AIP
/
AipGateway


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249
							using Aip.Service.Entities;
using Aip.Service.Repositories;
using Aip.Service.Services.Interfaces;
using System.Collections;

namespace Aip.Service.Services;

public class ApiAuthService : IApiAuthService
{
    private readonly ILogger<ApiAuthService> _log;
    private readonly IAipDbRepository _repo;


    private Hashtable _apiKeyMap = new Hashtable();
    private Hashtable _decryptKeyMap = new Hashtable();

    public ApiAuthService(ILogger<ApiAuthService> log, IAipDbRepository repo)
    {
        _log = log;
        _repo = repo;

        Inititialize();
    }

    private void Inititialize()
    {
        LoadLinkedApiKeys();
        LoadLinkedDecryptKeys();
    }
    private bool CheckApiRights(LinkedApiKey keyInfo, int apiId)
    {
        if (keyInfo == null) return false;

        // 레이블 조회 및 템플릿 조회 API 허용 여부
        // 파일 정보 조회 API 허용 여부
        // 레이블 적용 API 허용 여부
        // 레이블 해제 API 허용 여부
        // 파일 암호화 API 허용 여부
        // 파일 복호화 API 허용 여부
        if (apiId >= GlobalConstants.API_DB_RELOAD && apiId <= GlobalConstants.API_DB_LINKED_DECRYPT_KEYS)
        {
            return keyInfo.policyLookupYn;
        }
        if (apiId == GlobalConstants.API_AIP_DOWNLOAD ||
            apiId == GlobalConstants.API_AIP_LABELS ||
            apiId == GlobalConstants.API_AIP_POLICIES ||
            apiId == GlobalConstants.API_AIP_PROTECTIONS ||
            apiId == GlobalConstants.API_FILE_INFO ||
            apiId == GlobalConstants.API_STREAM_INFO)
        {
            return keyInfo.fileInfoLookupYn;
        }
        if (apiId == GlobalConstants.API_FILE_SET_LABEL ||
            apiId == GlobalConstants.API_FILE_SET_LABELS ||
            apiId == GlobalConstants.API_STREAM_SET_LABEL ||
            apiId == GlobalConstants.API_STREAM_SET_LABELS)
        {
            return keyInfo.applyLabelYn;
        }
        if (apiId == GlobalConstants.API_FILE_DELETE_LABEL ||
            apiId == GlobalConstants.API_FILE_DELETE_LABELS ||
            apiId == GlobalConstants.API_STREAM_DELETE_LABEL ||
            apiId == GlobalConstants.API_STREAM_DELETE_LABELS)
        {
            return keyInfo.releaseLabelYn;
        }
        if (apiId == GlobalConstants.API_FILE_SET_PROTECTION ||
            apiId == GlobalConstants.API_STREAM_SET_PROTECTION ||
            apiId == GlobalConstants.API_FILE_ENCRYPT ||
            apiId == GlobalConstants.API_STREAM_ENCRYPT)
        {
            return keyInfo.encryptionFileYn;
        }

        if (apiId == GlobalConstants.API_FILE_DELETE_PROTECTIN ||
            apiId == GlobalConstants.API_STREAM_DELETE_PROTECTIN ||
            apiId == GlobalConstants.API_FILE_DECRYPT ||
            apiId == GlobalConstants.API_STREAM_DECRYPT)
        {
            return keyInfo.decryptionFileYn;
        }
        if (apiId == GlobalConstants.API_FILE_SET_LABEL_PROTECTION ||
            apiId == GlobalConstants.API_STREAM_SET_LABEL_PROTECTION)
        {
            return keyInfo.applyLabelYn && keyInfo.encryptionFileYn;
        }
        if (apiId == GlobalConstants.API_FILE_DELETE_LABEL_PROTECTION ||
            apiId == GlobalConstants.API_STREAM_DELETE_LABEL_PROTECTION)
        {
            return keyInfo.releaseLabelYn && keyInfo.decryptionFileYn;
        }

        if (apiId == GlobalConstants.API_DUMMY)
        {
            return true;
        }
        return false;
    }

    public int CheckApiKeyValidation(HttpContext httpContext, string apiKey, int apiId)
    {
        string errMsg;
        string? ipAddress = httpContext.Connection.RemoteIpAddress?.ToString();
        ipAddress = string.IsNullOrEmpty(ipAddress) ? "xx.xx.xx.xx" : ipAddress;
        try
        {
            if (_apiKeyMap.ContainsKey(apiKey))
            {
                LinkedApiKey? apiKeyData = _apiKeyMap[apiKey] as LinkedApiKey;
                if (apiKeyData == null)
                {
                    return 1;   // 등록되어 있지 않은 키 정보입니다.
                }

                if (!CheckApiRights(apiKeyData, apiId))
                {
                    return 4;   // API 사용 권한이 없습니다.
                }

                LinkedApiKey? server = apiKeyData.serverMap[ipAddress] as LinkedApiKey;
                if (server == null)
                {
                    return 2;   // 등록되어 있지 않은 IP Address에서 호출된 API KEY 입니다.
                }
                if (DateTime.Compare(server.ExpiredAt, DateTime.Now) < 0)
                {
                    return 3;   // API KEY 유효기간이 지났습니다.
                }

                return 0;   // OK
            }
            else
            {
                errMsg = "등록되어 있지 않은 API KEY 입니다.";
                return 1;   // 등록되어 있지 않은 키 정보입니다.
            }
        }
        catch (Exception ex)
        {
            errMsg = ex.Message;
            return 4;
        }
    }

    public int LoadAuthInformation()
    {
        LoadLinkedApiKeys();
        LoadLinkedDecryptKeys();
        return _apiKeyMap.Count + _decryptKeyMap.Count; 
    }
    public void LoadLinkedApiKeys()
    {
        Hashtable keyMap = new Hashtable();

        List<LinkedApiKey> result = _repo.LoadLinkedApiKeys().Result;
        if (result != null)
        {
            foreach (LinkedApiKey key in result)
            {
                LinkedApiKey? apiKey = keyMap[key.ApiKey] as LinkedApiKey;
                if (apiKey == null)
                {
                    // SERVER 추가
                    key.serverMap = new Hashtable();
                    key.serverMap.Add(key.ServerIpAddr, key);

                    // API KEY 추가
                    keyMap.Add(key.ApiKey, key);
                }
                else
                {
                    LinkedApiKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedApiKey;
                    if (server == null)
                    {
                        apiKey.serverMap.Add(key.ServerIpAddr, key);
                    }
                }
            }
        }

        _apiKeyMap = keyMap;

        foreach (string key in _apiKeyMap.Keys)
        {
            LinkedApiKey? apiKey = _apiKeyMap[key] as LinkedApiKey;
            if (apiKey != null)
            {
                _log.LogInformation("       API KEY: {0}", apiKey.ApiKey);
                foreach (string serverIp in apiKey.serverMap.Keys)
                {
                    LinkedApiKey? server = apiKey.serverMap[serverIp] as LinkedApiKey;
                    if (server != null)
                    {
                        _log.LogInformation("API KEY SERVER: {0}, {1}", server.ApiKey, server.ServerIpAddr);
                    }
                }
            }
        }
    }
    public void LoadLinkedDecryptKeys()
    {
        Hashtable keyMap = new Hashtable();

        List<LinkedDecryptKey> result = _repo.LoadLinkedDecryptKeys().Result;
        if (result != null)
        {
            foreach (LinkedDecryptKey key in result)
            {
                LinkedDecryptKey? apiKey = keyMap[key.DecryptKey] as LinkedDecryptKey;
                if (apiKey == null)
                {
                    // SERVER 추가
                    key.serverMap = new Hashtable();
                    key.serverMap.Add(key.ServerIpAddr, key);

                    // DESCRYPT KEY 추가
                    keyMap.Add(key.DecryptKey, key);
                }
                else
                {
                    LinkedDecryptKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedDecryptKey;
                    if (server == null)
                    {
                        apiKey.serverMap.Add(key.ServerIpAddr, key);
                    }
                }
            }
        }

        _decryptKeyMap = keyMap;

        foreach (string key in _decryptKeyMap.Keys)
        {
            LinkedDecryptKey? apiKey = _decryptKeyMap[key] as LinkedDecryptKey;
            if (apiKey != null)
            {
                _log.LogInformation("       DESCRYPT KEY: {0}", apiKey.DecryptKey);
                foreach (string serverIp in apiKey.serverMap.Keys)
                {
                    LinkedDecryptKey? server = apiKey.serverMap[serverIp] as LinkedDecryptKey;
                    if (server != null)
                    {
                        _log.LogInformation("DESCRYPT KEY SERVER: {0}, {1}", server.DecryptKey, server.ServerIpAddr);
                    }
                }
            }
        }
    }
}