1 /* 2 * Copyright 2017 the original author or authors. 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 package org.openehealth.ipf.commons.audit.event; 17 18 19 import org.openehealth.ipf.commons.audit.AuditException; 20 import org.openehealth.ipf.commons.audit.codes.*; 21 import org.openehealth.ipf.commons.audit.types.ActiveParticipantRoleId; 22 import org.openehealth.ipf.commons.audit.types.EventType; 23 import org.openehealth.ipf.commons.audit.types.PurposeOfUse; 24 25 import java.util.Collections; 26 27 /** 28 * Builds an Audit Event representing a Security Alert event as specified in 29 * http://dicom.nema.org/medical/dicom/current/output/html/part15.html#sect_A.5.3.11 30 * <p> 31 * This message describes any event for which a node needs to report a security alert, 32 * e.g., a node authentication failure when establishing a secure communications channel. 33 * </p> 34 * <p> 35 * The Node Authentication event can be used to report both successes and failures. 36 * If reporting of success is done, this could generate a very large number of audit messages, 37 * since every authenticated DICOM association, HL7 transaction, and HTML connection should result 38 * in a successful node authentication. It is expected that in most situations only the failures 39 * will be reported. 40 * </p> 41 * 42 * @author Christian Ohr 43 * @since 3.5 44 */ 45 public class SecurityAlertBuilder extends BaseAuditMessageBuilder<SecurityAlertBuilder> { 46 47 /** 48 * @param outcome Success implies an informative alert. The other failure values imply warning codes that indicate 49 * the severity of the alert. A Minor or Serious failure indicates that mitigation efforts were 50 * effective in maintaining system security. A Major failure indicates that mitigation efforts may 51 * not have been effective, and that the security system may have been compromised. 52 * @param eventType event type 53 */ 54 public SecurityAlertBuilder(EventOutcomeIndicator outcome, 55 String eventOutcomeDescription, 56 EventType eventType) { 57 super(); 58 setEventIdentification(outcome, 59 eventOutcomeDescription, 60 EventActionCode.Execute, 61 EventIdCode.SecurityAlert, 62 eventType, 63 (PurposeOfUse[]) null 64 ); 65 } 66 67 68 /** 69 * @param userId UserID 70 * @param altUserId Alternate UserID 71 * @param userName UserName 72 * @param networkId Network Access Point ID 73 * @param userIsRequestor Whether the destination participant represents the requestor (i.e. pull request) 74 * @return this 75 */ 76 public SecurityAlertBuilder addReportingActiveParticipant(String userId, 77 String altUserId, 78 String userName, 79 ActiveParticipantRoleId roleId, 80 String networkId, 81 boolean userIsRequestor) { 82 return addActiveParticipant(userId, altUserId, userName, userIsRequestor, Collections.singletonList(roleId), networkId); 83 } 84 85 /** 86 * @param userId UserID 87 * @param altUserId Alternate UserID 88 * @param userName UserName 89 * @param networkId Network Access Point ID 90 * @return this 91 */ 92 public SecurityAlertBuilder addPerformingActiveParticipant(String userId, 93 String altUserId, 94 String userName, 95 ActiveParticipantRoleId roleId, 96 String networkId) { 97 return addActiveParticipant(userId, altUserId, userName, false, Collections.singletonList(roleId), networkId); 98 } 99 100 /** 101 * @param node the identity of the node that is the subject of the alert either in the form ofnode_name@domain_nameor as an IP address 102 * @param role {@link ParticipantObjectTypeCodeRole#MasterFile} or {@link ParticipantObjectTypeCodeRole#SecurityResource} 103 * @param reason free text description of the nature of the alert as the value 104 * @return this 105 */ 106 public SecurityAlertBuilder addAlertNodeSubjectParticipantObject(String node, 107 ParticipantObjectTypeCodeRole role, 108 String reason) { 109 return addParticipantObjectIdentification(ParticipantObjectIdTypeCode.NodeID, 110 null, null, 111 reason != null ? 112 Collections.singletonList(getTypeValuePair("Alert Description", reason)) : 113 Collections.emptyList(), 114 node, 115 ParticipantObjectTypeCode.System, 116 role, 117 null, 118 null); 119 } 120 121 /** 122 * @param uri the URI of the file or other resource that is the subject of the alert 123 * @param role {@link ParticipantObjectTypeCodeRole#MasterFile} or {@link ParticipantObjectTypeCodeRole#SecurityResource} 124 * @param reason free text description of the nature of the alert as the value 125 * @return this 126 */ 127 public SecurityAlertBuilder addAlertUriSubjectParticipantObject(String uri, 128 ParticipantObjectTypeCodeRole role, 129 String reason) { 130 return addParticipantObjectIdentification(ParticipantObjectIdTypeCode.URI, 131 null, null, 132 reason != null ? 133 Collections.singletonList(getTypeValuePair("Alert Description", reason)) : 134 Collections.emptyList(), 135 uri, 136 ParticipantObjectTypeCode.System, 137 role, 138 null, 139 null); 140 } 141 142 @Override 143 public void validate() { 144 super.validate(); 145 int aps = getMessage().getActiveParticipants().size(); 146 if (aps < 1 || aps > 2) { 147 throw new AuditException("Must have one or two ActiveParticipants reporting this event"); 148 } 149 } 150 }