can use
_logger.LogInformation("UpdateChecklist({0}) publishing the updated checklist for scoring", id);
_msgServer.Publish("openrmf.checklist.save.update", Encoding.UTF8.GetBytes(id));
_msgServer.Flush();
_logger.LogInformation("Called UpdateChecklist({0}) successfully", id);
// publish an audit event
_logger.LogInformation("UpdateChecklist() publish an audit message on an updated checklist {0}.", checklistFile.FileName);
Audit newAudit = GenerateAuditMessage(claim, "update checklist");
newAudit.message = string.Format("UpdateChecklist() updated checklist {0} with file {1}.", id, checklistFile.FileName);
newAudit.url = "PUT /";
_msgServer.Publish("openrmf.audit.upload", Encoding.UTF8.GetBytes(Compression.CompressString(JsonConvert.SerializeObject(newAudit))));
_msgServer.Flush();
return(Ok());
}
catch (Exception ex) {
_logger.LogError(ex, "Error Uploading updated Checklist file");
return(BadRequest());
}
}