AIP
/
AipGateway


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251
							using AipGateway.API.Application;
using AipGateway.API.Domain.Entities;
using AipGateway.API.Repositories;
using AipGateway.API.Services.Interfaces;
using System.Collections;

namespace AipGateway.API.Services
{
    public class ApiAuthService : IApiAuthService
    {
        private readonly ILogger<ApiAuthService> _log;
        private readonly IAipDbRepository _repo;


        private Hashtable _apiKeyMap = new Hashtable();
        private Hashtable _decryptKeyMap = new Hashtable();

        public ApiAuthService(ILogger<ApiAuthService> log, IAipDbRepository repo)
        {
            _log = log;
            _repo = repo;

            Inititialize();
        }

        private void Inititialize()
        {
            LoadLinkedApiKeys();
            LoadLinkedDecryptKeys();
        }
        private bool CheckApiRights(LinkedApiKey keyInfo, int apiId)
        {
            if (keyInfo == null) return false;

            // 레이블 조회 및 템플릿 조회 API 허용 여부
            // 파일 정보 조회 API 허용 여부
            // 레이블 적용 API 허용 여부
            // 레이블 해제 API 허용 여부
            // 파일 암호화 API 허용 여부
            // 파일 복호화 API 허용 여부
            if (apiId >= GlobalConstants.API_DB_RELOAD && apiId <= GlobalConstants.API_DB_LINKED_DECRYPT_KEYS)
            {
                return keyInfo.policyLookupYn;
            }
            if (apiId == GlobalConstants.API_AIP_DOWNLOAD ||
                apiId == GlobalConstants.API_AIP_LABELS ||
                apiId == GlobalConstants.API_AIP_POLICIES ||
                apiId == GlobalConstants.API_AIP_PROTECTIONS ||
                apiId == GlobalConstants.API_FILE_INFO ||
                apiId == GlobalConstants.API_STREAM_INFO)
            {
                return keyInfo.fileInfoLookupYn;
            }
            if (apiId == GlobalConstants.API_FILE_SET_LABEL ||
                apiId == GlobalConstants.API_FILE_SET_LABELS ||
                apiId == GlobalConstants.API_STREAM_SET_LABEL ||
                apiId == GlobalConstants.API_STREAM_SET_LABELS)
            {
                return keyInfo.applyLabelYn;
            }
            if (apiId == GlobalConstants.API_FILE_DELETE_LABEL ||
                apiId == GlobalConstants.API_FILE_DELETE_LABELS ||
                apiId == GlobalConstants.API_STREAM_DELETE_LABEL ||
                apiId == GlobalConstants.API_STREAM_DELETE_LABELS)
            {
                return keyInfo.releaseLabelYn;
            }
            if (apiId == GlobalConstants.API_FILE_SET_PROTECTION ||
                apiId == GlobalConstants.API_STREAM_SET_PROTECTION ||
                apiId == GlobalConstants.API_FILE_ENCRYPT ||
                apiId == GlobalConstants.API_STREAM_ENCRYPT)
            {
                return keyInfo.encryptionFileYn;
            }

            if (apiId == GlobalConstants.API_FILE_DELETE_PROTECTIN ||
                apiId == GlobalConstants.API_STREAM_DELETE_PROTECTIN ||
                apiId == GlobalConstants.API_FILE_DECRYPT ||
                apiId == GlobalConstants.API_STREAM_DECRYPT)
            {
                return keyInfo.decryptionFileYn;
            }
            if (apiId == GlobalConstants.API_FILE_SET_LABEL_PROTECTION ||
                apiId == GlobalConstants.API_STREAM_SET_LABEL_PROTECTION)
            {
                return keyInfo.applyLabelYn && keyInfo.encryptionFileYn;
            }
            if (apiId == GlobalConstants.API_FILE_DELETE_LABEL_PROTECTION ||
                apiId == GlobalConstants.API_STREAM_DELETE_LABEL_PROTECTION)
            {
                return keyInfo.releaseLabelYn && keyInfo.decryptionFileYn;
            }

            if (apiId == GlobalConstants.API_DUMMY)
            {
                return true;
            }
            return false;
        }

        public int CheckApiKeyValidation(HttpContext httpContext, string apiKey, int apiId)
        {
            string errMsg;
            string? ipAddress = httpContext.Connection.RemoteIpAddress?.ToString();
            ipAddress = string.IsNullOrEmpty(ipAddress) ? "xx.xx.xx.xx" : ipAddress;
            try
            {
                if (_apiKeyMap.ContainsKey(apiKey))
                {
                    LinkedApiKey? apiKeyData = _apiKeyMap[apiKey] as LinkedApiKey;
                    if (apiKeyData == null)
                    {
                        return 1;   // 등록되어 있지 않은 키 정보입니다.
                    }

                    if (!CheckApiRights(apiKeyData, apiId))
                    {
                        return 4;   // API 사용 권한이 없습니다.
                    }

                    LinkedApiKey? server = apiKeyData.serverMap[ipAddress] as LinkedApiKey;
                    if (server == null)
                    {
                        return 2;   // 등록되어 있지 않은 IP Address에서 호출된 API KEY 입니다.
                    }
                    if (DateTime.Compare(server.ExpiredAt, DateTime.Now) < 0)
                    {
                        return 3;   // API KEY 유효기간이 지났습니다.
                    }

                    return 0;   // OK
                }
                else
                {
                    errMsg = "등록되어 있지 않은 API KEY 입니다.";
                    return 1;   // 등록되어 있지 않은 키 정보입니다.
                }
            }
            catch (Exception ex)
            {
                errMsg = ex.Message;
                return 4;
            }
        }

        public int LoadAuthInformation()
        {
            LoadLinkedApiKeys();
            LoadLinkedDecryptKeys();
            return _apiKeyMap.Count + _decryptKeyMap.Count; 
        }
        public void LoadLinkedApiKeys()
        {
            Hashtable keyMap = new Hashtable();

            List<LinkedApiKey> result = _repo.LoadLinkedApiKeys().Result;
            if (result != null)
            {
                foreach (LinkedApiKey key in result)
                {
                    LinkedApiKey? apiKey = keyMap[key.ApiKey] as LinkedApiKey;
                    if (apiKey == null)
                    {
                        // SERVER 추가
                        key.serverMap = new Hashtable();
                        key.serverMap.Add(key.ServerIpAddr, key);

                        // API KEY 추가
                        keyMap.Add(key.ApiKey, key);
                    }
                    else
                    {
                        LinkedApiKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedApiKey;
                        if (server == null)
                        {
                            apiKey.serverMap.Add(key.ServerIpAddr, key);
                        }
                    }
                }
            }

            _apiKeyMap = keyMap;

            foreach (string key in _apiKeyMap.Keys)
            {
                LinkedApiKey? apiKey = _apiKeyMap[key] as LinkedApiKey;
                if (apiKey != null)
                {
                    _log.LogInformation("       API KEY: {0}", apiKey.ApiKey);
                    foreach (string serverIp in apiKey.serverMap.Keys)
                    {
                        LinkedApiKey? server = apiKey.serverMap[serverIp] as LinkedApiKey;
                        if (server != null)
                        {
                            _log.LogInformation("API KEY SERVER: {0}, {1}", server.ApiKey, server.ServerIpAddr);
                        }
                    }
                }
            }
        }
        public void LoadLinkedDecryptKeys()
        {
            Hashtable keyMap = new Hashtable();

            List<LinkedDecryptKey> result = _repo.LoadLinkedDecryptKeys().Result;
            if (result != null)
            {
                foreach (LinkedDecryptKey key in result)
                {
                    LinkedDecryptKey? apiKey = keyMap[key.DecryptKey] as LinkedDecryptKey;
                    if (apiKey == null)
                    {
                        // SERVER 추가
                        key.serverMap = new Hashtable();
                        key.serverMap.Add(key.ServerIpAddr, key);

                        // DESCRYPT KEY 추가
                        keyMap.Add(key.DecryptKey, key);
                    }
                    else
                    {
                        LinkedDecryptKey? server = apiKey.serverMap[key.ServerIpAddr] as LinkedDecryptKey;
                        if (server == null)
                        {
                            apiKey.serverMap.Add(key.ServerIpAddr, key);
                        }
                    }
                }
            }

            _decryptKeyMap = keyMap;

            foreach (string key in _decryptKeyMap.Keys)
            {
                LinkedDecryptKey? apiKey = _decryptKeyMap[key] as LinkedDecryptKey;
                if (apiKey != null)
                {
                    _log.LogInformation("       DESCRYPT KEY: {0}", apiKey.DecryptKey);
                    foreach (string serverIp in apiKey.serverMap.Keys)
                    {
                        LinkedDecryptKey? server = apiKey.serverMap[serverIp] as LinkedDecryptKey;
                        if (server != null)
                        {
                            _log.LogInformation("DESCRYPT KEY SERVER: {0}, {1}", server.DecryptKey, server.ServerIpAddr);
                        }
                    }
                }
            }
        }
    }
}