private Boolean FilterCallback(IntPtr sendDataPtr, IntPtr replyDataPtr) { bool retVal = true; try { FilterAPI.MessageSendData messageSend = new FilterAPI.MessageSendData(); messageSend = (FilterAPI.MessageSendData)Marshal.PtrToStructure(sendDataPtr, typeof(FilterAPI.MessageSendData)); if (FilterAPI.MESSAGE_SEND_VERIFICATION_NUMBER != messageSend.VerificationNumber) { EventManager.WriteMessage(139, "FilterCallback", EventLevel.Error, "Received message corrupted.Please check if the MessageSendData structure is correct."); return(false); } if (messageSend.MessageType == (uint)FilterAPI.FilterCommand.FILTER_REQUEST_ENCRYPTION_IV_AND_KEY) { if ((replyDataPtr.ToInt64() != 0)) { //this is the customized tag data which was attahced to the encrypted file when it was created. uint tagDataLength = messageSend.DataBufferLength; byte[] tagData = messageSend.DataBuffer; FilterAPI.MessageReplyData messageReply = (FilterAPI.MessageReplyData)Marshal.PtrToStructure(replyDataPtr, typeof(FilterAPI.MessageReplyData)); messageReply.MessageId = messageSend.MessageId; messageReply.MessageType = messageSend.MessageType; //get permission for secure shared file from server, here just demo the server in local, //in reality, your server could be in remote computer. retVal = DRServer.GetFileAccessPermission(ref messageSend, ref messageReply); if (retVal) { messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_SUCCESS; } else { //if you don't want to authorize the process to read the encrytped file,you can set the value as below: messageReply.ReturnStatus = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; messageReply.FilterStatus = (uint)FilterAPI.FilterStatus.FILTER_COMPLETE_PRE_OPERATION; } Marshal.StructureToPtr(messageReply, replyDataPtr, true); if (!retVal) { messageSend.Status = (uint)FilterAPI.NTSTATUS.STATUS_ACCESS_DENIED; } } } filterMessage.AddMessage(messageSend); } catch (Exception ex) { EventManager.WriteMessage(134, "FilterCallback", EventLevel.Error, "filter callback exception." + ex.Message); return(false); } return(retVal); }
private bool CreateOrModifyShareEncryptFile() { string lastError = string.Empty; string authorizedProcessNames = textBox_authorizedProcessNames.Text.Trim(); string unauthorizedProcessNames = textBox_UnauthorizedProcessNames.Text.Trim(); string authorizedUserNames = textBox_AuthorizedUserNames.Text.Trim(); string unauthorizedUserNames = textBox_UnauthorizedUserNames.Text.Trim(); string fileName = textBox_FileName.Text.Trim(); string targetFileName = textBox_TargetName.Text; try { if (fileName.Length == 0) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("The file name can't be empty.", "Create share encrypted file", MessageBoxButtons.OK, MessageBoxIcon.Error); return(false); } DateTime expireDateTime = dateTimePicker_ExpireDate.Value.Date + dateTimePicker_ExpireTime.Value.TimeOfDay; if (expireDateTime <= DateTime.Now) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("The expire time can't be less than current time.", "Create share encrypted file", MessageBoxButtons.OK, MessageBoxIcon.Error); return(false); } if (selectedDRPolicy != null) { DRPolicy drPolicy = GetDRSetting(); string encryptedDRPolicy = DigitalRightControl.EncryptObjectToStr <DRPolicy>(drPolicy); if (WebAPIServices.ModifySharedFileDRInfo(encryptedDRPolicy, ref lastError)) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Modify shared file " + textBox_FileName.Text + " policy succeeded.", "Modify shared file", MessageBoxButtons.OK, MessageBoxIcon.Information); return(true); } else { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Modify shared file " + textBox_FileName.Text + " policy failed with error:" + lastError, "Modify shared file", MessageBoxButtons.OK, MessageBoxIcon.Error); return(false); } } //here we generate the random unique IV and key, you can use your own key and iv byte[] encryptionIV = Utils.GetRandomIV(); byte[] encryptionKey = Utils.GetRandomKey(); string keyStr = string.Empty; string ivStr = string.Empty; if (GlobalConfig.StoreSharedFileMetaDataInServer) { long creationTime = DateTime.Now.ToFileTime(); //send the encrypted file digital right information to the server and get back the iv and key. if (!AddNewFileDRInfoToServer(ref ivStr, ref keyStr, ref creationTime)) { return(false); } if (ivStr.Length > 0 && keyStr.Length > 0) { encryptionIV = Utils.ConvertHexStrToByteArray(ivStr); encryptionKey = Utils.ConvertHexStrToByteArray(keyStr); } } //for this example, we add the encryptIV and account name as the tag data to the encrypted file //you can add your own custom tag data to the encyrpted file, so when someone open the encrypted file, you will get the tag data. string tagStr = GlobalConfig.AccountName + ";" + ivStr; byte[] tagData = UnicodeEncoding.Unicode.GetBytes(tagStr); bool retVal = false; if (fileName.Equals(targetFileName, StringComparison.CurrentCulture)) { retVal = FilterAPI.AESEncryptFileWithTag(fileName, (uint)encryptionKey.Length, encryptionKey, (uint)encryptionIV.Length, encryptionIV, (uint)tagData.Length, tagData); } else { retVal = FilterAPI.AESEncryptFileToFileWithTag(fileName, targetFileName, (uint)encryptionKey.Length, encryptionKey, (uint)encryptionIV.Length, encryptionIV, (uint)tagData.Length, tagData); } if (!retVal) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Create encrypted file " + targetFileName + " failed with error:" + FilterAPI.GetLastErrorMessage(), "Create share encrypted file", MessageBoxButtons.OK, MessageBoxIcon.Error); if (GlobalConfig.StoreSharedFileMetaDataInServer) { WebAPIServices.DeleteShareFile(ivStr, ref lastError); } if (!fileName.Equals(targetFileName, StringComparison.CurrentCulture)) { File.Delete(targetFileName); } return(false); } else { //set this flag to the encrypted file, require to get permission from user mode when the file open if (!FilterAPI.SetHeaderFlags(targetFileName, (uint)AESFlags.Flags_Request_IV_And_Key_From_User, FilterAPI.ALLOW_MAX_RIGHT_ACCESS)) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("SetHeaderFlags for file " + targetFileName + " failed with error:" + FilterAPI.GetLastErrorMessage(), "SetHeaderFlags", MessageBoxButtons.OK, MessageBoxIcon.Error); return(false); } if (!GlobalConfig.StoreSharedFileMetaDataInServer) { //add the permission meta data to a file and store it in the server, it will be used when the file open. if (!DRServer.AddDRInfoToFile(targetFileName, authorizedProcessNames, unauthorizedProcessNames, authorizedUserNames, unauthorizedUserNames , expireDateTime, encryptionIV, encryptionKey, FilterAPI.ALLOW_MAX_RIGHT_ACCESS.ToString())) { return(false); } } MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); string message = "Create encrypted file " + targetFileName + " succeeded, you can distribute this encrypted file to your client.\r\n\r\nDownload this file to the share file drop folder in the client,"; message += " then start the filter service there, now you can open the encrypted file if the process in client has the permission."; MessageBox.Show(message, "Share encrypted file", MessageBoxButtons.OK, MessageBoxIcon.Information); } return(true); } catch (Exception ex) { MessageBoxHelper.PrepToCenterMessageBoxOnForm(this); MessageBox.Show("Create share file failed with error " + ex.Message, "Create share encrypted file", MessageBoxButtons.OK, MessageBoxIcon.Error); return(false); } }