From 616cb91edc746e1c0d35c5a673fa4358c4ad5d08 Mon Sep 17 00:00:00 2001 From: bigtea Date: Mon, 29 Apr 2024 11:55:57 +0800 Subject: [PATCH] add auth param Signed-off-by: bigtea --- .../src/account_iam_callback_service.cpp | 18 +- .../src/account_iam_callback_stub.cpp | 30 ++++ .../account_iam/src/account_iam_client.cpp | 49 +++++- .../account_iam/src/account_iam_mgr_proxy.cpp | 111 +++++++++++- .../src/account_iam_callback_service_test.cpp | 9 +- .../account_iam_client_no_permission_test.cpp | 7 +- .../unittest/src/account_iam_client_test.cpp | 21 ++- .../src/account_iam_mgr_proxy_test.cpp | 5 +- .../accountmgr_service_ipc_interface_code.h | 5 + .../unittest/account_iam_proxy_mock_test.cpp | 4 +- .../include/account_iam_callback_service.h | 13 +- .../include/account_iam_callback_stub.h | 10 ++ .../native/include/account_iam_client.h | 31 ++-- .../include/account_iam_client_callback.h | 5 + .../native/include/account_iam_info.h | 32 ++++ .../native/include/account_iam_mgr_proxy.h | 7 +- .../account_iam/native/include/iaccount_iam.h | 5 +- .../native/include/iaccount_iam_callback.h | 6 + .../include/napi_account_iam_common.h | 26 ++- .../include/napi_account_iam_user_auth.h | 1 + .../src/napi_account_iam_common.cpp | 84 +++++++++- .../src/napi_account_iam_constant.cpp | 11 ++ .../src/napi_account_iam_user_auth.cpp | 158 +++++++++++++++++- .../account_iam/account_iam_callback.h | 11 ++ .../account_iam_client_callback_proxy.h | 12 ++ .../account_iam/account_iam_mgr_stub.h | 3 + .../include/account_iam/account_iam_service.h | 5 +- .../account_iam/inner_account_iam_manager.h | 6 +- .../src/account_iam/account_iam_callback.cpp | 16 ++ .../account_iam_client_callback_proxy.cpp | 20 +++ .../src/account_iam/account_iam_mgr_stub.cpp | 111 +++++++++++- .../src/account_iam/account_iam_service.cpp | 14 +- .../account_iam/inner_account_iam_manager.cpp | 51 +++++- ..._manager_service_subscribe_module_test.cpp | 3 +- .../account_iam/account_iam_callback_test.cpp | 3 +- .../account_iam/account_iam_manager_test.cpp | 12 +- .../account_iam/account_iam_service_test.cpp | 5 +- .../iamaccount/auth_fuzzer/auth_fuzzer.cpp | 4 +- .../authuser_fuzzer/authuser_fuzzer.cpp | 4 +- .../registerinputer_fuzzer.cpp | 3 +- 40 files changed, 844 insertions(+), 87 deletions(-) diff --git a/frameworks/account_iam/src/account_iam_callback_service.cpp b/frameworks/account_iam/src/account_iam_callback_service.cpp index 49f9bbade..6435c45df 100644 --- a/frameworks/account_iam/src/account_iam_callback_service.cpp +++ b/frameworks/account_iam/src/account_iam_callback_service.cpp @@ -86,6 +86,19 @@ void GetEnrolledIdCallbackService::OnEnrolledId(int32_t result, uint64_t enrolle callback_->OnEnrolledId(result, enrolledId); } +PreRemoteAuthCallbackService::PreRemoteAuthCallbackService( + const std::shared_ptr &callback) : callback_(callback) +{} + +void PreRemoteAuthCallbackService::OnResult(int32_t result) +{ + if (callback_ == nullptr) { + ACCOUNT_LOGE("Callback is nullptr."); + return; + } + callback_->OnResult(result); +} + DomainAuthCallbackAdapter::DomainAuthCallbackAdapter( const std::shared_ptr &callback) : callback_(callback) {} @@ -156,7 +169,8 @@ IAMInputer::IAMInputer(int32_t userId, const std::shared_ptr &inputer) IAMInputer::~IAMInputer() {} -void IAMInputer::OnGetData(int32_t authSubType, std::shared_ptr inputerData) +void IAMInputer::OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) { if (inputerData == nullptr) { ACCOUNT_LOGE("inputerData is nullptr"); @@ -178,7 +192,7 @@ void IAMInputer::OnGetData(int32_t authSubType, std::shared_ptr in return; } auto iamInputerData = std::make_shared(userId_, inputerData); - innerInputer_->OnGetData(authSubType, iamInputerData); + innerInputer_->OnGetData(authSubType, challenge, iamInputerData); } void IAMInputer::ResetInnerInputer(const std::shared_ptr &inputer) diff --git a/frameworks/account_iam/src/account_iam_callback_stub.cpp b/frameworks/account_iam/src/account_iam_callback_stub.cpp index 5b4fd9f6a..54c0369ca 100644 --- a/frameworks/account_iam/src/account_iam_callback_stub.cpp +++ b/frameworks/account_iam/src/account_iam_callback_stub.cpp @@ -214,5 +214,35 @@ ErrCode GetEnrolledIdCallbackStub::ProcOnEnrolledId(MessageParcel &data, Message OnEnrolledId(result, enrolledId); return ERR_OK; } + +int PreRemoteAuthCallbackStub::OnRemoteRequest( + uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) +{ + ACCOUNT_LOGD("Received stub message: %{public}d, callingUid: %{public}d, callingPid: %{public}d", + code, IPCSkeleton::GetCallingUid(), IPCSkeleton::GetCallingPid()); + if (data.ReadInterfaceToken() != GetDescriptor()) { + ACCOUNT_LOGE("Check PreRemoteAuthCallbackStub descriptor failed, code=%{public}u.", code); + return ERR_ACCOUNT_COMMON_CHECK_DESCRIPTOR_ERROR; + } + switch (code) { + case static_cast(PreRemoteAuthCallbackInterfaceCode::ON_RESULT): + return ProcOnResult(data, reply); + default: + break; + } + ACCOUNT_LOGW("Remote request unhandled: %{public}d.", code); + return IPCObjectStub::OnRemoteRequest(code, data, reply, option); +} + +ErrCode PreRemoteAuthCallbackStub::ProcOnResult(MessageParcel &data, MessageParcel &reply) +{ + int32_t result; + if (!data.ReadInt32(result)) { + ACCOUNT_LOGE("Read result for PreRemoteAuthCallbackStub OnResult failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + OnResult(result); + return ERR_OK; +} } // namespace AccountSA } // namespace OHOS diff --git a/frameworks/account_iam/src/account_iam_client.cpp b/frameworks/account_iam/src/account_iam_client.cpp index bacee6b2c..9ee951536 100644 --- a/frameworks/account_iam/src/account_iam_client.cpp +++ b/frameworks/account_iam/src/account_iam_client.cpp @@ -187,19 +187,36 @@ uint64_t AccountIAMClient::StartDomainAuth(int32_t userId, const std::shared_ptr callback->OnResult(ERR_ACCOUNT_IAM_KIT_INPUTER_NOT_REGISTERED, emptyResult); return 0; } - domainInputer_->OnGetData(IAMAuthType::DOMAIN, std::make_shared(userId, callback)); + domainInputer_->OnGetData(IAMAuthType::DOMAIN, std::vector(), + std::make_shared(userId, callback)); return 0; } #endif -uint64_t AccountIAMClient::Auth(const std::vector &challenge, AuthType authType, - AuthTrustLevel authTrustLevel, const std::shared_ptr &callback) +int32_t AccountIAMClient::PrepareRemoteAuth( + const std::string &remoteNetworkId, const std::shared_ptr &callback) { - return AuthUser(0, challenge, authType, authTrustLevel, callback); + if (callback == nullptr) { + ACCOUNT_LOGE("Callback for PrepareRemoteAuth is nullptr."); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + auto proxy = GetAccountIAMProxy(); + if (proxy == nullptr) { + callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY); + return ERR_ACCOUNT_COMMON_GET_PROXY; + } + sptr wrapper = new (std::nothrow) PreRemoteAuthCallbackService(callback); + return proxy->PrepareRemoteAuth(remoteNetworkId, wrapper); +} + +uint64_t AccountIAMClient::Auth(AuthOptions& authOptions, const std::vector &challenge, + AuthType authType, AuthTrustLevel authTrustLevel, const std::shared_ptr &callback) +{ + return AuthUser(authOptions, challenge, authType, authTrustLevel, callback); } uint64_t AccountIAMClient::AuthUser( - int32_t userId, const std::vector &challenge, AuthType authType, + AuthOptions &authOptions, const std::vector &challenge, AuthType authType, AuthTrustLevel authTrustLevel, const std::shared_ptr &callback) { uint64_t contextId = 0; @@ -211,20 +228,34 @@ uint64_t AccountIAMClient::AuthUser( if (proxy == nullptr) { return contextId; } - if ((userId == 0) && (!GetCurrentUserId(userId))) { + if ((authOptions.accountId == 0) && (!GetCurrentUserId(authOptions.accountId))) { return contextId; } #ifdef HAS_PIN_AUTH_PART if (static_cast(authType) == static_cast(IAMAuthType::DOMAIN)) { - return StartDomainAuth(userId, callback); + return StartDomainAuth(authOptions.accountId, callback); } #endif - sptr wrapper = new (std::nothrow) IDMCallbackService(userId, callback); + sptr wrapper = new (std::nothrow) IDMCallbackService(authOptions.accountId, callback); AuthParam authParam; authParam.challenge = challenge; authParam.authType = authType; authParam.authTrustLevel = authTrustLevel; - ErrCode result = proxy->AuthUser(userId, authParam, wrapper, contextId); + authParam.userId = authOptions.accountId; + authParam.authIntent = authOptions.authIntent; + if (authOptions.hasRemoteAuthOptions) { + authParam.remoteAuthParam = RemoteAuthParam(); + if (authOptions.remoteAuthOptions.hasVerifierNetworkId) { + authParam.remoteAuthParam.value().verifierNetworkId = authOptions.remoteAuthOptions.verifierNetworkId; + } + if (authOptions.remoteAuthOptions.hasCollectorNetworkId) { + authParam.remoteAuthParam.value().collectorNetworkId = authOptions.remoteAuthOptions.collectorNetworkId; + } + if (authOptions.remoteAuthOptions.hasCollectorTokenId) { + authParam.remoteAuthParam.value().collectorTokenId = authOptions.remoteAuthOptions.collectorTokenId; + } + } + ErrCode result = proxy->AuthUser(authParam, wrapper, contextId); if (result != ERR_OK) { Attributes emptyResult; callback->OnResult(result, emptyResult); diff --git a/frameworks/account_iam/src/account_iam_mgr_proxy.cpp b/frameworks/account_iam/src/account_iam_mgr_proxy.cpp index d2481ea53..332c79015 100644 --- a/frameworks/account_iam/src/account_iam_mgr_proxy.cpp +++ b/frameworks/account_iam/src/account_iam_mgr_proxy.cpp @@ -272,15 +272,46 @@ int32_t AccountIAMMgrProxy::GetCredentialInfo( return result; } -ErrCode AccountIAMMgrProxy::AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) +int32_t AccountIAMMgrProxy::PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) { if (callback == nullptr) { - ACCOUNT_LOGE("callback is nullptr"); - return ERR_ACCOUNT_COMMON_INVALID_PARAMETER; + ACCOUNT_LOGE("Prepare remote auth callback is nullptr."); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; } MessageParcel data; - if (!WriteCommonData(data, userId)) { + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGE("Write descriptor failed."); + callback->OnResult(ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } + if (!data.WriteString(remoteNetworkId)) { + ACCOUNT_LOGE("Write remoteNetworkId failed."); + callback->OnResult(ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } + if (!data.WriteRemoteObject(callback->AsObject())) { + ACCOUNT_LOGE("Write callback failed."); + callback->OnResult(ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } + MessageParcel reply; + int32_t result = SendRequest(AccountIAMInterfaceCode::PREPARE_REMOTE_AUTH, data, reply); + if (result != ERR_OK) { + callback->OnResult(result); + return result; + } + + if (!reply.ReadInt32(result)) { + ACCOUNT_LOGE("Read result failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + return result; +} + +bool AccountIAMMgrProxy::WriteAuthParam(MessageParcel &data, const AuthParam &authParam) +{ + if (!WriteCommonData(data, authParam.userId)) { return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; } if (!data.WriteUInt8Vector(authParam.challenge)) { @@ -295,10 +326,80 @@ ErrCode AccountIAMMgrProxy::AuthUser( ACCOUNT_LOGE("failed to write authTrustLevel"); return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; } + if (!data.WriteInt32(static_cast(authParam.authIntent))) { + ACCOUNT_LOGE("failed to write authTrustLevel"); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } + return true; +} + +bool AccountIAMMgrProxy::WriteRemoteAuthParam(MessageParcel &data, + const std::optional &remoteAuthParam) +{ + bool res = (remoteAuthParam != std::nullopt); + if (!data.WriteBool(res)) { + ACCOUNT_LOGE("Write RemoteAuthParam exist failed."); + return false; + } + if (!res) { + return true; + } + res = (remoteAuthParam.value().verifierNetworkId != std::nullopt); + if (!data.WriteBool(res)) { + ACCOUNT_LOGE("Write verifierNetworkId exist failed."); + return false; + } + if (res) { + if (!data.WriteString(remoteAuthParam.value().verifierNetworkId.value())) { + ACCOUNT_LOGE("Write verifierNetworkId failed."); + return false; + } + } + res = (remoteAuthParam.value().collectorNetworkId != std::nullopt); + if (!data.WriteBool(res)) { + ACCOUNT_LOGE("Write collectorNetworkId exist failed."); + return false; + } + if (res) { + if (!data.WriteString(remoteAuthParam.value().collectorNetworkId.value())) { + ACCOUNT_LOGE("Write collectorNetworkId failed."); + return false; + } + } + res = (remoteAuthParam.value().collectorTokenId != std::nullopt); + if (!data.WriteBool(res)) { + ACCOUNT_LOGE("Write collectorTokenId exist failed."); + return false; + } + if (res) { + if (!data.WriteUint32(remoteAuthParam.value().collectorTokenId.value())) { + ACCOUNT_LOGE("Write collectorTokenId failed."); + return false; + } + } + return true; +} + +ErrCode AccountIAMMgrProxy::AuthUser( + AuthParam &authParam, const sptr &callback, uint64_t &contextId) +{ + if (callback == nullptr) { + ACCOUNT_LOGE("callback is nullptr"); + return ERR_ACCOUNT_COMMON_INVALID_PARAMETER; + } + MessageParcel data; + if (!WriteAuthParam(data, authParam)) { + ACCOUNT_LOGE("failed to write authParam"); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } if (!data.WriteRemoteObject(callback->AsObject())) { ACCOUNT_LOGE("failed to write callback"); return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; } + if (!WriteRemoteAuthParam(data, authParam.remoteAuthParam)) { + ACCOUNT_LOGE("failed to write RemoteAuthParam"); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } MessageParcel reply; ErrCode result = SendRequest(AccountIAMInterfaceCode::AUTH_USER, data, reply); if (result != ERR_OK) { diff --git a/frameworks/account_iam/test/unittest/src/account_iam_callback_service_test.cpp b/frameworks/account_iam/test/unittest/src/account_iam_callback_service_test.cpp index 599d9c9c9..b37636deb 100644 --- a/frameworks/account_iam/test/unittest/src/account_iam_callback_service_test.cpp +++ b/frameworks/account_iam/test/unittest/src/account_iam_callback_service_test.cpp @@ -39,7 +39,8 @@ using namespace OHOS::Security::AccessToken; class MockIInputer : public OHOS::AccountSA::IInputer { public: virtual ~MockIInputer() {} - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { return; } @@ -188,7 +189,7 @@ HWTEST_F(AccountIAMCallbackServiceTest, IAMInputer_OnGetData_0100, TestSize.Leve auto iamInputerData = std::make_shared(TEST_USER_ID, nullptr); EXPECT_TRUE(iamInputerData != nullptr); iamInputer->inputerData_ = nullptr; - iamInputer->OnGetData(authSubType, iamInputerData); + iamInputer->OnGetData(authSubType, std::vector(), iamInputerData); } /** @@ -205,7 +206,7 @@ HWTEST_F(AccountIAMCallbackServiceTest, IAMInputer_OnGetData_0200, TestSize.Leve int32_t authSubType = 0; auto iamInputerData = std::make_shared(TEST_USER_ID, nullptr); EXPECT_TRUE(iamInputerData != nullptr); - iamInputer->OnGetData(authSubType, iamInputerData); + iamInputer->OnGetData(authSubType, std::vector(), iamInputerData); } /** @@ -220,7 +221,7 @@ HWTEST_F(AccountIAMCallbackServiceTest, IAMInputer_OnGetData_0300, TestSize.Leve auto iamInputer = std::make_shared(TEST_USER_ID, inputer); ASSERT_TRUE(iamInputer != nullptr); int32_t authSubType = 0; - iamInputer->OnGetData(authSubType, nullptr); + iamInputer->OnGetData(authSubType, std::vector(), nullptr); std::string cmd = "hilog -x | grep 'AccountIAMFwk'"; std::string cmdRes = RunCommand(cmd); ASSERT_TRUE(cmdRes.find("inputerData is nullptr") != std::string::npos); diff --git a/frameworks/account_iam/test/unittest/src/account_iam_client_no_permission_test.cpp b/frameworks/account_iam/test/unittest/src/account_iam_client_no_permission_test.cpp index 5a929624a..73a1218b6 100644 --- a/frameworks/account_iam/test/unittest/src/account_iam_client_no_permission_test.cpp +++ b/frameworks/account_iam/test/unittest/src/account_iam_client_no_permission_test.cpp @@ -81,7 +81,8 @@ public: class MockIInputer : public OHOS::AccountSA::IInputer { public: virtual ~MockIInputer() {} - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { return; } @@ -304,8 +305,10 @@ HWTEST_F(AccountIAMClientNoPermissionTest, AccountIAMClientNoPermission_AuthUser SetPropertyRequest testRequest = {}; auto callback = std::make_shared(); ASSERT_NE(callback, nullptr); + AuthOptions authOptions; + authOptions.accountId = TEST_USER_ID; int32_t res = AccountIAMClient::GetInstance().AuthUser( - TEST_USER_ID, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, callback); + authOptions, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, callback); EXPECT_EQ(res, ERR_OK); } diff --git a/frameworks/account_iam/test/unittest/src/account_iam_client_test.cpp b/frameworks/account_iam/test/unittest/src/account_iam_client_test.cpp index 3dfb5910c..237467fff 100644 --- a/frameworks/account_iam/test/unittest/src/account_iam_client_test.cpp +++ b/frameworks/account_iam/test/unittest/src/account_iam_client_test.cpp @@ -123,7 +123,8 @@ HapInfoParams infoManagerTestSystemInfoParms = { class MockIInputer : public OHOS::AccountSA::IInputer { public: virtual ~MockIInputer() {} - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { return; } @@ -181,7 +182,8 @@ private: #ifdef HAS_PIN_AUTH_PART class TestIInputer : public OHOS::AccountSA::IInputer { public: - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { if (inputerData != nullptr) { inputerData->OnSetData(authSubType, {0, 0, 0, 0, 0, 0}); @@ -554,15 +556,19 @@ HWTEST_F(AccountIAMClientTest, AccountIAMClient_AuthUser_0100, TestSize.Level0) EXPECT_NE(callback, nullptr); EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(2)); auto testCallback = std::make_shared(callback); - AccountIAMClient::GetInstance().AuthUser(0, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); + AuthOptions authOptionsOne; + AccountIAMClient::GetInstance().AuthUser( + authOptionsOne, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); { std::unique_lock lock(testCallback->mutex); testCallback->cv.wait_for( lock, std::chrono::seconds(WAIT_TIME), [lockCallback = testCallback]() { return lockCallback->isReady; }); } testCallback->isReady = false; + AuthOptions authOptionsTwo; + authOptionsTwo.accountId = TEST_USER_ID; AccountIAMClient::GetInstance().AuthUser( - TEST_USER_ID, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); + authOptionsTwo, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); { std::unique_lock lock(testCallback->mutex); testCallback->cv.wait_for( @@ -578,8 +584,9 @@ HWTEST_F(AccountIAMClientTest, AccountIAMClient_AuthUser_0100, TestSize.Level0) */ HWTEST_F(AccountIAMClientTest, AccountIAMClient_AuthUser_0200, TestSize.Level0) { + AuthOptions authOptions; uint64_t ret = AccountIAMClient::GetInstance().AuthUser( - 0, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, nullptr); + authOptions, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, nullptr); EXPECT_EQ(ret, 0); } @@ -596,7 +603,9 @@ HWTEST_F(AccountIAMClientTest, AccountIAMClient_Auth_0100, TestSize.Level0) EXPECT_NE(callback, nullptr); EXPECT_CALL(*callback, OnResult(_, _)).Times(Exactly(1)); auto testCallback = std::make_shared(callback); - AccountIAMClient::GetInstance().Auth(TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); + AuthOptions authOptions; + AccountIAMClient::GetInstance().Auth(authOptions, + TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback); std::unique_lock lock(testCallback->mutex); testCallback->cv.wait_for( lock, std::chrono::seconds(WAIT_TIME), [lockCallback = testCallback]() { return lockCallback->isReady; }); diff --git a/frameworks/account_iam/test/unittest/src/account_iam_mgr_proxy_test.cpp b/frameworks/account_iam/test/unittest/src/account_iam_mgr_proxy_test.cpp index 46c85a111..a0ec0e7e6 100644 --- a/frameworks/account_iam/test/unittest/src/account_iam_mgr_proxy_test.cpp +++ b/frameworks/account_iam/test/unittest/src/account_iam_mgr_proxy_test.cpp @@ -85,7 +85,8 @@ HWTEST_F(AccountIAMMgrProxyTest, AccountIAMMgrProxy001, TestSize.Level0) std::vector challenge; CredentialParameters credInfo; const std::vector authToken = {0, 0}; - AuthParam authParam; + AccountSA::AuthParam authParam; + authParam.userId = TEST_USER_ID; uint64_t contextId; GetPropertyRequest g_request; SetPropertyRequest s_request; @@ -103,7 +104,7 @@ HWTEST_F(AccountIAMMgrProxyTest, AccountIAMMgrProxy001, TestSize.Level0) int32_t ret = accountIAMMgrProxy->GetCredentialInfo(TEST_USER_ID, AuthType::ALL, nullptr); EXPECT_EQ(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, ret); - ret = accountIAMMgrProxy->AuthUser(TEST_USER_ID, authParam, nullptr, contextId); + ret = accountIAMMgrProxy->AuthUser(authParam, nullptr, contextId); EXPECT_EQ(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, ret); } } // namespace AccountTest diff --git a/frameworks/common/include/accountmgr_service_ipc_interface_code.h b/frameworks/common/include/accountmgr_service_ipc_interface_code.h index 8809c24ca..d721341a0 100644 --- a/frameworks/common/include/accountmgr_service_ipc_interface_code.h +++ b/frameworks/common/include/accountmgr_service_ipc_interface_code.h @@ -159,6 +159,7 @@ enum class AccountIAMInterfaceCode : uint32_t { DEL_CRED, DEL_USER, GET_CREDENTIAL_INFO, + PREPARE_REMOTE_AUTH, AUTH_USER, CANCEL_AUTH, GET_AVAILABLE_STATUS, @@ -263,6 +264,10 @@ enum class GetSetPropCallbackInterfaceCode : uint32_t { enum class GetEnrolledIdCallbackInterfaceCode : uint32_t { ON_ENROLLED_ID = 0, }; + +enum class PreRemoteAuthCallbackInterfaceCode : uint32_t { + ON_RESULT = 0, +}; } // namespace AccountSA } // namespace OHOS #endif // OS_ACCOUNT_FRAMEWORK_ACCOUNTMGR_SERVICE_IPC_INTERFACE_CODE_H diff --git a/frameworks/test/unittest/account_iam_proxy_mock_test.cpp b/frameworks/test/unittest/account_iam_proxy_mock_test.cpp index 82f35adba..3f6d65052 100644 --- a/frameworks/test/unittest/account_iam_proxy_mock_test.cpp +++ b/frameworks/test/unittest/account_iam_proxy_mock_test.cpp @@ -194,8 +194,10 @@ HWTEST_F(AccountIAMProxyMockTest, AccountIAMClient_AuthUser_0100, TestSize.Level SetPropertyRequest testRequest = {}; auto testCallback = std::make_shared(); ASSERT_NE(testCallback, nullptr); + AuthOptions authOptions; + authOptions.accountId = TEST_USER_ID; ASSERT_EQ(static_cast(0), AccountIAMClient::GetInstance().AuthUser( - TEST_USER_ID, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback)); + authOptions, TEST_CHALLENGE, AuthType::PIN, AuthTrustLevel::ATL1, testCallback)); } /** diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_callback_service.h b/interfaces/innerkits/account_iam/native/include/account_iam_callback_service.h index 9fec5d4ec..03a21f514 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_callback_service.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_callback_service.h @@ -66,6 +66,16 @@ private: DISALLOW_COPY_AND_MOVE(GetEnrolledIdCallbackService); }; +class PreRemoteAuthCallbackService : public PreRemoteAuthCallbackStub { +public: + explicit PreRemoteAuthCallbackService(const std::shared_ptr &callback); + void OnResult(int32_t result) override; + +private: + std::shared_ptr callback_; + DISALLOW_COPY_AND_MOVE(PreRemoteAuthCallbackService); +}; + class DomainAuthCallbackAdapter final : public DomainAccountCallback { public: explicit DomainAuthCallbackAdapter(const std::shared_ptr &callback); @@ -104,7 +114,8 @@ public: IAMInputer(int32_t userId, const std::shared_ptr &inputer); virtual ~IAMInputer(); - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override; + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override; void ResetInnerInputer(const std::shared_ptr &inputer); private: int32_t userId_; diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_callback_stub.h b/interfaces/innerkits/account_iam/native/include/account_iam_callback_stub.h index c59eb0388..db5fd1cf5 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_callback_stub.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_callback_stub.h @@ -62,6 +62,16 @@ public: private: ErrCode ProcOnEnrolledId(MessageParcel &data, MessageParcel &reply); }; + +class PreRemoteAuthCallbackStub : public IRemoteStub { +public: + PreRemoteAuthCallbackStub() {}; + int OnRemoteRequest( + uint32_t code, MessageParcel &data, MessageParcel &reply, MessageOption &option) override; + +private: + ErrCode ProcOnResult(MessageParcel &data, MessageParcel &reply); +}; } // namespace AccountSA } // namespace OHOS #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_STUB_H \ No newline at end of file diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_client.h b/interfaces/innerkits/account_iam/native/include/account_iam_client.h index 718d511c5..e6b23e9aa 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_client.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_client.h @@ -133,28 +133,39 @@ public: int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr &callback); /** - * @brief Executes user authentication. + * @brief Prepare remote auth. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL - * @param challenge - Indicates the challenge value. - * @param authType - Indicates the authentication type. - * @param authTrustLevel - Indicates the trust level of authentication result. - * @param callback - Indicates the callback to get result and acquireInfo. - * @return a context ID for cancellation. + * @param remoteNetworkId - Indicates the remote network id. + * @param callback - Indicates the callback for getting result. + * @return error code, see account_error_no.h */ - uint64_t Auth(const std::vector &challenge, AuthType authType, AuthTrustLevel authTrustLevel, - const std::shared_ptr &callback); + int32_t PrepareRemoteAuth( + const std::string &remoteNetworkId, const std::shared_ptr &callback); /** * @brief Executes user authentication. * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL - * @param userId - Indicates the user identification. + * @param authOptions - Indicates the AuthOptions. * @param challenge - Indicates the challenge value. * @param authType - Indicates the authentication type. * @param authTrustLevel - Indicates the trust level of authentication result. * @param callback - Indicates the callback to get result and acquireInfo. * @return a context ID for cancellation. */ - uint64_t AuthUser(int32_t userId, const std::vector &challenge, AuthType authType, + uint64_t Auth(AuthOptions& authOptions, const std::vector &challenge, AuthType authType, + AuthTrustLevel authTrustLevel, const std::shared_ptr &callback); + + /** + * @brief Executes user authentication. + * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL + * @param authOptions - Indicates the AuthOptions. + * @param challenge - Indicates the challenge value. + * @param authType - Indicates the authentication type. + * @param authTrustLevel - Indicates the trust level of authentication result. + * @param callback - Indicates the callback to get result and acquireInfo. + * @return a context ID for cancellation. + */ + uint64_t AuthUser(AuthOptions &authOptions, const std::vector &challenge, AuthType authType, AuthTrustLevel authTrustLevel, const std::shared_ptr &callback); /** diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_client_callback.h b/interfaces/innerkits/account_iam/native/include/account_iam_client_callback.h index 5c2f3ec2a..22ee90a39 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_client_callback.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_client_callback.h @@ -40,6 +40,11 @@ class GetEnrolledIdCallback { public: virtual void OnEnrolledId(int32_t result, uint64_t enrolledId) = 0; }; + +class PreRemoteAuthCallback { +public: + virtual void OnResult(int32_t result) = 0; +}; } // namespace AccountSA } // namespace OHOS #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_CALLBACK_H diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_info.h b/interfaces/innerkits/account_iam/native/include/account_iam_info.h index a2d3402b9..32dc3c093 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_info.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_info.h @@ -51,6 +51,7 @@ typedef UserIam::UserAuth::CredentialParameters CredentialParameters; typedef UserIam::UserAuth::CredentialInfo CredentialInfo; typedef UserIam::UserAuth::GetSecUserInfoCallback GetSecUserInfoCallback; typedef UserIam::UserAuth::GetCredentialInfoCallback GetCredentialInfoCallback; +typedef UserIam::UserAuth::PrepareRemoteAuthCallback PrepareRemoteAuthCallback; enum IAMAuthType { DOMAIN = 1024, @@ -81,10 +82,41 @@ struct CredentialItem { std::vector credential; }; +enum AuthIntent : int32_t { + DEFAULT = 0, + UNLOCK = 1, + INIT = 2, +}; + +struct RemoteAuthParam { + std::optional verifierNetworkId; + std::optional collectorNetworkId; + std::optional collectorTokenId; +}; + struct AuthParam { + int32_t userId = 0; std::vector challenge; AuthType authType; AuthTrustLevel authTrustLevel; + AuthIntent authIntent = AuthIntent::DEFAULT; + std::optional remoteAuthParam; +}; + +struct RemoteAuthOptions { + std::string verifierNetworkId; + std::string collectorNetworkId; + uint32_t collectorTokenId; + bool hasVerifierNetworkId = false; + bool hasCollectorNetworkId = false; + bool hasCollectorTokenId = false; +}; + +struct AuthOptions { + int32_t accountId = 0; + AuthIntent authIntent = AuthIntent::DEFAULT; + RemoteAuthOptions remoteAuthOptions; + bool hasRemoteAuthOptions = false; }; } // namespace AccountSA } // namespace OHOS diff --git a/interfaces/innerkits/account_iam/native/include/account_iam_mgr_proxy.h b/interfaces/innerkits/account_iam/native/include/account_iam_mgr_proxy.h index 65f6daad4..8708da5b4 100644 --- a/interfaces/innerkits/account_iam/native/include/account_iam_mgr_proxy.h +++ b/interfaces/innerkits/account_iam/native/include/account_iam_mgr_proxy.h @@ -40,8 +40,9 @@ public: void DelUser(int32_t userId, const std::vector &authToken, const sptr &callback) override; int32_t GetCredentialInfo( int32_t userId, AuthType authType, const sptr &callback) override; - int32_t AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) override; + int32_t PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) override; + int32_t AuthUser(AuthParam &authParam, const sptr &callback, uint64_t &contextId) override; int32_t CancelAuth(uint64_t contextId) override; int32_t GetAvailableStatus(const AuthType authType, const AuthTrustLevel authTrustLevel, int32_t &status) override; void GetProperty( @@ -56,6 +57,8 @@ private: void AddOrUpdateCredential(int32_t userId, const CredentialParameters &credInfo, const sptr &callback, bool isAdd); bool WriteCommonData(MessageParcel &data, int32_t userId); + bool WriteAuthParam(MessageParcel &data, const AuthParam &authParam); + bool WriteRemoteAuthParam(MessageParcel &data, const std::optional &remoteAuthParam); private: static inline BrokerDelegator delegator_; diff --git a/interfaces/innerkits/account_iam/native/include/iaccount_iam.h b/interfaces/innerkits/account_iam/native/include/iaccount_iam.h index 2a8324991..30b302ca4 100644 --- a/interfaces/innerkits/account_iam/native/include/iaccount_iam.h +++ b/interfaces/innerkits/account_iam/native/include/iaccount_iam.h @@ -41,8 +41,9 @@ public: int32_t userId, const std::vector &authToken, const sptr &callback) = 0; virtual int32_t GetCredentialInfo( int32_t userId, AuthType authType, const sptr &callback) = 0; - virtual int32_t AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) = 0; + virtual int32_t PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) = 0; + virtual int32_t AuthUser(AuthParam &authParam, const sptr &callback, uint64_t &contextId) = 0; virtual int32_t CancelAuth(uint64_t contextId) = 0; virtual int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status) = 0; virtual void GetProperty( diff --git a/interfaces/innerkits/account_iam/native/include/iaccount_iam_callback.h b/interfaces/innerkits/account_iam/native/include/iaccount_iam_callback.h index 7a551bded..b03600dfb 100644 --- a/interfaces/innerkits/account_iam/native/include/iaccount_iam_callback.h +++ b/interfaces/innerkits/account_iam/native/include/iaccount_iam_callback.h @@ -47,6 +47,12 @@ public: DECLARE_INTERFACE_DESCRIPTOR(u"ohos.accountfwk.IGetEnrolledIdCallback"); virtual void OnEnrolledId(int32_t result, uint64_t enrolledId) = 0; }; + +class IPreRemoteAuthCallback : public IRemoteBroker { +public: + DECLARE_INTERFACE_DESCRIPTOR(u"ohos.accountfwk.IPreRemoteAuthCallback"); + virtual void OnResult(int32_t result) = 0; +}; } // namespace AccountSA } // OHOS #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CALLBACK_H diff --git a/interfaces/kits/napi/account_iam/include/napi_account_iam_common.h b/interfaces/kits/napi/account_iam/include/napi_account_iam_common.h index bf1773c68..8c89367ec 100644 --- a/interfaces/kits/napi/account_iam/include/napi_account_iam_common.h +++ b/interfaces/kits/napi/account_iam/include/napi_account_iam_common.h @@ -39,6 +39,7 @@ constexpr size_t PARAM_ONE = 1; constexpr size_t PARAM_TWO = 2; constexpr size_t PARAM_THREE = 3; constexpr size_t PARAM_FOUR = 4; +constexpr size_t PARAM_FIVE = 5; int32_t AccountIAMConvertToJSErrCode(int32_t errCode); @@ -84,9 +85,30 @@ struct AuthContext { int32_t trustLevel = -1; bool throwErr = true; std::vector challenge; + AccountSA::AuthOptions authOptions; std::shared_ptr callback; }; +struct PrepareRemoteAuthContext : public CommonAsyncContext { + explicit PrepareRemoteAuthContext(napi_env napiEnv) : CommonAsyncContext(napiEnv) {}; + int32_t result = 0; + std::string remoteNetworkId; +}; + +class NapiPrepareRemoteAuthCallback : public AccountSA::PreRemoteAuthCallback { +public: + explicit NapiPrepareRemoteAuthCallback(napi_env env, napi_ref callbackRef, napi_deferred deferred); + virtual ~NapiPrepareRemoteAuthCallback(); + + void OnResult(int32_t result) override; + +private: + napi_env env_ = nullptr; + napi_ref callbackRef_ = nullptr; + napi_deferred deferred_ = nullptr; + std::mutex mutex_; +}; + struct IDMContext : public CommonAsyncContext { IDMContext(napi_env napiEnv) : CommonAsyncContext(napiEnv) {}; bool throwErr = true; @@ -214,6 +236,7 @@ private: #ifdef HAS_PIN_AUTH_PART struct InputerContext : public CommonAsyncContext { int32_t authSubType = -1; + std::vector challenge; std::shared_ptr inputerData = nullptr; std::shared_ptr callback; }; @@ -223,7 +246,8 @@ public: NapiGetDataCallback(napi_env env, const std::shared_ptr &callback); virtual ~NapiGetDataCallback(); - void OnGetData(int32_t authSubType, const std::shared_ptr inputerData) override; + void OnGetData(int32_t authSubType, std::vector challenge, + const std::shared_ptr inputerData) override; private: napi_env env_; diff --git a/interfaces/kits/napi/account_iam/include/napi_account_iam_user_auth.h b/interfaces/kits/napi/account_iam/include/napi_account_iam_user_auth.h index 6ef479360..22e4613e4 100644 --- a/interfaces/kits/napi/account_iam/include/napi_account_iam_user_auth.h +++ b/interfaces/kits/napi/account_iam/include/napi_account_iam_user_auth.h @@ -34,6 +34,7 @@ private: static napi_value Auth(napi_env env, napi_callback_info info); static napi_value AuthUser(napi_env env, napi_callback_info info); static napi_value CancelAuth(napi_env env, napi_callback_info info); + static napi_value PrepareRemoteAuth(napi_env env, napi_callback_info info); }; } // namespace AccountJsKit } // namespace OHOS diff --git a/interfaces/kits/napi/account_iam/src/napi_account_iam_common.cpp b/interfaces/kits/napi/account_iam/src/napi_account_iam_common.cpp index 4a3a267f1..e63dffab9 100644 --- a/interfaces/kits/napi/account_iam/src/napi_account_iam_common.cpp +++ b/interfaces/kits/napi/account_iam/src/napi_account_iam_common.cpp @@ -761,6 +761,74 @@ NapiSetPropCallback::~NapiSetPropCallback() deferred_ = nullptr; } +NapiPrepareRemoteAuthCallback::NapiPrepareRemoteAuthCallback(napi_env env, napi_ref callbackRef, napi_deferred deferred) + : env_(env), callbackRef_(callbackRef), deferred_(deferred) +{} + +NapiPrepareRemoteAuthCallback::~NapiPrepareRemoteAuthCallback() +{ + if (callbackRef_ != nullptr) { + ReleaseNapiRefAsync(env_, callbackRef_); + callbackRef_ = nullptr; + } + deferred_ = nullptr; +} + +static void OnPrepareRemoteAuthWork(uv_work_t* work, int status) +{ + std::unique_ptr workPtr(work); + napi_handle_scope scope = nullptr; + if (!InitUvWorkCallbackEnv(work, scope)) { + return; + } + std::unique_ptr context(reinterpret_cast(work->data)); + napi_env env = context->env; + napi_value errJs = nullptr; + napi_value dataJs = nullptr; + context->errCode = context->result; + if (context->result != ERR_OK) { + int32_t jsErrCode = AccountIAMConvertToJSErrCode(context->result); + errJs = GenerateBusinessError(env, jsErrCode, ConvertToJsErrMsg(jsErrCode)); + napi_get_null(env, &dataJs); + } else { + napi_get_null(env, &errJs); + napi_get_null(env, &dataJs); + } + CallbackAsyncOrPromise(env, context.get(), errJs, dataJs); + napi_close_handle_scope(env, scope); +} + +void NapiPrepareRemoteAuthCallback::OnResult(int32_t result) +{ + std::lock_guard lock(mutex_); + if ((callbackRef_ == nullptr) && (deferred_ == nullptr)) { + return; + } + std::unique_ptr work = std::make_unique(); + std::unique_ptr context = std::make_unique(env_); + uv_loop_s *loop = nullptr; + napi_get_uv_event_loop(env_, &loop); + if (loop == nullptr || work == nullptr || context == nullptr) { + ACCOUNT_LOGE("Nullptr fail."); + return; + } + context->deferred = deferred_; + context->errCode = ERR_OK; + context->result = result; + work->data = reinterpret_cast(context.get()); + ErrCode ret = uv_queue_work_with_qos( + loop, work.get(), [] (uv_work_t *work) {}, OnPrepareRemoteAuthWork, uv_qos_user_initiated); + if (ret != ERR_OK) { + context->callbackRef = nullptr; + ACCOUNT_LOGE("Create uv work failed."); + return; + } + ACCOUNT_LOGI("Create prepare remote auth work finish."); + deferred_ = nullptr; + work.release(); + context.release(); +} + static void OnSetPropertyWork(uv_work_t* work, int status) { std::unique_ptr workPtr(work); @@ -928,10 +996,18 @@ static void OnGetDataWork(uv_work_t* work, int status) return; } std::unique_ptr context(reinterpret_cast(work->data)); - napi_value argv[ARG_SIZE_TWO] = {0}; + napi_value argv[ARG_SIZE_THREE] = {0}; napi_create_int32(context->env, context->authSubType, &argv[PARAM_ZERO]); GetInputerInstance(context.get(), &argv[PARAM_ONE]); - NapiCallVoidFunction(context->env, argv, ARG_SIZE_TWO, context->callback->callbackRef); + + napi_create_object(context->env, &argv[PARAM_TWO]); + if (!(context->challenge.empty())) { + napi_value dataJs = nullptr; + dataJs = CreateUint8Array(context->env, context->challenge.data(), context->challenge.size()); + napi_set_named_property(context->env, argv[PARAM_TWO], "challenge", dataJs); + } + + NapiCallVoidFunction(context->env, argv, ARG_SIZE_THREE, context->callback->callbackRef); } NapiGetDataCallback::NapiGetDataCallback(napi_env env, const std::shared_ptr &callback) @@ -941,7 +1017,8 @@ NapiGetDataCallback::NapiGetDataCallback(napi_env env, const std::shared_ptr inputerData) +void NapiGetDataCallback::OnGetData(int32_t authSubType, std::vector challenge, + const std::shared_ptr inputerData) { if (callback_ == nullptr) { ACCOUNT_LOGE("the onGetData function is undefined"); @@ -958,6 +1035,7 @@ void NapiGetDataCallback::OnGetData(int32_t authSubType, const std::shared_ptrenv = env_; context->callback = callback_; context->authSubType = authSubType; + context->challenge = challenge; context->inputerData = inputerData; work->data = reinterpret_cast(context.get()); int errCode = uv_queue_work_with_qos( diff --git a/interfaces/kits/napi/account_iam/src/napi_account_iam_constant.cpp b/interfaces/kits/napi/account_iam/src/napi_account_iam_constant.cpp index 7a842d82c..368611d0b 100644 --- a/interfaces/kits/napi/account_iam/src/napi_account_iam_constant.cpp +++ b/interfaces/kits/napi/account_iam/src/napi_account_iam_constant.cpp @@ -272,6 +272,16 @@ napi_value FingerprintTipsConstructorForInnerkits(napi_env env) return fingerprintTips; } +napi_value AuthIntentConstructorForInnerkits(napi_env env) +{ + napi_value authIntent = nullptr; + napi_value unlock = nullptr; + NAPI_CALL(env, napi_create_object(env, &authIntent)); + NAPI_CALL(env, napi_create_int32(env, static_cast(AuthIntent::UNLOCK), &unlock)); + NAPI_CALL(env, napi_set_named_property(env, authIntent, "UNLOCK", unlock)); + return authIntent; +} + napi_value NapiAccountIAMConstant::Init(napi_env env, napi_value exports) { napi_property_descriptor descriptors[] = { @@ -285,6 +295,7 @@ napi_value NapiAccountIAMConstant::Init(napi_env env, napi_value exports) DECLARE_NAPI_PROPERTY("ResultCode", ResultCodeConstructor(env)), DECLARE_NAPI_PROPERTY("FaceTipsCode", FaceTipsCodeConstructor(env)), DECLARE_NAPI_PROPERTY("FingerprintTips", FingerprintTipsConstructorForInnerkits(env)), + DECLARE_NAPI_PROPERTY("AuthIntent", AuthIntentConstructorForInnerkits(env)), }; napi_define_properties(env, exports, sizeof(descriptors) / sizeof(napi_property_descriptor), descriptors); return exports; diff --git a/interfaces/kits/napi/account_iam/src/napi_account_iam_user_auth.cpp b/interfaces/kits/napi/account_iam/src/napi_account_iam_user_auth.cpp index b629d5702..387e620b9 100644 --- a/interfaces/kits/napi/account_iam/src/napi_account_iam_user_auth.cpp +++ b/interfaces/kits/napi/account_iam/src/napi_account_iam_user_auth.cpp @@ -36,6 +36,7 @@ napi_value NapiAccountIAMUserAuth::Init(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("auth", Auth), DECLARE_NAPI_FUNCTION("authUser", AuthUser), DECLARE_NAPI_FUNCTION("cancelAuth", CancelAuth), + DECLARE_NAPI_FUNCTION("prepareRemoteAuth", PrepareRemoteAuth), }; NAPI_CALL(env, napi_define_class(env, "UserAuth", NAPI_AUTO_LENGTH, JsConstructor, nullptr, sizeof(clzDes) / sizeof(napi_property_descriptor), clzDes, &cons)); @@ -211,10 +212,86 @@ napi_value NapiAccountIAMUserAuth::SetProperty(napi_env env, napi_callback_info return result; } +static bool ParseContextForRemoteAuthOptions(napi_env env, napi_value jsOptions, RemoteAuthOptions &remoteAuthOptions) +{ + napi_valuetype valueType = napi_undefined; + napi_typeof(env, jsOptions, &valueType); + if (valueType != napi_object) { + ACCOUNT_LOGE("Invalid object."); + return false; + } + if (IsOptionalPropertyExist(env, jsOptions, "verifierNetworkId")) { + remoteAuthOptions.hasVerifierNetworkId = true; + if (!GetOptionalStringPropertyByKey( + env, jsOptions, "verifierNetworkId", remoteAuthOptions.verifierNetworkId)) { + ACCOUNT_LOGE("Get remoteAuthOptions's verifierNetworkId failed."); + return false; + } + } + if (IsOptionalPropertyExist(env, jsOptions, "collectorNetworkId")) { + remoteAuthOptions.hasCollectorNetworkId = true; + if (!GetOptionalStringPropertyByKey( + env, jsOptions, "collectorNetworkId", remoteAuthOptions.collectorNetworkId)) { + ACCOUNT_LOGE("Get remoteAuthOptions's collectorNetworkId failed."); + return false; + } + } + if (IsOptionalPropertyExist(env, jsOptions, "collectorTokenId")) { + remoteAuthOptions.hasCollectorTokenId = true; + int32_t tokenId = 0; + if (!GetOptionalNumberPropertyByKey(env, jsOptions, "collectorTokenId", tokenId)) { + ACCOUNT_LOGE("Get remoteAuthOptions's collectorTokenId failed."); + return false; + } + remoteAuthOptions.collectorTokenId = static_cast(tokenId); + } + return true; +} + +static bool ParseContextForAuthOptions(napi_env env, napi_value jsOptions, AuthOptions &authOptions) +{ + napi_valuetype valueType = napi_undefined; + napi_typeof(env, jsOptions, &valueType); + if (valueType != napi_object) { + ACCOUNT_LOGE("Invalid object."); + return false; + } + if (IsOptionalPropertyExist(env, jsOptions, "accountId")) { + if (!GetOptionalNumberPropertyByKey(env, jsOptions, "accountId", authOptions.accountId)) { + ACCOUNT_LOGE("Get authOptions's accountId failed."); + return false; + } + } + if (IsOptionalPropertyExist(env, jsOptions, "authIntent")) { + int32_t authIntent = 0; + if (!GetOptionalNumberPropertyByKey(env, jsOptions, "authIntent", authIntent)) { + ACCOUNT_LOGE("Get authOptions's authIntent failed."); + return false; + } + authOptions.authIntent = static_cast(authIntent); + } + if (IsOptionalPropertyExist(env, jsOptions, "remoteAuthOptions")) { + napi_value value = nullptr; + NAPI_CALL_BASE(env, napi_get_named_property(env, jsOptions, "remoteAuthOptions", &value), false); + valueType = napi_undefined; + NAPI_CALL_BASE(env, napi_typeof(env, value, &valueType), false); + if (valueType != napi_object) { + ACCOUNT_LOGE("Invalid object."); + return false; + } + authOptions.hasRemoteAuthOptions = true; + if (!ParseContextForRemoteAuthOptions(env, value, authOptions.remoteAuthOptions)) { + ACCOUNT_LOGE("Parse authOptions failed."); + return false; + } + } + return true; +} + static napi_status ParseContextForAuth(napi_env env, napi_value *argv, size_t argc, AuthContext &context) { - if (argc != ARG_SIZE_FOUR) { - ACCOUNT_LOGE("the number of parameter is incorrect, expect 4, but got %{public}zu", argc); + if (argc != ARG_SIZE_FOUR && argc != ARG_SIZE_FIVE) { + ACCOUNT_LOGE("the number of parameter is incorrect, expect 4 or 5, but got %{public}zu", argc); return napi_invalid_arg; } size_t index = 0; @@ -236,6 +313,12 @@ static napi_status ParseContextForAuth(napi_env env, napi_value *argv, size_t ar AccountNapiThrow(env, ERR_JS_PARAMETER_ERROR, errMsg, true); return napi_invalid_arg; } + if (argc == PARAM_FIVE) { + if (!ParseContextForAuthOptions(env, argv[index++], context.authOptions)) { + ACCOUNT_LOGE("fail to parse authOptions"); + return napi_invalid_arg; + } + } std::shared_ptr jsCallback = std::make_shared(env); if (ParseIAMCallback(env, argv[index++], jsCallback) != napi_ok) { ACCOUNT_LOGE("fail to parse callback"); @@ -266,8 +349,8 @@ static napi_status ParseContextForAuthUser(napi_env env, napi_value *argv, size_ napi_value NapiAccountIAMUserAuth::Auth(napi_env env, napi_callback_info info) { - size_t argc = ARG_SIZE_FOUR; - napi_value argv[ARG_SIZE_FOUR] = {0}; + size_t argc = ARG_SIZE_FIVE; + napi_value argv[ARG_SIZE_FIVE] = {0}; napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr); if (argc < ARG_SIZE_FOUR) { ACCOUNT_LOGE("the number of parameter is incorrect, expect 4, but got %{public}zu", argc); @@ -279,7 +362,7 @@ napi_value NapiAccountIAMUserAuth::Auth(napi_env env, napi_callback_info info) if (ParseContextForAuth(env, argv, argc, context) == napi_invalid_arg) { return nullptr; } - uint64_t contextId = AccountIAMClient::GetInstance().Auth(context.challenge, + uint64_t contextId = AccountIAMClient::GetInstance().Auth(context.authOptions, context.challenge, static_cast(context.authType), static_cast(context.trustLevel), context.callback); return CreateUint8Array(env, reinterpret_cast(&contextId), sizeof(uint64_t)); } @@ -293,7 +376,9 @@ napi_value NapiAccountIAMUserAuth::AuthUser(napi_env env, napi_callback_info inf if (ParseContextForAuthUser(env, argv, argc, context) == napi_invalid_arg) { return nullptr; } - uint64_t contextId = AccountIAMClient::GetInstance().AuthUser(context.userId, context.challenge, + context.authOptions.accountId = context.userId; + + uint64_t contextId = AccountIAMClient::GetInstance().AuthUser(context.authOptions, context.challenge, static_cast(context.authType), static_cast(context.trustLevel), context.callback); return CreateUint8Array(env, reinterpret_cast(&contextId), sizeof(uint64_t)); } @@ -325,5 +410,66 @@ napi_value NapiAccountIAMUserAuth::CancelAuth(napi_env env, napi_callback_info i AccountIAMNapiThrow(env, AccountIAMConvertToJSErrCode(result), true); return nullptr; } + +static napi_status ParseContextForPrepareRemoteAuth( + napi_env env, napi_callback_info info, PrepareRemoteAuthContext *context, napi_value *result) +{ + size_t argc = ARG_SIZE_ONE; + napi_value argv[ARG_SIZE_ONE] = {0}; + NAPI_CALL_BASE(env, napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr), napi_generic_failure); + if (argc < ARG_SIZE_ONE) { + ACCOUNT_LOGE("Parse parameters failed, expect at least one parameter, but got %zu.", argc); + std::string errMsg = "Parameter error. The arg number must be at least 1 characters"; + AccountNapiThrow(env, ERR_JS_PARAMETER_ERROR, errMsg, true); + return napi_generic_failure; + } + if (!GetStringProperty(env, argv[0], context->remoteNetworkId)) { + ACCOUNT_LOGE("Get remoteNetworkId failed"); + std::string errMsg = "Parameter error. The type of remoteNetworkId must be string"; + AccountNapiThrow(env, ERR_JS_PARAMETER_ERROR, errMsg, true); + return napi_generic_failure; + } + NAPI_CALL_BASE(env, napi_create_promise(env, &context->deferred, result), napi_generic_failure); + + return napi_ok; +} + +napi_value NapiAccountIAMUserAuth::PrepareRemoteAuth(napi_env env, napi_callback_info info) +{ + napi_value result = nullptr; + PrepareRemoteAuthContext *context = new (std::nothrow) PrepareRemoteAuthContext(env); + if (context == nullptr) { + ACCOUNT_LOGE("Create PrepareRemoteAuthContext failed."); + return result; + } + std::unique_ptr contextPtr(context); + + if (ParseContextForPrepareRemoteAuth(env, info, context, &result) != napi_ok) { + return nullptr; + } + + napi_value resourceName = nullptr; + NAPI_CALL(env, napi_create_string_utf8(env, "PrepareRemoteAuth", NAPI_AUTO_LENGTH, &resourceName)); + NAPI_CALL(env, napi_create_async_work(env, nullptr, resourceName, + [](napi_env env, void *data) { + if (data == nullptr) { + ACCOUNT_LOGE("PrepareRemoteAuth work data is nullptr."); + return; + } + PrepareRemoteAuthContext *context = reinterpret_cast(data); + auto prepareRemoteAuthCallback = std::make_shared( + context->env, context->callbackRef, context->deferred); + context->callbackRef = nullptr; + context->result = AccountIAMClient::GetInstance().PrepareRemoteAuth( + context->remoteNetworkId, prepareRemoteAuthCallback); + }, + [](napi_env env, napi_status status, void *data) { + delete reinterpret_cast(data); + }, + reinterpret_cast(context), &context->work)); + NAPI_CALL(env, napi_queue_async_work_with_qos(env, context->work, napi_qos_user_initiated)); + contextPtr.release(); + return result; +} } // namespace AccountJsKit } // namespace OHOS diff --git a/services/accountmgr/include/account_iam/account_iam_callback.h b/services/accountmgr/include/account_iam/account_iam_callback.h index 2ef01a2dc..7aa345598 100644 --- a/services/accountmgr/include/account_iam/account_iam_callback.h +++ b/services/accountmgr/include/account_iam/account_iam_callback.h @@ -178,6 +178,17 @@ private: sptr innerCallback_; }; +class PrepareRemoteAuthCallbackWrapper : public PrepareRemoteAuthCallback { +public: + PrepareRemoteAuthCallbackWrapper(const sptr &callback); + virtual ~PrepareRemoteAuthCallbackWrapper() = default; + + void OnResult(int32_t result) override; + +private: + sptr innerCallback_; +}; + class GetDomainAuthStatusInfoCallback final : public DomainAccountCallback { public: GetDomainAuthStatusInfoCallback(const GetPropertyRequest &request, const sptr &callback); diff --git a/services/accountmgr/include/account_iam/account_iam_client_callback_proxy.h b/services/accountmgr/include/account_iam/account_iam_client_callback_proxy.h index bc2ef4b9e..a2cbb378a 100644 --- a/services/accountmgr/include/account_iam/account_iam_client_callback_proxy.h +++ b/services/accountmgr/include/account_iam/account_iam_client_callback_proxy.h @@ -71,6 +71,18 @@ private: private: static inline BrokerDelegator delegator_; }; + +class PreRemoteAuthCallbackProxy : public IRemoteProxy { +public: + explicit PreRemoteAuthCallbackProxy(const sptr &object); + void OnResult(int32_t result) override; + +private: + ErrCode SendRequest(PreRemoteAuthCallbackInterfaceCode code, MessageParcel &data, MessageParcel &reply); + +private: + static inline BrokerDelegator delegator_; +}; } // namespace AccountSA } // namespace OHOS #endif // OS_ACCOUNT_SERVICES_ACCOUNTMGR_INCLUDE_ACCOUNT_IAM_CLIENT_CALLBACK_PROXY_H diff --git a/services/accountmgr/include/account_iam/account_iam_mgr_stub.h b/services/accountmgr/include/account_iam/account_iam_mgr_stub.h index c25e9db15..b24e80f91 100644 --- a/services/accountmgr/include/account_iam/account_iam_mgr_stub.h +++ b/services/accountmgr/include/account_iam/account_iam_mgr_stub.h @@ -46,6 +46,7 @@ public: ErrCode ProcDelUser(MessageParcel &data, MessageParcel &reply); ErrCode ProcCancel(MessageParcel &data, MessageParcel &reply); ErrCode ProcGetCredentialInfo(MessageParcel &data, MessageParcel &reply); + ErrCode ProcPrepareRemoteAuth(MessageParcel &data, MessageParcel &reply); ErrCode ProcAuthUser(MessageParcel &data, MessageParcel &reply); ErrCode ProcCancelAuth(MessageParcel &data, MessageParcel &reply); ErrCode ProcGetAvailableStatus(MessageParcel &data, MessageParcel &reply); @@ -54,6 +55,8 @@ public: ErrCode ProcGetEnrolledId(MessageParcel &data, MessageParcel &reply); ErrCode ProcGetAccountState(MessageParcel &data, MessageParcel &reply); ErrCode ReadUserIdAndAuthType(MessageParcel &data, int32_t &userId, int32_t &authType); + ErrCode ReadAuthParam(MessageParcel &data, AuthParam &authParam); + ErrCode ReadRemoteAuthParam(MessageParcel &data, std::optional &remoteAuthParam); ErrCode AddOrUpdateCredential(MessageParcel &data, MessageParcel &reply, bool isAdd = true); bool CheckPermission(const std::string &permission); diff --git a/services/accountmgr/include/account_iam/account_iam_service.h b/services/accountmgr/include/account_iam/account_iam_service.h index 2af11fd78..e42b0d5db 100644 --- a/services/accountmgr/include/account_iam/account_iam_service.h +++ b/services/accountmgr/include/account_iam/account_iam_service.h @@ -39,8 +39,9 @@ public: void DelUser(int32_t userId, const std::vector &authToken, const sptr &callback) override; int32_t GetCredentialInfo( int32_t userId, AuthType authType, const sptr &callback) override; - int32_t AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) override; + int32_t PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) override; + int32_t AuthUser(AuthParam &authParam, const sptr &callback, uint64_t &contextId) override; int32_t CancelAuth(uint64_t contextId) override; int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status) override; void GetProperty( diff --git a/services/accountmgr/include/account_iam/inner_account_iam_manager.h b/services/accountmgr/include/account_iam/inner_account_iam_manager.h index e63c4eaf4..e9583cd7c 100644 --- a/services/accountmgr/include/account_iam/inner_account_iam_manager.h +++ b/services/accountmgr/include/account_iam/inner_account_iam_manager.h @@ -54,8 +54,9 @@ public: void GetCredentialInfo( int32_t userId, AuthType authType, const sptr &callback); int32_t Cancel(int32_t userId); - int32_t AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId); + int32_t PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback); + int32_t AuthUser(AuthParam &authParam, const sptr &callback, uint64_t &contextId); int32_t CancelAuth(uint64_t contextId); int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status); void GetProperty( @@ -84,6 +85,7 @@ private: ErrCode GetStorageManagerProxy(); ErrCode GetDomainAuthStatusInfo( int32_t userId, const GetPropertyRequest &request, const sptr &callback); + void CopyAuthParam(const AuthParam &authParam, UserIam::UserAuth::AuthParam &iamAuthParam); private: std::mutex mutex_; diff --git a/services/accountmgr/src/account_iam/account_iam_callback.cpp b/services/accountmgr/src/account_iam/account_iam_callback.cpp index 4bbec215f..a8eeee30b 100644 --- a/services/accountmgr/src/account_iam/account_iam_callback.cpp +++ b/services/accountmgr/src/account_iam/account_iam_callback.cpp @@ -398,6 +398,22 @@ void GetSecUserInfoCallbackWrapper::OnSecUserInfo(const SecUserInfo &info) return innerCallback_->OnEnrolledId(ERR_IAM_NOT_ENROLLED, enrolledId); } +PrepareRemoteAuthCallbackWrapper::PrepareRemoteAuthCallbackWrapper(const sptr &callback) + : innerCallback_(callback) +{} + +void PrepareRemoteAuthCallbackWrapper::OnResult(int32_t result) +{ + if (innerCallback_ == nullptr) { + ACCOUNT_LOGE("Inner callback is nullptr."); + return; + } + if (result != 0) { + ACCOUNT_LOGE("PrepareRemoteAuth, result=%{public}d fail to prepare remote auth.", result); + } + innerCallback_->OnResult(result); +} + GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback( const GetPropertyRequest &request, const sptr &callback) : request_(request), innerCallback_(callback) diff --git a/services/accountmgr/src/account_iam/account_iam_client_callback_proxy.cpp b/services/accountmgr/src/account_iam/account_iam_client_callback_proxy.cpp index 6e31c7cf2..79bc632c9 100644 --- a/services/accountmgr/src/account_iam/account_iam_client_callback_proxy.cpp +++ b/services/accountmgr/src/account_iam/account_iam_client_callback_proxy.cpp @@ -163,5 +163,25 @@ void GetEnrolledIdCallbackProxy::OnEnrolledId(int32_t result, uint64_t enrolledI uint32_t code = static_cast(GetEnrolledIdCallbackInterfaceCode::ON_ENROLLED_ID); SendRequestFunc(Remote(), code, data, reply); } + +PreRemoteAuthCallbackProxy::PreRemoteAuthCallbackProxy(const sptr &object) + : IRemoteProxy(object) +{} + +void PreRemoteAuthCallbackProxy::OnResult(int32_t result) +{ + uint32_t code = static_cast(PreRemoteAuthCallbackInterfaceCode::ON_RESULT); + MessageParcel data; + MessageParcel reply; + if (!data.WriteInterfaceToken(GetDescriptor())) { + ACCOUNT_LOGE("Write descriptor failed."); + return; + } + if (!data.WriteInt32(result)) { + ACCOUNT_LOGE("Write result failed."); + return; + } + SendRequestFunc(Remote(), code, data, reply); +} } // namespace AccountSA } // namespace OHOS diff --git a/services/accountmgr/src/account_iam/account_iam_mgr_stub.cpp b/services/accountmgr/src/account_iam/account_iam_mgr_stub.cpp index 141c5fd3a..deb762338 100644 --- a/services/accountmgr/src/account_iam/account_iam_mgr_stub.cpp +++ b/services/accountmgr/src/account_iam/account_iam_mgr_stub.cpp @@ -88,6 +88,13 @@ const std::map messageProcMa .isSyetemApi = true, } }, + { + static_cast(AccountIAMInterfaceCode::PREPARE_REMOTE_AUTH), + { + .messageProcFunction = &AccountIAMMgrStub::ProcPrepareRemoteAuth, + .isSyetemApi = true, + } + }, { static_cast(AccountIAMInterfaceCode::AUTH_USER), { @@ -370,17 +377,37 @@ ErrCode AccountIAMMgrStub::ProcGetCredentialInfo(MessageParcel &data, MessagePar return ERR_NONE; } -ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply) +ErrCode AccountIAMMgrStub::ProcPrepareRemoteAuth(MessageParcel &data, MessageParcel &reply) { if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) { return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; } - int32_t userId; - if (!data.ReadInt32(userId)) { + std::string remoteNetworkId; + if (!data.ReadString(remoteNetworkId)) { + ACCOUNT_LOGE("Read remoteNetworkId failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + + sptr callback = iface_cast(data.ReadRemoteObject()); + if (callback == nullptr) { + ACCOUNT_LOGE("PreRemoteAuthCallback is nullptr."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + int result = PrepareRemoteAuth(remoteNetworkId, callback); + if (!reply.WriteInt32(result)) { + ACCOUNT_LOGE("Write result failed."); + return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; + } + + return ERR_NONE; +} + +ErrCode AccountIAMMgrStub::ReadAuthParam(MessageParcel &data, AuthParam &authParam) +{ + if (!data.ReadInt32(authParam.userId)) { ACCOUNT_LOGE("failed to read userId"); return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; } - AuthParam authParam; if (!data.ReadUInt8Vector(&authParam.challenge)) { ACCOUNT_LOGE("failed to read challenge"); return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; @@ -397,13 +424,87 @@ ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &repl return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; } authParam.authTrustLevel = static_cast(authTrustLevel); + int32_t authIntent = 0; + if (!data.ReadInt32(authIntent)) { + ACCOUNT_LOGE("failed to read authIntent for AuthUser"); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + authParam.authIntent = static_cast(authIntent); + return ERR_OK; +} + +ErrCode AccountIAMMgrStub::ReadRemoteAuthParam(MessageParcel &data, + std::optional &remoteAuthParam) +{ + bool res = false; + if (!data.ReadBool(res)) { + ACCOUNT_LOGE("Read RemoteAuthParam exist failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + if (!res) { + return ERR_OK; + } + remoteAuthParam = RemoteAuthParam(); + if (!data.ReadBool(res)) { + ACCOUNT_LOGE("Read verifierNetworkId exist failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + if (res) { + std::string networkId; + if (!data.ReadString(networkId)) { + ACCOUNT_LOGE("Read verifierNetworkId failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + remoteAuthParam.value().verifierNetworkId = networkId; + } + if (!data.ReadBool(res)) { + ACCOUNT_LOGE("Read collectorNetworkId exist failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + if (res) { + std::string networkId; + if (!data.ReadString(networkId)) { + ACCOUNT_LOGE("Read collectorNetworkId failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + remoteAuthParam.value().collectorNetworkId = networkId; + } + if (!data.ReadBool(res)) { + ACCOUNT_LOGE("Read collectorTokenId exist failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + if (res) { + uint32_t tokenId; + if (!data.ReadUint32(tokenId)) { + ACCOUNT_LOGE("Read collectorTokenId failed."); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } + remoteAuthParam.value().collectorTokenId = tokenId; + } + return ERR_OK; +} + +ErrCode AccountIAMMgrStub::ProcAuthUser(MessageParcel &data, MessageParcel &reply) +{ + if (!CheckPermission(ACCESS_USER_AUTH_INTERNAL)) { + return ERR_ACCOUNT_COMMON_PERMISSION_DENIED; + } + AuthParam authParam; + if (ReadAuthParam(data, authParam) != ERR_OK) { + ACCOUNT_LOGE("failed to read authParam"); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } sptr callback = iface_cast(data.ReadRemoteObject()); if (callback == nullptr) { ACCOUNT_LOGE("UserAuthCallbackInterface is nullptr"); return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; } + if (ReadRemoteAuthParam(data, authParam.remoteAuthParam) != ERR_OK) { + ACCOUNT_LOGE("failed to read RemoteAuthParam"); + return ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR; + } uint64_t contextId = 0; - ErrCode result = AuthUser(userId, authParam, callback, contextId); + ErrCode result = AuthUser(authParam, callback, contextId); if (!reply.WriteInt32(result)) { ACCOUNT_LOGE("failed to write result"); return ERR_ACCOUNT_COMMON_WRITE_PARCEL_ERROR; diff --git a/services/accountmgr/src/account_iam/account_iam_service.cpp b/services/accountmgr/src/account_iam/account_iam_service.cpp index eb125dc29..a8cb5624e 100644 --- a/services/accountmgr/src/account_iam/account_iam_service.cpp +++ b/services/accountmgr/src/account_iam/account_iam_service.cpp @@ -109,13 +109,19 @@ int32_t AccountIAMService::GetCredentialInfo( return ERR_OK; } -int32_t AccountIAMService::AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) +int32_t AccountIAMService::PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) { - if ((userId == 0) && (!GetCurrentUserId(userId))) { + return InnerAccountIAMManager::GetInstance().PrepareRemoteAuth(remoteNetworkId, callback); +} + +int32_t AccountIAMService::AuthUser( + AuthParam &authParam, const sptr &callback, uint64_t &contextId) +{ + if ((authParam.userId == 0) && (!GetCurrentUserId(authParam.userId))) { return ERR_ACCOUNT_COMMON_INVALID_PARAMETER; } - return InnerAccountIAMManager::GetInstance().AuthUser(userId, authParam, callback, contextId); + return InnerAccountIAMManager::GetInstance().AuthUser(authParam, callback, contextId); } int32_t AccountIAMService::CancelAuth(uint64_t contextId) diff --git a/services/accountmgr/src/account_iam/inner_account_iam_manager.cpp b/services/accountmgr/src/account_iam/inner_account_iam_manager.cpp index b254e424a..1b890a3b4 100644 --- a/services/accountmgr/src/account_iam/inner_account_iam_manager.cpp +++ b/services/accountmgr/src/account_iam/inner_account_iam_manager.cpp @@ -195,14 +195,50 @@ int32_t InnerAccountIAMManager::Cancel(int32_t userId) return UserIDMClient::GetInstance().Cancel(userId); } -int32_t InnerAccountIAMManager::AuthUser( - int32_t userId, const AuthParam &authParam, const sptr &callback, uint64_t &contextId) +int32_t InnerAccountIAMManager::PrepareRemoteAuth( + const std::string &remoteNetworkId, const sptr &callback) { if (callback == nullptr) { ACCOUNT_LOGE("callback is nullptr"); return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; } - if ((authParam.authType != AuthType::PIN) && (!IsNonPINAllowed(userId))) { + ACCOUNT_LOGI("Start IAM PrepareRemoteAuth."); + auto prepareCallback = std::make_shared(callback); + return UserAuthClient::GetInstance().PrepareRemoteAuth(remoteNetworkId, prepareCallback); +} + +void InnerAccountIAMManager::CopyAuthParam(const AuthParam &authParam, UserIam::UserAuth::AuthParam &iamAuthParam) +{ + iamAuthParam.userId = authParam.userId; + iamAuthParam.challenge = authParam.challenge; + iamAuthParam.authType = authParam.authType; + iamAuthParam.authTrustLevel = authParam.authTrustLevel; + iamAuthParam.authIntent = static_cast(authParam.authIntent); + if (authParam.remoteAuthParam != std::nullopt) { + iamAuthParam.remoteAuthParam = UserIam::UserAuth::RemoteAuthParam(); + if (authParam.remoteAuthParam.value().verifierNetworkId != std::nullopt) { + iamAuthParam.remoteAuthParam.value().verifierNetworkId = + authParam.remoteAuthParam.value().verifierNetworkId.value(); + } + if (authParam.remoteAuthParam.value().collectorNetworkId != std::nullopt) { + iamAuthParam.remoteAuthParam.value().collectorNetworkId = + authParam.remoteAuthParam.value().collectorNetworkId.value(); + } + if (authParam.remoteAuthParam.value().collectorTokenId != std::nullopt) { + iamAuthParam.remoteAuthParam.value().collectorTokenId = + authParam.remoteAuthParam.value().collectorTokenId.value(); + } + } +} + +int32_t InnerAccountIAMManager::AuthUser( + AuthParam &authParam, const sptr &callback, uint64_t &contextId) +{ + if (callback == nullptr) { + ACCOUNT_LOGE("callback is nullptr"); + return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR; + } + if ((authParam.authType != AuthType::PIN) && (!IsNonPINAllowed(authParam.userId))) { ACCOUNT_LOGE("unsupported auth type: %{public}d", authParam.authType); return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE; } @@ -211,10 +247,13 @@ int32_t InnerAccountIAMManager::AuthUser( ACCOUNT_LOGE("failed to add death recipient for auth callback"); return ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT; } - auto callbackWrapper = std::make_shared(userId, authParam.authType, callback); + auto callbackWrapper = std::make_shared(authParam.userId, authParam.authType, callback); callbackWrapper->SetDeathRecipient(deathRecipient); - contextId = UserAuthClient::GetInstance().BeginAuthentication( - userId, authParam.challenge, authParam.authType, authParam.authTrustLevel, callbackWrapper); + + UserIam::UserAuth::AuthParam iamAuthParam; + CopyAuthParam(authParam, iamAuthParam); + ACCOUNT_LOGI("Start IAM AuthUser."); + contextId = UserAuthClient::GetInstance().BeginAuthentication(iamAuthParam, callbackWrapper); deathRecipient->SetContextId(contextId); return ERR_OK; } diff --git a/services/accountmgr/test/moduletest/os_account/os_account_manager_service_subscribe_module_test.cpp b/services/accountmgr/test/moduletest/os_account/os_account_manager_service_subscribe_module_test.cpp index d52d631da..c0e7f343b 100644 --- a/services/accountmgr/test/moduletest/os_account/os_account_manager_service_subscribe_module_test.cpp +++ b/services/accountmgr/test/moduletest/os_account/os_account_manager_service_subscribe_module_test.cpp @@ -155,7 +155,8 @@ private: class TestIInputer : public OHOS::AccountSA::IInputer { public: explicit TestIInputer() {} - void OnGetData(int32_t authSubType, const std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + const std::shared_ptr inputerData) override { // inputer class is IAMInputerData std::vector data = { 1, 2, 3, 4, 5, 6 }; diff --git a/services/accountmgr/test/unittest/account_iam/account_iam_callback_test.cpp b/services/accountmgr/test/unittest/account_iam/account_iam_callback_test.cpp index 33ec0daea..db64a57bf 100644 --- a/services/accountmgr/test/unittest/account_iam/account_iam_callback_test.cpp +++ b/services/accountmgr/test/unittest/account_iam/account_iam_callback_test.cpp @@ -54,7 +54,8 @@ const static AccessTokenID g_accountMgrTokenID = AccessTokenKit::GetNativeTokenI class MockIInputer final : public IInputer { public: virtual ~MockIInputer() {} - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { return; } diff --git a/services/accountmgr/test/unittest/account_iam/account_iam_manager_test.cpp b/services/accountmgr/test/unittest/account_iam/account_iam_manager_test.cpp index 5175ed3cb..99ef3df05 100644 --- a/services/accountmgr/test/unittest/account_iam/account_iam_manager_test.cpp +++ b/services/accountmgr/test/unittest/account_iam/account_iam_manager_test.cpp @@ -639,16 +639,17 @@ HWTEST_F(AccountIamManagerTest, AuthUser001, TestSize.Level0) sptr testCallback = new(std::nothrow) TestIIDMCallback(callback); EXPECT_NE(testCallback, nullptr); EXPECT_CALL(*callback, OnResult(_, _)).Times(0); - AuthParam authParam = { + AccountSA::AuthParam authParam = { + .userId = TEST_USER_ID, .challenge = TEST_CHALLENGE, .authType = AuthType::PIN, .authTrustLevel = AuthTrustLevel::ATL1 }; uint64_t contextId = 0; - ErrCode errCode = InnerAccountIAMManager::GetInstance().AuthUser(TEST_USER_ID, authParam, nullptr, contextId); + ErrCode errCode = InnerAccountIAMManager::GetInstance().AuthUser(authParam, nullptr, contextId); EXPECT_EQ(ERR_ACCOUNT_COMMON_NULL_PTR_ERROR, errCode); - errCode = InnerAccountIAMManager::GetInstance().AuthUser(TEST_USER_ID, authParam, testCallback, contextId); + errCode = InnerAccountIAMManager::GetInstance().AuthUser(authParam, testCallback, contextId); EXPECT_EQ(ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT, errCode); InnerAccountIAMManager::GetInstance().CancelAuth(contextId); } @@ -683,13 +684,14 @@ HWTEST_F(AccountIamManagerTest, GetChallenge001, TestSize.Level2) sptr testCallback = new(std::nothrow) TestIIDMCallback(callback); EXPECT_NE(testCallback, nullptr); EXPECT_CALL(*callback, OnResult(_, _)).Times(0); - AuthParam authParam = { + AccountSA::AuthParam authParam = { + .userId = TEST_USER_ID, .challenge = TEST_CHALLENGE, .authType = AuthType::PIN, .authTrustLevel = AuthTrustLevel::ATL1 }; uint64_t contextId = 0; - ErrCode errCode = InnerAccountIAMManager::GetInstance().AuthUser(TEST_USER_ID, authParam, testCallback, contextId); + ErrCode errCode = InnerAccountIAMManager::GetInstance().AuthUser(authParam, testCallback, contextId); EXPECT_EQ(errCode, ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT); std::vector outChallenge; diff --git a/services/accountmgr/test/unittest/account_iam/account_iam_service_test.cpp b/services/accountmgr/test/unittest/account_iam/account_iam_service_test.cpp index cb3bbfecb..cb5d7fdb3 100644 --- a/services/accountmgr/test/unittest/account_iam/account_iam_service_test.cpp +++ b/services/accountmgr/test/unittest/account_iam/account_iam_service_test.cpp @@ -225,13 +225,14 @@ HWTEST_F(AccountIamServiceTest, AccountIAMService_AuthUser_0100, TestSize.Level0 std::vector challenge; sptr callback = new (std::nothrow) MockIIDMCallback(); ASSERT_NE(callback, nullptr); - AuthParam authParam = { + AccountSA::AuthParam authParam = { + .userId = 0, .challenge = challenge, .authType = AuthType::PIN, .authTrustLevel = AuthTrustLevel::ATL1 }; uint64_t contextId = 0; - ErrCode res = accountIAMService_->AuthUser(0, authParam, callback, contextId); + ErrCode res = accountIAMService_->AuthUser(authParam, callback, contextId); EXPECT_EQ(res, ERR_ACCOUNT_COMMON_INVALID_PARAMETER); } diff --git a/test/fuzztest/iamaccount/auth_fuzzer/auth_fuzzer.cpp b/test/fuzztest/iamaccount/auth_fuzzer/auth_fuzzer.cpp index 13633a795..ffc7eedc6 100644 --- a/test/fuzztest/iamaccount/auth_fuzzer/auth_fuzzer.cpp +++ b/test/fuzztest/iamaccount/auth_fuzzer/auth_fuzzer.cpp @@ -43,7 +43,9 @@ namespace OHOS { AuthType authType = static_cast(size); AuthTrustLevel authTrustLevel = static_cast(size); std::shared_ptr callback = make_shared(); - uint64_t result = AccountIAMClient::GetInstance().Auth(challenge, authType, authTrustLevel, callback); + AuthOptions authOptions; + uint64_t result = AccountIAMClient::GetInstance().Auth(authOptions, + challenge, authType, authTrustLevel, callback); return result == ERR_OK; } } diff --git a/test/fuzztest/iamaccount/authuser_fuzzer/authuser_fuzzer.cpp b/test/fuzztest/iamaccount/authuser_fuzzer/authuser_fuzzer.cpp index 9b3c45181..87427612e 100644 --- a/test/fuzztest/iamaccount/authuser_fuzzer/authuser_fuzzer.cpp +++ b/test/fuzztest/iamaccount/authuser_fuzzer/authuser_fuzzer.cpp @@ -44,8 +44,10 @@ namespace OHOS { AuthType authType = static_cast(size); AuthTrustLevel authTrustLevel = static_cast(size); std::shared_ptr callback = make_shared(); + AuthOptions authOptions; + authOptions.accountId = userId; uint64_t result = AccountIAMClient::GetInstance().AuthUser( - userId, challenge, authType, authTrustLevel, callback); + authOptions, challenge, authType, authTrustLevel, callback); return result == ERR_OK; } } diff --git a/test/fuzztest/iamaccount/registerinputer_fuzzer/registerinputer_fuzzer.cpp b/test/fuzztest/iamaccount/registerinputer_fuzzer/registerinputer_fuzzer.cpp index ec8c7b436..e2e008e8a 100644 --- a/test/fuzztest/iamaccount/registerinputer_fuzzer/registerinputer_fuzzer.cpp +++ b/test/fuzztest/iamaccount/registerinputer_fuzzer/registerinputer_fuzzer.cpp @@ -26,7 +26,8 @@ using namespace OHOS::AccountSA; class MockIInputer : public OHOS::AccountSA::IInputer { public: virtual ~MockIInputer() {} - void OnGetData(int32_t authSubType, std::shared_ptr inputerData) override + void OnGetData(int32_t authSubType, std::vector challenge, + std::shared_ptr inputerData) override { return; }