using AipGateway.API.Application; using AipGateway.API.Domain.Entities; using AipGateway.API.Repositories; using AipGateway.API.Services.Interfaces; using System.Collections; namespace AipGateway.API.Services { public class ApiAuthService : IApiAuthService { private readonly ILogger _log; private readonly IAipDbRepository _repo; private Hashtable _apiKeyMap = new Hashtable(); private Hashtable _decryptKeyMap = new Hashtable(); public ApiAuthService(ILogger log, IAipDbRepository repo) { _log = log; _repo = repo; Inititialize(); } private void Inititialize() { LoadLinkedApiKeys(); LoadLinkedDecryptKeys(); } private bool CheckApiRights(LinkedApiKey keyInfo, int apiId) { if (keyInfo == null) return false; // 레이블 조회 및 템플릿 조회 API 허용 여부 // 파일 정보 조회 API 허용 여부 // 레이블 적용 API 허용 여부 // 레이블 해제 API 허용 여부 // 파일 암호화 API 허용 여부 // 파일 복호화 API 허용 여부 if (apiId >= GlobalConstants.API_DB_RELOAD && apiId <= GlobalConstants.API_DB_LINKED_DECRYPT_KEYS) { return keyInfo.policyLookupYn; } if (apiId == GlobalConstants.API_AIP_DOWNLOAD || apiId == GlobalConstants.API_AIP_LABELS || apiId == GlobalConstants.API_AIP_POLICIES || apiId == GlobalConstants.API_AIP_PROTECTIONS || apiId == GlobalConstants.API_FILE_INFO || apiId == GlobalConstants.API_STREAM_INFO) { return keyInfo.fileInfoLookupYn; } if (apiId == GlobalConstants.API_FILE_SET_LABEL || apiId == GlobalConstants.API_FILE_SET_LABELS || apiId == GlobalConstants.API_STREAM_SET_LABEL || apiId == GlobalConstants.API_STREAM_SET_LABELS) { return keyInfo.applyLabelYn; } if (apiId == GlobalConstants.API_FILE_DELETE_LABEL || apiId == GlobalConstants.API_FILE_DELETE_LABELS || apiId == GlobalConstants.API_STREAM_DELETE_LABEL || apiId == GlobalConstants.API_STREAM_DELETE_LABELS) { return keyInfo.releaseLabelYn; } if (apiId == GlobalConstants.API_FILE_SET_PROTECTION || apiId == GlobalConstants.API_STREAM_SET_PROTECTION || apiId == GlobalConstants.API_FILE_ENCRYPT || apiId == GlobalConstants.API_STREAM_ENCRYPT) { return keyInfo.encryptionFileYn; } if (apiId == GlobalConstants.API_FILE_DELETE_PROTECTIN || apiId == GlobalConstants.API_STREAM_DELETE_PROTECTIN || apiId == GlobalConstants.API_FILE_DECRYPT || apiId == GlobalConstants.API_STREAM_DECRYPT) { return keyInfo.decryptionFileYn; } if (apiId == GlobalConstants.API_FILE_SET_LABEL_PROTECTION || apiId == GlobalConstants.API_STREAM_SET_LABEL_PROTECTION) { return keyInfo.applyLabelYn && keyInfo.encryptionFileYn; } if (apiId == GlobalConstants.API_FILE_DELETE_LABEL_PROTECTION || apiId == GlobalConstants.API_STREAM_DELETE_LABEL_PROTECTION) { return keyInfo.releaseLabelYn && keyInfo.decryptionFileYn; } if (apiId == GlobalConstants.API_DUMMY) { return true; } return false; } public int CheckApiKeyValidation(HttpContext httpContext, string apiKey, int apiId) { string errMsg; string? ipAddress = httpContext.Connection.RemoteIpAddress?.ToString(); ipAddress = string.IsNullOrEmpty(ipAddress) ? "xx.xx.xx.xx" : ipAddress; try { if (_apiKeyMap.ContainsKey(apiKey)) { LinkedApiKey? apiKeyData = _apiKeyMap[apiKey] as LinkedApiKey; if (apiKeyData == null) { return 1; // 등록되어 있지 않은 키 정보입니다. } if (!CheckApiRights(apiKeyData, apiId)) { return 4; // API 사용 권한이 없습니다. } LinkedApiKey? server = apiKeyData.serverMap[ipAddress] as LinkedApiKey; if (server == null) { return 2; // 등록되어 있지 않은 IP Address에서 호출된 API KEY 입니다. } if (DateTime.Compare(server.ExpiredAt, DateTime.Now) < 0) { return 3; // API KEY 유효기간이 지났습니다. } return 0; // OK } else { errMsg = "등록되어 있지 않은 API KEY 입니다."; return 1; // 등록되어 있지 않은 키 정보입니다. } } catch (Exception ex) { errMsg = ex.Message; return 4; } } public int LoadAuthInformation() { LoadLinkedApiKeys(); LoadLinkedDecryptKeys(); return _apiKeyMap.Count + _decryptKeyMap.Count; } public void LoadLinkedApiKeys() { Hashtable keyMap = new Hashtable(); List result = _repo.LoadLinkedApiKeys().Result; if (result != null) { foreach (LinkedApiKey key in result) { LinkedApiKey? apiKey = keyMap[key.ApiKey] as LinkedApiKey; if (apiKey == null) { // SERVER 추가 key.serverMap = new Hashtable(); key.serverMap.Add(key.ServerIpAddr, key); // API KEY 추가 keyMap.Add(key.ApiKey, key); } else { LinkedApiKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedApiKey; if (server == null) { apiKey.serverMap.Add(key.ServerIpAddr, key); } } } } _apiKeyMap = keyMap; foreach (string key in _apiKeyMap.Keys) { LinkedApiKey? apiKey = _apiKeyMap[key] as LinkedApiKey; if (apiKey != null) { _log.LogInformation(" API KEY: {0}", apiKey.ApiKey); foreach (string serverIp in apiKey.serverMap.Keys) { LinkedApiKey? server = apiKey.serverMap[serverIp] as LinkedApiKey; if (server != null) { _log.LogInformation("API KEY SERVER: {0}, {1}", server.ApiKey, server.ServerIpAddr); } } } } } public void LoadLinkedDecryptKeys() { Hashtable keyMap = new Hashtable(); List result = _repo.LoadLinkedDecryptKeys().Result; if (result != null) { foreach (LinkedDecryptKey key in result) { LinkedDecryptKey? apiKey = keyMap[key.DecryptKey] as LinkedDecryptKey; if (apiKey == null) { // SERVER 추가 key.serverMap = new Hashtable(); key.serverMap.Add(key.ServerIpAddr, key); // DESCRYPT KEY 추가 keyMap.Add(key.DecryptKey, key); } else { LinkedDecryptKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedDecryptKey; if (server == null) { apiKey.serverMap.Add(key.ServerIpAddr, key); } } } } _decryptKeyMap = keyMap; foreach (string key in _decryptKeyMap.Keys) { LinkedDecryptKey? apiKey = _decryptKeyMap[key] as LinkedDecryptKey; if (apiKey != null) { _log.LogInformation(" DESCRYPT KEY: {0}", apiKey.DecryptKey); foreach (string serverIp in apiKey.serverMap.Keys) { LinkedDecryptKey? server = apiKey.serverMap[serverIp] as LinkedDecryptKey; if (server != null) { _log.LogInformation("DESCRYPT KEY SERVER: {0}, {1}", server.DecryptKey, server.ServerIpAddr); } } } } } } }