Microsoft Information Protection (MIP) SDK for C++: Reference 1.15
Doxygen-generated documentation for MIP SDK written in C++
Loading...
Searching...
No Matches
protection_handler.h
Go to the documentation of this file.
1/*
2 *
3 * Copyright (c) Microsoft Corporation.
4 * All rights reserved.
5 *
6 * This code is licensed under the MIT License.
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files(the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions :
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
21 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 *
26 */
27/**
28 * @brief Defines ProtectionHandler interface
29 *
30 * @file protection_handler.h
31 */
32
33#ifndef API_MIP_PROTECTION_PROTECTION_HANDLER_H_
34#define API_MIP_PROTECTION_PROTECTION_HANDLER_H_
35
36#include <chrono>
37#include <map>
38#include <memory>
39#include <string>
40#include <vector>
41
42#include "mip/common_types.h"
43#include "mip/mip_export.h"
44#include "mip/mip_namespace.h"
49#include "mip/stream.h"
50#include "mip/user_rights.h"
51#include "mip/user_roles.h"
52
53MIP_NAMESPACE_BEGIN
54
55class CryptoProvider;
56
57/**
58 * @brief Manages protection-related actions for a specific protection configuration
59 */
61public:
62 /**
63 * @brief Interface that receives notifications related to ProtectionHandler
64 *
65 * @note This interface must be implemented by applications using the protection SDK
66 */
67 class Observer {
68 public:
69 /**
70 * @brief Called when ProtectionHandler was created successfully
71 *
72 * @param protectionHandler The newly created ProtectionHandler
73 * @param context The same context that was passed to ProtectionEngine::CreateProtectionHandlerFromDescriptorAsync or
74 * ProtectionEngine::CreateProtectionHandlerFromPublishingLicenseAsync
75 *
76 * @note An application can pass any type of context (for example, std::promise, std::function) to
77 * ProtectionEngine::CreateProtectionHandlerFromDescriptorAsync or
78 * ProtectionEngine::CreateProtectionHandlerFromPublishingLicenseAsync, and that same context will be forwarded
79 * as-is to ProtectionEngine::Observer::OnCreateProtectionHandlerSuccess or
80 * ProtectionEngine::Observer::OnCreateProtectionHandlerFailure
81 */
83 const std::shared_ptr<ProtectionHandler>& protectionHandler,
84 const std::shared_ptr<void>& context) { UNUSED(protectionHandler); UNUSED(context); };
85
86 /**
87 * @brief Called when ProtectionHandler creation failed
88 *
89 * @param error Failure that occurred during creation
90 * @param context The same context that was passed to ProtectionEngine::CreateProtectionHandlerFromDescriptorAsync or
91 * ProtectionEngine::CreateProtectionHandlerFromPublishingLicenseAsync
92 *
93 * @note An application can pass any type of context (for example, std::promise, std::function) to
94 * ProtectionEngine::CreateProtectionHandlerFromDescriptorAsync or
95 * ProtectionEngine::CreateProtectionHandlerFromPublishingLicenseAsync, and that same context will be forwarded
96 * as-is to ProtectionEngine::Observer::OnCreateProtectionHandlerSuccess or
97 * ProtectionEngine::Observer::OnCreateProtectionHandlerFailure
98 */
100 const std::exception_ptr& error,
101 const std::shared_ptr<void>& context) { UNUSED(error); UNUSED(context); }
102
103 /** @cond DOXYGEN_HIDE */
104 virtual ~Observer() { }
105 /** @endcond */
106 };
107
108 /**
109 * @brief Settings used to create a ProtectionHandler to consume existing content
110 */
112 public:
113 /**
114 * @brief ProtectionHandler::ConsumptionSettings constructor for creating a new handler
115 *
116 * @param serializedPublishingLicense Serialized publishing license from protected content
117 */
118 ConsumptionSettings(const std::vector<uint8_t>& serializedPublishingLicense)
119 : mLicenseInfo(std::make_shared<PublishingLicenseInfo>(serializedPublishingLicense)) {}
120
121 /**
122 * @brief ProtectionHandler::ConsumptionSettings constructor for creating a new handler
123 *
124 * @param serializedPreLicense Serialized pre license from attached to the content.
125 * @param serializedPublishingLicense Serialized publishing license from protected content
126 */
128 const std::vector<uint8_t>& serializedPreLicense,
129 const std::vector<uint8_t>& serializedPublishingLicense)
130 : mLicenseInfo(std::make_shared<PublishingLicenseInfo>(serializedPreLicense, serializedPublishingLicense)) {}
131
132 /**
133 * @brief ProtectionHandler::ConsumptionSettings constructor for creating a new handler
134 *
135 * @param licenseInfo Publishing license info from protected content
136 *
137 * @note Providing a PublishingLicenseInfo (as opposed to just a raw serialized publishing license) will remove
138 * the need for MIP SDK to parse the publishing license.
139 */
140 ConsumptionSettings(const std::shared_ptr<PublishingLicenseInfo>& licenseInfo)
141 : mLicenseInfo(licenseInfo) {}
142
143 /**
144 * @brief Get the publishing license associated with the protected content
145 *
146 * @return Publishing license information
147 */
148 std::shared_ptr<PublishingLicenseInfo> GetPublishingLicenseInfo() const {
149 return mLicenseInfo;
150 }
151
152 /**
153 * @brief Sets the delegated user
154 *
155 * @param delegatedUserEmail the delegation email.
156 *
157 * @note A delegated user is specified when the authenticating user/application is acting on behalf of another user
158 */
159 void SetDelegatedUserEmail(const std::string& delegatedUserEmail) { mDelegatedUserEmail = delegatedUserEmail; }
160
161 /**
162 * @brief Gets the delegated user
163 *
164 * @return Delegated user
165 *
166 * @note A delegated user is specified when the authenticating user/application is acting on behalf of another user
167 */
168 const std::string& GetDelegatedUserEmail() const { return mDelegatedUserEmail; }
169
170 /**
171 * @brief Defines the content name to register with document tracking.
172 *
173 * @param contentName The identifier to register content under.
174 *
175 * @note: If the content has already been registered, its name will not be changed.
176 */
177 void SetContentName(const std::string& contentName) { mContentName = contentName;}
178
179 /**
180 * @brief Gets the content name to register with document tracking.
181 *
182 * @return The content name
183 */
184 const std::string& GetContentName() const { return mContentName; }
185
186 /**
187 * @brief Add a capability which will be passed along to RMS when fetching usage rights
188 *
189 * @remarks Capabilities configured for this protection handler take precedence over any RMS capabilities
190 * configured on the protection engine.
191 *
192 * @param capability An identifier that describes a capability that RMS supports
193 */
194 MIP_API void AddRmsCapability(const std::string& capability);
195
196 /**
197 * @brief Remove one of the added usage rights capabilities which get passed to RMS
198 *
199 * @remarks Capabilities configured for this protection handler take precedence over any RMS capabilities
200 * configured on the protection engine.
201 *
202 * @param capability The capability which should be removed.
203 */
204 MIP_API bool RemoveRmsCapability(const std::string& capability);
205
206 /**
207 * @brief The the full set of client capabilities supported when fetching usage rights from RMS.
208 *
209 * @returns a pointer to a list of capabilities.
210 */
211 const std::shared_ptr<std::vector<std::string>> GetRmsCapabilities() const {
212 if (mCapabilities == nullptr) { return mCapabilities; }
213 return std::make_shared<std::vector<std::string>>(*mCapabilities);
214 }
215
216 /** @cond DOXYGEN_HIDE */
217 private:
218 std::shared_ptr<PublishingLicenseInfo> mLicenseInfo;
219 std::string mDelegatedUserEmail;
220 std::string mContentName;
221 std::shared_ptr<std::vector<std::string>> mCapabilities;
222 /** @endcond */
223 };
224
225 /**
226 * @brief Settings used to create a ProtectionHandler to protect new content
227 */
229 public:
230 /**
231 * @brief PublishingSettings constructor for enforcing protection on content
232 *
233 * @param protectionDescriptor Protection details
234 */
235 PublishingSettings(const std::shared_ptr<ProtectionDescriptor>& protectionDescriptor)
236 : mProtectionDescriptor(protectionDescriptor),
237 mIsAuditedExtractionAllowed(false),
238 mIsDeprecatedAlgorithmPreferred(false),
239 mIsPublishingFormatJson(false),
240 mRepairLabelIdAllowed(false),
241 mRegenerateContentKey(false) {}
242
243 /**
244 * @brief PublishingSettings constructor for online republishing
245 *
246 * @param protectionDescriptor New protection details
247 * @param serializedPublishingLicense Original protection license
248 */
250 const std::shared_ptr<ProtectionDescriptor>& protectionDescriptor,
251 const std::vector<uint8_t>& serializedPublishingLicense)
252 : mProtectionDescriptor(protectionDescriptor),
253 mRepublishingLicense(serializedPublishingLicense),
254 mIsAuditedExtractionAllowed(false),
255 mIsDeprecatedAlgorithmPreferred(false),
256 mIsPublishingFormatJson(false),
257 mRepairLabelIdAllowed(false),
258 mRegenerateContentKey(false) {}
259
260 /**
261 * @brief PublishingSettings constructor for offline republishing
262 *
263 * @param protectionDescriptor New protection details
264 * @param protectionHandler Original protection handler
265 */
267 const std::shared_ptr<ProtectionDescriptor>& protectionDescriptor,
268 const std::shared_ptr<ProtectionHandler>& protectionHandler)
269 : mProtectionDescriptor(protectionDescriptor),
270 mProtectionHandler(protectionHandler),
271 mIsAuditedExtractionAllowed(false),
272 mIsDeprecatedAlgorithmPreferred(false),
273 mIsPublishingFormatJson(false),
274 mRepairLabelIdAllowed(false),
275 mRegenerateContentKey(false) {}
276
277 std::shared_ptr<ProtectionDescriptor> GetProtectionDescriptor() const { return mProtectionDescriptor; }
278
279 /**
280 * @brief Gets protection handler for republishing scenario
281 */
282 std::shared_ptr<ProtectionHandler> GetProtectionHandlerForRepublish() const { return mProtectionHandler; }
283
284 /**
285 * @brief Gets whether or not non-MIP-aware applications are allowed to open protected content
286 *
287 * @return If non-MIP-aware applications are allowed to open protected content
288 */
289 bool GetIsAuditedExtractionAllowed() const { return mIsAuditedExtractionAllowed; }
290
291 /**
292 * @brief Sets whether or not non-MIP-aware applications are allowed to open protected content
293 *
294 * @param isAuditedExtractionAllowed If non-MIP-aware applications are allowed to open protected content
295 */
296 void SetIsAuditedExtractionAllowed(bool isAuditedExtractionAllowed) {
297 mIsAuditedExtractionAllowed = isAuditedExtractionAllowed;
298 }
299
300 /**
301 * @brief Gets whether or not deprecated crypto algorithm (ECB) is preferred for backwards compatibility
302 *
303 * @return If deprecated crypto algorithm is preferred
304 */
305 bool GetIsDeprecatedAlgorithmPreferred() const { return mIsDeprecatedAlgorithmPreferred; }
306
307 /**
308 * @brief Sets whether or not deprecated crypto algorithm (ECB) is preferred for backwards compatibility
309 *
310 * @param isDeprecatedAlgorithmPreferred if deprectated crypto algorithm is preferred
311 */
312 void SetIsDeprecatedAlgorithmPreferred(bool isDeprecatedAlgorithmPreferred) {
313 mIsDeprecatedAlgorithmPreferred = isDeprecatedAlgorithmPreferred;
314 }
315
316 /**
317 * @brief Sets the delegated user
318 *
319 * @param delegatedUserEmail the delegation email.
320 *
321 * @note A delegated user is specified when the authenticating user/application is acting on behalf of another user
322 */
323 void SetDelegatedUserEmail(const std::string& delegatedUserEmail) { mDelegatedUserEmail = delegatedUserEmail; }
324
325 /**
326 * @brief Gets the delegated user
327 *
328 * @return Delegated user
329 *
330 * @note A delegated user is specified when the authenticating user/application is acting on behalf of another user
331 */
332 const std::string& GetDelegatedUserEmail() const { return mDelegatedUserEmail; }
333
334 /**
335 * @brief Gets whether or not the returned pl is in json format (xml format is more widely accepted and is the
336 * default).
337 *
338 * @return true if is set to json format output.
339 */
340 bool IsPublishingFormatJson() const { return mIsPublishingFormatJson; }
341
342 /**
343 * @brief Sets whether or not the returned pl is in json format (xml format is more widely accepted and is the default).
344 *
345 * @param isPublishingFormatJson if json format is enabled.
346 */
347 void SetPublishingFormatJson(bool isPublishingFormatJson) {
348 mIsPublishingFormatJson = isPublishingFormatJson;
349 }
350
351 /**
352 * @brief Gets whether or not the content key and ID should be regenerated during republishing.
353 *
354 * @return True if the content key and ID should be regenerated. False otherwise.
355 */
356 bool GetRegenerateContentKey() const { return mRegenerateContentKey; }
357
358 /**
359 * @brief Sets whether or not the content key and ID should be regenerated during republishing.
360 *
361 * @param regenerateContentKey If the content key and ID should be regenerated.
362 */
363 void SetRegenerateContentKey(bool regenerateContentKey) {
364 mRegenerateContentKey = regenerateContentKey;
365 }
366
367 /**
368 * @brief Sets pre-license user
369 *
370 * @param preLicenseUserEmail Pre-license user
371 *
372 * @note If no pre-license user is specified, a pre-license will not be obtained
373 */
374#if !defined(SWIG) && !defined(SWIG_DIRECTORS)
375 [[deprecated("SetPreLicenseUserEmail is deprecated, use SetRequestPreLicense")]]
376#endif
377 void SetPreLicenseUserEmail(const std::string& preLicenseUserEmail) {
378 if(mPublishingUseLicenseRequest == nullptr) {
380 }
381 mPublishingUseLicenseRequest->SetDelegatedUserEmail(preLicenseUserEmail);
382 }
383
384 /**
385 * @brief Gets the pre-license user
386 *
387 * @return Pre-license user
388 */
389#if !defined(SWIG) && !defined(SWIG_DIRECTORS)
390 [[deprecated("GetPreLicenseUserEmail is deprecated, use GetPreLicenseRequest")]]
391#endif
392 const std::string& GetPreLicenseUserEmail() const {
393 static std::string empty;
394 return mPublishingUseLicenseRequest != nullptr ? mPublishingUseLicenseRequest->GetDelegatedUserEmail() : empty; }
395
396 /**
397 * @brief Gets the serialized republishing license
398 *
399 * @return The serialized republishing license
400 */
401 const std::vector<uint8_t>& GetPublishingLicenseForRepublish() const {
402 return mRepublishingLicense;
403 }
404
405 /**
406 * @brief Setting this will cause the publishing request to include a pre-license
407 *
408 * @param publishingUseLicenseRequest The pre-license request
409 *
410 * @note If no pre-license request is specified, a pre-license will not be obtained
411 */
412 void SetRequestPreLicense(std::shared_ptr<PublishingUseLicenseRequest> publishingUseLicenseRequest) {
413 mPublishingUseLicenseRequest = publishingUseLicenseRequest;
414 }
415
416 /**
417 * @brief Gets the pre-license request
418 *
419 * @return Pre-license request
420 */
421 std::shared_ptr<PublishingUseLicenseRequest> GetPreLicenseRequest() const {
422 return mPublishingUseLicenseRequest;
423 }
424
425 /**
426 * @brief Gets whether or not label id can be added to publishing license on republish
427 *
428 * @return True if label info data in protection descriptor can be added to publishing license
429 *
430 * @note This will only take effect if offline protection is used for republishing.
431 */
432 bool GetRepairLabelIdAllowed() const { return mRepairLabelIdAllowed; }
433
434 /**
435 * @brief Sets whether or not label id can be added to publishing license on republish
436 *
437 * @param repairAllowed if label info data in protection descriptor can be added to publishing license
438 *
439 * @note This will only take effect if offline protection is used for republishing. Should only be used to
440 * add a label to adhoc protection that is missing it.
441 */
442 void SetRepairLabelIdAllowed(bool repairAllowed) {
443 mRepairLabelIdAllowed = repairAllowed;
444 }
445
446 /** @cond DOXYGEN_HIDE */
447 private:
448 std::shared_ptr<ProtectionDescriptor> mProtectionDescriptor;
449 std::vector<uint8_t> mRepublishingLicense;
450 std::shared_ptr<ProtectionHandler> mProtectionHandler;
451 bool mIsAuditedExtractionAllowed;
452 bool mIsDeprecatedAlgorithmPreferred;
453 bool mIsPublishingFormatJson;
454 bool mRepairLabelIdAllowed;
455 bool mRegenerateContentKey;
456 std::string mDelegatedUserEmail;
457 std::shared_ptr<PublishingUseLicenseRequest> mPublishingUseLicenseRequest;
458 /** @endcond */
459 };
460
461 /**
462 * @brief Pre-license format
463 */
464 enum class PreLicenseFormat {
465 Xml, /**< Legacy XML/SOAP format used by MSIPC */
466 Json, /**< JSON/REST format used by MIP SDK and RMS SDK */
467 };
468
469 /**
470 * @brief Create a protected stream that will allow for encryption/decryption of content
471 *
472 * @param backingStream Backing stream from which to read/write
473 * @param contentStartPosition Starting position (in bytes) within the backing stream where protected content begins
474 * @param contentSize Size (in bytes) of protected content within backing stream
475 *
476 * @return Protected stream
477 */
478 virtual std::shared_ptr<Stream> CreateProtectedStream(
479 const std::shared_ptr<Stream>& backingStream,
480 int64_t contentStartPosition,
481 int64_t contentSize) = 0;
482
483 /**
484 * @brief Encrypt a buffer
485 *
486 * @param offsetFromStart Relative position of inputBuffer from the very beginning of the cleartext content
487 * @param inputBuffer Buffer of cleartext content that will be encrypted
488 * @param inputBufferSize Size (in bytes) of input buffer
489 * @param outputBuffer Buffer into which encrypted content will be copied
490 * @param outputBufferSize Size (in bytes) of output buffer
491 * @param isFinal If input buffer contains the final cleartext bytes or not
492 *
493 * @return actual size (in bytes) of encrypted content
494 */
495 virtual int64_t EncryptBuffer(
496 int64_t offsetFromStart,
497 const uint8_t* inputBuffer,
498 int64_t inputBufferSize,
499 uint8_t* outputBuffer,
500 int64_t outputBufferSize,
501 bool isFinal) = 0;
502
503 /**
504 * @brief Decrypt a buffer
505 *
506 * @param offsetFromStart Relative position of inputBuffer from the very beginning of the encrypted content
507 * @param inputBuffer Buffer of encrypted content that will be decrypted
508 * @param inputBufferSize Size (in bytes) of input buffer
509 * @param outputBuffer Buffer into which decrypted content will be copied
510 * @param outputBufferSize Size (in bytes) of output buffer
511 * @param isFinal If input buffer contains the final encrypted bytes or not
512 *
513 * @return actual size (in bytes) of decrypted content
514 */
515 virtual int64_t DecryptBuffer(
516 int64_t offsetFromStart,
517 const uint8_t* inputBuffer,
518 int64_t inputBufferSize,
519 uint8_t* outputBuffer,
520 int64_t outputBufferSize,
521 bool isFinal) = 0;
522
523 /**
524 * @brief Calculates size (in bytes) of content if it were to be encrypted with this ProtectionHandler
525 *
526 * @param unprotectedLength Size (in bytes) of unprotected content
527 * @param includesFinalBlock Describes if the unprotected content in question includes the final block or not.
528 * For example, in CBC4k encryption mode, non-final protected blocks are the same size as unprotected blocks, but
529 * final protected blocks are larger than their unprotected counterparts.
530 *
531 * @return Size (in bytes) of protected content
532 */
533 virtual int64_t GetProtectedContentLength(int64_t unprotectedLength, bool includesFinalBlock) = 0;
534
535 /**
536 * @brief Gets the block size (in bytes) for the cipher mode used by this ProtectionHandler
537 *
538 * @return Block size (in bytes)
539 */
540 virtual int64_t GetBlockSize() = 0;
541
542 /**
543 * @brief Gets the rights granted to the user/identity associated with this ProtectionHandler
544 *
545 * @return Rights granted to the user
546 */
547 virtual std::vector<std::string> GetRights() const = 0;
548
549 /**
550 * @brief Checks if protection handler grants user access to the specified right
551 *
552 * @param right Right to check
553 *
554 * @return If protection handler grants user access to the specified right or not
555 */
556 virtual bool AccessCheck(const std::string& right) const = 0;
557
558 /**
559 * @brief Gets user associated with the protection handler
560 *
561 * @return User associated with protection handler
562 */
563 virtual const std::string GetIssuedTo() = 0;
564
565 /**
566 * @brief Gets email address of content owner
567 *
568 * @return Email address of content owner
569 */
570 virtual const std::string GetOwner() = 0;
571
572 /**
573 * @brief Gets if the current user is the content owner or not
574 *
575 * @return If the current user is the content owner or not
576 */
577 virtual bool IsIssuedToOwner() = 0;
578
579 /**
580 * @brief Gets protection details
581 *
582 * @return Protection details
583 */
584 virtual std::shared_ptr<ProtectionDescriptor> GetProtectionDescriptor() = 0;
585
586 /**
587 * @brief Gets unique identifier for the document/content
588 *
589 * @return Unique content identifier
590 *
591 * @note Publishing licenses will have this identifier surrounded by curly braces "{}".
592 * Those braces are removed from the value returned here
593 */
594 virtual const std::string GetContentId() = 0;
595
596 /**
597 * @brief Gets if protection handler uses deprecated crypto algorithms (ECB) for backward compatibility or not
598 *
599 * @return If protection handler uses deprecated crypto algorithms or not
600 */
601 virtual bool DoesUseDeprecatedAlgorithms() = 0;
602
603 /**
604 * @brief Gets if protected content requires application-defined padding or if it is handled internally.
605 *
606 * @return True, if application-defined padding is required, false if not.
607 */
609
610 /**
611 * @brief Gets if protection handler grants user 'audited extract' right or not
612 *
613 * @return If protection handler grants user 'audited extract' right or not
614 */
615 virtual bool IsAuditedExtractAllowed() = 0;
616
617 /**
618 * @brief Serialize ProtectionHandler into a publishing license (PL)
619 *
620 * @return Serialized publishing license
621 */
622 virtual const std::vector<uint8_t>& GetSerializedPublishingLicense() const = 0;
623
624 /**
625 * @brief Get pre-license
626 *
627 * @param format Pre-license format
628 *
629 * @return Serialized pre-license
630 *
631 * @note A pre-license allows a user to immediately consume content without making an additional HTTP call. The
632 * ProtectionHandler must have been created with a ProtectionHandler::PublishingSettings::SetPreLicenseUserEmail
633 * value or else this will return an empty vector.
634 */
635 virtual const std::vector<uint8_t>& GetSerializedPreLicense(PreLicenseFormat format) const = 0;
636
637 /**
638 * @brief Gets the cipher mode of the protection handler
639 *
640 * @return The cipher mode
641 */
642 virtual CipherMode GetCipherMode() const = 0;
643
644 /** @cond DOXYGEN_HIDE */
645 virtual const std::shared_ptr<CryptoProvider> GetCryptoProvider() = 0;
646 virtual const std::shared_ptr<CryptoProvider>& GetPolicyCryptoProvider() const = 0;
647 virtual ~ProtectionHandler() {}
648
649 /** @endcond */
650};
651
652MIP_NAMESPACE_END
653#endif // API_MIP_PROTECTION_PROTECTION_HANDLER_H_
Settings to use for protection operations.
Settings used to create a ProtectionHandler to consume existing content.
MIP_API bool RemoveRmsCapability(const std::string &capability)
Remove one of the added usage rights capabilities which get passed to RMS.
ConsumptionSettings(const std::shared_ptr< PublishingLicenseInfo > &licenseInfo)
ProtectionHandler::ConsumptionSettings constructor for creating a new handler.
void SetContentName(const std::string &contentName)
Defines the content name to register with document tracking.
ConsumptionSettings(const std::vector< uint8_t > &serializedPublishingLicense)
ProtectionHandler::ConsumptionSettings constructor for creating a new handler.
const std::string & GetContentName() const
Gets the content name to register with document tracking.
const std::string & GetDelegatedUserEmail() const
Gets the delegated user.
ConsumptionSettings(const std::vector< uint8_t > &serializedPreLicense, const std::vector< uint8_t > &serializedPublishingLicense)
ProtectionHandler::ConsumptionSettings constructor for creating a new handler.
std::shared_ptr< PublishingLicenseInfo > GetPublishingLicenseInfo() const
Get the publishing license associated with the protected content.
const std::shared_ptr< std::vector< std::string > > GetRmsCapabilities() const
The the full set of client capabilities supported when fetching usage rights from RMS.
void SetDelegatedUserEmail(const std::string &delegatedUserEmail)
Sets the delegated user.
MIP_API void AddRmsCapability(const std::string &capability)
Add a capability which will be passed along to RMS when fetching usage rights.
Interface that receives notifications related to ProtectionHandler.
virtual void OnCreateProtectionHandlerFailure(const std::exception_ptr &error, const std::shared_ptr< void > &context)
Called when ProtectionHandler creation failed.
virtual void OnCreateProtectionHandlerSuccess(const std::shared_ptr< ProtectionHandler > &protectionHandler, const std::shared_ptr< void > &context)
Called when ProtectionHandler was created successfully.
Settings used to create a ProtectionHandler to protect new content.
bool GetIsDeprecatedAlgorithmPreferred() const
Gets whether or not deprecated crypto algorithm (ECB) is preferred for backwards compatibility.
void SetRequestPreLicense(std::shared_ptr< PublishingUseLicenseRequest > publishingUseLicenseRequest)
Setting this will cause the publishing request to include a pre-license.
const std::string & GetPreLicenseUserEmail() const
Gets the pre-license user.
std::shared_ptr< ProtectionDescriptor > GetProtectionDescriptor() const
bool GetRegenerateContentKey() const
Gets whether or not the content key and ID should be regenerated during republishing.
void SetRepairLabelIdAllowed(bool repairAllowed)
Sets whether or not label id can be added to publishing license on republish.
const std::string & GetDelegatedUserEmail() const
Gets the delegated user.
const std::vector< uint8_t > & GetPublishingLicenseForRepublish() const
Gets the serialized republishing license.
bool GetRepairLabelIdAllowed() const
Gets whether or not label id can be added to publishing license on republish.
void SetPublishingFormatJson(bool isPublishingFormatJson)
Sets whether or not the returned pl is in json format (xml format is more widely accepted and is the ...
PublishingSettings(const std::shared_ptr< ProtectionDescriptor > &protectionDescriptor)
PublishingSettings constructor for enforcing protection on content.
PublishingSettings(const std::shared_ptr< ProtectionDescriptor > &protectionDescriptor, const std::vector< uint8_t > &serializedPublishingLicense)
PublishingSettings constructor for online republishing.
void SetIsAuditedExtractionAllowed(bool isAuditedExtractionAllowed)
Sets whether or not non-MIP-aware applications are allowed to open protected content.
void SetIsDeprecatedAlgorithmPreferred(bool isDeprecatedAlgorithmPreferred)
Sets whether or not deprecated crypto algorithm (ECB) is preferred for backwards compatibility.
std::shared_ptr< PublishingUseLicenseRequest > GetPreLicenseRequest() const
Gets the pre-license request.
bool GetIsAuditedExtractionAllowed() const
Gets whether or not non-MIP-aware applications are allowed to open protected content.
void SetDelegatedUserEmail(const std::string &delegatedUserEmail)
Sets the delegated user.
void SetRegenerateContentKey(bool regenerateContentKey)
Sets whether or not the content key and ID should be regenerated during republishing.
bool IsPublishingFormatJson() const
Gets whether or not the returned pl is in json format (xml format is more widely accepted and is the ...
PublishingSettings(const std::shared_ptr< ProtectionDescriptor > &protectionDescriptor, const std::shared_ptr< ProtectionHandler > &protectionHandler)
PublishingSettings constructor for offline republishing.
std::shared_ptr< ProtectionHandler > GetProtectionHandlerForRepublish() const
Gets protection handler for republishing scenario.
void SetPreLicenseUserEmail(const std::string &preLicenseUserEmail)
Sets pre-license user.
Manages protection-related actions for a specific protection configuration.
virtual const std::string GetContentId()=0
Gets unique identifier for the document/content.
virtual bool IsAuditedExtractAllowed()=0
Gets if protection handler grants user 'audited extract' right or not.
virtual bool IsIssuedToOwner()=0
Gets if the current user is the content owner or not.
virtual int64_t DecryptBuffer(int64_t offsetFromStart, const uint8_t *inputBuffer, int64_t inputBufferSize, uint8_t *outputBuffer, int64_t outputBufferSize, bool isFinal)=0
Decrypt a buffer.
virtual const std::vector< uint8_t > & GetSerializedPublishingLicense() const =0
Serialize ProtectionHandler into a publishing license (PL)
virtual int64_t GetProtectedContentLength(int64_t unprotectedLength, bool includesFinalBlock)=0
Calculates size (in bytes) of content if it were to be encrypted with this ProtectionHandler.
virtual bool UsesApplicationDefinedPadding()=0
Gets if protected content requires application-defined padding or if it is handled internally.
virtual std::shared_ptr< ProtectionDescriptor > GetProtectionDescriptor()=0
Gets protection details.
virtual std::shared_ptr< Stream > CreateProtectedStream(const std::shared_ptr< Stream > &backingStream, int64_t contentStartPosition, int64_t contentSize)=0
Create a protected stream that will allow for encryption/decryption of content.
virtual const std::string GetIssuedTo()=0
Gets user associated with the protection handler.
virtual const std::string GetOwner()=0
Gets email address of content owner.
virtual CipherMode GetCipherMode() const =0
Gets the cipher mode of the protection handler.
virtual const std::vector< uint8_t > & GetSerializedPreLicense(PreLicenseFormat format) const =0
Get pre-license.
virtual std::vector< std::string > GetRights() const =0
Gets the rights granted to the user/identity associated with this ProtectionHandler.
virtual bool DoesUseDeprecatedAlgorithms()=0
Gets if protection handler uses deprecated crypto algorithms (ECB) for backward compatibility or not.
PreLicenseFormat
Pre-license format.
@ Xml
Legacy XML/SOAP format used by MSIPC.
@ Json
JSON/REST format used by MIP SDK and RMS SDK.
virtual int64_t EncryptBuffer(int64_t offsetFromStart, const uint8_t *inputBuffer, int64_t inputBufferSize, uint8_t *outputBuffer, int64_t outputBufferSize, bool isFinal)=0
Encrypt a buffer.
virtual bool AccessCheck(const std::string &right) const =0
Checks if protection handler grants user access to the specified right.
virtual int64_t GetBlockSize()=0
Gets the block size (in bytes) for the cipher mode used by this ProtectionHandler.
Holds the details of a Publishing License used to create a protection handler.
static MIP_API std::shared_ptr< PublishingUseLicenseRequest > __CDECL CreatePublishingUseLicenseRequest()
Creates a PublishingUseLicenseRequest object.
A file Containing the common types used by the upe, file and protection modules.
A file export/import macros.
MIP namespace macros.
Defines ProtectionCommonSettings interface.
A file containing the common types used by the protection module.
CipherMode
Cipher mode identifier.
Defines ProtectionDescriptor interface.
Defines the PublishingUseLicenseRequest interface.
A file containing the Stream interface/class definition.
Defines UserRights class.
Defines UserRoles class.