diff --git a/frameworks/account_iam/BUILD.gn b/frameworks/account_iam/BUILD.gn new file mode 100644 index 000000000..c3167cddb --- /dev/null +++ b/frameworks/account_iam/BUILD.gn @@ -0,0 +1,95 @@ +# Copyright (c) 2022 Huawei Device Co., Ltd. +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +import("//base/account/os_account/os_account.gni") +import("//build/ohos.gni") + +config("account_iam_innnerkits_config") { + visibility = [ ":*" ] + + include_dirs = [ + "${account_iam_interfaces_native_path}/include", + "${innerkits_path}/include", + ] + + cflags = [] + if (target_cpu == "arm") { + cflags += [ "-DBINDER_IPC_32BIT" ] + } + + cflags += [ "-pipe" ] + cflags_cc = [ + "-Wdate-time", + "-Wformat=2", + "-Wfloat-equal", + "-Wshadow", + ] + + defines = [ + "ACCOUNT_LOG_TAG = \"AccountIAMFwk\"", + "LOG_DOMAIN = 0xD001B00", + ] +} + +config("account_iam_innerkits_public_config") { + visibility = [ ":*" ] + + include_dirs = [ + "${account_iam_interfaces_native_path}/include", + "${innerkits_native_path}/include", + "//base/useriam/pin_auth/frameworks/ipc/common_defines", + "//base/useriam/pin_auth/frameworks/ipc/inc", + "//base/useriam/pin_auth/interfaces/inner_api", + "//base/useriam/user_auth_framework/interfaces/inner_api", + ] +} + +ohos_shared_library("account_iam_innerkits") { + sources = [ + "${account_iam_framework_path}/src/account_iam_callback.cpp", + "${account_iam_framework_path}/src/account_iam_client.cpp", + "${account_iam_framework_path}/src/account_iam_proxy.cpp", + ] + + configs = [ ":account_iam_innnerkits_config" ] + + public_configs = [ ":account_iam_innerkits_public_config" ] + + deps = [ + "${common_path}:libaccount_common", + "${innerkits_native_path}:libaccountkits", + "${os_account_innerkits_native_path}:os_account_innerkits", + "//utils/native/base:utils", + ] + + if (has_pin_auth_part) { + deps += [ "//base/useriam/pin_auth/frameworks:pinauth_framework" ] + } + + if (has_user_auth_part) { + deps += [ + "//base/useriam/user_auth_framework/frameworks/native/client:userauth_client", + "//base/useriam/user_auth_framework/frameworks/native/ipc:userauth_client_ipc", + ] + } + + external_deps = [ + "hiviewdfx_hilog_native:libhilog", + "ipc:ipc_core", + "safwk:system_ability_fwk", + "samgr_standard:samgr_proxy", + ] + + subsystem_name = "account" + part_name = "os_account" +} diff --git a/frameworks/account_iam/src/account_iam_callback.cpp b/frameworks/account_iam/src/account_iam_callback.cpp new file mode 100644 index 000000000..b039855e4 --- /dev/null +++ b/frameworks/account_iam/src/account_iam_callback.cpp @@ -0,0 +1,327 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "account_iam_callback.h" + +#include "account_iam_client.h" +#include "account_log_wrapper.h" +#include "os_account_manager.h" +#include "pinauth_register.h" +#include "user_auth_client.h" +#include "user_idm_client.h" + +namespace OHOS { +namespace AccountSA { +using UserIDMClient = UserIam::UserAuth::UserIdmClient; +using UserAuthClient = UserIam::UserAuth::UserAuthClient; + +AuthCallback::AuthCallback(uint32_t userId, const std::shared_ptr &callback) + : userId_(userId), innerCallback_(callback) +{} + +AuthCallback::~AuthCallback() +{} + +void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("enter"); + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("innerCallback_ is nullptr"); + return; + } + if (result != 0) { + innerCallback_->OnResult(result, extraInfo); + return; + } + std::vector token; + std::vector secret; + extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token); + extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret); + int32_t activeResult = + AccountIAMClient::GetInstance().ActivateUserKey(userId_, token, secret); + if (activeResult != 0) { + ACCOUNT_LOGE("failed to activate user key"); + int32_t remainTimes = 0; + int32_t freezingTime = 0; + extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes); + extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime); + Attributes errInfo; + errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes); + errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime); + innerCallback_->OnResult(ResultCode::FAIL, errInfo); + } else { + innerCallback_->OnResult(result, extraInfo); + } +} + +void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) +{ + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("innerCallback_ is nullptr"); + return; + } + innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo); +} + +IDMAuthCallback::IDMAuthCallback(uint32_t userId, const CredentialParameters &credInfo, + int32_t oldResult, const Attributes &reqResult, const std::shared_ptr &idmCallback) + : userId_(userId), credInfo_(credInfo), oldResult_(oldResult), idmCallback_(idmCallback) +{ + reqResult.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_); + reqResult_.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_); +} + +IDMAuthCallback::~IDMAuthCallback() +{} + +void IDMAuthCallback::OnResult(int32_t result, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("enter"); + if (idmCallback_ == nullptr) { + ACCOUNT_LOGD("inner callback is nullptr"); + return; + } + if (result != 0) { + idmCallback_->OnResult(ResultCode::FAIL, reqResult_); + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + return; + } + std::vector token; + std::vector secret; + extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token); + extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret); + int32_t updateKeyResult = AccountIAMClient::GetInstance().UpdateUserKey( + userId_, credentialId_, token, secret); + if (updateKeyResult == 0) { + ACCOUNT_LOGD("unlock user key successfully"); + idmCallback_->OnResult(oldResult_, reqResult_); + return; + } + IAMState state = AccountIAMClient::GetInstance().GetState(userId_); + if (state == AFTER_ADD_CRED) { + ACCOUNT_LOGE("failed to unlock user key, delete the added credential"); + AccountIAMClient::GetInstance().SetState(userId_, ROLL_BACK_ADD_CRED); + auto delCallback = std::make_shared(userId_, credentialId_, token, idmCallback_); + UserIDMClient::GetInstance().DeleteCredential(userId_, credentialId_, token, delCallback); + } else if (state == AFTER_UPDATE_CRED) { + ACCOUNT_LOGE("failed to unlock user key, restore the old credential"); + AccountIAMClient::GetInstance().SetState(userId_, ROLL_BACK_UPDATE_CRED); + credInfo_.token = token; + auto updateCallback = std::make_shared(userId_, credInfo_, idmCallback_); + UserIDMClient::GetInstance().UpdateCredential(0, credInfo_, updateCallback); + } else { + idmCallback_->OnResult(oldResult_, reqResult_); + } +} + +void IDMAuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("unsupported operation"); +} + +AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo, + const std::shared_ptr &callback) + : userId_(userId), credInfo_(credInfo), innerCallback_(callback) +{} + +AddCredCallback::~AddCredCallback() +{} + +void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("enter"); + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("inner callback is nullptr"); + return; + } + if (result != 0) { + ACCOUNT_LOGD("failed to add credential"); + innerCallback_->OnResult(result, extraInfo); + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + return; + } + AccountIAMClient::GetInstance().SetState(userId_, AFTER_ADD_CRED); + std::vector challenge; + AccountIAMClient::GetInstance().GetChallenge(userId_, challenge); + auto callback = std::make_shared(userId_, credInfo_, result, extraInfo, innerCallback_); + UserAuthClient::GetInstance().BeginAuthentication( + userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback); +} + +void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) +{ + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("innerCallback_ is nullptr"); + return; + } + innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo); +} + +UpdateCredCallback::UpdateCredCallback( + uint32_t userId, const CredentialParameters &credInfo, const std::shared_ptr &callback) + : userId_(userId), credInfo_(credInfo), innerCallback_(callback) +{} + +UpdateCredCallback::~UpdateCredCallback() +{} + +void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("enter"); + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("inner callback is nullptr"); + return; + } + IAMState state = AccountIAMClient::GetInstance().GetState(userId_); + if (state == ROLL_BACK_UPDATE_CRED) { + if (result != 0) { + ACCOUNT_LOGE("roll back credential failed"); + } else { + ACCOUNT_LOGD("roll back credential successully"); + } + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + Attributes errResult; + innerCallback_->OnResult(ResultCode::FAIL, errResult); + return; + } + if (result != 0) { + ACCOUNT_LOGD("failed to update credential"); + innerCallback_->OnResult(result, extraInfo); + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + return; + } + AccountIAMClient::GetInstance().SetState(userId_, AFTER_UPDATE_CRED); + std::vector challenge; + AccountIAMClient::GetInstance().GetChallenge(userId_, challenge); + auto callback = std::make_shared(userId_, credInfo_, result, extraInfo, innerCallback_); + UserAuthClient::GetInstance().BeginAuthentication( + userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback); +} + +void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) +{ + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("innerCallback_ is nullptr"); + return; + } + innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo); +} + +DelCredCallback::DelCredCallback(int32_t userId, uint64_t credentialId, const std::vector &authToken, + const std::shared_ptr &callback) + : userId_(userId), credentialId_(credentialId), authToken_(authToken), innerCallback_(callback) +{} + +DelCredCallback::~DelCredCallback() +{} + +void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo) +{ + ACCOUNT_LOGD("enter"); + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("innerCallback_ is nullptr"); + return; + } + IAMState state = AccountIAMClient::GetInstance().GetState(userId_); + if (state == ROLL_BACK_ADD_CRED) { + if (result != 0) { + ACCOUNT_LOGE("roll back credential failed"); + } else { + ACCOUNT_LOGD("roll back credential successully"); + } + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + Attributes errResult; + innerCallback_->OnResult(ResultCode::FAIL, errResult); + return; + } + if (result == 0) { + AccountIAMClient::GetInstance().SetState(userId_, AFTER_OPEN_SESSION); + } else { + AccountIAMClient::GetInstance().RestoreUserKey(userId_, credentialId_, authToken_); + } + innerCallback_->OnResult(result, extraInfo); +} + +void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) +{ + if (innerCallback_ == nullptr) { + ACCOUNT_LOGD("inner callback is nullptr"); + return; + } + innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo); +} + +IAMInputerData::IAMInputerData(int32_t userId, const std::shared_ptr &inputerData) + : userId_(userId), innerInputerData_(inputerData) +{} + +IAMInputerData::~IAMInputerData() +{} + +void IAMInputerData::OnSetData(int32_t authSubType, std::vector data) +{ + AccountIAMClient::GetInstance().SetCredential(userId_, authSubType, data); + AccountIAMClient::GetInstance().SetCredential(userId_, 0, data); + innerInputerData_->OnSetData(authSubType, data); +} + +void IAMInputerData::ResetInnerInputerData(const std::shared_ptr &inputerData) +{ + innerInputerData_ = inputerData; +} + +IAMInputer::IAMInputer(int32_t userId, const std::shared_ptr &inputer) + : userId_(userId), innerInputer_(inputer) +{ + auto iamInputerData = new (std::nothrow) IAMInputerData(userId, nullptr); + if (iamInputerData == nullptr) { + ACCOUNT_LOGD("failed to create IAMInputerData"); + return; + } + inputerData_.reset(iamInputerData); +} + +IAMInputer::~IAMInputer() +{} + +void IAMInputer::OnGetData(int32_t authSubType, std::shared_ptr inputerData) +{ + ACCOUNT_LOGD("enter"); + if (inputerData_ == nullptr) { + ACCOUNT_LOGD("inputerData_ is nullptr"); + return; + } + inputerData_->ResetInnerInputerData(inputerData); + IAMState state = AccountIAMClient::GetInstance().GetState(userId_); + if (state < AFTER_ADD_CRED) { + innerInputer_->OnGetData(authSubType, inputerData_); + return; + } + CredentialPair credPair; + AccountIAMClient::GetInstance().GetCredential(userId_, authSubType, credPair); + if (state == ROLL_BACK_UPDATE_CRED) { + inputerData->OnSetData(authSubType, credPair.oldCredential); + } else { + inputerData->OnSetData(authSubType, credPair.credential); + } +} + +void IAMInputer::ResetInnerInputer(const std::shared_ptr &inputer) +{ + innerInputer_ = inputer; +} +} // namespace AccountSA +} // namespace OHOS diff --git a/frameworks/account_iam/src/account_iam_client.cpp b/frameworks/account_iam/src/account_iam_client.cpp new file mode 100644 index 000000000..df37d5749 --- /dev/null +++ b/frameworks/account_iam/src/account_iam_client.cpp @@ -0,0 +1,418 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "account_iam_client.h" + +#include "account_iam_callback.h" +#include "account_log_wrapper.h" +#include "account_proxy.h" +#include "iservice_registry.h" +#include "os_account_manager.h" +#include "pinauth_register.h" +#include "system_ability_definition.h" +#include "user_auth_client.h" +#include "user_auth_client_impl.h" +#include "user_idm_client.h" + +namespace OHOS { +namespace AccountSA { +using UserIDMClient = UserIam::UserAuth::UserIdmClient; +using UserAuthClient = UserIam::UserAuth::UserAuthClient; +using PinAuthRegister = UserIam::PinAuth::PinAuthRegister; +using UserAuthClientImpl = UserIam::UserAuth::UserAuthClientImpl; + +AccountIAMClient::AccountIAMClient() +{ + userStateMap_[0] = IDLE; +} + +ErrCode AccountIAMClient::OpenSession(int32_t userId, std::vector &challenge) +{ + challenge = UserIDMClient::GetInstance().OpenSession(userId); + std::lock_guard lock(mutex_); + userStateMap_[userId] = AFTER_OPEN_SESSION; + userChallengeMap_[userId] = challenge; + return ERR_OK; +} + +ErrCode AccountIAMClient::CloseSession(int32_t userId) +{ + UserIDMClient::GetInstance().CloseSession(userId); + std::lock_guard lock(mutex_); + if (userId == 0) { + userStateMap_[0] = IDLE; + } else { + userStateMap_.erase(userId); + } + userChallengeMap_.erase(userId); + return ERR_OK; +} + +ErrCode AccountIAMClient::AddCredential(const CredentialParameters& credInfo, + const std::shared_ptr& callback) +{ + ACCOUNT_LOGD("enter"); + if (callback == nullptr) { + ACCOUNT_LOGD("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + if (credInfo.authType != AuthType::PIN) { + UserIDMClient::GetInstance().AddCredential(0, credInfo, callback); + return ERR_OK; + } + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + auto idmCallback = std::make_shared(userId, credInfo, callback); + UserIDMClient::GetInstance().AddCredential(0, credInfo, idmCallback); + return ERR_OK; +} + +ErrCode AccountIAMClient::UpdateCredential(const CredentialParameters& credInfo, + const std::shared_ptr& callback) +{ + ACCOUNT_LOGD("enter"); + if (callback == nullptr) { + ACCOUNT_LOGD("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + if (credInfo.token.empty()) { + ACCOUNT_LOGD("token is empty"); + Attributes emptyResult; + callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult); + return ERR_OK; + } + if (credInfo.authType != AuthType::PIN) { + UserIDMClient::GetInstance().UpdateCredential(0, credInfo, callback); + return ERR_OK; + } + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + auto idmCallback = std::make_shared(userId, credInfo, callback); + UserIDMClient::GetInstance().UpdateCredential(0, credInfo, idmCallback); + return ERR_OK; +} + +ErrCode AccountIAMClient::DelCred(uint64_t credentialId, std::vector authToken, + const std::shared_ptr& callback) +{ + ACCOUNT_LOGD("enter"); + if (callback == nullptr) { + ACCOUNT_LOGD("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + Attributes errResult; + if (authToken.empty()) { + ACCOUNT_LOGD("token is empty"); + callback->OnResult(ResultCode::INVALID_PARAMETERS, errResult); + return ERR_OK; + } + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + std::vector secret; + ErrCode result = UpdateUserKey(userId, credentialId, authToken, secret); + if (result != ERR_OK) { + callback->OnResult(result, errResult); + return ERR_OK; + } + auto idmCallback = std::make_shared(userId, credentialId, authToken, callback); + UserIDMClient::GetInstance().DeleteCredential(0, credentialId, authToken, idmCallback); + return ERR_OK; +} + +ErrCode AccountIAMClient::DelUser(std::vector authToken, + const std::shared_ptr& callback) +{ + ACCOUNT_LOGD("enter"); + if (callback == nullptr) { + ACCOUNT_LOGD("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + Attributes errResult; + if (authToken.empty()) { + ACCOUNT_LOGD("token is empty"); + callback->OnResult(ResultCode::INVALID_PARAMETERS, errResult); + return ERR_OK; + } + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + ErrCode result = RemoveUserKey(userId, authToken); + if (result != ERR_OK) { + callback->OnResult(result, errResult); + return ERR_OK; + } + auto idmCallback = std::make_shared(userId, 0, authToken, callback); + UserIDMClient::GetInstance().DeleteUser(userId, authToken, idmCallback); + return ERR_OK; +} + +ErrCode AccountIAMClient::GetAuthInfo(AuthType authType, const std::shared_ptr& callback) +{ + UserIDMClient::GetInstance().GetCredentialInfo(0, authType, callback); + return ERR_OK; +} + +ErrCode AccountIAMClient::Cancel(uint64_t challenge, int32_t &resultCode) +{ + resultCode = UserIDMClient::GetInstance().Cancel(challenge); + return ERR_OK; +} + +ErrCode AccountIAMClient::Auth(const std::vector &challenge, const AuthType authType, + const AuthTrustLevel authTrustLevel, const std::shared_ptr &callback, uint64_t &contextId) +{ + ACCOUNT_LOGD("enter"); + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + return AuthUser(userId, challenge, authType, authTrustLevel, callback, contextId); +} + +ErrCode AccountIAMClient::AuthUser( + const int32_t userId, const std::vector &challenge, const AuthType authType, + const AuthTrustLevel authTrustLevel, const std::shared_ptr &callback, uint64_t &contextId) +{ + ACCOUNT_LOGD("enter"); + if (callback == nullptr) { + ACCOUNT_LOGD("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + if (authType != AuthType::PIN) { + contextId = UserAuthClient::GetInstance().BeginAuthentication( + userId, challenge, authType, authTrustLevel, callback); + return ERR_OK; + } + auto userAuthCallback = std::make_shared(userId, callback); + contextId = UserAuthClient::GetInstance().BeginAuthentication( + userId, challenge, authType, authTrustLevel, userAuthCallback); + return ERR_OK; +} + +ErrCode AccountIAMClient::CancelAuth(const uint64_t contextId, int32_t &resultCode) +{ + resultCode = UserAuthClient::GetInstance().CancelAuthentication(contextId); + return ERR_OK; +} + +ErrCode AccountIAMClient::GetAvailableStatus( + const AuthType authType, const AuthTrustLevel authTrustLevel, int32_t &status) +{ + status = UserAuthClientImpl::Instance().GetAvailableStatus(authType, authTrustLevel); + return ERR_OK; +} + +ErrCode AccountIAMClient::GetProperty(const GetPropertyRequest &request, std::shared_ptr callback) +{ + UserAuthClient::GetInstance().GetProperty(0, request, callback); + return ERR_OK; +} + +ErrCode AccountIAMClient::SetProperty(const SetPropertyRequest &request, std::shared_ptr callback) +{ + UserAuthClient::GetInstance().SetProperty(0, request, callback); + return ERR_OK; +} + +ErrCode AccountIAMClient::RegisterInputer(const std::shared_ptr inputer, bool &isSucceed) +{ + ACCOUNT_LOGD("enter"); + isSucceed = false; + int32_t userId = 0; + OsAccountManager::GetOsAccountLocalIdFromProcess(userId); + auto iamInputer = std::make_shared(userId, inputer); + isSucceed = PinAuthRegister::GetInstance().RegisterInputer(iamInputer); + return ERR_OK; +} + +ErrCode AccountIAMClient::UnRegisterInputer() +{ + ACCOUNT_LOGD("enter"); + PinAuthRegister::GetInstance().UnRegisterInputer(); + return ERR_OK; +} + +IAMState AccountIAMClient::GetState(int32_t userId) +{ + ACCOUNT_LOGD("enter"); + std::lock_guard lock(mutex_); + auto it = userStateMap_.find(userId); + if (it != userStateMap_.end()) { + return it->second; + } + return userStateMap_[0]; +} + +void AccountIAMClient::SetState(int32_t userId, IAMState state) +{ + ACCOUNT_LOGD("enter"); + std::lock_guard lock(mutex_); + userStateMap_[userId] = state; +} + +void AccountIAMClient::GetChallenge(int32_t userId, std::vector &challenge) +{ + ACCOUNT_LOGD("enter"); + std::lock_guard lock(mutex_); + auto it = userChallengeMap_.find(userId); + if (it != userChallengeMap_.end()) { + challenge = it->second; + } else { + challenge = userChallengeMap_[0]; + } +} + +void AccountIAMClient::GetCredential(int32_t userId, int32_t authSubType, CredentialPair &credPair) +{ + ACCOUNT_LOGD("enter"); + std::string key = std::to_string(userId) + std::to_string(authSubType); + std::lock_guard lock(mutex_); + auto it = credentialMap_.find(key); + if (it != credentialMap_.end()) { + credPair = it->second; + } +} + +void AccountIAMClient::SetCredential(int32_t userId, int32_t authSubType, const std::vector &credential) +{ + ACCOUNT_LOGD("enter"); + std::string key = std::to_string(userId) + std::to_string(authSubType); + std::lock_guard lock(mutex_); + auto it = credentialMap_.find(key); + if (it != credentialMap_.end()) { + it->second.oldCredential = it->second.credential; + it->second.credential = credential; + return; + } + credentialMap_[key] = { + .credential = credential + }; +} + +void AccountIAMClient::ClearCredential(int32_t userId, int32_t authSubType) +{ + std::string key = std::to_string(userId) + std::to_string(authSubType); + std::lock_guard lock(mutex_); + credentialMap_.erase(key); +} + +ErrCode AccountIAMClient::ActivateUserKey( + int32_t userId, const std::vector &token, const std::vector &secret) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = GetAccountIAMProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get account iam proxy"); + return result; + } + return proxy_->ActivateUserKey(userId, token, secret); +} + +ErrCode AccountIAMClient::UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = GetAccountIAMProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get account iam proxy"); + return result; + } + return proxy_->UpdateUserKey(userId, credentialId, token, newSecret); +} + +ErrCode AccountIAMClient::RemoveUserKey(int32_t userId, const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = GetAccountIAMProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get account iam proxy"); + return result; + } + return proxy_->RemoveUserKey(userId, token); +} + +ErrCode AccountIAMClient::RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = GetAccountIAMProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get account iam proxy"); + return result; + } + return proxy_->RestoreUserKey(userId, credentialId, token); +} + +void AccountIAMClient::ResetAccountIAMProxy(const wptr& remote) +{ + std::lock_guard lock(mutex_); + if (proxy_ == nullptr) { + ACCOUNT_LOGD("proxy is nullptr"); + return; + } + auto serviceRemote = proxy_->AsObject(); + if ((serviceRemote != nullptr) && (serviceRemote == remote.promote())) { + serviceRemote->RemoveDeathRecipient(deathRecipient_); + proxy_ = nullptr; + } +} + +void AccountIAMClient::AccountIAMDeathRecipient::OnRemoteDied(const wptr& remote) +{ + if (remote == nullptr) { + ACCOUNT_LOGD("remote is nullptr"); + return; + } + AccountIAMClient::GetInstance().ResetAccountIAMProxy(remote); +} + +ErrCode AccountIAMClient::GetAccountIAMProxy() +{ + std::lock_guard lock(mutex_); + if (proxy_ != nullptr) { + return ERR_OK; + } + sptr saMgr = + SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (!saMgr) { + ACCOUNT_LOGD("failed to get system ability manager"); + return ERR_APPACCOUNT_KIT_GET_SYSTEM_ABILITY_MANAGER; + } + sptr remoteObject = saMgr->GetSystemAbility(SUBSYS_ACCOUNT_SYS_ABILITY_ID_BEGIN); + if (!remoteObject) { + ACCOUNT_LOGD("failed to get account system ability"); + return ERR_APPACCOUNT_KIT_GET_ACCOUNT_SYSTEM_ABILITY; + } + sptr accountProxy = iface_cast(remoteObject); + if (!accountProxy) { + ACCOUNT_LOGD("failed to cast account proxy"); + return ERR_APPACCOUNT_KIT_CAST_ACCOUNT_PROXY; + } + sptr accountIAMRemoteObject = accountProxy->GetAccountIAMService(); + if (!accountIAMRemoteObject) { + ACCOUNT_LOGD("failed to get account iam service"); + return ERR_APPACCOUNT_KIT_GET_APP_ACCOUNT_SERVICE; + } + proxy_ = iface_cast(accountIAMRemoteObject); + if ((!proxy_) || (!proxy_->AsObject())) { + ACCOUNT_LOGD("failed to cast account iam proxy"); + return ERR_APPACCOUNT_KIT_GET_APP_ACCOUNT_PROXY; + } + deathRecipient_ = new (std::nothrow) AccountIAMDeathRecipient(); + if (!deathRecipient_) { + ACCOUNT_LOGD("failed to create account iam death recipient"); + return ERR_APPACCOUNT_KIT_CREATE_APP_ACCOUNT_DEATH_RECIPIENT; + } + proxy_->AsObject()->AddDeathRecipient(deathRecipient_); + return ERR_OK; +} +} // namespace AccountSA +} // namespace OHOS diff --git a/frameworks/account_iam/src/account_iam_proxy.cpp b/frameworks/account_iam/src/account_iam_proxy.cpp new file mode 100644 index 000000000..672ce4a11 --- /dev/null +++ b/frameworks/account_iam/src/account_iam_proxy.cpp @@ -0,0 +1,164 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "account_iam_proxy.h" + +#include "account_log_wrapper.h" + +namespace OHOS { +namespace AccountSA { +AccountIAMProxy::AccountIAMProxy(const sptr &object) : IRemoteProxy(object) +{} + +AccountIAMProxy::~AccountIAMProxy() +{} + +ErrCode AccountIAMProxy::SendRequest(IAccountIAM::Message code, MessageParcel &data, MessageParcel &reply) +{ + ACCOUNT_LOGD("enter"); + sptr remote = Remote(); + if (remote == nullptr) { + ACCOUNT_LOGD("remote is nullptr, code = %{public}d", code); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + MessageOption option(MessageOption::TF_SYNC); + int32_t result = remote->SendRequest(static_cast(code), data, reply, option); + if (result != ERR_OK) { + ACCOUNT_LOGD("failed to SendRequest, code = %{public}d, result = %{public}d", code, result); + return ERR_ACCOUNT_IAM_SEND_REQUEST; + } + return ERR_OK; +} + +ErrCode AccountIAMProxy::ActivateUserKey( + int32_t userId, const std::vector &token, const std::vector &secret) +{ + ACCOUNT_LOGD("enter"); + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGD("failed to write descriptor!"); + return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR; + } + if (!data.WriteInt32(userId)) { + ACCOUNT_LOGD("failed to write userId!"); + return ERR_ACCOUNT_IAM_WRITE_USER_ID; + } + if (!data.WriteUInt8Vector(token)) { + ACCOUNT_LOGD("failed to write token!"); + return ERR_ACCOUNT_IAM_WRITE_TOKEN; + } + if (!data.WriteUInt8Vector(secret)) { + ACCOUNT_LOGD("failed to write secret!"); + return ERR_ACCOUNT_IAM_WRITE_SECRET; + } + ErrCode result = SendRequest(IAccountIAM::Message::ACTIVATE_USER_KEY, data, reply); + if (result != ERR_OK) { + return result; + } + result = reply.ReadInt32(); + ACCOUNT_LOGD("result: %{public}d", result); + return result; +} + +ErrCode AccountIAMProxy::UpdateUserKey(int32_t userId, uint64_t credentialId, const std::vector &token, + const std::vector &newSecret) +{ + ACCOUNT_LOGD("enter"); + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGD("failed to write descriptor!"); + return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR; + } + if (!data.WriteInt32(userId)) { + ACCOUNT_LOGD("failed to write userId!"); + return ERR_ACCOUNT_IAM_WRITE_USER_ID; + } + if (!data.WriteUint64(credentialId)) { + ACCOUNT_LOGD("failed to write credentialId!"); + return ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID; + } + if (!data.WriteUInt8Vector(token)) { + ACCOUNT_LOGD("failed to write token!"); + return ERR_ACCOUNT_IAM_WRITE_TOKEN; + } + if (!data.WriteUInt8Vector(newSecret)) { + ACCOUNT_LOGD("failed to write secret!"); + return ERR_ACCOUNT_IAM_WRITE_SECRET; + } + ErrCode result = SendRequest(IAccountIAM::Message::UPDATE_USER_KEY, data, reply); + if (result != ERR_OK) { + return result; + } + result = reply.ReadInt32(); + return result; +} + +ErrCode AccountIAMProxy::RemoveUserKey(int32_t userId, const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGD("failed to write descriptor!"); + return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR; + } + if (!data.WriteInt32(userId)) { + ACCOUNT_LOGD("failed to write userId!"); + return ERR_ACCOUNT_IAM_WRITE_USER_ID; + } + if (!data.WriteUInt8Vector(token)) { + ACCOUNT_LOGD("failed to write token!"); + return ERR_ACCOUNT_IAM_WRITE_TOKEN; + } + ErrCode result = SendRequest(IAccountIAM::Message::REMOVE_USER_KEY, data, reply); + if (result != ERR_OK) { + return result; + } + result = reply.ReadInt32(); + return result; +} + +ErrCode AccountIAMProxy::RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGD("failed to write descriptor!"); + return ERR_ACCOUNT_COMMON_WRITE_DESCRIPTOR_ERROR; + } + if (!data.WriteInt32(userId)) { + ACCOUNT_LOGD("failed to write userId!"); + return ERR_ACCOUNT_IAM_WRITE_USER_ID; + } + if (!data.WriteUint64(credentialId)) { + ACCOUNT_LOGD("failed to write credentialId!"); + return ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID; + } + if (!data.WriteUInt8Vector(token)) { + ACCOUNT_LOGD("failed to write token!"); + return ERR_ACCOUNT_IAM_WRITE_TOKEN; + } + ErrCode result = SendRequest(IAccountIAM::Message::RESTORE_USER_KEY, data, reply); + if (result != ERR_OK) { + return result; + } + result = reply.ReadInt32(); + return result; +} +} // namespace AccountSA +} // OHOS \ No newline at end of file diff --git a/frameworks/common/account_error/include/account_error_no.h b/frameworks/common/account_error/include/account_error_no.h index 87c16dc63..d383ee0f6 100644 --- a/frameworks/common/account_error/include/account_error_no.h +++ b/frameworks/common/account_error/include/account_error_no.h @@ -27,7 +27,9 @@ enum { ACCOUNT_MODULE_APPACCOUNT_KIT, ACCOUNT_MODULE_APPACCOUNT_SERVICE, ACCOUNT_MODULE_OSACCOUNT_KIT, - ACCOUNT_MODULE_OSACCOUNT_SERVICE + ACCOUNT_MODULE_OSACCOUNT_SERVICE, + ACCOUNT_MODULE_ACCOUNT_IAM_KIT, + ACCOUNT_MODULE_ACCOUNT_IAM_SERVICE }; // Error code for common @@ -436,6 +438,26 @@ enum { ERR_OSACCOUNT_SERVICE_GET_DATA_FROM_GLOBAL_CONSTRAINTS_FILE_EMPTY, ERR_OSACCOUNT_SERVICE_GET_DATA_FROM_SPECIFIC_CONSTRAINTS_FILE_EMPTY, }; + +// Error code for ACCOUNT_IAM_KIT +constexpr ErrCode ACCOUNT_IAM_KIT_ERR_OFFSET = + ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_KIT); +enum { + ERR_ACCOUNT_IAM_SEND_REQUEST, + ERR_ACCOUNT_IAM_WRITE_USER_ID, + ERR_ACCOUNT_IAM_WRITE_CREDENTIAL_ID, + ERR_ACCOUNT_IAM_WRITE_TOKEN, + ERR_ACCOUNT_IAM_WRITE_SECRET, +}; + +// Error code for ACCOUNT_IAM_SERVICE +constexpr ErrCode ACCOUNT_IAM_SERVICE_ERR_OFFSET = + ErrCodeOffset(SUBSYS_ACCOUNT, ACCOUNT_MODULE_ACCOUNT_IAM_SERVICE); +enum { + ERR_ACCOUNT_IAM_SERVICE_PERMISSION_DENIED, + ERR_ACCOUNT_IAM_SERVICE_GET_STORAGE_SYSTEM_ABILITY, + ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR +}; } // namespace OHOS #endif // OS_ACCOUNT_FRAMEWORKS_COMMON_ACCOUNT_ERROR_INCLUDE_ACCOUNT_ERROR_NO_H diff --git a/frameworks/ohosaccount/native/include/account_proxy.h b/frameworks/ohosaccount/native/include/account_proxy.h index bc6b57241..f944e912b 100644 --- a/frameworks/ohosaccount/native/include/account_proxy.h +++ b/frameworks/ohosaccount/native/include/account_proxy.h @@ -37,6 +37,7 @@ public: std::int32_t QueryDeviceAccountId(std::int32_t &accountId) override; sptr GetAppAccountService() override; sptr GetOsAccountService() override; + sptr GetAccountIAMService() override; private: std::int32_t DeviceAccountRequest(std::uint32_t code, std::int32_t accountId); diff --git a/frameworks/ohosaccount/native/src/account_proxy.cpp b/frameworks/ohosaccount/native/src/account_proxy.cpp index debd11992..ddda8d671 100644 --- a/frameworks/ohosaccount/native/src/account_proxy.cpp +++ b/frameworks/ohosaccount/native/src/account_proxy.cpp @@ -165,6 +165,7 @@ sptr AccountProxy::GetAppAccountService() ACCOUNT_LOGD("exit"); return reply.ReadRemoteObject(); } + sptr AccountProxy::GetOsAccountService() { ACCOUNT_LOGD("enter"); @@ -185,5 +186,25 @@ sptr AccountProxy::GetOsAccountService() ACCOUNT_LOGD("exit"); return reply.ReadRemoteObject(); } + +sptr AccountProxy::GetAccountIAMService() +{ + MessageParcel data; + MessageParcel reply; + MessageOption option; + + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGD("Write descriptor failed"); + return nullptr; + } + + auto ret = Remote()->SendRequest(GET_ACCOUNT_IAM_SERVICE, data, reply, option); + if (ret != ERR_NONE) { + ACCOUNT_LOGD("SendRequest failed %d", ret); + return nullptr; + } + + return reply.ReadRemoteObject(); +} } // namespace AccountSA } // namespace OHOS diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_callback.h b/interfaces/innerkits/account_iam/native/include/account_iam_callback.h new file mode 100644 index 000000000..f56c6c468 --- /dev/null +++ b/interfaces/innerkits/account_iam/native/include/account_iam_callback.h @@ -0,0 +1,131 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H +#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H + +#include +#include +#include "account_iam_info.h" + +namespace OHOS { +namespace AccountSA { +class AuthCallback : public AuthenticationCallback { +public: + explicit AuthCallback(uint32_t userId, const std::shared_ptr &callback); + virtual ~AuthCallback(); + + void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override; + void OnResult(int32_t result, const Attributes &extraInfo) override; + +private: + std::uint32_t userId_; + std::shared_ptr innerCallback_ = nullptr; +}; + +class IDMAuthCallback : public AuthenticationCallback { +public: + explicit IDMAuthCallback(uint32_t userId, const CredentialParameters &credInfo, + int32_t oldResult, const Attributes &reqResult, const std::shared_ptr &idmCallback); + virtual ~IDMAuthCallback(); + + void OnResult(int32_t result, const Attributes &extraInfo) override; + void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override; + +private: + uint32_t userId_; + CredentialParameters credInfo_; + int32_t oldResult_; + Attributes reqResult_; + std::shared_ptr idmCallback_ = nullptr; + uint64_t credentialId_ = 0; +}; + +class AddCredCallback : public UserIdmClientCallback { +public: + explicit AddCredCallback(uint32_t userId, const CredentialParameters &credInfo, + const std::shared_ptr &callback); + virtual ~AddCredCallback(); + + void OnResult(int32_t result, const Attributes &extraInfo) override; + void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override; + +private: + std::uint32_t userId_; + CredentialParameters credInfo_; + std::shared_ptr innerCallback_ = nullptr; +}; + +class UpdateCredCallback : public UserIdmClientCallback { +public: + explicit UpdateCredCallback(uint32_t userId, const CredentialParameters &credInfo, + const std::shared_ptr &callback); + virtual ~UpdateCredCallback(); + + void OnResult(int32_t result, const Attributes &extraInfo) override; + void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override; + +private: + std::uint32_t userId_; + std::vector oldCredential_; + CredentialParameters credInfo_; + std::shared_ptr innerCallback_ = nullptr; +}; + +class DelCredCallback : public UserIdmClientCallback { +public: + explicit DelCredCallback(int32_t userId, uint64_t credentialId, const std::vector &authToken, + const std::shared_ptr &callback); + virtual ~DelCredCallback(); + + void OnResult(int32_t result, const Attributes &extraInfo) override; + void OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo) override; + +private: + int32_t userId_; + uint64_t credentialId_; + std::vector authToken_; + std::shared_ptr innerCallback_ = nullptr; +}; + +class IAMInputerData : public IInputerData { +public: + IAMInputerData(int32_t userId, const std::shared_ptr &inputerData); + virtual~IAMInputerData(); + void OnSetData(int32_t authSubType, std::vector data) override; + void ResetInnerInputerData(const std::shared_ptr &inputerData); + +private: + int32_t userId_; + std::shared_ptr innerInputerData_; + std::map> credMap_; +}; + +class IAMInputer : public IInputer { +public: + IAMInputer(int32_t userId, const std::shared_ptr &inputer); + virtual ~IAMInputer(); + + void OnGetData(int32_t authSubType, std::shared_ptr inputerData); + void ResetInnerInputer(const std::shared_ptr &inputer); +private: + int32_t userId_; + std::vector oldCredential_; + std::shared_ptr innerInputer_ = nullptr; + std::shared_ptr inputerData_ = nullptr; +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_client.h b/interfaces/innerkits/account_iam/native/include/account_iam_client.h new file mode 100644 index 000000000..34ee2c951 --- /dev/null +++ b/interfaces/innerkits/account_iam/native/include/account_iam_client.h @@ -0,0 +1,90 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H +#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H + +#include +#include +#include "account_iam_callback.h" +#include "account_iam_info.h" +#include "account_error_no.h" +#include "iaccount_iam.h" +#include "singleton.h" + +namespace OHOS { +namespace AccountSA { +class AccountIAMClient : public DelayedRefSingleton { +public: + AccountIAMClient(); + ErrCode OpenSession(int32_t userId, std::vector &challenge); + ErrCode CloseSession(int32_t userId); + ErrCode AddCredential( + const CredentialParameters& credInfo, const std::shared_ptr& callback); + ErrCode UpdateCredential( + const CredentialParameters& credInfo, const std::shared_ptr& callback); + ErrCode Cancel(uint64_t challenge, int32_t &resultCode); + ErrCode DelCred( + uint64_t credentialId, std::vector authToken, const std::shared_ptr& callback); + ErrCode DelUser(std::vector authToken, const std::shared_ptr& callback); + ErrCode GetAuthInfo(AuthType authType, const std::shared_ptr& callback); + ErrCode Auth( + const std::vector &challenge, const AuthType authType, const AuthTrustLevel authTrustLevel, + const std::shared_ptr &callback, uint64_t &contextId); + ErrCode AuthUser(const int32_t userId, const std::vector &challenge, const AuthType authType, + const AuthTrustLevel authTrustLevel, const std::shared_ptr &callback, + uint64_t &contextId); + ErrCode CancelAuth(const uint64_t contextId, int32_t &resultCode); + ErrCode GetAvailableStatus(const AuthType authType, const AuthTrustLevel authTrustLevel, int32_t &status); + ErrCode GetProperty(const GetPropertyRequest &request, std::shared_ptr callback); + ErrCode SetProperty(const SetPropertyRequest &request, std::shared_ptr callback); + ErrCode RegisterInputer(const std::shared_ptr inputer, bool &isSucceed); + ErrCode UnRegisterInputer(); + IAMState GetState(int32_t userId); + void SetState(int32_t userId, IAMState state); + void GetChallenge(int32_t userId, std::vector &challenge); + void SetCredential(int32_t userId, int32_t authSubType, const std::vector &credential); + void GetCredential(int32_t userId, int32_t authSubType, CredentialPair &credPair); + void ClearCredential(int32_t userId, int32_t authSubType); + ErrCode ActivateUserKey(int32_t userId, const std::vector &token, const std::vector &secret); + ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret); + ErrCode RemoveUserKey(int32_t userId, const std::vector &token); + ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token); + +private: + class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient { + public: + AccountIAMDeathRecipient() = default; + ~AccountIAMDeathRecipient() = default; + void OnRemoteDied(const wptr& remote) override; + + private: + DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient); + }; + ErrCode GetAccountIAMProxy(); + void ResetAccountIAMProxy(const wptr& remote); + +private: + std::mutex mutex_; + sptr proxy_ = nullptr; + sptr deathRecipient_ = nullptr; + std::map userStateMap_; + std::map credentialMap_; + std::map> userChallengeMap_; +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H \ No newline at end of file diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_info.h b/interfaces/innerkits/account_iam/native/include/account_iam_info.h new file mode 100644 index 000000000..18027d46a --- /dev/null +++ b/interfaces/innerkits/account_iam/native/include/account_iam_info.h @@ -0,0 +1,70 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H +#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H + +#include "attributes.h" +#include "iam_common_defines.h" +#include "i_inputer.h" +#include "user_auth_client_callback.h" +#include "user_auth_client_defines.h" +#include "user_idm_client.h" +#include "user_idm_client_callback.h" +#include "user_idm_client_defines.h" + +namespace OHOS { +namespace AccountSA { +typedef UserIam::PinAuth::IInputer IInputer; +typedef UserIam::PinAuth::IInputerData IInputerData; +typedef UserIam::UserAuth::ResultCode ResultCode; +typedef UserIam::UserAuth::AuthType AuthType; +typedef UserIam::UserAuth::Attributes Attributes; +typedef UserIam::UserAuth::AuthTrustLevel AuthTrustLevel; +typedef UserIam::UserAuth::AuthenticationCallback AuthenticationCallback; +typedef UserIam::UserAuth::GetPropCallback GetPropCallback; +typedef UserIam::UserAuth::SetPropCallback SetPropCallback; +typedef UserIam::UserAuth::GetPropertyRequest GetPropertyRequest; +typedef UserIam::UserAuth::SetPropertyRequest SetPropertyRequest; +typedef UserIam::UserAuth::PropertyMode PropertyMode; +typedef UserIam::UserAuth::PinSubType PinSubType; +typedef UserIam::UserAuth::UserIdmClientCallback UserIdmClientCallback; +typedef UserIam::UserAuth::CredentialParameters CredentialParameters; +typedef UserIam::UserAuth::CredentialInfo CredentialInfo; +typedef UserIam::UserAuth::GetCredentialInfoCallback GetCredentialInfoCallback; + +enum IAMState { + IDLE = 0, + AFTER_OPEN_SESSION, + DURING_AUTHENTICATE, + DURING_ADD_CRED, + DURING_UPDATE_CRED, + DURING_DEL_CRED, + AFTER_ADD_CRED, + AFTER_UPDATE_CRED, + AFTER_DEL_CRED, + ROLL_BACK_ADD_CRED, + ROLL_BACK_UPDATE_CRED, + ROLL_BACK_DEL_CRED, + DURING_DEL_USER, +}; + +struct CredentialPair { + std::vector oldCredential; + std::vector credential; +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_INFO_H diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_proxy.h b/interfaces/innerkits/account_iam/native/include/account_iam_proxy.h new file mode 100644 index 000000000..e142196dc --- /dev/null +++ b/interfaces/innerkits/account_iam/native/include/account_iam_proxy.h @@ -0,0 +1,46 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H +#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H + +#include "account_error_no.h" +#include "account_iam_info.h" +#include "iaccount_iam.h" +#include "iremote_proxy.h" + +namespace OHOS { +namespace AccountSA { +class AccountIAMProxy : public IRemoteProxy { +public: + explicit AccountIAMProxy(const sptr &object); + ~AccountIAMProxy() override; + + ErrCode ActivateUserKey( + std::int32_t userId, const std::vector &token, const std::vector &secret) override; + ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret) override; + ErrCode RemoveUserKey(int32_t userId, const std::vector &token) override; + ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token) override; + +private: + ErrCode SendRequest(IAccountIAM::Message code, MessageParcel &data, MessageParcel &reply); + +private: + static inline BrokerDelegator delegator_; +}; +} // AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_PROXY_H \ No newline at end of file diff --git a/interfaces/innerkits/account_iam/native/include/iaccount_iam.h b/interfaces/innerkits/account_iam/native/include/iaccount_iam.h new file mode 100644 index 000000000..cdac45de0 --- /dev/null +++ b/interfaces/innerkits/account_iam/native/include/iaccount_iam.h @@ -0,0 +1,45 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H +#define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H + +#include "account_log_wrapper.h" +#include "iremote_broker.h" +#include "iremote_object.h" + +namespace OHOS { +namespace AccountSA { +class IAccountIAM : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.accountfwk.IAccountIAM"); + + virtual ErrCode ActivateUserKey( + int32_t userId, const std::vector &token, const std::vector &secret) = 0; + virtual ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret) = 0; + virtual ErrCode RemoveUserKey(int32_t userId, const std::vector &token) = 0; + virtual ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token) = 0; + + enum class Message { + ACTIVATE_USER_KEY, + UPDATE_USER_KEY, + REMOVE_USER_KEY, + RESTORE_USER_KEY + }; +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_IACCOUNT_IAM_H diff --git a/interfaces/innerkits/ohosaccount/native/include/iaccount.h b/interfaces/innerkits/ohosaccount/native/include/iaccount.h index 206f9ef7a..648d0686d 100644 --- a/interfaces/innerkits/ohosaccount/native/include/iaccount.h +++ b/interfaces/innerkits/ohosaccount/native/include/iaccount.h @@ -37,6 +37,7 @@ public: QUERY_DEVICE_ACCOUNT_ID = 104, GET_APP_ACCOUNT_SERVICE = 105, GET_OS_ACCOUNT_SERVICE = 106, + GET_ACCOUNT_IAM_SERVICE = 107, }; virtual bool UpdateOhosAccountInfo( @@ -46,6 +47,7 @@ public: virtual std::int32_t QueryDeviceAccountId(std::int32_t &accountId) = 0; virtual sptr GetAppAccountService() = 0; virtual sptr GetOsAccountService() = 0; + virtual sptr GetAccountIAMService() = 0; }; } // namespace AccountSA } // namespace OHOS diff --git a/os_account.gni b/os_account.gni index db813d9ee..b64d4f28e 100644 --- a/os_account.gni +++ b/os_account.gni @@ -37,6 +37,11 @@ os_account_core_path = "${os_account_path}/frameworks/osaccount/core" os_account_kits_path = "${os_account_path}/interfaces/kits/napi/osaccount" os_account_dfx_path = "${os_account_path}/dfx" +account_iam_kits_path = "${os_account_path}/interfaces/kits/napi/account_iam" +account_iam_interfaces_native_path = + "${os_account_path}/interfaces/innerkits/account_iam/native" +account_iam_framework_path = "${os_account_path}/frameworks/account_iam" + if (!defined(global_parts_info) || defined(global_parts_info.useriam_user_auth_framework)) { has_user_auth_part = true @@ -74,6 +79,13 @@ if (!defined(global_parts_info) || has_hiviewdfx_hitrace_part = false } +if (!defined(global_parts_info) || + defined(global_parts_info.filemanagement_storage_service)) { + has_storage_service_part = true +} else { + has_storage_service_part = false +} + declare_args() { os_account_multiple_active_accounts = false } diff --git a/services/accountmgr/BUILD.gn b/services/accountmgr/BUILD.gn index 1d7d76aed..be944818f 100644 --- a/services/accountmgr/BUILD.gn +++ b/services/accountmgr/BUILD.gn @@ -44,6 +44,7 @@ config("accountmgr_config") { "${innerkits_path}/include", "${os_account_dfx_path}/hidumper_adapter", "${os_account_dfx_path}/hisysevent_adapter", + "${account_iam_interfaces_native_path}/include", "${app_account_innerkits_native_path}/include", "//third_party/json/include", "//third_party/mbedtls/include", @@ -74,6 +75,10 @@ config("accountmgr_public_config") { "${services_path}/accountmgr/include/appaccount", "${services_path}/accountmgr/include/osaccount", ] + + if (has_user_auth_part) { + include_dirs += [ "${services_path}/accountmgr/include/account_iam" ] + } } ability_manager_sources = [ @@ -166,6 +171,13 @@ ohos_shared_library("accountmgr") { sources += ability_manager_sources sources += bundle_manager_sources + if (has_user_auth_part) { + sources += [ + "src/account_iam/account_iam_service.cpp", + "src/account_iam/account_iam_stub.cpp", + ] + } + defines = [ "ACCOUNT_LOG_TAG = \"AccountMgrService\"", "LOG_DOMAIN = 0xD001B00", @@ -189,11 +201,19 @@ ohos_shared_library("accountmgr") { "//third_party/mbedtls:mbedtls", ] - if (has_user_idm_part) { - cflags_cc += [ "-DHAS_USER_IDM_PART" ] + if (has_user_auth_part) { + cflags_cc += [ + "-DHAS_USER_AUTH_PART", + "-DHAS_USER_IDM_PART", + ] deps += [ "//base/useriam/user_auth_framework/frameworks/native/client:userauth_client" ] } + if (has_pin_auth_part) { + cflags_cc += [ "-DHAS_PIN_AUTH_PART" ] + deps += [ "//base/useriam/pin_auth/frameworks:pinauth_framework" ] + } + external_deps = [ "ability_base:base", "ability_base:want", @@ -208,9 +228,13 @@ ohos_shared_library("accountmgr") { "ipc:ipc_core", "safwk:system_ability_fwk", "samgr_standard:samgr_proxy", - "storage_service:storage_manager_sa_proxy", ] + if (has_storage_service_part) { + cflags += [ "-DHAS_STORAGE_PART" ] + external_deps += [ "storage_service:storage_manager_sa_proxy" ] + } + if (build_selinux) { external_deps += [ "selinux:librestorecon" ] cflags += [ "-DWITH_SELINUX" ] diff --git a/services/accountmgr/include/account_iam/account_iam_service.h b/services/accountmgr/include/account_iam/account_iam_service.h new file mode 100644 index 000000000..701fbc8ff --- /dev/null +++ b/services/accountmgr/include/account_iam/account_iam_service.h @@ -0,0 +1,61 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H +#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H + +#include +#include "account_iam_stub.h" +#include "account_error_no.h" +#ifdef HAS_STORAGE_PART +#include "istorage_manager.h" +#include "storage_manager.h" +#include "storage_manager_proxy.h" +#endif + +namespace OHOS { +namespace AccountSA { +struct CredentialInfo { + uint64_t credentialId = 0; + std::vector oldSecret; + std::vector secret; +}; + +class AccountIAMService : public AccountIAMStub { +public: + AccountIAMService(); + ~AccountIAMService() override; + + ErrCode ActivateUserKey( + int32_t userId, const std::vector &token, const std::vector &secret) override; + ErrCode UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret) override; + ErrCode RemoveUserKey(int32_t userId, const std::vector &token) override; + ErrCode RestoreUserKey(int32_t userId, uint64_t credentialId, const std::vector &token) override; + +private: + ErrCode GetStorageManagerProxy(); + +private: +#ifdef HAS_STORAGE_PART + sptr storageMgrProxy_; +#endif + std::mutex mutex_; + std::map credInfoMap_; + DISALLOW_COPY_AND_MOVE(AccountIAMService); +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_SERVICE_H diff --git a/services/accountmgr/include/account_iam/account_iam_stub.h b/services/accountmgr/include/account_iam/account_iam_stub.h new file mode 100644 index 000000000..277880228 --- /dev/null +++ b/services/accountmgr/include/account_iam/account_iam_stub.h @@ -0,0 +1,47 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H +#define OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H + +#include "iaccount_iam.h" + +#include +#include "account_error_no.h" +#include "iremote_stub.h" + +namespace OHOS { +namespace AccountSA { +class AccountIAMStub : public IRemoteStub { +public: + using MessageProcFunction = ErrCode (AccountIAMStub::*)(MessageParcel &data, MessageParcel &reply); + AccountIAMStub(); + ~AccountIAMStub() override; + int OnRemoteRequest( + uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) override; + +private: + ErrCode ProcActivateUserKey(MessageParcel &data, MessageParcel &reply); + ErrCode ProcUpdateUserKey(MessageParcel &data, MessageParcel &reply); + ErrCode ProcRemoveUserKey(MessageParcel &data, MessageParcel &reply); + ErrCode ProcResotreUserKey(MessageParcel &data, MessageParcel &reply); + +private: + static const std::map messageProcMap_; + DISALLOW_COPY_AND_MOVE(AccountIAMStub); +}; +} // namespace AccountSA +} // namespace OHOS +#endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_IAM_STUB_H \ No newline at end of file diff --git a/services/accountmgr/include/account_mgr_service.h b/services/accountmgr/include/account_mgr_service.h index 49372e2ad..5e6784944 100644 --- a/services/accountmgr/include/account_mgr_service.h +++ b/services/accountmgr/include/account_mgr_service.h @@ -50,6 +50,7 @@ public: std::int32_t QueryDeviceAccountId(std::int32_t &accountId) override; sptr GetAppAccountService() override; sptr GetOsAccountService() override; + sptr GetAccountIAMService() override; void OnStart() override; void OnStop() override; @@ -65,6 +66,7 @@ private: bool Init(); void SelfClean(); std::int32_t GetDeviceAccountIdFromCurrentProcess(); + bool CreateIAMService(); bool registerToService_ = false; ServiceRunningState state_ = ServiceRunningState::STATE_NOT_START; @@ -73,6 +75,7 @@ private: sptr appAccountManagerService_ = nullptr; sptr osAccountManagerService_ = nullptr; + sptr accountIAMService_ = nullptr; OsAccountManagerService* osAccountManagerServiceOrg_ = nullptr; }; } // namespace AccountSA diff --git a/services/accountmgr/include/account_permission_manager.h b/services/accountmgr/include/account_permission_manager.h index f3d005b25..6ba1714e4 100644 --- a/services/accountmgr/include/account_permission_manager.h +++ b/services/accountmgr/include/account_permission_manager.h @@ -33,6 +33,8 @@ public: static const std::string MANAGE_LOCAL_ACCOUNTS; static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION; static const std::string INTERACT_ACROSS_LOCAL_ACCOUNTS; + static const std::string ACCESS_USER_AUTH_INTERNAL; + static const std::string MANAGE_USER_IDM; }; } // namespace AccountSA } // namespace OHOS diff --git a/services/accountmgr/include/account_stub.h b/services/accountmgr/include/account_stub.h index d63b4d69d..377aacd0c 100644 --- a/services/accountmgr/include/account_stub.h +++ b/services/accountmgr/include/account_stub.h @@ -40,6 +40,7 @@ private: std::int32_t CmdQueryDeviceAccountId(MessageParcel &data, MessageParcel &reply); std::int32_t CmdGetAppAccountService(MessageParcel &data, MessageParcel &reply); std::int32_t CmdGetOsAccountService(MessageParcel &data, MessageParcel &reply); + std::int32_t CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply); bool HasAccountRequestPermission(const std::string &permissionName); bool CheckCallerForTrustList(); diff --git a/services/accountmgr/src/account_iam/account_iam_service.cpp b/services/accountmgr/src/account_iam/account_iam_service.cpp new file mode 100644 index 000000000..e8000c8a4 --- /dev/null +++ b/services/accountmgr/src/account_iam/account_iam_service.cpp @@ -0,0 +1,192 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "account_iam_service.h" + +#include "account_log_wrapper.h" +#include "account_permission_manager.h" +#include "iservice_registry.h" +#include "system_ability_definition.h" + +namespace OHOS { +namespace AccountSA { +namespace { +#ifdef HAS_STORAGE_PART +const int32_t ERROR_STORAGE_KEY_NOT_EXIST = -2; +#endif +} + +AccountIAMService::AccountIAMService() +{} + +AccountIAMService::~AccountIAMService() +{} + +ErrCode AccountIAMService::ActivateUserKey( + int32_t userId, const std::vector &token, const std::vector &secret) +{ + ACCOUNT_LOGD("enter"); +#ifdef HAS_STORAGE_PART + ErrCode result = GetStorageManagerProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get storage proxy"); + return result; + } + result = storageMgrProxy_->ActiveUserKey(userId, token, secret); + if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) { + ACCOUNT_LOGD("fail to active user key, error code: %{public}d", result); + return result; + } + storageMgrProxy_->PrepareStartUser(userId); +#endif + std::lock_guard lock(mutex_); + auto it = credInfoMap_.find(userId); + if (it != credInfoMap_.end()) { + it->second.secret = secret; + } else { + credInfoMap_[userId] = { + .secret = secret + }; + } + return ERR_OK; +} + +ErrCode AccountIAMService::UpdateUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token, const std::vector &newSecret) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = ERR_OK; + CredentialInfo oldCredInfo; + std::lock_guard lock(mutex_); + auto it = credInfoMap_.find(userId); + if (it != credInfoMap_.end()) { + oldCredInfo = it->second; + } + if (newSecret.empty() && credentialId != oldCredInfo.credentialId) { + ACCOUNT_LOGD("the key do not need to be removed"); + return ERR_OK; + } +#ifdef HAS_STORAGE_PART + result = GetStorageManagerProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get storage proxy"); + return result; + } + result = storageMgrProxy_->UpdateUserAuth(userId, token, oldCredInfo.secret, newSecret); + if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) { + ACCOUNT_LOGD("fail to update user auth"); + return result; + } + result = storageMgrProxy_->UpdateKeyContext(userId); +#endif + credInfoMap_[userId] = { + .credentialId = credentialId, + .oldSecret = oldCredInfo.secret, + .secret = newSecret + }; + return result; +} + +ErrCode AccountIAMService::RemoveUserKey(int32_t userId, const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = ERR_OK; + std::lock_guard lock(mutex_); + auto it = credInfoMap_.find(userId); + if (it == credInfoMap_.end()) { + return ERR_OK; + } + CredentialInfo oldCredInfo = it->second; + std::vector newSecret; +#ifdef HAS_STORAGE_PART + result = GetStorageManagerProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get storage proxy"); + return result; + } + result = storageMgrProxy_->UpdateUserAuth(userId, token, oldCredInfo.secret, newSecret); + if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) { + ACCOUNT_LOGD("fail to update user auth"); + return result; + } + result = storageMgrProxy_->UpdateKeyContext(userId); +#endif + credInfoMap_[userId] = { + .oldSecret = oldCredInfo.secret, + .secret = newSecret + }; + return result; +} + +ErrCode AccountIAMService::RestoreUserKey(int32_t userId, uint64_t credentialId, + const std::vector &token) +{ + ACCOUNT_LOGD("enter"); + ErrCode result = ERR_OK; + CredentialInfo credInfo; + std::lock_guard lock(mutex_); + auto it = credInfoMap_.find(userId); + if (it != credInfoMap_.end()) { + credInfo = it->second; + } + if (credentialId != 0 && credInfo.credentialId != credentialId) { + return ERR_OK; + } +#ifdef HAS_STORAGE_PART + result = GetStorageManagerProxy(); + if (result != ERR_OK) { + ACCOUNT_LOGD("fail to get storage proxy"); + return result; + } + result = storageMgrProxy_->UpdateUserAuth(userId, token, credInfo.secret, credInfo.oldSecret); + if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) { + ACCOUNT_LOGD("fail to update user auth"); + return result; + } + result = storageMgrProxy_->UpdateKeyContext(userId); +#endif + credInfoMap_[userId] = { + .secret = credInfo.oldSecret + }; + return result; +} + +#ifdef HAS_STORAGE_PART +ErrCode AccountIAMService::GetStorageManagerProxy() +{ + ACCOUNT_LOGD("enter"); + if (storageMgrProxy_ != nullptr) { + return ERR_OK; + } + auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); + if (!systemAbilityManager) { + ACCOUNT_LOGD("failed to get system ability mgr"); + return ERR_ACCOUNT_IAM_SERVICE_GET_STORAGE_SYSTEM_ABILITY; + } + auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID); + if (!remote) { + ACCOUNT_LOGD("failed to get STORAGE_MANAGER_MANAGER_ID service"); + return ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR; + } + storageMgrProxy_ = iface_cast(remote); + if (!storageMgrProxy_) { + ACCOUNT_LOGD("failed to get STORAGE_MANAGER_MANAGER_ID proxy"); + return ERR_ACCOUNT_IAM_SERVICE_REMOTE_IS_NULLPTR; + } + return ERR_OK; +} +#endif +} // namespace AccountSA +} // namespace OHOS diff --git a/services/accountmgr/src/account_iam/account_iam_stub.cpp b/services/accountmgr/src/account_iam/account_iam_stub.cpp new file mode 100644 index 000000000..48313625c --- /dev/null +++ b/services/accountmgr/src/account_iam/account_iam_stub.cpp @@ -0,0 +1,129 @@ +/* + * Copyright (c) 2022 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "account_iam_stub.h" + +#include "account_log_wrapper.h" + +namespace OHOS { +namespace AccountSA { +AccountIAMStub::AccountIAMStub() +{} + +AccountIAMStub::~AccountIAMStub() +{} + +const std::map AccountIAMStub::messageProcMap_ = { + { + static_cast(IAccountIAM::Message::ACTIVATE_USER_KEY), + &AccountIAMStub::ProcActivateUserKey + }, + { + static_cast(IAccountIAM::Message::UPDATE_USER_KEY), + &AccountIAMStub::ProcUpdateUserKey + }, + { + static_cast(IAccountIAM::Message::REMOVE_USER_KEY), + &AccountIAMStub::ProcRemoveUserKey + }, + { + static_cast(IAccountIAM::Message::RESTORE_USER_KEY), + &AccountIAMStub::ProcResotreUserKey + } +}; + +std::int32_t AccountIAMStub::OnRemoteRequest( + std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) +{ + ACCOUNT_LOGD("Received stub message: %{public}d", code); + if (data.ReadInterfaceToken() != GetDescriptor()) { + ACCOUNT_LOGD("check descriptor failed! code %{public}u.", code); + return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR; + } + + const auto &itFunc = messageProcMap_.find(code); + if (itFunc != messageProcMap_.end()) { + return (this->*(itFunc->second))(data, reply); + } + + ACCOUNT_LOGW("remote request unhandled: %{public}d", code); + return IPCObjectStub::OnRemoteRequest(code, data, reply, option); +} + +ErrCode AccountIAMStub::ProcActivateUserKey(MessageParcel &data, MessageParcel &reply) +{ + int32_t userId = 0; + data.ReadInt32(userId); + std::vector token; + data.ReadUInt8Vector(&token); + std::vector secret; + data.ReadUInt8Vector(&secret); + ErrCode result = ActivateUserKey(userId, token, secret); + if (!reply.WriteInt32(result)) { + ACCOUNT_LOGD("failed to write reply"); + return IPC_STUB_WRITE_PARCEL_ERR; + } + return ERR_NONE; +} + +ErrCode AccountIAMStub::ProcUpdateUserKey(MessageParcel &data, MessageParcel &reply) +{ + int32_t userId = 0; + data.ReadInt32(userId); + uint64_t credentialId = 0; + data.ReadUint64(credentialId); + std::vector token; + data.ReadUInt8Vector(&token); + std::vector newSecret; + data.ReadUInt8Vector(&newSecret); + ErrCode result = UpdateUserKey(userId, credentialId, token, newSecret); + if (!reply.WriteInt32(result)) { + ACCOUNT_LOGD("failed to write reply"); + return IPC_STUB_WRITE_PARCEL_ERR; + } + return ERR_NONE; +} + +ErrCode AccountIAMStub::ProcRemoveUserKey(MessageParcel &data, MessageParcel &reply) +{ + int32_t userId = 0; + data.ReadInt32(userId); + std::vector token; + data.ReadUInt8Vector(&token); + ErrCode result = RemoveUserKey(userId, token); + if (!reply.WriteInt32(result)) { + ACCOUNT_LOGD("failed to write reply"); + return IPC_STUB_WRITE_PARCEL_ERR; + } + return ERR_NONE; +} + +ErrCode AccountIAMStub::ProcResotreUserKey(MessageParcel &data, MessageParcel &reply) +{ + int32_t userId = 0; + data.ReadInt32(userId); + uint64_t credentialId = 0; + data.ReadUint64(credentialId); + std::vector token; + data.ReadUInt8Vector(&token); + ErrCode result = RestoreUserKey(userId, credentialId, token); + if (!reply.WriteInt32(result)) { + ACCOUNT_LOGD("failed to write reply"); + return IPC_STUB_WRITE_PARCEL_ERR; + } + return ERR_NONE; +} +} // AccountSA +} // OHOS diff --git a/services/accountmgr/src/account_mgr_service.cpp b/services/accountmgr/src/account_mgr_service.cpp index df05cf3bf..a2e09a1bf 100644 --- a/services/accountmgr/src/account_mgr_service.cpp +++ b/services/accountmgr/src/account_mgr_service.cpp @@ -16,6 +16,9 @@ #include "account_mgr_service.h" #include #include "account_dump_helper.h" +#if defined(HAS_USER_AUTH_PART) +#include "account_iam_service.h" +#endif #include "account_log_wrapper.h" #include "app_account_manager_service.h" #include "datetime_ex.h" @@ -107,6 +110,7 @@ sptr AccountMgrService::GetAppAccountService() return appAccountManagerService_; } + sptr AccountMgrService::GetOsAccountService() { ACCOUNT_LOGD("enter"); @@ -114,6 +118,13 @@ sptr AccountMgrService::GetOsAccountService() return osAccountManagerService_; } +sptr AccountMgrService::GetAccountIAMService() +{ + ACCOUNT_LOGD("enter"); + + return accountIAMService_; +} + bool AccountMgrService::IsServiceStarted(void) const { return (state_ == STATE_RUNNING); @@ -197,6 +208,9 @@ bool AccountMgrService::Init() "Insufficient memory to create os account manager service"); return false; } + if (!CreateIAMService()) { + return false; + } dumpHelper_ = std::make_unique(ohosAccountMgr_, osAccountManagerServiceOrg_); appAccountManagerService_ = appAccountManagerService->AsObject(); osAccountManagerService_ = osAccountManagerServiceOrg_->AsObject(); @@ -204,6 +218,19 @@ bool AccountMgrService::Init() return true; } +bool AccountMgrService::CreateIAMService() +{ +#if defined(HAS_USER_AUTH_PART) + auto accountIAMService = new (std::nothrow) AccountIAMService(); + if (accountIAMService == nullptr) { + ACCOUNT_LOGE("memory alloc for AccountIAMService failed!"); + return false; + } + accountIAMService_ = accountIAMService->AsObject(); +#endif + return true; +} + std::int32_t AccountMgrService::Dump(std::int32_t fd, const std::vector &args) { if (fd < 0) { diff --git a/services/accountmgr/src/account_permission_manager.cpp b/services/accountmgr/src/account_permission_manager.cpp index f94bb295e..812ed2a8b 100644 --- a/services/accountmgr/src/account_permission_manager.cpp +++ b/services/accountmgr/src/account_permission_manager.cpp @@ -30,6 +30,9 @@ const std::string AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTEN "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS_EXTENSION"; const std::string AccountPermissionManager::INTERACT_ACROSS_LOCAL_ACCOUNTS = "ohos.permission.INTERACT_ACROSS_LOCAL_ACCOUNTS"; +const std::string AccountPermissionManager::ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL"; +const std::string AccountPermissionManager::MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM"; + AccountPermissionManager::AccountPermissionManager() { ACCOUNT_LOGD("enter"); diff --git a/services/accountmgr/src/account_stub.cpp b/services/accountmgr/src/account_stub.cpp index 0433e5818..61f13676f 100644 --- a/services/accountmgr/src/account_stub.cpp +++ b/services/accountmgr/src/account_stub.cpp @@ -47,6 +47,7 @@ const std::map AccountStub::stubFuncMap_{ std::make_pair(QUERY_DEVICE_ACCOUNT_ID, &AccountStub::CmdQueryDeviceAccountId), std::make_pair(GET_APP_ACCOUNT_SERVICE, &AccountStub::CmdGetAppAccountService), std::make_pair(GET_OS_ACCOUNT_SERVICE, &AccountStub::CmdGetOsAccountService), + std::make_pair(GET_ACCOUNT_IAM_SERVICE, &AccountStub::CmdGetAccountIAMService), }; std::int32_t AccountStub::CmdUpdateOhosAccountInfo(MessageParcel &data, MessageParcel &reply) @@ -206,6 +207,19 @@ std::int32_t AccountStub::CmdGetOsAccountService(MessageParcel &data, MessagePar return ERR_OK; } +std::int32_t AccountStub::CmdGetAccountIAMService(MessageParcel &data, MessageParcel &reply) +{ + ACCOUNT_LOGD("enter"); + + auto remoteObject = GetAccountIAMService(); + if (!reply.WriteRemoteObject(remoteObject)) { + ACCOUNT_LOGE("Write result data failed"); + return ERR_ACCOUNT_ZIDL_WRITE_RESULT_ERROR; + } + + return ERR_OK; +} + std::int32_t AccountStub::OnRemoteRequest( std::uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) { diff --git a/services/accountmgr/src/osaccount/os_account_interface.cpp b/services/accountmgr/src/osaccount/os_account_interface.cpp index bf6cfd916..4fa226ab6 100644 --- a/services/accountmgr/src/osaccount/os_account_interface.cpp +++ b/services/accountmgr/src/osaccount/os_account_interface.cpp @@ -28,12 +28,16 @@ #include "hitrace_meter.h" #include "if_system_ability_manager.h" #include "iservice_registry.h" +#ifdef HAS_STORAGE_PART #include "istorage_manager.h" +#endif #include "os_account_constants.h" #include "os_account_delete_user_idm_callback.h" #include "os_account_stop_user_callback.h" +#ifdef HAS_STORAGE_PART #include "storage_manager.h" #include "storage_manager_proxy.h" +#endif #include "system_ability_definition.h" #ifdef HAS_USER_IDM_PART #include "user_idm_client.h" @@ -226,6 +230,7 @@ void OsAccountInterface::SendToCESAccountSwitched(OsAccountInfo &osAccountInfo) ErrCode OsAccountInterface::SendToStorageAccountCreate(OsAccountInfo &osAccountInfo) { ACCOUNT_LOGI("start"); +#ifdef HAS_STORAGE_PART auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (!systemAbilityManager) { ACCOUNT_LOGE("failed to get system ability mgr."); @@ -258,12 +263,14 @@ ErrCode OsAccountInterface::SendToStorageAccountCreate(OsAccountInfo &osAccountI ACCOUNT_LOGI("end, Storage PrepareAddUser ret %{public}d.", err); FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER); +#endif return ERR_OK; } ErrCode OsAccountInterface::SendToStorageAccountRemove(OsAccountInfo &osAccountInfo) { ACCOUNT_LOGI("start"); +#ifdef HAS_STORAGE_PART auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (!systemAbilityManager) { ACCOUNT_LOGE("failed to get system ability mgr."); @@ -297,12 +304,14 @@ ErrCode OsAccountInterface::SendToStorageAccountRemove(OsAccountInfo &osAccountI ACCOUNT_LOGI("end, Storage RemoveUser ret %{public}d.", err); FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER); +#endif return ERR_OK; } ErrCode OsAccountInterface::SendToStorageAccountStart(OsAccountInfo &osAccountInfo) { ACCOUNT_LOGI("start"); +#ifdef HAS_STORAGE_PART auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (!systemAbilityManager) { ACCOUNT_LOGE("failed to get system ability mgr."); @@ -336,12 +345,14 @@ ErrCode OsAccountInterface::SendToStorageAccountStart(OsAccountInfo &osAccountIn } ACCOUNT_LOGI("end, Storage PrepareStartUser ret %{public}d.", err); FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER); +#endif return ERR_OK; } ErrCode OsAccountInterface::SendToStorageAccountStop(OsAccountInfo &osAccountInfo) { ACCOUNT_LOGI("start"); +#ifdef HAS_STORAGE_PART auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager(); if (!systemAbilityManager) { ACCOUNT_LOGE("failed to get system ability mgr."); @@ -377,6 +388,7 @@ ErrCode OsAccountInterface::SendToStorageAccountStop(OsAccountInfo &osAccountInf } ACCOUNT_LOGI("end, Storage StopUser ret %{public}d", err); FinishTrace(HITRACE_TAG_ACCOUNT_MANAGER); +#endif return ERR_OK; } } // namespace AccountSA