/*
*
* Copyright (c) Microsoft Corporation.
* All rights reserved.
*
* This code is licensed under the MIT License.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files(the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions :
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
*/
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using Microsoft.InformationProtection.File;
using Microsoft.InformationProtection.Exceptions;
using Microsoft.InformationProtection;
using System.Configuration;
using static BSOneMip.Define;
using Microsoft.InformationProtection.Protection;
using Microsoft.InformationProtection.Policy.Actions;
namespace BSOneMip
{
///
/// Action class implements the various MIP functionality.
/// For this sample, only profile, engine, and handler creation are defined.
/// The IFileHandler may be used to label a file and read a labeled file.
///
public class Action : IDisposable
{
// Fetch tenant name to build identity for service principal
private static readonly string tenant = TENANT_ID; // ConfigurationManager.AppSettings["ida:Tenant"];
private AuthDelegateImplementation authDelegate;
private ApplicationInfo appInfo;
private IFileProfile profile;
private IFileEngine engine;
//private IProtectionProfile profile_protec;
//private IProtectionEngine engine_protec;
private MipContext mipContext;
private string sDelegatedUserEmail_;
private string sEmpNo_;
// Used to pass in options for labeling the file.
public struct FileOptions
{
public string FileName;
public string OutputName;
public string LabelId;
public DataState DataState;
public AssignmentMethod AssignmentMethod;
public ActionSource ActionSource;
public bool IsAuditDiscoveryEnabled;
public bool GenerateChangeAuditEvent;
}
///
/// Constructor for Action class. Pass in AppInfo to simplify passing settings to AuthDelegate.
///
///
public Action(ApplicationInfo appInfo, string sDelegatedUserEmail = "")
{
this.appInfo = appInfo;
this.sDelegatedUserEmail_ = sDelegatedUserEmail;
this.sEmpNo_ = sDelegatedUserEmail_;
int i = this.sEmpNo_.IndexOf('@');
if (i > 0)
this.sEmpNo_ = this.sEmpNo_.Substring(0, i);
if ((sEmpNo_ != "") && (sEmpNo_.ToLower() == "bsowner"))
sDelegatedUserEmail_ = "";
//sDelegatedUserEmail_ = "aiptest@unitus.co.kr";
//sDelegatedUserEmail_ = "kjkim@tocsgm365.onmicrosoft.com";
authDelegate = new AuthDelegateImplementation(this.appInfo);
// Initialize SDK DLLs. If DLLs are missing or wrong type, this will throw an exception
MIP.Initialize(MipComponent.File);
// Create MipConfiguration Object
MipConfiguration mipConfiguration = new MipConfiguration(appInfo, "mip_data", LogLevel.Trace, false);
// Create MipContext using MipConfiguration
mipContext = MIP.CreateMipContext(mipConfiguration);
// We must construct a service principal identity mail address as it can't be fetched from the token.
// Here, we set it to be ClientId@Tenant.com, but the SDK will accept any properly formatted email address.
Identity id = new Identity(String.Format("{0}@{1}", appInfo.ApplicationId, tenant))
//Identity id = new Identity("kjkim@kku97.onmicrosoft.com")
//Identity id = new Identity("2323308@hec.co.kr")
{
// Use this if you want the app to protect on behalf of a user. That user owns the protected content.
//Email = "2323308@hec.co.kr"
};
// Create profile.
profile = CreateFileProfile(appInfo, ref authDelegate);
// Create engine providing Identity from authDelegate to assist with service discovery.
engine = CreateFileEngine(id);
//profile_protec = CreateProtectionProfile(appInfo, ref authDelegate);
//engine_protec = CreateProtectionEngine(id);
}
///
/// Null refs to engine and profile and release all MIP resources.
///
public void Dispose()
{
profile.UnloadEngineAsync(engine.Settings.EngineId).Wait();
//profile_protec.Dispose();
//engine_protec.Dispose();
engine.Dispose();
profile.Dispose();
mipContext.ShutDown();
mipContext.Dispose();
}
//public List ListTemplates()
//{
// return engine_protec.GetTemplates();
//}
private IProtectionProfile CreateProtectionProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
{
// Initialize ProtectionProfileSettings
var profileSettings = new ProtectionProfileSettings(mipContext,
CacheStorageType.OnDisk,
new ConsentDelegateImplementation());
// Use MIP.LoadProtectionProfileAsync() providing settings to create IProtectionProfile
// IProtectionProfile is the root of all SDK operations for a given application
var profile = MIP.LoadProtectionProfile(profileSettings);
return profile;
}
//private IProtectionEngine CreateProtectionEngine(Identity identity)
//{
// if (profile_protec == null)
// {
// profile_protec = CreateProtectionProfile(appInfo, ref authDelegate);
// }
// // Create protection engine settings object. Passing in empty string for the first parameter, engine ID, will cause the SDK to generate a GUID.
// // Passing in a email address or other unique value helps to ensure that the cached engine is loaded each time for the same user.
// // Locale settings are supported and should be provided based on the machine locale, particular for client applications.
// var engineSettings = new ProtectionEngineSettings(identity.Email, authDelegate, "", "")
// {
// Identity = identity
// };
// var engine = profile_protec.AddEngine(engineSettings);
// return engine;
//}
///
/// Creates an IFileProfile and returns.
/// IFileProfile is the root of all MIP SDK File API operations. Typically only one should be created per app.
///
///
///
///
private IFileProfile CreateFileProfile(ApplicationInfo appInfo, ref AuthDelegateImplementation authDelegate)
{
// Initialize file profile settings to create/use local state.
var profileSettings = new FileProfileSettings(mipContext, CacheStorageType.OnDiskEncrypted, new ConsentDelegateImplementation());
// Use MIP.LoadFileProfileAsync() providing settings to create IFileProfile.
// IFileProfile is the root of all SDK operations for a given application.
var profile = Task.Run(async () => await MIP.LoadFileProfileAsync(profileSettings)).Result;
return profile;
}
///
/// Creates a file engine, associating the engine with the specified identity.
/// File engines are generally created per-user in an application.
/// IFileEngine implements all operations for fetching labels and sensitivity types.
/// IFileHandlers are added to engines to perform labeling operations.
///
///
///
private IFileEngine CreateFileEngine(Identity identity)
{
// If the profile hasn't been created, do that first.
if (profile == null)
{
profile = CreateFileProfile(appInfo, ref authDelegate);
}
// Create file settings object. Passing in empty string for the first parameter, engine ID, will cause the SDK to generate a GUID.
// Locale settings are supported and should be provided based on the machine locale, particular for client applications.
var engineSettings = new FileEngineSettings("", authDelegate, "", "en-US")
{
// Provide the identity for service discovery.
Identity = identity,
DelegatedUserEmail = sDelegatedUserEmail_ // 위임할 계정 정보... 해냈다... 23_1031 kku
};
// Add the IFileEngine to the profile and return.
var engine = Task.Run(async () => await profile.AddEngineAsync(engineSettings)).Result;
return engine;
}
///
/// Method creates a file handler and returns to the caller.
/// IFileHandler implements all labeling and protection operations in the File API.
///
/// Struct provided to set various options for the handler.
///
private IFileHandler CreateFileHandler(FileOptions options)
{
// Create the handler using options from FileOptions. Assumes that the engine was previously created and stored in private engine object.
// There's probably a better way to pass/store the engine, but this is a sample ;)
var handler = Task.Run(async () => await engine.CreateFileHandlerAsync(options.FileName, options.FileName, options.IsAuditDiscoveryEnabled)).Result;
return handler;
}
private IFileHandler CreateFileHandler(string filename)
{
// Create the handler using options from FileOptions. Assumes that the engine was previously created and stored in private engine object.
// There's probably a better way to pass/store the engine, but this is a sample ;)
var handler = Task.Run(async () => await engine.CreateFileHandlerAsync(filename, filename, false)).Result;
return handler;
}
///
/// List all labels from the engine and return in IEnumerable
///
public IEnumerable