1 /*
2 * Copyright 2017 the original author or authors.
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16 package org.openehealth.ipf.commons.audit.event;
17
18
19 import org.openehealth.ipf.commons.audit.AuditException;
20 import org.openehealth.ipf.commons.audit.codes.*;
21 import org.openehealth.ipf.commons.audit.types.ActiveParticipantRoleId;
22 import org.openehealth.ipf.commons.audit.types.EventType;
23 import org.openehealth.ipf.commons.audit.types.PurposeOfUse;
24
25 import java.util.Collections;
26
27 /**
28 * Builds an Audit Event representing a Security Alert event as specified in
29 * http://dicom.nema.org/medical/dicom/current/output/html/part15.html#sect_A.5.3.11
30 * <p>
31 * This message describes any event for which a node needs to report a security alert,
32 * e.g., a node authentication failure when establishing a secure communications channel.
33 * </p>
34 * <p>
35 * The Node Authentication event can be used to report both successes and failures.
36 * If reporting of success is done, this could generate a very large number of audit messages,
37 * since every authenticated DICOM association, HL7 transaction, and HTML connection should result
38 * in a successful node authentication. It is expected that in most situations only the failures
39 * will be reported.
40 * </p>
41 *
42 * @author Christian Ohr
43 * @since 3.5
44 */
45 public class SecurityAlertBuilder extends BaseAuditMessageBuilder<SecurityAlertBuilder> {
46
47 /**
48 * @param outcome Success implies an informative alert. The other failure values imply warning codes that indicate
49 * the severity of the alert. A Minor or Serious failure indicates that mitigation efforts were
50 * effective in maintaining system security. A Major failure indicates that mitigation efforts may
51 * not have been effective, and that the security system may have been compromised.
52 * @param eventType event type
53 */
54 public SecurityAlertBuilder(EventOutcomeIndicator outcome,
55 String eventOutcomeDescription,
56 EventType eventType) {
57 super();
58 setEventIdentification(outcome,
59 eventOutcomeDescription,
60 EventActionCode.Execute,
61 EventIdCode.SecurityAlert,
62 eventType,
63 (PurposeOfUse[]) null
64 );
65 }
66
67
68 /**
69 * @param userId UserID
70 * @param altUserId Alternate UserID
71 * @param userName UserName
72 * @param networkId Network Access Point ID
73 * @param userIsRequestor Whether the destination participant represents the requestor (i.e. pull request)
74 * @return this
75 */
76 public SecurityAlertBuilder addReportingActiveParticipant(String userId,
77 String altUserId,
78 String userName,
79 ActiveParticipantRoleId roleId,
80 String networkId,
81 boolean userIsRequestor) {
82 return addActiveParticipant(userId, altUserId, userName, userIsRequestor, Collections.singletonList(roleId), networkId);
83 }
84
85 /**
86 * @param userId UserID
87 * @param altUserId Alternate UserID
88 * @param userName UserName
89 * @param networkId Network Access Point ID
90 * @return this
91 */
92 public SecurityAlertBuilder addPerformingActiveParticipant(String userId,
93 String altUserId,
94 String userName,
95 ActiveParticipantRoleId roleId,
96 String networkId) {
97 return addActiveParticipant(userId, altUserId, userName, false, Collections.singletonList(roleId), networkId);
98 }
99
100 /**
101 * @param node the identity of the node that is the subject of the alert either in the form ofnode_name@domain_nameor as an IP address
102 * @param role {@link ParticipantObjectTypeCodeRole#MasterFile} or {@link ParticipantObjectTypeCodeRole#SecurityResource}
103 * @param reason free text description of the nature of the alert as the value
104 * @return this
105 */
106 public SecurityAlertBuilder addAlertNodeSubjectParticipantObject(String node,
107 ParticipantObjectTypeCodeRole role,
108 String reason) {
109 return addParticipantObjectIdentification(ParticipantObjectIdTypeCode.NodeID,
110 null, null,
111 reason != null ?
112 Collections.singletonList(getTypeValuePair("Alert Description", reason)) :
113 Collections.emptyList(),
114 node,
115 ParticipantObjectTypeCode.System,
116 role,
117 null,
118 null);
119 }
120
121 /**
122 * @param uri the URI of the file or other resource that is the subject of the alert
123 * @param role {@link ParticipantObjectTypeCodeRole#MasterFile} or {@link ParticipantObjectTypeCodeRole#SecurityResource}
124 * @param reason free text description of the nature of the alert as the value
125 * @return this
126 */
127 public SecurityAlertBuilder addAlertUriSubjectParticipantObject(String uri,
128 ParticipantObjectTypeCodeRole role,
129 String reason) {
130 return addParticipantObjectIdentification(ParticipantObjectIdTypeCode.URI,
131 null, null,
132 reason != null ?
133 Collections.singletonList(getTypeValuePair("Alert Description", reason)) :
134 Collections.emptyList(),
135 uri,
136 ParticipantObjectTypeCode.System,
137 role,
138 null,
139 null);
140 }
141
142 @Override
143 public void validate() {
144 super.validate();
145 int aps = getMessage().getActiveParticipants().size();
146 if (aps < 1 || aps > 2) {
147 throw new AuditException("Must have one or two ActiveParticipants reporting this event");
148 }
149 }
150 }