123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266 |
- using System;
- using System.Collections.Generic;
- using System.IO;
- using System.Linq;
- using System.Security.Claims;
- using System.Text;
- using System.Threading.Tasks;
- using System.Web;
- using Microsoft.Identity.Client;
- using Microsoft.InformationProtection;
- using Microsoft.InformationProtection.File;
- using Microsoft.InformationProtection.Policy;
- using LogLevel = Microsoft.InformationProtection.LogLevel;
- namespace AipGateway.AIP
- {
- public class FileAipManager
- {
- private static string _mipData;
- private string _mipPath;
- private readonly ApplicationInfo _appInfo;
- private readonly AuthDelegateImplementation _authDelegate;
- private IFileProfile _fileProfile = null;
- private IFileEngine _fileEngine = null;
- private IPolicyProfile _policyProfile = null;
- private IPolicyEngine _policyEngine = null;
- private MipContext _mipContext = null;
- public FileAipManager(
- string clientId,
- string applicationName,
- string applicationVersion,
- string tenantId,
- string clientSecret,
- string mipData,
- string eamil,
- ClaimsPrincipal claimsPrincipal)
- {
- _appInfo = new ApplicationInfo()
- {
- ApplicationId = clientId,
- ApplicationName = applicationName,
- ApplicationVersion = applicationVersion
- };
- _mipData = mipData;
- _mipPath = Path.Combine(AppDomain.CurrentDomain.BaseDirectory, _mipData);
- _authDelegate = new AuthDelegateImplementation(clientId, clientSecret, claimsPrincipal);
- // var path = Path.Combine(
- // Directory.GetParent(Path.GetDirectoryName(new Uri(System.Reflection.Assembly.GetExecutingAssembly().CodeBase).LocalPath)).FullName,
- // Environment.Is64BitProcess ? "x64" : "x86");
-
- var path = Path.Combine(
- Directory.GetParent(Path.GetDirectoryName(new Uri(Environment.CurrentDirectory).LocalPath)).FullName,
- Environment.Is64BitProcess ? "x64" : "x86");
- MIP.Initialize(MipComponent.File);//, path);
- MipConfiguration mipConfiguration = new MipConfiguration(_appInfo, _mipData, LogLevel.Trace, false);
- _mipContext = MIP.CreateMipContext(mipConfiguration);
- Identity identity = new Identity(eamil);
- // _policyProfile = CreatePolicyProfile(_appInfo, ref _authDelegate);
- // _policyEngine = CreatePolicyEngine(identity);
- _fileProfile = CreateFileProfile();
- // _fileEngine = CreateFileEngine(ClaimsPrincipal.Current.FindFirst(ClaimTypes.Upn).Value, "", "en-US");
- _fileEngine = CreateFileEngine(identity, "", "en-US");
- }
- public void Dispose()
- {
- _policyProfile.UnloadEngineAsync(_policyEngine.Settings.Id).Wait();
- _policyEngine.Dispose();
- _policyProfile.Dispose();
- _fileEngine.Dispose();
- _fileEngine.Dispose();
- _mipContext.ShutDown();
- _mipContext.Dispose();
- }
- private IPolicyProfile CreatePolicyProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
- {
- var profileSettings = new PolicyProfileSettings(_mipContext, CacheStorageType.OnDiskEncrypted);
- var profile = Task.Run(async () => await MIP.LoadPolicyProfileAsync(profileSettings)).Result;
- return profile;
- }
- private IPolicyEngine CreatePolicyEngine(Identity identity)
- {
- var engineSettings = new PolicyEngineSettings(identity.Email, _authDelegate, "", "en-US")
- {
- Identity = identity
- };
- var engine = Task.Run(async () => await _policyProfile.AddEngineAsync(engineSettings)).Result;
- return engine;
- }
- private IFileProfile CreateFileProfile()
- {
- try
- {
- var profileSettings = new FileProfileSettings(_mipContext, CacheStorageType.OnDisk, new ConsentDelegateImplementation());
- // var profileSettings = new FileProfileSettings(_mipContext, CacheStorageType.OnDiskEncrypted, new ConsentDelegateImplementation());
- var fileProfile = Task.Run(async () => await MIP.LoadFileProfileAsync(profileSettings)).Result;
- return fileProfile;
- }
- catch (Exception ex)
- {
- //throw ex;
- }
- return null;
- }
- // public Identity GetUserIdentity()
- // {
- // //AuthenticationResult result = AcquireTokenAsync("https://login.microsoftonline.com/common", "https://graph.microsoft.com", null).Result;
- // return new Identity(result.Account.Username);
- // }
- private IFileEngine CreateFileEngine(Identity identity, string clientData, string locale)
- {
- try
- {
- var configuredFunctions = new Dictionary<FunctionalityFilterType, bool>();
- configuredFunctions.Add(FunctionalityFilterType.DoubleKeyProtection, true);
- var engineSettings = new FileEngineSettings(identity.Email, _authDelegate, clientData, locale)
- {
- Identity = identity,
- ConfiguredFunctionality = configuredFunctions,
- ProtectionOnlyEngine = true
- };
- var fileEngine = Task.Run(async () => await _fileProfile.AddEngineAsync(engineSettings)).Result;
- return fileEngine;
- }
- catch (Exception ex)
- {
- //throw ex;
- }
- return null;
- }
- private IFileHandler CreateFileHandler(Stream stream, string fileName)
- {
- IFileHandler handler;
- try
- {
- if (stream != null)
- {
- handler = Task.Run(async () => await _fileEngine.CreateFileHandlerAsync(stream, fileName, true)).Result;
- }
- else
- {
- handler = Task.Run(async () => await _fileEngine.CreateFileHandlerAsync(fileName, fileName, true)).Result;
- }
- return handler;
- }
- catch (Exception ex)
- {
- throw ex;
- }
- }
- public bool ApplyLabel(Stream stream, Stream outputStream, string fileName, string labelId, string justificationMessage)
- {
- IFileHandler handler;
- try
- {
- // Try to create an IFileHandler using private CreateFileHandler().
- if (stream != null)
- {
- handler = CreateFileHandler(stream, fileName);
- }
- // Try to create an IFileHandler using private CreateFileHandler().
- else
- {
- handler = CreateFileHandler(null, fileName);
- }
- // Applying a label requires LabelingOptions. Hard coded values here, but could be provided by user.
- LabelingOptions labelingOptions = new LabelingOptions()
- {
- JustificationMessage = justificationMessage,
- AssignmentMethod = AssignmentMethod.Standard,
- ExtendedProperties = new List<KeyValuePair<string, string>>()
- };
- // Set the label on the input stream or file.
- handler.SetLabel(_fileEngine.GetLabelById(labelId), labelingOptions, new ProtectionSettings());
- // Call CommitAsync to write result to output stream.
- // Returns a bool to indicate true or false.
- var result = Task.Run(async () => await handler.CommitAsync(outputStream)).Result;
- if (result)
- {
- // Submit an audit event if the change was successful.
- handler.NotifyCommitSuccessful(fileName);
- }
-
- return result;
- }
- catch (Exception ex)
- {
- throw ex;
- }
- }
- public List<AipLabel> ListAllLabels()
- {
- try
- {
- //var labels = _policyEngine.ListSensitivityLabels();
- var labels = _fileEngine.SensitivityLabels;
- var returnLabels = new List<AipLabel>();
- foreach (var label in labels)
- {
- var _label = new AipLabel()
- {
- Name = label.Name,
- Id = label.Id,
- Description = label.Description,
- Sensitivity = label.Sensitivity
- };
- _label.Children = new List<AipLabel>();
- // If the label has an children, iterate through each.
- if (label.Children.Count > 0)
- {
- foreach (var child in label.Children)
- {
- var _child = new AipLabel()
- {
- Name = child.Name,
- Id = child.Id,
- Description = child.Description,
- Sensitivity = child.Sensitivity
- };
- _label.Children.Add(_child);
- }
- }
- returnLabels.Add(_label);
- }
- return returnLabels;
- }
- catch (Exception ex)
- {
- throw ex;
- }
- }
- }
- }
|