mirror of
https://gitee.com/openharmony/account_os_account
synced 2024-11-23 02:00:01 +00:00
commit
05a71bb273
@ -55,6 +55,7 @@ const char OPERATION_STOP[] = "stop";
|
||||
const char OPERATION_START[] = "start";
|
||||
const char OPERATION_UPDATE[] = "update";
|
||||
const char OPERATION_UNLOCK[] = "unlock";
|
||||
const char OPERATION_REENROLL[] = "re-enroll";
|
||||
|
||||
// distributed database
|
||||
const char APP_ID[] = "os_account_mgr_service";
|
||||
@ -96,6 +97,7 @@ const int64_t TIME_WAIT_TIME_OUT = 5;
|
||||
const std::int32_t WAIT_ONE_TIME = 1000;
|
||||
const uint64_t DEFAULT_DISPALY_ID = 0;
|
||||
const uint64_t INVALID_DISPALY_ID = -1ull;
|
||||
const uint64_t REENROLL_WAIT_TIME = 3;
|
||||
|
||||
// an error code of ipc which means peer end is dead
|
||||
const int32_t E_IPC_ERROR = 29189;
|
||||
|
@ -16,6 +16,7 @@
|
||||
#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H
|
||||
#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H
|
||||
|
||||
#include <condition_variable>
|
||||
#include <map>
|
||||
#include <vector>
|
||||
#include "account_file_operator.h"
|
||||
@ -23,6 +24,7 @@
|
||||
#include "domain_account_callback.h"
|
||||
#include "iaccount_iam_callback.h"
|
||||
#include "iremote_object.h"
|
||||
#include "iremote_stub.h"
|
||||
|
||||
namespace OHOS {
|
||||
namespace AccountSA {
|
||||
@ -51,9 +53,12 @@ public:
|
||||
|
||||
private:
|
||||
ErrCode HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus);
|
||||
void HandleReEnroll(const Attributes &extraInfo, int32_t accountId, const std::vector<uint8_t> &token);
|
||||
ErrCode InnerHandleReEnroll(const std::vector<uint8_t> &token);
|
||||
|
||||
private:
|
||||
uint32_t userId_;
|
||||
uint32_t callerTokenId_;
|
||||
uint64_t credentialId_;
|
||||
AuthType authType_;
|
||||
bool isRemoteAuth_ = false;
|
||||
@ -155,6 +160,9 @@ struct UpdateCredInfo {
|
||||
std::vector<uint8_t> token;
|
||||
std::vector<uint8_t> newSecret;
|
||||
std::vector<uint8_t> oldSecret;
|
||||
|
||||
UpdateCredInfo() = default;
|
||||
UpdateCredInfo(const Attributes &extraInfo);
|
||||
};
|
||||
|
||||
class CommitCredUpdateCallback : public UserIdmClientCallback {
|
||||
@ -278,6 +286,18 @@ private:
|
||||
GetPropertyRequest request_;
|
||||
sptr<IGetSetPropCallback> innerCallback_;
|
||||
};
|
||||
|
||||
class ReEnrollCallback final : public IRemoteStub<IIDMCallback> {
|
||||
public:
|
||||
bool isCalled_ = false;
|
||||
ErrCode result_ = ERR_ACCOUNT_COMMON_NOT_INIT_ERROR;
|
||||
std::mutex mutex_;
|
||||
std::condition_variable onResultCondition_;
|
||||
|
||||
ReEnrollCallback();
|
||||
void OnResult(int32_t result, const Attributes &extraInfo) override;
|
||||
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
|
||||
};
|
||||
} // namespace AccountSA
|
||||
} // namespace OHOS
|
||||
#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CALLBACK_H
|
||||
|
@ -15,9 +15,11 @@
|
||||
|
||||
#include "account_iam_callback.h"
|
||||
|
||||
#include <mutex>
|
||||
#include <securec.h>
|
||||
#include <string>
|
||||
#include "access_token.h"
|
||||
#include "accesstoken_kit.h"
|
||||
#include "account_iam_info.h"
|
||||
#include "account_info_report.h"
|
||||
#include "account_log_wrapper.h"
|
||||
@ -55,14 +57,106 @@ void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
|
||||
AuthCallback::AuthCallback(
|
||||
uint32_t userId, uint64_t credentialId, AuthType authType, const sptr<IIDMCallback> &callback)
|
||||
: userId_(userId), credentialId_(credentialId), authType_(authType), innerCallback_(callback)
|
||||
{}
|
||||
{
|
||||
// save caller tokenId for pin re-enroll
|
||||
if (authType == AuthType::PIN) {
|
||||
callerTokenId_ = IPCSkeleton::GetCallingTokenID();
|
||||
}
|
||||
}
|
||||
|
||||
AuthCallback::AuthCallback(uint32_t userId, uint64_t credentialId, AuthType authType,
|
||||
bool isRemoteAuth, const sptr<IIDMCallback> &callback)
|
||||
: userId_(userId), credentialId_(credentialId), authType_(authType),
|
||||
isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
|
||||
{
|
||||
// save caller tokenId for pin re-enroll
|
||||
if (authType == AuthType::PIN) {
|
||||
callerTokenId_ = IPCSkeleton::GetCallingTokenID();
|
||||
}
|
||||
}
|
||||
|
||||
UpdateCredInfo::UpdateCredInfo(const Attributes &extraInfo)
|
||||
{
|
||||
extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
|
||||
extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
|
||||
}
|
||||
|
||||
ReEnrollCallback::ReEnrollCallback()
|
||||
{}
|
||||
|
||||
void ReEnrollCallback::OnResult(int32_t result, const Attributes &extraInfo)
|
||||
{
|
||||
std::unique_lock<std::mutex> lock(mutex_);
|
||||
ACCOUNT_LOGE("ReEnroll: UpdateCredential call to ReEnroll OnResult, result is %{public}d", result);
|
||||
result_ = result;
|
||||
isCalled_ = true;
|
||||
onResultCondition_.notify_one();
|
||||
return;
|
||||
}
|
||||
|
||||
void ReEnrollCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const AccountSA::Attributes &extraInfo)
|
||||
{
|
||||
std::unique_lock<std::mutex> lock(mutex_);
|
||||
ACCOUNT_LOGE("ReEnroll: UpdateCredential unexpected call to OnAcquireInfo");
|
||||
isCalled_ = true;
|
||||
onResultCondition_.notify_one();
|
||||
return;
|
||||
}
|
||||
|
||||
ErrCode AuthCallback::InnerHandleReEnroll(const std::vector<uint8_t> &token)
|
||||
{
|
||||
//set first caller to sceneboard
|
||||
SetFirstCallerTokenID(callerTokenId_);
|
||||
sptr<ReEnrollCallback> callback = new (std::nothrow) ReEnrollCallback();
|
||||
if (callback == nullptr) {
|
||||
ACCOUNT_LOGE("ReEnroll: failed to allocate callback");
|
||||
return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
|
||||
}
|
||||
CredentialParameters credInfo = {
|
||||
.authType = AuthType::PIN,
|
||||
// `pinType` is unused in iam
|
||||
.pinType = PinSubType::PIN_SIX,
|
||||
.token = token
|
||||
};
|
||||
InnerAccountIAMManager::GetInstance().UpdateCredential(userId_, credInfo, callback);
|
||||
std::unique_lock<std::mutex> lock(callback->mutex_);
|
||||
bool done = callback->onResultCondition_.wait_for(lock, std::chrono::seconds(Constants::REENROLL_WAIT_TIME),
|
||||
[cb = callback]() { return cb->isCalled_; });
|
||||
ErrCode result = callback->result_;
|
||||
if (!done) {
|
||||
ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, timeout");
|
||||
return ERR_ACCOUNT_COMMON_OPERATION_TIMEOUT;
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
void AuthCallback::HandleReEnroll(const Attributes &extraInfo, int32_t accountId, const std::vector<uint8_t> &token)
|
||||
{
|
||||
bool needReEnroll = false;
|
||||
extraInfo.GetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, needReEnroll);
|
||||
if (!needReEnroll) {
|
||||
return;
|
||||
}
|
||||
if (authType_ == AuthType::PIN) {
|
||||
ACCOUNT_LOGI("ReEnroll: need re-enroll for accountId %{public}d", accountId);
|
||||
ErrCode result = InnerHandleReEnroll(token);
|
||||
if (result != ERR_OK) {
|
||||
ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, result is %{public}d", result);
|
||||
ReportOsAccountOperationFail(accountId, "ReEnroll", result, "UpdateCredential failed");
|
||||
} else {
|
||||
ACCOUNT_LOGI("ReEnroll: UpdateCredential successful");
|
||||
ReportOsAccountLifeCycle(accountId, Constants::OPERATION_REENROLL);
|
||||
}
|
||||
} else {
|
||||
ACCOUNT_LOGW("ReEnroll: re-enroll flag exist but authType:%{public}d is not pin", authType_);
|
||||
}
|
||||
// ATTR_RE_ENROLL_FLAG is true means iam opened a session, remeber to close it
|
||||
InnerAccountIAMManager::GetInstance().CloseSession(userId_);
|
||||
}
|
||||
|
||||
ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
|
||||
{
|
||||
std::vector<uint8_t> token;
|
||||
@ -106,6 +200,7 @@ ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t acco
|
||||
return ERR_OK;
|
||||
}
|
||||
InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
|
||||
HandleReEnroll(extraInfo, accountId, token);
|
||||
return ret;
|
||||
}
|
||||
|
||||
@ -346,12 +441,7 @@ void UpdateCredCallback::InnerOnResult(int32_t result, const Attributes &extraIn
|
||||
ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
|
||||
return innerCallback_->OnResult(result, extraInfo);
|
||||
}
|
||||
UpdateCredInfo updateCredInfo;
|
||||
extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, updateCredInfo.credentialId);
|
||||
extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, updateCredInfo.secureUid);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, updateCredInfo.token);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, updateCredInfo.newSecret);
|
||||
extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, updateCredInfo.oldSecret);
|
||||
UpdateCredInfo updateCredInfo(extraInfo);
|
||||
if (updateCredInfo.oldSecret.empty()) {
|
||||
ErrCode code = innerIamMgr.UpdateUserAuthWithRecoveryKey(credInfo_.token,
|
||||
updateCredInfo.newSecret, updateCredInfo.secureUid, userId_);
|
||||
@ -407,7 +497,7 @@ void DelUserInputer::OnGetData(int32_t authSubType, std::vector<uint8_t> challen
|
||||
ACCOUNT_LOGE("InputerData is nullptr");
|
||||
return;
|
||||
}
|
||||
inputerData->OnSetData(authSubType, TEMP_PIN);
|
||||
inputerData->OnSetData(PinSubType::PIN_SIX, TEMP_PIN);
|
||||
}
|
||||
|
||||
DelUserCallback::DelUserCallback(uint32_t userId, const sptr<IIDMCallback> &callback)
|
||||
|
@ -152,8 +152,9 @@ void InnerAccountIAMManager::UpdateCredential(
|
||||
|
||||
std::lock_guard<std::mutex> userLock(*GetOperatingUserLock(userId));
|
||||
sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
|
||||
if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
|
||||
(!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
|
||||
sptr<IRemoteObject> object = callback->AsObject();
|
||||
if ((deathRecipient == nullptr) || object == nullptr ||
|
||||
((object->IsProxyObject()) && (!object->AddDeathRecipient(deathRecipient)))) {
|
||||
ACCOUNT_LOGE("Failed to add death recipient for UpdateCred");
|
||||
return;
|
||||
}
|
||||
|
@ -193,6 +193,30 @@ HWTEST_F(AccountIamCallbackTest, AuthCallback_OnResult_0300, TestSize.Level0)
|
||||
EXPECT_EQ(errCode, callback->result_);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: AuthCallback_OnResult_0400
|
||||
* @tc.desc: OnResult test with ReEnroll flag.
|
||||
* @tc.type: FUNC
|
||||
* @tc.require:
|
||||
*/
|
||||
HWTEST_F(AccountIamCallbackTest, AuthCallback_OnResult_0400, TestSize.Level0)
|
||||
{
|
||||
AccessTokenID tokenId = AccessTokenKit::GetHapTokenID(DEFAULT_USER_ID, "com.ohos.settings", 0);
|
||||
SetSelfTokenID(tokenId);
|
||||
sptr<MockIIDMCallback> callback = new (std::nothrow) MockIIDMCallback();
|
||||
auto userAuthCallback = std::make_shared<AuthCallback>(TEST_USER_ID, TEST_CREDENTIAL_ID, AuthType::PIN, callback);
|
||||
EXPECT_TRUE(userAuthCallback->innerCallback_ != nullptr);
|
||||
Attributes extraInfo;
|
||||
EXPECT_EQ(extraInfo.SetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, true), true);
|
||||
int32_t errCode = 0;
|
||||
userAuthCallback->OnResult(errCode, extraInfo);
|
||||
EXPECT_EQ(ResultCode::FAIL, callback->result_);
|
||||
errCode = 10; // result != 0
|
||||
userAuthCallback->OnResult(errCode, extraInfo);
|
||||
EXPECT_EQ(errCode, callback->result_);
|
||||
SetSelfTokenID(g_accountMgrTokenID);
|
||||
}
|
||||
|
||||
/**
|
||||
* @tc.name: AuthCallback_OnAcquireInfo_0100
|
||||
* @tc.desc: OnAcquireInfo with nullptr.
|
||||
|
@ -597,7 +597,7 @@ HWTEST_F(AccountIamManagerTest, UpdateCredential001, TestSize.Level0)
|
||||
EXPECT_NE(callback, nullptr);
|
||||
sptr<TestIIDMCallback> testCallback = new(std::nothrow) TestIIDMCallback(callback);
|
||||
EXPECT_NE(testCallback, nullptr);
|
||||
EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(1));
|
||||
EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(2));
|
||||
InnerAccountIAMManager::GetInstance().UpdateCredential(TEST_USER_ID, testPara, nullptr);
|
||||
InnerAccountIAMManager::GetInstance().UpdateCredential(TEST_USER_ID, testPara, testCallback);
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user