| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281 |
- using System;
- using System.Collections.Generic;
- using System.Collections.ObjectModel;
- using System.Threading.Tasks;
- using Microsoft.InformationProtection;
- using Microsoft.InformationProtection.Policy;
- using Microsoft.InformationProtection.Policy.Actions;
- using Serilog;
- using Serilog.Core;
- namespace AipGateway.AIP
- {
- public class PolicyManager : AbstractManager
- {
- private IPolicyProfile _profile = null;
- private IPolicyEngine _engine = null;
- public PolicyManager(Logger logger, string clientId) : base(logger, clientId)
- {
- }
- ~PolicyManager() => this.Dispose(false);
- public override void Dispose()
- {
- this.Dispose(true);
- GC.SuppressFinalize((object)this);
- }
- protected virtual void Dispose(bool disposing)
- {
- lock (this)
- {
- if (_profile != null && _engine != null)
- {
- //_profile.UnloadEngineAsync(_engine.Settings.Id).Wait();
- _profile.Dispose();
- _engine.Dispose();
- }
- _engine = null;
- _profile = null;
- }
- }
- public override bool CreateProfile(ref MipContext mipContext)
- {
- try
- {
- var profileSettings = new PolicyProfileSettings(mipContext,
- //CacheStorageType.OnDiskEncrypted
- CacheStorageType.InMemory
- );
- // IFileProfile은 특정 애플리케이션에 대한 모든 SDK 작업의 루트입니다.
- _profile = Task.Run(async () => await MIP.LoadPolicyProfileAsync(profileSettings)).Result;
- }
- catch (Exception e)
- {
- SetError(1, "PolicyManager::CreateProfile Failed.", e.Message);
- return false;
- }
- return _profile != null;
- }
- public override bool CreateEngine(ref Identity identity, ref AuthDelegateImplementation authDelegate)
- {
- try
- {
- authDelegate.ResetError();
- var engineSettings = new PolicyEngineSettings(identity.Email, authDelegate, string.Empty, "en-US")
- {
- // Provide the identity for service discovery.
- Identity = identity
- };
- _engine = Task.Run(async () => await _profile.AddEngineAsync(engineSettings)).Result;
- }
- catch (Exception e)
- {
- if (authDelegate.LastErrNo != 0)
- {
- SetError(authDelegate.LastErrNo, "PolicyManager::CreateEngine Failed.", authDelegate.LastErrMsg);
- }
- else
- {
- SetError(2, "PolicyManager::CreateEngine Failed.", e.Message);
- }
- return false;
- }
- return _engine != null;
- }
- public IEnumerable<Label> ListSensitivityLabels()
- {
- // 사용자 주체의 경우 이는 사용자별로 다릅니다.
- // 서비스 주체의 경우 이는 서비스별로 또는 전역적일 수 있습니다.
- return _engine.ListSensitivityLabels();
- }
- private IPolicyHandler CreatePolicyHandler(ExecutionStateOptions options)
- {
- try
- {
- var handler = _engine.CreatePolicyHandler(options.generateAuditEvent);
- return handler;
- }
- catch (Exception ex)
- {
- SetError(91, "PolicyManager::CreatePolicyHandler Failed.", ex.Message);
- }
- return null;
- }
- public ReadOnlyCollection<Microsoft.InformationProtection.Policy.Actions.Action> ComputeActions(ExecutionStateOptions options)
- {
- var handler = CreatePolicyHandler(options);
- if (handler == null)
- {
- return null;
- }
- try
- {
- ExecutionStateImplementation state = new ExecutionStateImplementation(options);
- var actions = handler.ComputeActions(state);
- if (actions.Count == 0 && options.generateAuditEvent)
- {
- handler.NotifyCommittedActions(state);
- }
- return actions;
- }
- catch (Exception ex)
- {
- SetError(92, "PolicyManager::ComputeActions Failed.", ex.Message);
- }
- return null;
- }
- public bool ComputeActionLoop(ExecutionStateOptions options)
- {
- ExecutionStateImplementation state = new ExecutionStateImplementation(options);
- var handler = CreatePolicyHandler(options);
- var actions = handler.ComputeActions(state);
- while (actions.Count > 0)
- {
- //Console.WriteLine("Action Count: {0}", actions.Count);
- foreach (var action in actions)
- {
- switch (action.ActionType)
- {
- case ActionType.Metadata:
- var derivedMetadataAction = (MetadataAction)action;
- if (derivedMetadataAction.MetadataToRemove.Count > 0)
- {
- //Console.WriteLine("*** Action: Remove Metadata.");
- //Rather than iterate, in the same we just remove it all.
- options.metadata.Clear();
- }
- if (derivedMetadataAction.MetadataToAdd.Count > 0)
- {
- //Console.WriteLine("*** Action: Apply Metadata.");
- //Iterate through metadata and add to options
- foreach (var item in derivedMetadataAction.MetadataToAdd)
- {
- options.metadata.Add(item.Key, item.Value);
- //Console.WriteLine("*** Added: {0} - {1}", item.Key, item.Value);
- }
- }
- break;
- case ActionType.ProtectByTemplate:
- var derivedProtectbyTemplateAction = (ProtectByTemplateAction)action;
- options.templateId = derivedProtectbyTemplateAction.TemplateId;
- //Console.WriteLine("*** Action: Protect by Template: {0}", derivedProtectbyTemplateAction.TemplateId);
- break;
- case ActionType.RemoveProtection:
- var derivedRemoveProtectionAction = (RemoveProtectionAction)action;
- options.templateId = string.Empty;
- //Console.Write("*** Action: Remove Protection.");
- break;
- case ActionType.Justify:
- var derivedJustificationAction = (JustifyAction)action;
- //Console.WriteLine("*** Justification Required!");
- //Console.Write("Provide Justification: ");
- string justificationMessage = Console.ReadLine();
- options.isDowngradeJustified = true;
- options.downgradeJustification = justificationMessage;
- break;
- case ActionType.AddContentFooter:
- // Any other actions must be explicitly defined after this.
- break;
- default:
- break;
- }
- }
- state = new ExecutionStateImplementation(options);
- actions = handler.ComputeActions(state);
- //Console.WriteLine("*** Remaining Action Count: {0}", actions.Count);
- }
- if (options.generateAuditEvent && actions.Count == 0)
- {
- handler.NotifyCommittedActions(state);
- }
- return true;
- }
- public Label GetLabelById(string labelId)
- {
- Label label;
- try
- {
- label = _engine.GetLabelById(labelId);
- }
- catch (Exception ex)
- {
- SetError(99, "FileManager::GetLabel Failed. Request Label Id: " + labelId, ex.Message);
- return null;
- }
- return label;
- }
- public bool SetComputeAction(string fileName, string actualFileName, string email, string labelId, string comments)
- {
- ExecutionStateOptions options = new ExecutionStateOptions();
- Label label = GetLabelById(labelId);
- options.newLabel = label; // 레벨은 선택할 수 있다.
- options.actionSource = ActionSource.Manual;
- options.assignmentMethod = AssignmentMethod.Standard;
- options.contentFormat = Microsoft.InformationProtection.Policy.ContentFormat.File;
- options.contentIdentifier = fileName;
- options.dataState = DataState.Use;
- options.isDowngradeJustified = false;
- options.generateAuditEvent = true;
- options.metadata = new Dictionary<string, string>();
- if (options.newLabel == null)
- {
- return false;
- }
- var initialActions = ComputeActions(options);
- // 추가 작업이 필요한 경우 ExecutionStateImplementation.cs에서 GetSupportedActions를 수정하세요.
- // 그런 다음 관심 있는 작업(예: 머리글, 바닥글 또는 워터마크 적용)에 대한 작업을 반복합니다.
- // 파생된 작업에서 콘텐츠 표시 정보를 얻을 수 있습니다.
- foreach (var item in initialActions)
- {
- switch (item.ActionType)
- {
- case ActionType.Metadata:
- options.metadata.Clear();
- foreach (var data in ((MetadataAction)item).MetadataToAdd)
- {
- options.metadata.Add(data.Key, data.Value);
- }
- break;
- case ActionType.ProtectByTemplate:
- options.templateId = ((ProtectByTemplateAction)item).TemplateId;
- break;
- default:
- break;
- }
- }
- options.newLabel = GetLabelById(labelId);
- var result = ComputeActionLoop(options);
- return result;
- }
- }
- }
|
