openharmony/account_os_account
1
0
Fork 0
mirror of https://gitee.com/openharmony/account_os_account synced 2024-12-02 16:06:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add account iam service

Browse Source 
Signed-off-by: jidong <jidong4@huawei.com>
This commit is contained in:
jidong 2022-08-01 19:55:59 +08:00
parent 399e8a8a5f
commit 0b17bbe6fc
26 changed files with 1963 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

95
frameworks/account_iam/BUILD.gn Normal file
View File

@ -0,0 +1,95 @@
# Copyright (c) 2022 Huawei Device Co., Ltd.
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
import("//base/account/os_account/os_account.gni")
import("//build/ohos.gni")
config("account_iam_innnerkits_config") {
visibility = [ ":*" ]
include_dirs = [
"${account_iam_interfaces_native_path}/include",
"${innerkits_path}/include",
]
cflags = []
if (target_cpu == "arm") {
cflags += [ "-DBINDER_IPC_32BIT" ]
}
cflags += [ "-pipe" ]
cflags_cc = [
"-Wdate-time",
"-Wformat=2",
"-Wfloat-equal",
"-Wshadow",
]
defines = [
"ACCOUNT_LOG_TAG = \"AccountIAMFwk\"",
"LOG_DOMAIN = 0xD001B00",
]
}
config("account_iam_innerkits_public_config") {
visibility = [ ":*" ]
include_dirs = [
"${account_iam_interfaces_native_path}/include",
"${innerkits_native_path}/include",
"//base/useriam/pin_auth/frameworks/ipc/common_defines",
"//base/useriam/pin_auth/frameworks/ipc/inc",
"//base/useriam/pin_auth/interfaces/inner_api",
"//base/useriam/user_auth_framework/interfaces/inner_api",
]
}
ohos_shared_library("account_iam_innerkits") {
sources = [
"${account_iam_framework_path}/src/account_iam_callback.cpp",
"${account_iam_framework_path}/src/account_iam_client.cpp",
"${account_iam_framework_path}/src/account_iam_proxy.cpp",
]
configs = [ ":account_iam_innnerkits_config" ]
public_configs = [ ":account_iam_innerkits_public_config" ]
deps = [
"${common_path}:libaccount_common",
"${innerkits_native_path}:libaccountkits",
"${os_account_innerkits_native_path}:os_account_innerkits",
"//utils/native/base:utils",
]
if (has_pin_auth_part) {
deps += [ "//base/useriam/pin_auth/frameworks:pinauth_framework" ]
}
if (has_user_auth_part) {
deps += [
"//base/useriam/user_auth_framework/frameworks/native/client:userauth_client",
"//base/useriam/user_auth_framework/frameworks/native/ipc:userauth_client_ipc",
]
}
external_deps = [
"hiviewdfx_hilog_native:libhilog",
"ipc:ipc_core",
"safwk:system_ability_fwk",
"samgr_standard:samgr_proxy",
]
subsystem_name = "account"
part_name = "os_account"
}

327
frameworks/account_iam/src/account_iam_callback.cpp Normal file
View File

@ -0,0 +1,327 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "account_iam_callback.h"
#include "account_iam_client.h"
#include "account_log_wrapper.h"
#include "os_account_manager.h"
#include "pinauth_register.h"
#include "user_auth_client.h"
#include "user_idm_client.h"
namespace OHOS {
namespace AccountSA {
using UserIDMClient = UserIam::UserAuth::UserIdmClient;
using UserAuthClient = UserIam::UserAuth::UserAuthClient;
AuthCallback::AuthCallback(uint32_t userId, const std::shared_ptr<AuthenticationCallback> &callback)
: userId_(userId), innerCallback_(callback)
{}
AuthCallback::~AuthCallback()
{}
void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
{
ACCOUNT_LOGD("enter");
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("innerCallback_ is nullptr");
return;
}
if (result != 0) {
innerCallback_->OnResult(result, extraInfo);
return;
}
std::vector<uint8_t> token;
std::vector<uint8_t> secret;
extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
int32_t activeResult =
AccountIAMClient::GetInstance().ActivateUserKey(userId_, token, secret);
if (activeResult != 0) {
ACCOUNT_LOGE("failed to activate user key");
int32_t remainTimes = 0;
int32_t freezingTime = 0;
extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
Attributes errInfo;
errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
innerCallback_->OnResult(ResultCode::FAIL, errInfo);
} else {
innerCallback_->OnResult(result, extraInfo);
}
}
void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
{
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("innerCallback_ is nullptr");
return;
}
innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
}
IDMAuthCallback::IDMAuthCallback(uint32_t userId, const CredentialParameters &credInfo,
int32_t oldResult, const Attributes &reqResult, const std::shared_ptr<UserIdmClientCallback> &idmCallback)
: userId_(userId), credInfo_(credInfo), oldResult_(oldResult), idmCallback_(idmCallback)
{
reqResult.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_);
reqResult_.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_);
}
IDMAuthCallback::~IDMAuthCallback()
{}
void IDMAuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
{
ACCOUNT_LOGD("enter");
if (idmCallback_ == nullptr) {
ACCOUNT_LOGD("inner callback is nullptr");
return;
}
if (result != 0) {
idmCallback_->OnResult(ResultCode::FAIL, reqResult_);
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
return;
}
std::vector<uint8_t> token;
std::vector<uint8_t> secret;
extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
int32_t updateKeyResult = AccountIAMClient::GetInstance().UpdateUserKey(
userId_, credentialId_, token, secret);
if (updateKeyResult == 0) {
ACCOUNT_LOGD("unlock user key successfully");
idmCallback_->OnResult(oldResult_, reqResult_);
return;
}
IAMState state = AccountIAMClient::GetInstance().GetState(userId_);
if (state == AFTER_ADD_CRED) {
ACCOUNT_LOGE("failed to unlock user key, delete the added credential");
AccountIAMClient::GetInstance().SetState(userId_, ROLL_BACK_ADD_CRED);
auto delCallback = std::make_shared<DelCredCallback>(userId_, credentialId_, token, idmCallback_);
UserIDMClient::GetInstance().DeleteCredential(userId_, credentialId_, token, delCallback);
} else if (state == AFTER_UPDATE_CRED) {
ACCOUNT_LOGE("failed to unlock user key, restore the old credential");
AccountIAMClient::GetInstance().SetState(userId_, ROLL_BACK_UPDATE_CRED);
credInfo_.token = token;
auto updateCallback = std::make_shared<UpdateCredCallback>(userId_, credInfo_, idmCallback_);
UserIDMClient::GetInstance().UpdateCredential(0, credInfo_, updateCallback);
} else {
idmCallback_->OnResult(oldResult_, reqResult_);
}
}
void IDMAuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
{
ACCOUNT_LOGD("unsupported operation");
}
AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
const std::shared_ptr<UserIdmClientCallback> &callback)
: userId_(userId), credInfo_(credInfo), innerCallback_(callback)
{}
AddCredCallback::~AddCredCallback()
{}
void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
{
ACCOUNT_LOGD("enter");
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("inner callback is nullptr");
return;
}
if (result != 0) {
ACCOUNT_LOGD("failed to add credential");
innerCallback_->OnResult(result, extraInfo);
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
return;
}
AccountIAMClient::GetInstance().SetState(userId_, AFTER_ADD_CRED);
std::vector<uint8_t> challenge;
AccountIAMClient::GetInstance().GetChallenge(userId_, challenge);
auto callback = std::make_shared<IDMAuthCallback>(userId_, credInfo_, result, extraInfo, innerCallback_);
UserAuthClient::GetInstance().BeginAuthentication(
userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback);
}
void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
{
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("innerCallback_ is nullptr");
return;
}
innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
}
UpdateCredCallback::UpdateCredCallback(
uint32_t userId, const CredentialParameters &credInfo, const std::shared_ptr<UserIdmClientCallback> &callback)
: userId_(userId), credInfo_(credInfo), innerCallback_(callback)
{}
UpdateCredCallback::~UpdateCredCallback()
{}
void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
{
ACCOUNT_LOGD("enter");
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("inner callback is nullptr");
return;
}
IAMState state = AccountIAMClient::GetInstance().GetState(userId_);
if (state == ROLL_BACK_UPDATE_CRED) {
if (result != 0) {
ACCOUNT_LOGE("roll back credential failed");
} else {
ACCOUNT_LOGD("roll back credential successully");
}
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
Attributes errResult;
innerCallback_->OnResult(ResultCode::FAIL, errResult);
return;
}
if (result != 0) {
ACCOUNT_LOGD("failed to update credential");
innerCallback_->OnResult(result, extraInfo);
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
return;
}
AccountIAMClient::GetInstance().SetState(userId_, AFTER_UPDATE_CRED);
std::vector<uint8_t> challenge;
AccountIAMClient::GetInstance().GetChallenge(userId_, challenge);
auto callback = std::make_shared<IDMAuthCallback>(userId_, credInfo_, result, extraInfo, innerCallback_);
UserAuthClient::GetInstance().BeginAuthentication(
userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback);
}
void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
{
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("innerCallback_ is nullptr");
return;
}
innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
}
DelCredCallback::DelCredCallback(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
const std::shared_ptr<UserIdmClientCallback> &callback)
: userId_(userId), credentialId_(credentialId), authToken_(authToken), innerCallback_(callback)
{}
DelCredCallback::~DelCredCallback()
{}
void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
{
ACCOUNT_LOGD("enter");
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("innerCallback_ is nullptr");
return;
}
IAMState state = AccountIAMClient::GetInstance().GetState(userId_);
if (state == ROLL_BACK_ADD_CRED) {
if (result != 0) {
ACCOUNT_LOGE("roll back credential failed");
} else {
ACCOUNT_LOGD("roll back credential successully");
}
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
Attributes errResult;
innerCallback_->OnResult(ResultCode::FAIL, errResult);
return;
}
if (result == 0) {
AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
} else {
AccountIAMClient::GetInstance().RestoreUserKey(userId_, credentialId_, authToken_);
}
innerCallback_->OnResult(result, extraInfo);
}
void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
{
if (innerCallback_ == nullptr) {
ACCOUNT_LOGD("inner callback is nullptr");
return;
}
innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
}
IAMInputerData::IAMInputerData(int32_t userId, const std::shared_ptr<IInputerData> &inputerData)
: userId_(userId), innerInputerData_(inputerData)
{}
IAMInputerData::~IAMInputerData()
{}
void IAMInputerData::OnSetData(int32_t authSubType, std::vector<uint8_t> data)
{
AccountIAMClient::GetInstance().SetCredential(userId_, authSubType, data);
AccountIAMClient::GetInstance().SetCredential(userId_, 0, data);
innerInputerData_->OnSetData(authSubType, data);
}
void IAMInputerData::ResetInnerInputerData(const std::shared_ptr<IInputerData> &inputerData)
{
innerInputerData_ = inputerData;
}
IAMInputer::IAMInputer(int32_t userId, const std::shared_ptr<IInputer> &inputer)
: userId_(userId), innerInputer_(inputer)
{
auto iamInputerData = new (std::nothrow) IAMInputerData(userId, nullptr);
if (iamInputerData == nullptr) {
ACCOUNT_LOGD("failed to create IAMInputerData");
return;
}
inputerData_.reset(iamInputerData);
}
IAMInputer::~IAMInputer()
{}
void IAMInputer::OnGetData(int32_t authSubType, std::shared_ptr<IInputerData> inputerData)
{
ACCOUNT_LOGD("enter");
if (inputerData_ == nullptr) {
ACCOUNT_LOGD("inputerData_ is nullptr");
return;
}
inputerData_->ResetInnerInputerData(inputerData);
IAMState state = AccountIAMClient::GetInstance().GetState(userId_);
if (state < AFTER_ADD_CRED) {
innerInputer_->OnGetData(authSubType, inputerData_);
return;
}
CredentialPair credPair;
AccountIAMClient::GetInstance().GetCredential(userId_, authSubType, credPair);
if (state == ROLL_BACK_UPDATE_CRED) {
inputerData->OnSetData(authSubType, credPair.oldCredential);
} else {
inputerData->OnSetData(authSubType, credPair.credential);
}
}
void IAMInputer::ResetInnerInputer(const std::shared_ptr<IInputer> &inputer)
{
innerInputer_ = inputer;
}
} // namespace AccountSA
} // namespace OHOS

418
frameworks/account_iam/src/account_iam_client.cpp Normal file
View File

@ -0,0 +1,418 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "account_iam_client.h"
#include "account_iam_callback.h"
#include "account_log_wrapper.h"
#include "account_proxy.h"
#include "iservice_registry.h"
#include "os_account_manager.h"
#include "pinauth_register.h"
#include "system_ability_definition.h"
#include "user_auth_client.h"
#include "user_auth_client_impl.h"
#include "user_idm_client.h"
namespace OHOS {
namespace AccountSA {
using UserIDMClient = UserIam::UserAuth::UserIdmClient;
using UserAuthClient = UserIam::UserAuth::UserAuthClient;
using PinAuthRegister = UserIam::PinAuth::PinAuthRegister;
using UserAuthClientImpl = UserIam::UserAuth::UserAuthClientImpl;
AccountIAMClient::AccountIAMClient()
{
userStateMap_[0] = IDLE;
}
ErrCode AccountIAMClient::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
{
challenge = UserIDMClient::GetInstance().OpenSession(userId);
std::lock_guard<std::mutex> lock(mutex_);
userStateMap_[userId] = AFTER_OPEN_SESSION;
userChallengeMap_[userId] = challenge;
return ERR_OK;
}
ErrCode AccountIAMClient::CloseSession(int32_t userId)
{
UserIDMClient::GetInstance().CloseSession(userId);
std::lock_guard<std::mutex> lock(mutex_);
if (userId == 0) {
userStateMap_[0] = IDLE;
} else {
userStateMap_.erase(userId);
}
userChallengeMap_.erase(userId);
return ERR_OK;
}
ErrCode AccountIAMClient::AddCredential(const CredentialParameters& credInfo,
const std::shared_ptr<UserIdmClientCallback>& callback)
{
ACCOUNT_LOGD("enter");
if (callback == nullptr) {
ACCOUNT_LOGD("callback is nullptr");
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
if (credInfo.authType != AuthType::PIN) {
UserIDMClient::GetInstance().AddCredential(0, credInfo, callback);
return ERR_OK;
}
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
auto idmCallback = std::make_shared<AddCredCallback>(userId, credInfo, callback);
UserIDMClient::GetInstance().AddCredential(0, credInfo, idmCallback);
return ERR_OK;
}
ErrCode AccountIAMClient::UpdateCredential(const CredentialParameters& credInfo,
const std::shared_ptr<UserIdmClientCallback>& callback)
{
ACCOUNT_LOGD("enter");
if (callback == nullptr) {
ACCOUNT_LOGD("callback is nullptr");
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
if (credInfo.token.empty()) {
ACCOUNT_LOGD("token is empty");
Attributes emptyResult;
callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult);
return ERR_OK;
}
if (credInfo.authType != AuthType::PIN) {
UserIDMClient::GetInstance().UpdateCredential(0, credInfo, callback);
return ERR_OK;
}
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
auto idmCallback = std::make_shared<UpdateCredCallback>(userId, credInfo, callback);
UserIDMClient::GetInstance().UpdateCredential(0, credInfo, idmCallback);
return ERR_OK;
}
ErrCode AccountIAMClient::DelCred(uint64_t credentialId, std::vector<uint8_t> authToken,
const std::shared_ptr<UserIdmClientCallback>& callback)
{
ACCOUNT_LOGD("enter");
if (callback == nullptr) {
ACCOUNT_LOGD("callback is nullptr");
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
Attributes errResult;
if (authToken.empty()) {
ACCOUNT_LOGD("token is empty");
callback->OnResult(ResultCode::INVALID_PARAMETERS, errResult);
return ERR_OK;
}
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
std::vector<uint8_t> secret;
ErrCode result = UpdateUserKey(userId, credentialId, authToken, secret);
if (result != ERR_OK) {
callback->OnResult(result, errResult);
return ERR_OK;
}
auto idmCallback = std::make_shared<DelCredCallback>(userId, credentialId, authToken, callback);
UserIDMClient::GetInstance().DeleteCredential(0, credentialId, authToken, idmCallback);
return ERR_OK;
}
ErrCode AccountIAMClient::DelUser(std::vector<uint8_t> authToken,
const std::shared_ptr<UserIdmClientCallback>& callback)
{
ACCOUNT_LOGD("enter");
if (callback == nullptr) {
ACCOUNT_LOGD("callback is nullptr");
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
Attributes errResult;
if (authToken.empty()) {
ACCOUNT_LOGD("token is empty");
callback->OnResult(ResultCode::INVALID_PARAMETERS, errResult);
return ERR_OK;
}
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
ErrCode result = RemoveUserKey(userId, authToken);
if (result != ERR_OK) {
callback->OnResult(result, errResult);
return ERR_OK;
}
auto idmCallback = std::make_shared<DelCredCallback>(userId, 0, authToken, callback);
UserIDMClient::GetInstance().DeleteUser(userId, authToken, idmCallback);
return ERR_OK;
}
ErrCode AccountIAMClient::GetAuthInfo(AuthType authType, const std::shared_ptr<GetCredentialInfoCallback>& callback)
{
UserIDMClient::GetInstance().GetCredentialInfo(0, authType, callback);
return ERR_OK;
}
ErrCode AccountIAMClient::Cancel(uint64_t challenge, int32_t &resultCode)
{
resultCode = UserIDMClient::GetInstance().Cancel(challenge);
return ERR_OK;
}
ErrCode AccountIAMClient::Auth(const std::vector<uint8_t> &challenge, const AuthType authType,
const AuthTrustLevel authTrustLevel, const std::shared_ptr<AuthenticationCallback> &callback, uint64_t &contextId)
{
ACCOUNT_LOGD("enter");
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
return AuthUser(userId, challenge, authType, authTrustLevel, callback, contextId);
}
ErrCode AccountIAMClient::AuthUser(
const int32_t userId, const std::vector<uint8_t> &challenge, const AuthType authType,
const AuthTrustLevel authTrustLevel, const std::shared_ptr<AuthenticationCallback> &callback, uint64_t &contextId)
{
ACCOUNT_LOGD("enter");
if (callback == nullptr) {
ACCOUNT_LOGD("callback is nullptr");
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
if (authType != AuthType::PIN) {
contextId = UserAuthClient::GetInstance().BeginAuthentication(
userId, challenge, authType, authTrustLevel, callback);
return ERR_OK;
}
auto userAuthCallback = std::make_shared<AuthCallback>(userId, callback);
contextId = UserAuthClient::GetInstance().BeginAuthentication(
userId, challenge, authType, authTrustLevel, userAuthCallback);
return ERR_OK;
}
ErrCode AccountIAMClient::CancelAuth(const uint64_t contextId, int32_t &resultCode)
{
resultCode = UserAuthClient::GetInstance().CancelAuthentication(contextId);
return ERR_OK;
}
ErrCode AccountIAMClient::GetAvailableStatus(
const AuthType authType, const AuthTrustLevel authTrustLevel, int32_t &status)
{
status = UserAuthClientImpl::Instance().GetAvailableStatus(authType, authTrustLevel);
return ERR_OK;
}
ErrCode AccountIAMClient::GetProperty(const GetPropertyRequest &request, std::shared_ptr<GetPropCallback> callback)
{
UserAuthClient::GetInstance().GetProperty(0, request, callback);
return ERR_OK;
}
ErrCode AccountIAMClient::SetProperty(const SetPropertyRequest &request, std::shared_ptr<SetPropCallback> callback)
{
UserAuthClient::GetInstance().SetProperty(0, request, callback);
return ERR_OK;
}
ErrCode AccountIAMClient::RegisterInputer(const std::shared_ptr<IInputer> inputer, bool &isSucceed)
{
ACCOUNT_LOGD("enter");
isSucceed = false;
int32_t userId = 0;
OsAccountManager::GetOsAccountLocalIdFromProcess(userId);
auto iamInputer = std::make_shared<IAMInputer>(userId, inputer);
isSucceed = PinAuthRegister::GetInstance().RegisterInputer(iamInputer);
return ERR_OK;
}
ErrCode AccountIAMClient::UnRegisterInputer()
{
ACCOUNT_LOGD("enter");
PinAuthRegister::GetInstance().UnRegisterInputer();
return ERR_OK;
}
IAMState AccountIAMClient::GetState(int32_t userId)
{
ACCOUNT_LOGD("enter");
std::lock_guard<std::mutex> lock(mutex_);
auto it = userStateMap_.find(userId);
if (it != userStateMap_.end()) {
return it->second;
}
return userStateMap_[0];
}
void AccountIAMClient::SetState(int32_t userId, IAMState state)
{
ACCOUNT_LOGD("enter");
std::lock_guard<std::mutex> lock(mutex_);
userStateMap_[userId] = state;
}
void AccountIAMClient::GetChallenge(int32_t userId, std::vector<uint8_t> &challenge)
{
ACCOUNT_LOGD("enter");
std::lock_guard<std::mutex> lock(mutex_);
auto it = userChallengeMap_.find(userId);
if (it != userChallengeMap_.end()) {
challenge = it->second;
} else {
challenge = userChallengeMap_[0];
}
}
void AccountIAMClient::GetCredential(int32_t userId, int32_t authSubType, CredentialPair &credPair)
{
ACCOUNT_LOGD("enter");
std::string key = std::to_string(userId) + std::to_string(authSubType);
std::lock_guard<std::mutex> lock(mutex_);
auto it = credentialMap_.find(key);
if (it != credentialMap_.end()) {
credPair = it->second;
}
}
void AccountIAMClient::SetCredential(int32_t userId, int32_t authSubType, const std::vector<uint8_t> &credential)
{
ACCOUNT_LOGD("enter");
std::string key = std::to_string(userId) + std::to_string(authSubType);
std::lock_guard<std::mutex> lock(mutex_);
auto it = credentialMap_.find(key);
if (it != credentialMap_.end()) {
it->second.oldCredential = it->second.credential;
it->second.credential = credential;
return;
}
credentialMap_[key] = {
.credential = credential
};
}
void AccountIAMClient::ClearCredential(int32_t userId, int32_t authSubType)
{
std::string key = std::to_string(userId) + std::to_string(authSubType);
std::lock_guard<std::mutex> lock(mutex_);
credentialMap_.erase(key);
}
ErrCode AccountIAMClient::ActivateUserKey(
int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
{
ACCOUNT_LOGD("enter");
ErrCode result = GetAccountIAMProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get account iam proxy");
return result;
}
return proxy_->ActivateUserKey(userId, token, secret);
}
ErrCode AccountIAMClient::UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret)
{
ACCOUNT_LOGD("enter");
ErrCode result = GetAccountIAMProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get account iam proxy");
return result;
}
return proxy_->UpdateUserKey(userId, credentialId, token, newSecret);
}
ErrCode AccountIAMClient::RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
ErrCode result = GetAccountIAMProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get account iam proxy");
return result;
}
return proxy_->RemoveUserKey(userId, token);
}
ErrCode AccountIAMClient::RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
ErrCode result = GetAccountIAMProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get account iam proxy");
return result;
}
return proxy_->RestoreUserKey(userId, credentialId, token);
}
void AccountIAMClient::ResetAccountIAMProxy(const wptr<IRemoteObject>& remote)
{
std::lock_guard<std::mutex> lock(mutex_);
if (proxy_ == nullptr) {
ACCOUNT_LOGD("proxy is nullptr");
return;
}
auto serviceRemote = proxy_->AsObject();
if ((serviceRemote != nullptr) && (serviceRemote == remote.promote())) {
serviceRemote->RemoveDeathRecipient(deathRecipient_);
proxy_ = nullptr;
}
}
void AccountIAMClient::AccountIAMDeathRecipient::OnRemoteDied(const wptr<IRemoteObject>& remote)
{
if (remote == nullptr) {
ACCOUNT_LOGD("remote is nullptr");
return;
}
AccountIAMClient::GetInstance().ResetAccountIAMProxy(remote);
}
ErrCode AccountIAMClient::GetAccountIAMProxy()
{
std::lock_guard<std::mutex> lock(mutex_);
if (proxy_ != nullptr) {
return ERR_OK;
}
sptr<ISystemAbilityManager> saMgr =
SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!saMgr) {
ACCOUNT_LOGD("failed to get system ability manager");
return ERR_APPACCOUNT_KIT_GET_SYSTEM_ABILITY_MANAGER;
}
sptr<IRemoteObject> remoteObject = saMgr->GetSystemAbility(SUBSYS_ACCOUNT_SYS_ABILITY_ID_BEGIN);
if (!remoteObject) {
ACCOUNT_LOGD("failed to get account system ability");
return ERR_APPACCOUNT_KIT_GET_ACCOUNT_SYSTEM_ABILITY;
}
sptr<IAccount> accountProxy = iface_cast<AccountProxy>(remoteObject);
if (!accountProxy) {
ACCOUNT_LOGD("failed to cast account proxy");
return ERR_APPACCOUNT_KIT_CAST_ACCOUNT_PROXY;
}
sptr<IRemoteObject> accountIAMRemoteObject = accountProxy->GetAccountIAMService();
if (!accountIAMRemoteObject) {
ACCOUNT_LOGD("failed to get account iam service");
return ERR_APPACCOUNT_KIT_GET_APP_ACCOUNT_SERVICE;
}
proxy_ = iface_cast<IAccountIAM>(accountIAMRemoteObject);
if ((!proxy_) || (!proxy_->AsObject())) {
ACCOUNT_LOGD("failed to cast account iam proxy");
return ERR_APPACCOUNT_KIT_GET_APP_ACCOUNT_PROXY;
}
deathRecipient_ = new (std::nothrow) AccountIAMDeathRecipient();
if (!deathRecipient_) {
ACCOUNT_LOGD("failed to create account iam death recipient");
return ERR_APPACCOUNT_KIT_CREATE_APP_ACCOUNT_DEATH_RECIPIENT;
}
proxy_->AsObject()->AddDeathRecipient(deathRecipient_);
return ERR_OK;
}
} // namespace AccountSA
} // namespace OHOS

164
frameworks/account_iam/src/account_iam_proxy.cpp Normal file
View File

@ -0,0 +1,164 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "account_iam_proxy.h"
#include "account_log_wrapper.h"
namespace OHOS {
namespace AccountSA {
AccountIAMProxy::AccountIAMProxy(const sptr<IRemoteObject> &object) : IRemoteProxy<IAccountIAM>(object)
{}
AccountIAMProxy::~AccountIAMProxy()
{}
ErrCode AccountIAMProxy::SendRequest(IAccountIAM::Message code, MessageParcel &data, MessageParcel &reply)
{
ACCOUNT_LOGD("enter");
sptr<IRemoteObject> remote = Remote();
if (remote == nullptr) {
ACCOUNT_LOGD("remote is nullptr, code = %{public}d", code);
return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
}
MessageOption option(MessageOption::TF_SYNC);
int32_t result = remote->SendRequest(static_cast<uint32_t>(code), data, reply, option);
if (result != ERR_OK) {
ACCOUNT_LOGD("failed to SendRequest, code = %{public}d, result = %{public}d", code, result);
return ERR_ACCOUNT_IAM_SEND_REQUEST;
}
return ERR_OK;
}
ErrCode AccountIAMProxy::ActivateUserKey(
int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
{
ACCOUNT_LOGD("enter");
MessageParcel data;
MessageParcel reply;
if (!data.WriteInterfaceToken(GetDescriptor())) {
ACCOUNT_LOGD("failed to write descriptor!");
return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR;
}
if (!data.WriteInt32(userId)) {
ACCOUNT_LOGD("failed to write userId!");
return ERR_ACCOUNT_IAM_WRITE_USER_ID;
}
if (!data.WriteUInt8Vector(token)) {
ACCOUNT_LOGD("failed to write token!");
return ERR_ACCOUNT_IAM_WRITE_TOKEN;
}
if (!data.WriteUInt8Vector(secret)) {
ACCOUNT_LOGD("failed to write secret!");
return ERR_ACCOUNT_IAM_WRITE_SECRET;
}
ErrCode result = SendRequest(IAccountIAM::Message::ACTIVATE_USER_KEY, data, reply);
if (result != ERR_OK) {
return result;
}
result = reply.ReadInt32();
ACCOUNT_LOGD("result: %{public}d", result);
return result;
}
ErrCode AccountIAMProxy::UpdateUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token,
const std::vector<uint8_t> &newSecret)
{
ACCOUNT_LOGD("enter");
MessageParcel data;
MessageParcel reply;
if (!data.WriteInterfaceToken(GetDescriptor())) {
ACCOUNT_LOGD("failed to write descriptor!");
return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR;
}
if (!data.WriteInt32(userId)) {
ACCOUNT_LOGD("failed to write userId!");
return ERR_ACCOUNT_IAM_WRITE_USER_ID;
}
if (!data.WriteUint64(credentialId)) {
ACCOUNT_LOGD("failed to write credentialId!");
return ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID;
}
if (!data.WriteUInt8Vector(token)) {
ACCOUNT_LOGD("failed to write token!");
return ERR_ACCOUNT_IAM_WRITE_TOKEN;
}
if (!data.WriteUInt8Vector(newSecret)) {
ACCOUNT_LOGD("failed to write secret!");
return ERR_ACCOUNT_IAM_WRITE_SECRET;
}
ErrCode result = SendRequest(IAccountIAM::Message::UPDATE_USER_KEY, data, reply);
if (result != ERR_OK) {
return result;
}
result = reply.ReadInt32();
return result;
}
ErrCode AccountIAMProxy::RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
MessageParcel data;
MessageParcel reply;
if (!data.WriteInterfaceToken(GetDescriptor())) {
ACCOUNT_LOGD("failed to write descriptor!");
return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR;
}
if (!data.WriteInt32(userId)) {
ACCOUNT_LOGD("failed to write userId!");
return ERR_ACCOUNT_IAM_WRITE_USER_ID;
}
if (!data.WriteUInt8Vector(token)) {
ACCOUNT_LOGD("failed to write token!");
return ERR_ACCOUNT_IAM_WRITE_TOKEN;
}
ErrCode result = SendRequest(IAccountIAM::Message::REMOVE_USER_KEY, data, reply);
if (result != ERR_OK) {
return result;
}
result = reply.ReadInt32();
return result;
}
ErrCode AccountIAMProxy::RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
MessageParcel data;
MessageParcel reply;
if (!data.WriteInterfaceToken(GetDescriptor())) {
ACCOUNT_LOGD("failed to write descriptor!");
return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR;
}
if (!data.WriteInt32(userId)) {
ACCOUNT_LOGD("failed to write userId!");
return ERR_ACCOUNT_IAM_WRITE_USER_ID;
}
if (!data.WriteUint64(credentialId)) {
ACCOUNT_LOGD("failed to write credentialId!");
return ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID;
}
if (!data.WriteUInt8Vector(token)) {
ACCOUNT_LOGD("failed to write token!");
return ERR_ACCOUNT_IAM_WRITE_TOKEN;
}
ErrCode result = SendRequest(IAccountIAM::Message::RESTORE_USER_KEY, data, reply);
if (result != ERR_OK) {
return result;
}
result = reply.ReadInt32();
return result;
}
} // namespace AccountSA
} // OHOS

24
frameworks/common/account_error/include/account_error_no.h
View File

@ -27,7 +27,9 @@ enum {
ACCOUNT_MODULE_APPACCOUNT_KIT,
ACCOUNT_MODULE_APPACCOUNT_SERVICE,
ACCOUNT_MODULE_OSACCOUNT_KIT,
ACCOUNT_MODULE_OSACCOUNT_SERVICE
ACCOUNT_MODULE_OSACCOUNT_SERVICE,
ACCOUNT_MODULE_ACCOUNT_IAM_KIT,
ACCOUNT_MODULE_ACCOUNT_IAM_SERVICE
};
// Error code for common
@ -436,6 +438,26 @@ enum {
ERR_OSACCOUNT_SERVICE_GET_DATA_FROM_GLOBAL_CONSTRAINTS_FILE_EMPTY,
ERR_OSACCOUNT_SERVICE_GET_DATA_FROM_SPECIFIC_CONSTRAINTS_FILE_EMPTY,
};
// Error code for ACCOUNT_IAM_KIT
constexpr ErrCode ACCOUNT_IAM_KIT_ERR_OFFSET =
ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_KIT);
enum {
ERR_ACCOUNT_IAM_SEND_REQUEST,
ERR_ACCOUNT_IAM_WRITE_USER_ID,
ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID,
ERR_ACCOUNT_IAM_WRITE_TOKEN,
ERR_ACCOUNT_IAM_WRITE_SECRET,
};
// Error code for ACCOUNT_IAM_SERVICE
constexpr ErrCode ACCOUNT_IAM_SERVICE_ERR_OFFSET =
ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_SERVICE);
enum {
ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED,
ERR_ACCOUNT_IAM_SERVICE_GET_STORAGE_SYSTEM_ABILITY,
ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR
};
} // namespace OHOS
#endif // OS_ACCOUNT_FRAMEWORKS_COMMON_ACCOUNT_ERROR_INCLUDE_ACCOUNT_ERROR_NO_H

1
frameworks/ohosaccount/native/include/account_proxy.h
View File

@ -37,6 +37,7 @@ public:
std::int32_t QueryDeviceAccountId(std::int32_t &accountId) override;
sptr<IRemoteObject> GetAppAccountService() override;
sptr<IRemoteObject> GetOsAccountService() override;
sptr<IRemoteObject> GetAccountIAMService() override;
private:
std::int32_t DeviceAccountRequest(std::uint32_t code, std::int32_t accountId);

21
frameworks/ohosaccount/native/src/account_proxy.cpp
View File

@ -165,6 +165,7 @@ sptr<IRemoteObject> AccountProxy::GetAppAccountService()
ACCOUNT_LOGD("exit");
return reply.ReadRemoteObject();
}
sptr<IRemoteObject> AccountProxy::GetOsAccountService()
{
ACCOUNT_LOGD("enter");
@ -185,5 +186,25 @@ sptr<IRemoteObject> AccountProxy::GetOsAccountService()
ACCOUNT_LOGD("exit");
return reply.ReadRemoteObject();
}
sptr<IRemoteObject> AccountProxy::GetAccountIAMService()
{
MessageParcel data;
MessageParcel reply;
MessageOption option;
if (!data.WriteInterfaceToken(GetDescriptor())) {
ACCOUNT_LOGD("Write descriptor failed");
return nullptr;
}
auto ret = Remote()->SendRequest(GET_ACCOUNT_IAM_SERVICE, data, reply, option);
if (ret != ERR_NONE) {
ACCOUNT_LOGD("SendRequest failed %d", ret);
return nullptr;
}
return reply.ReadRemoteObject();
}
} // namespace AccountSA
} // namespace OHOS

131
interfaces/innerkits/account_iam/native/include/account_iam_callback.h Normal file
View File

@ -0,0 +1,131 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H
#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H
#include <map>
#include <vector>
#include "account_iam_info.h"
namespace OHOS {
namespace AccountSA {
class AuthCallback : public AuthenticationCallback {
public:
explicit AuthCallback(uint32_t userId, const std::shared_ptr<AuthenticationCallback> &callback);
virtual ~AuthCallback();
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
void OnResult(int32_t result, const Attributes &extraInfo) override;
private:
std::uint32_t userId_;
std::shared_ptr<AuthenticationCallback> innerCallback_ = nullptr;
};
class IDMAuthCallback : public AuthenticationCallback {
public:
explicit IDMAuthCallback(uint32_t userId, const CredentialParameters &credInfo,
int32_t oldResult, const Attributes &reqResult, const std::shared_ptr<UserIdmClientCallback> &idmCallback);
virtual ~IDMAuthCallback();
void OnResult(int32_t result, const Attributes &extraInfo) override;
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
private:
uint32_t userId_;
CredentialParameters credInfo_;
int32_t oldResult_;
Attributes reqResult_;
std::shared_ptr<UserIdmClientCallback> idmCallback_ = nullptr;
uint64_t credentialId_ = 0;
};
class AddCredCallback : public UserIdmClientCallback {
public:
explicit AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
const std::shared_ptr<UserIdmClientCallback> &callback);
virtual ~AddCredCallback();
void OnResult(int32_t result, const Attributes &extraInfo) override;
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
private:
std::uint32_t userId_;
CredentialParameters credInfo_;
std::shared_ptr<UserIdmClientCallback> innerCallback_ = nullptr;
};
class UpdateCredCallback : public UserIdmClientCallback {
public:
explicit UpdateCredCallback(uint32_t userId, const CredentialParameters &credInfo,
const std::shared_ptr<UserIdmClientCallback> &callback);
virtual ~UpdateCredCallback();
void OnResult(int32_t result, const Attributes &extraInfo) override;
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
private:
std::uint32_t userId_;
std::vector<uint8_t> oldCredential_;
CredentialParameters credInfo_;
std::shared_ptr<UserIdmClientCallback> innerCallback_ = nullptr;
};
class DelCredCallback : public UserIdmClientCallback {
public:
explicit DelCredCallback(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
const std::shared_ptr<UserIdmClientCallback> &callback);
virtual ~DelCredCallback();
void OnResult(int32_t result, const Attributes &extraInfo) override;
void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override;
private:
int32_t userId_;
uint64_t credentialId_;
std::vector<uint8_t> authToken_;
std::shared_ptr<UserIdmClientCallback> innerCallback_ = nullptr;
};
class IAMInputerData : public IInputerData {
public:
IAMInputerData(int32_t userId, const std::shared_ptr<IInputerData> &inputerData);
virtual~IAMInputerData();
void OnSetData(int32_t authSubType, std::vector<uint8_t> data) override;
void ResetInnerInputerData(const std::shared_ptr<IInputerData> &inputerData);
private:
int32_t userId_;
std::shared_ptr<IInputerData> innerInputerData_;
std::map<std::string, std::vector<uint8_t>> credMap_;
};
class IAMInputer : public IInputer {
public:
IAMInputer(int32_t userId, const std::shared_ptr<IInputer> &inputer);
virtual ~IAMInputer();
void OnGetData(int32_t authSubType, std::shared_ptr<IInputerData> inputerData);
void ResetInnerInputer(const std::shared_ptr<IInputer> &inputer);
private:
int32_t userId_;
std::vector<uint8_t> oldCredential_;
std::shared_ptr<IInputer> innerInputer_ = nullptr;
std::shared_ptr<IAMInputerData> inputerData_ = nullptr;
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H

90
interfaces/innerkits/account_iam/native/include/account_iam_client.h Normal file
View File

@ -0,0 +1,90 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H
#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H
#include <map>
#include <vector>
#include "account_iam_callback.h"
#include "account_iam_info.h"
#include "account_error_no.h"
#include "iaccount_iam.h"
#include "singleton.h"
namespace OHOS {
namespace AccountSA {
class AccountIAMClient : public DelayedRefSingleton<AccountIAMClient> {
public:
AccountIAMClient();
ErrCode OpenSession(int32_t userId, std::vector<uint8_t> &challenge);
ErrCode CloseSession(int32_t userId);
ErrCode AddCredential(
const CredentialParameters& credInfo, const std::shared_ptr<UserIdmClientCallback>& callback);
ErrCode UpdateCredential(
const CredentialParameters& credInfo, const std::shared_ptr<UserIdmClientCallback>& callback);
ErrCode Cancel(uint64_t challenge, int32_t &resultCode);
ErrCode DelCred(
uint64_t credentialId, std::vector<uint8_t> authToken, const std::shared_ptr<UserIdmClientCallback>& callback);
ErrCode DelUser(std::vector<uint8_t> authToken, const std::shared_ptr<UserIdmClientCallback>& callback);
ErrCode GetAuthInfo(AuthType authType, const std::shared_ptr<GetCredentialInfoCallback>& callback);
ErrCode Auth(
const std::vector<uint8_t> &challenge, const AuthType authType, const AuthTrustLevel authTrustLevel,
const std::shared_ptr<AuthenticationCallback> &callback, uint64_t &contextId);
ErrCode AuthUser(const int32_t userId, const std::vector<uint8_t> &challenge, const AuthType authType,
const AuthTrustLevel authTrustLevel, const std::shared_ptr<AuthenticationCallback> &callback,
uint64_t &contextId);
ErrCode CancelAuth(const uint64_t contextId, int32_t &resultCode);
ErrCode GetAvailableStatus(const AuthType authType, const AuthTrustLevel authTrustLevel, int32_t &status);
ErrCode GetProperty(const GetPropertyRequest &request, std::shared_ptr<GetPropCallback> callback);
ErrCode SetProperty(const SetPropertyRequest &request, std::shared_ptr<SetPropCallback> callback);
ErrCode RegisterInputer(const std::shared_ptr<IInputer> inputer, bool &isSucceed);
ErrCode UnRegisterInputer();
IAMState GetState(int32_t userId);
void SetState(int32_t userId, IAMState state);
void GetChallenge(int32_t userId, std::vector<uint8_t> &challenge);
void SetCredential(int32_t userId, int32_t authSubType, const std::vector<uint8_t> &credential);
void GetCredential(int32_t userId, int32_t authSubType, CredentialPair &credPair);
void ClearCredential(int32_t userId, int32_t authSubType);
ErrCode ActivateUserKey(int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret);
ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret);
ErrCode RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token);
ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token);
private:
class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient {
public:
AccountIAMDeathRecipient() = default;
~AccountIAMDeathRecipient() = default;
void OnRemoteDied(const wptr<IRemoteObject>& remote) override;
private:
DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient);
};
ErrCode GetAccountIAMProxy();
void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote);
private:
std::mutex mutex_;
sptr<IAccountIAM> proxy_ = nullptr;
sptr<IRemoteObject::DeathRecipient> deathRecipient_ = nullptr;
std::map<int32_t, IAMState> userStateMap_;
std::map<std::string, CredentialPair> credentialMap_;
std::map<int32_t, std::vector<uint8_t>> userChallengeMap_;
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H

70
interfaces/innerkits/account_iam/native/include/account_iam_info.h Normal file
View File

@ -0,0 +1,70 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H
#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H
#include "attributes.h"
#include "iam_common_defines.h"
#include "i_inputer.h"
#include "user_auth_client_callback.h"
#include "user_auth_client_defines.h"
#include "user_idm_client.h"
#include "user_idm_client_callback.h"
#include "user_idm_client_defines.h"
namespace OHOS {
namespace AccountSA {
typedef UserIam::PinAuth::IInputer IInputer;
typedef UserIam::PinAuth::IInputerData IInputerData;
typedef UserIam::UserAuth::ResultCode ResultCode;
typedef UserIam::UserAuth::AuthType AuthType;
typedef UserIam::UserAuth::Attributes Attributes;
typedef UserIam::UserAuth::AuthTrustLevel AuthTrustLevel;
typedef UserIam::UserAuth::AuthenticationCallback AuthenticationCallback;
typedef UserIam::UserAuth::GetPropCallback GetPropCallback;
typedef UserIam::UserAuth::SetPropCallback SetPropCallback;
typedef UserIam::UserAuth::GetPropertyRequest GetPropertyRequest;
typedef UserIam::UserAuth::SetPropertyRequest SetPropertyRequest;
typedef UserIam::UserAuth::PropertyMode PropertyMode;
typedef UserIam::UserAuth::PinSubType PinSubType;
typedef UserIam::UserAuth::UserIdmClientCallback UserIdmClientCallback;
typedef UserIam::UserAuth::CredentialParameters CredentialParameters;
typedef UserIam::UserAuth::CredentialInfo CredentialInfo;
typedef UserIam::UserAuth::GetCredentialInfoCallback GetCredentialInfoCallback;
enum IAMState {
IDLE = 0,
AFTER_OPEN_SESSION,
DURING_AUTHENTICATE,
DURING_ADD_CRED,
DURING_UPDATE_CRED,
DURING_DEL_CRED,
AFTER_ADD_CRED,
AFTER_UPDATE_CRED,
AFTER_DEL_CRED,
ROLL_BACK_ADD_CRED,
ROLL_BACK_UPDATE_CRED,
ROLL_BACK_DEL_CRED,
DURING_DEL_USER,
};
struct CredentialPair {
std::vector<uint8_t> oldCredential;
std::vector<uint8_t> credential;
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H

46
interfaces/innerkits/account_iam/native/include/account_iam_proxy.h Normal file
View File

@ -0,0 +1,46 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H
#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H
#include "account_error_no.h"
#include "account_iam_info.h"
#include "iaccount_iam.h"
#include "iremote_proxy.h"
namespace OHOS {
namespace AccountSA {
class AccountIAMProxy : public IRemoteProxy<IAccountIAM> {
public:
explicit AccountIAMProxy(const sptr<IRemoteObject> &object);
~AccountIAMProxy() override;
ErrCode ActivateUserKey(
std::int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret) override;
ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret) override;
ErrCode RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token) override;
ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token) override;
private:
ErrCode SendRequest(IAccountIAM::Message code, MessageParcel &data, MessageParcel &reply);
private:
static inline BrokerDelegator<AccountIAMProxy> delegator_;
};
} // AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H

45
interfaces/innerkits/account_iam/native/include/iaccount_iam.h Normal file
View File

@ -0,0 +1,45 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H
#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H
#include "account_log_wrapper.h"
#include "iremote_broker.h"
#include "iremote_object.h"
namespace OHOS {
namespace AccountSA {
class IAccountIAM : public IRemoteBroker {
public:
DECLARE_INTERFACE_DESCRIPTOR(u"ohos.accountfwk.IAccountIAM");
virtual ErrCode ActivateUserKey(
int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret) = 0;
virtual ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret) = 0;
virtual ErrCode RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token) = 0;
virtual ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token) = 0;
enum class Message {
ACTIVATE_USER_KEY,
UPDATE_USER_KEY,
REMOVE_USER_KEY,
RESTORE_USER_KEY
};
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H

2
interfaces/innerkits/ohosaccount/native/include/iaccount.h
View File

@ -37,6 +37,7 @@ public:
QUERY_DEVICE_ACCOUNT_ID = 104,
GET_APP_ACCOUNT_SERVICE = 105,
GET_OS_ACCOUNT_SERVICE = 106,
GET_ACCOUNT_IAM_SERVICE = 107,
};
virtual bool UpdateOhosAccountInfo(
@ -46,6 +47,7 @@ public:
virtual std::int32_t QueryDeviceAccountId(std::int32_t &accountId) = 0;
virtual sptr<IRemoteObject> GetAppAccountService() = 0;
virtual sptr<IRemoteObject> GetOsAccountService() = 0;
virtual sptr<IRemoteObject> GetAccountIAMService() = 0;
};
} // namespace AccountSA
} // namespace OHOS

12
os_account.gni
View File

@ -37,6 +37,11 @@ os_account_core_path = "${os_account_path}/frameworks/osaccount/core"
os_account_kits_path = "${os_account_path}/interfaces/kits/napi/osaccount"
os_account_dfx_path = "${os_account_path}/dfx"
account_iam_kits_path = "${os_account_path}/interfaces/kits/napi/account_iam"
account_iam_interfaces_native_path =
"${os_account_path}/interfaces/innerkits/account_iam/native"
account_iam_framework_path = "${os_account_path}/frameworks/account_iam"
if (!defined(global_parts_info) ||
defined(global_parts_info.useriam_user_auth_framework)) {
has_user_auth_part = true
@ -74,6 +79,13 @@ if (!defined(global_parts_info) ||
has_hiviewdfx_hitrace_part = false
}
if (!defined(global_parts_info) ||
defined(global_parts_info.filemanagement_storage_service)) {
has_storage_service_part = true
} else {
has_storage_service_part = false
}
declare_args() {
os_account_multiple_active_accounts = false
}

30
services/accountmgr/BUILD.gn
View File

@ -44,6 +44,7 @@ config("accountmgr_config") {
"${innerkits_path}/include",
"${os_account_dfx_path}/hidumper_adapter",
"${os_account_dfx_path}/hisysevent_adapter",
"${account_iam_interfaces_native_path}/include",
"${app_account_innerkits_native_path}/include",
"//third_party/json/include",
"//third_party/mbedtls/include",
@ -74,6 +75,10 @@ config("accountmgr_public_config") {
"${services_path}/accountmgr/include/appaccount",
"${services_path}/accountmgr/include/osaccount",
]
if (has_user_auth_part) {
include_dirs += [ "${services_path}/accountmgr/include/account_iam" ]
}
}
ability_manager_sources = [
@ -166,6 +171,13 @@ ohos_shared_library("accountmgr") {
sources += ability_manager_sources
sources += bundle_manager_sources
if (has_user_auth_part) {
sources += [
"src/account_iam/account_iam_service.cpp",
"src/account_iam/account_iam_stub.cpp",
]
}
defines = [
"ACCOUNT_LOG_TAG = \"AccountMgrService\"",
"LOG_DOMAIN = 0xD001B00",
@ -189,11 +201,19 @@ ohos_shared_library("accountmgr") {
"//third_party/mbedtls:mbedtls",
]
if (has_user_idm_part) {
cflags_cc += [ "-DHAS_USER_IDM_PART" ]
if (has_user_auth_part) {
cflags_cc += [
"-DHAS_USER_AUTH_PART",
"-DHAS_USER_IDM_PART",
]
deps += [ "//base/useriam/user_auth_framework/frameworks/native/client:userauth_client" ]
}
if (has_pin_auth_part) {
cflags_cc += [ "-DHAS_PIN_AUTH_PART" ]
deps += [ "//base/useriam/pin_auth/frameworks:pinauth_framework" ]
}
external_deps = [
"ability_base:base",
"ability_base:want",
@ -208,9 +228,13 @@ ohos_shared_library("accountmgr") {
"ipc:ipc_core",
"safwk:system_ability_fwk",
"samgr_standard:samgr_proxy",
"storage_service:storage_manager_sa_proxy",
]
if (has_storage_service_part) {
cflags += [ "-DHAS_STORAGE_PART" ]
external_deps += [ "storage_service:storage_manager_sa_proxy" ]
}
if (build_selinux) {
external_deps += [ "selinux:librestorecon" ]
cflags += [ "-DWITH_SELINUX" ]

61
services/accountmgr/include/account_iam/account_iam_service.h Normal file
View File

@ -0,0 +1,61 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H
#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H
#include <vector>
#include "account_iam_stub.h"
#include "account_error_no.h"
#ifdef HAS_STORAGE_PART
#include "istorage_manager.h"
#include "storage_manager.h"
#include "storage_manager_proxy.h"
#endif
namespace OHOS {
namespace AccountSA {
struct CredentialInfo {
uint64_t credentialId = 0;
std::vector<uint8_t> oldSecret;
std::vector<uint8_t> secret;
};
class AccountIAMService : public AccountIAMStub {
public:
AccountIAMService();
~AccountIAMService() override;
ErrCode ActivateUserKey(
int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret) override;
ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret) override;
ErrCode RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token) override;
ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token) override;
private:
ErrCode GetStorageManagerProxy();
private:
#ifdef HAS_STORAGE_PART
sptr<StorageManager::IStorageManager> storageMgrProxy_;
#endif
std::mutex mutex_;
std::map<int32_t, CredentialInfo> credInfoMap_;
DISALLOW_COPY_AND_MOVE(AccountIAMService);
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H

47
services/accountmgr/include/account_iam/account_iam_stub.h Normal file
View File

@ -0,0 +1,47 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H
#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H
#include "iaccount_iam.h"
#include <map>
#include "account_error_no.h"
#include "iremote_stub.h"
namespace OHOS {
namespace AccountSA {
class AccountIAMStub : public IRemoteStub<IAccountIAM> {
public:
using MessageProcFunction = ErrCode (AccountIAMStub::*)(MessageParcel &data, MessageParcel &reply);
AccountIAMStub();
~AccountIAMStub() override;
int OnRemoteRequest(
uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) override;
private:
ErrCode ProcActivateUserKey(MessageParcel &data, MessageParcel &reply);
ErrCode ProcUpdateUserKey(MessageParcel &data, MessageParcel &reply);
ErrCode ProcRemoveUserKey(MessageParcel &data, MessageParcel &reply);
ErrCode ProcResotreUserKey(MessageParcel &data, MessageParcel &reply);
private:
static const std::map<uint32_t, MessageProcFunction> messageProcMap_;
DISALLOW_COPY_AND_MOVE(AccountIAMStub);
};
} // namespace AccountSA
} // namespace OHOS
#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H

3
services/accountmgr/include/account_mgr_service.h
View File

@ -50,6 +50,7 @@ public:
std::int32_t QueryDeviceAccountId(std::int32_t &accountId) override;
sptr<IRemoteObject> GetAppAccountService() override;
sptr<IRemoteObject> GetOsAccountService() override;
sptr<IRemoteObject> GetAccountIAMService() override;
void OnStart() override;
void OnStop() override;
@ -65,6 +66,7 @@ private:
bool Init();
void SelfClean();
std::int32_t GetDeviceAccountIdFromCurrentProcess();
bool CreateIAMService();
bool registerToService_ = false;
ServiceRunningState state_ = ServiceRunningState::STATE_NOT_START;
@ -73,6 +75,7 @@ private:
sptr<IRemoteObject> appAccountManagerService_ = nullptr;
sptr<IRemoteObject> osAccountManagerService_ = nullptr;
sptr<IRemoteObject> accountIAMService_ = nullptr;
OsAccountManagerService* osAccountManagerServiceOrg_ = nullptr;
};
} // namespace AccountSA

2
services/accountmgr/include/account_permission_manager.h
View File

@ -33,6 +33,8 @@ public:
static const std::string MANAGE_LOCAL_ACCOUNTS;
static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION;
static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS;
static const std::string ACCESS_USER_AUTH_INTERNAL;
static const std::string MANAGE_USER_IDM;
};
} // namespace AccountSA
} // namespace OHOS

1
services/accountmgr/include/account_stub.h
View File

@ -40,6 +40,7 @@ private:
std::int32_t CmdQueryDeviceAccountId(MessageParcel &data, MessageParcel &reply);
std::int32_t CmdGetAppAccountService(MessageParcel &data, MessageParcel &reply);
std::int32_t CmdGetOsAccountService(MessageParcel &data, MessageParcel &reply);
std::int32_t CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply);
bool HasAccountRequestPermission(const std::string &permissionName);
bool CheckCallerForTrustList();

192
services/accountmgr/src/account_iam/account_iam_service.cpp Normal file
View File

@ -0,0 +1,192 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "account_iam_service.h"
#include "account_log_wrapper.h"
#include "account_permission_manager.h"
#include "iservice_registry.h"
#include "system_ability_definition.h"
namespace OHOS {
namespace AccountSA {
namespace {
#ifdef HAS_STORAGE_PART
const int32_t ERROR_STORAGE_KEY_NOT_EXIST = -2;
#endif
}
AccountIAMService::AccountIAMService()
{}
AccountIAMService::~AccountIAMService()
{}
ErrCode AccountIAMService::ActivateUserKey(
int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
{
ACCOUNT_LOGD("enter");
#ifdef HAS_STORAGE_PART
ErrCode result = GetStorageManagerProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get storage proxy");
return result;
}
result = storageMgrProxy_->ActiveUserKey(userId, token, secret);
if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
ACCOUNT_LOGD("fail to active user key, error code: %{public}d", result);
return result;
}
storageMgrProxy_->PrepareStartUser(userId);
#endif
std::lock_guard<std::mutex> lock(mutex_);
auto it = credInfoMap_.find(userId);
if (it != credInfoMap_.end()) {
it->second.secret = secret;
} else {
credInfoMap_[userId] = {
.secret = secret
};
}
return ERR_OK;
}
ErrCode AccountIAMService::UpdateUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token, const std::vector<uint8_t> &newSecret)
{
ACCOUNT_LOGD("enter");
ErrCode result = ERR_OK;
CredentialInfo oldCredInfo;
std::lock_guard<std::mutex> lock(mutex_);
auto it = credInfoMap_.find(userId);
if (it != credInfoMap_.end()) {
oldCredInfo = it->second;
}
if (newSecret.empty() && credentialId != oldCredInfo.credentialId) {
ACCOUNT_LOGD("the key do not need to be removed");
return ERR_OK;
}
#ifdef HAS_STORAGE_PART
result = GetStorageManagerProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get storage proxy");
return result;
}
result = storageMgrProxy_->UpdateUserAuth(userId, token, oldCredInfo.secret, newSecret);
if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
ACCOUNT_LOGD("fail to update user auth");
return result;
}
result = storageMgrProxy_->UpdateKeyContext(userId);
#endif
credInfoMap_[userId] = {
.credentialId = credentialId,
.oldSecret = oldCredInfo.secret,
.secret = newSecret
};
return result;
}
ErrCode AccountIAMService::RemoveUserKey(int32_t userId, const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
ErrCode result = ERR_OK;
std::lock_guard<std::mutex> lock(mutex_);
auto it = credInfoMap_.find(userId);
if (it == credInfoMap_.end()) {
return ERR_OK;
}
CredentialInfo oldCredInfo = it->second;
std::vector<uint8_t> newSecret;
#ifdef HAS_STORAGE_PART
result = GetStorageManagerProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get storage proxy");
return result;
}
result = storageMgrProxy_->UpdateUserAuth(userId, token, oldCredInfo.secret, newSecret);
if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
ACCOUNT_LOGD("fail to update user auth");
return result;
}
result = storageMgrProxy_->UpdateKeyContext(userId);
#endif
credInfoMap_[userId] = {
.oldSecret = oldCredInfo.secret,
.secret = newSecret
};
return result;
}
ErrCode AccountIAMService::RestoreUserKey(int32_t userId, uint64_t credentialId,
const std::vector<uint8_t> &token)
{
ACCOUNT_LOGD("enter");
ErrCode result = ERR_OK;
CredentialInfo credInfo;
std::lock_guard<std::mutex> lock(mutex_);
auto it = credInfoMap_.find(userId);
if (it != credInfoMap_.end()) {
credInfo = it->second;
}
if (credentialId != 0 && credInfo.credentialId != credentialId) {
return ERR_OK;
}
#ifdef HAS_STORAGE_PART
result = GetStorageManagerProxy();
if (result != ERR_OK) {
ACCOUNT_LOGD("fail to get storage proxy");
return result;
}
result = storageMgrProxy_->UpdateUserAuth(userId, token, credInfo.secret, credInfo.oldSecret);
if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
ACCOUNT_LOGD("fail to update user auth");
return result;
}
result = storageMgrProxy_->UpdateKeyContext(userId);
#endif
credInfoMap_[userId] = {
.secret = credInfo.oldSecret
};
return result;
}
#ifdef HAS_STORAGE_PART
ErrCode AccountIAMService::GetStorageManagerProxy()
{
ACCOUNT_LOGD("enter");
if (storageMgrProxy_ != nullptr) {
return ERR_OK;
}
auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
ACCOUNT_LOGD("failed to get system ability mgr");
return ERR_ACCOUNT_IAM_SERVICE_GET_STORAGE_SYSTEM_ABILITY;
}
auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
if (!remote) {
ACCOUNT_LOGD("failed to get STORAGE_MANAGER_MANAGER_ID service");
return ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR;
}
storageMgrProxy_ = iface_cast<StorageManager::IStorageManager>(remote);
if (!storageMgrProxy_) {
ACCOUNT_LOGD("failed to get STORAGE_MANAGER_MANAGER_ID proxy");
return ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR;
}
return ERR_OK;
}
#endif
} // namespace AccountSA
} // namespace OHOS

129
services/accountmgr/src/account_iam/account_iam_stub.cpp Normal file
View File

@ -0,0 +1,129 @@
/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#include "account_iam_stub.h"
#include "account_log_wrapper.h"
namespace OHOS {
namespace AccountSA {
AccountIAMStub::AccountIAMStub()
{}
AccountIAMStub::~AccountIAMStub()
{}
const std::map<uint32_t, AccountIAMStub::MessageProcFunction> AccountIAMStub::messageProcMap_ = {
{
static_cast<uint32_t>(IAccountIAM::Message::ACTIVATE_USER_KEY),
&AccountIAMStub::ProcActivateUserKey
},
{
static_cast<uint32_t>(IAccountIAM::Message::UPDATE_USER_KEY),
&AccountIAMStub::ProcUpdateUserKey
},
{
static_cast<uint32_t>(IAccountIAM::Message::REMOVE_USER_KEY),
&AccountIAMStub::ProcRemoveUserKey
},
{
static_cast<uint32_t>(IAccountIAM::Message::RESTORE_USER_KEY),
&AccountIAMStub::ProcResotreUserKey
}
};
std::int32_t AccountIAMStub::OnRemoteRequest(
std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
{
ACCOUNT_LOGD("Received stub message: %{public}d", code);
if (data.ReadInterfaceToken() != GetDescriptor()) {
ACCOUNT_LOGD("check descriptor failed! code %{public}u.", code);
return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR;
}
const auto &itFunc = messageProcMap_.find(code);
if (itFunc != messageProcMap_.end()) {
return (this->*(itFunc->second))(data, reply);
}
ACCOUNT_LOGW("remote request unhandled: %{public}d", code);
return IPCObjectStub::OnRemoteRequest(code, data, reply, option);
}
ErrCode AccountIAMStub::ProcActivateUserKey(MessageParcel &data, MessageParcel &reply)
{
int32_t userId = 0;
data.ReadInt32(userId);
std::vector<uint8_t> token;
data.ReadUInt8Vector(&token);
std::vector<uint8_t> secret;
data.ReadUInt8Vector(&secret);
ErrCode result = ActivateUserKey(userId, token, secret);
if (!reply.WriteInt32(result)) {
ACCOUNT_LOGD("failed to write reply");
return IPC_STUB_WRITE_PARCEL_ERR;
}
return ERR_NONE;
}
ErrCode AccountIAMStub::ProcUpdateUserKey(MessageParcel &data, MessageParcel &reply)
{
int32_t userId = 0;
data.ReadInt32(userId);
uint64_t credentialId = 0;
data.ReadUint64(credentialId);
std::vector<uint8_t> token;
data.ReadUInt8Vector(&token);
std::vector<uint8_t> newSecret;
data.ReadUInt8Vector(&newSecret);
ErrCode result = UpdateUserKey(userId, credentialId, token, newSecret);
if (!reply.WriteInt32(result)) {
ACCOUNT_LOGD("failed to write reply");
return IPC_STUB_WRITE_PARCEL_ERR;
}
return ERR_NONE;
}
ErrCode AccountIAMStub::ProcRemoveUserKey(MessageParcel &data, MessageParcel &reply)
{
int32_t userId = 0;
data.ReadInt32(userId);
std::vector<uint8_t> token;
data.ReadUInt8Vector(&token);
ErrCode result = RemoveUserKey(userId, token);
if (!reply.WriteInt32(result)) {
ACCOUNT_LOGD("failed to write reply");
return IPC_STUB_WRITE_PARCEL_ERR;
}
return ERR_NONE;
}
ErrCode AccountIAMStub::ProcResotreUserKey(MessageParcel &data, MessageParcel &reply)
{
int32_t userId = 0;
data.ReadInt32(userId);
uint64_t credentialId = 0;
data.ReadUint64(credentialId);
std::vector<uint8_t> token;
data.ReadUInt8Vector(&token);
ErrCode result = RestoreUserKey(userId, credentialId, token);
if (!reply.WriteInt32(result)) {
ACCOUNT_LOGD("failed to write reply");
return IPC_STUB_WRITE_PARCEL_ERR;
}
return ERR_NONE;
}
} // AccountSA
} // OHOS

27
services/accountmgr/src/account_mgr_service.cpp
View File

@ -16,6 +16,9 @@
#include "account_mgr_service.h"
#include <cerrno>
#include "account_dump_helper.h"
#if defined(HAS_USER_AUTH_PART)
#include "account_iam_service.h"
#endif
#include "account_log_wrapper.h"
#include "app_account_manager_service.h"
#include "datetime_ex.h"
@ -107,6 +110,7 @@ sptr<IRemoteObject> AccountMgrService::GetAppAccountService()
return appAccountManagerService_;
}
sptr<IRemoteObject> AccountMgrService::GetOsAccountService()
{
ACCOUNT_LOGD("enter");
@ -114,6 +118,13 @@ sptr<IRemoteObject> AccountMgrService::GetOsAccountService()
return osAccountManagerService_;
}
sptr<IRemoteObject> AccountMgrService::GetAccountIAMService()
{
ACCOUNT_LOGD("enter");
return accountIAMService_;
}
bool AccountMgrService::IsServiceStarted(void) const
{
return (state_ == STATE_RUNNING);
@ -197,6 +208,9 @@ bool AccountMgrService::Init()
"Insufficient memory to create os account manager service");
return false;
}
if (!CreateIAMService()) {
return false;
}
dumpHelper_ = std::make_unique<AccountDumpHelper>(ohosAccountMgr_, osAccountManagerServiceOrg_);
appAccountManagerService_ = appAccountManagerService->AsObject();
osAccountManagerService_ = osAccountManagerServiceOrg_->AsObject();
@ -204,6 +218,19 @@ bool AccountMgrService::Init()
return true;
}
bool AccountMgrService::CreateIAMService()
{
#if defined(HAS_USER_AUTH_PART)
auto accountIAMService = new (std::nothrow) AccountIAMService();
if (accountIAMService == nullptr) {
ACCOUNT_LOGE("memory alloc for AccountIAMService failed!");
return false;
}
accountIAMService_ = accountIAMService->AsObject();
#endif
return true;
}
std::int32_t AccountMgrService::Dump(std::int32_t fd, const std::vector<std::u16string> &args)
{
if (fd < 0) {

3
services/accountmgr/src/account_permission_manager.cpp
View File

@ -30,6 +30,9 @@ const std::string AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTEN
"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION";
const std::string AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS =
"ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS";
const std::string AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
const std::string AccountPermissionManager::MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
AccountPermissionManager::AccountPermissionManager()
{
ACCOUNT_LOGD("enter");

14
services/accountmgr/src/account_stub.cpp
View File

@ -47,6 +47,7 @@ const std::map<std::uint32_t, AccountStubFunc> AccountStub::stubFuncMap_{
std::make_pair(QUERY_DEVICE_ACCOUNT_ID, &AccountStub::CmdQueryDeviceAccountId),
std::make_pair(GET_APP_ACCOUNT_SERVICE, &AccountStub::CmdGetAppAccountService),
std::make_pair(GET_OS_ACCOUNT_SERVICE, &AccountStub::CmdGetOsAccountService),
std::make_pair(GET_ACCOUNT_IAM_SERVICE, &AccountStub::CmdGetAccountIAMService),
};
std::int32_t AccountStub::CmdUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply)
@ -206,6 +207,19 @@ std::int32_t AccountStub::CmdGetOsAccountService(MessageParcel &data, MessagePar
return ERR_OK;
}
std::int32_t AccountStub::CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply)
{
ACCOUNT_LOGD("enter");
auto remoteObject = GetAccountIAMService();
if (!reply.WriteRemoteObject(remoteObject)) {
ACCOUNT_LOGE("Write result data failed");
return ERR_ACCOUNT_ZIDL_WRITE_RESULT_ERROR;
}
return ERR_OK;
}
std::int32_t AccountStub::OnRemoteRequest(
std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option)
{

12
services/accountmgr/src/osaccount/os_account_interface.cpp
View File

@ -28,12 +28,16 @@
#include "hitrace_meter.h"
#include "if_system_ability_manager.h"
#include "iservice_registry.h"
#ifdef HAS_STORAGE_PART
#include "istorage_manager.h"
#endif
#include "os_account_constants.h"
#include "os_account_delete_user_idm_callback.h"
#include "os_account_stop_user_callback.h"
#ifdef HAS_STORAGE_PART
#include "storage_manager.h"
#include "storage_manager_proxy.h"
#endif
#include "system_ability_definition.h"
#ifdef HAS_USER_IDM_PART
#include "user_idm_client.h"
@ -226,6 +230,7 @@ void OsAccountInterface::SendToCESAccountSwitched(OsAccountInfo &osAccountInfo)
ErrCode OsAccountInterface::SendToStorageAccountCreate(OsAccountInfo &osAccountInfo)
{
ACCOUNT_LOGI("start");
#ifdef HAS_STORAGE_PART
auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
ACCOUNT_LOGE("failed to get system ability mgr.");
@ -258,12 +263,14 @@ ErrCode OsAccountInterface::SendToStorageAccountCreate(OsAccountInfo &osAccountI
ACCOUNT_LOGI("end, Storage PrepareAddUser ret %{public}d.", err);
FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER);
#endif
return ERR_OK;
}
ErrCode OsAccountInterface::SendToStorageAccountRemove(OsAccountInfo &osAccountInfo)
{
ACCOUNT_LOGI("start");
#ifdef HAS_STORAGE_PART
auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
ACCOUNT_LOGE("failed to get system ability mgr.");
@ -297,12 +304,14 @@ ErrCode OsAccountInterface::SendToStorageAccountRemove(OsAccountInfo &osAccountI
ACCOUNT_LOGI("end, Storage RemoveUser ret %{public}d.", err);
FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER);
#endif
return ERR_OK;
}
ErrCode OsAccountInterface::SendToStorageAccountStart(OsAccountInfo &osAccountInfo)
{
ACCOUNT_LOGI("start");
#ifdef HAS_STORAGE_PART
auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
ACCOUNT_LOGE("failed to get system ability mgr.");
@ -336,12 +345,14 @@ ErrCode OsAccountInterface::SendToStorageAccountStart(OsAccountInfo &osAccountIn
}
ACCOUNT_LOGI("end, Storage PrepareStartUser ret %{public}d.", err);
FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER);
#endif
return ERR_OK;
}
ErrCode OsAccountInterface::SendToStorageAccountStop(OsAccountInfo &osAccountInfo)
{
ACCOUNT_LOGI("start");
#ifdef HAS_STORAGE_PART
auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
if (!systemAbilityManager) {
ACCOUNT_LOGE("failed to get system ability mgr.");
@ -377,6 +388,7 @@ ErrCode OsAccountInterface::SendToStorageAccountStop(OsAccountInfo &osAccountInf
}
ACCOUNT_LOGI("end, Storage StopUser ret %{public}d", err);
FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER);
#endif
return ERR_OK;
}
} // namespace AccountSA