pre query

Match-id-aba4d16e3031f3a660b2c6ab9dc05ead2dc32c83

services/core_service/src/lib.rs

@@ -84,7 +84,7 @@ static A: extern "C" fn() = {
     init
 };
 
-struct AssetService;
+struct AssetService; // 默认调用CryptoManager::new
 
 impl IRemoteBroker for AssetService {}
 
@@ -102,7 +102,7 @@ impl IAsset for AssetService {
     }
 
     fn pre_query(&self, query: &AssetMap) -> Result<Vec<u8>> {
-        operations::pre_query(query, &CallingInfo::build()?)
+        operations::pre_query(query, &CallingInfo::build()?) // todo 传CryptoManager实例
     }
 
     fn query(&self, query: &AssetMap) -> Result<Vec<AssetMap>> {

services/core_service/src/operations/common.rs

@@ -19,7 +19,7 @@ mod argument_check;
 mod crypto_adapter;
 
 pub(crate) use argument_check::{check_tag_validity, check_required_tags, check_value_validity};
-pub(crate) use crypto_adapter::{decrypt, encrypt, init_decrypt};
+pub(crate) use crypto_adapter::{decrypt, encrypt};
 
 use std::time::{SystemTime, UNIX_EPOCH};
 

services/core_service/src/operations/common/crypto_adapter.rs

@@ -16,7 +16,7 @@
 //! This module is used to adapt to the crypto manager.
 
 use asset_common::{
-    definition::{Accessibility, AssetMap, AuthType, DataType, ErrCode, Result, Value},
+    definition::{Accessibility, AuthType, DataType, ErrCode, Result, Value},
     loge, logi,
 };
 use asset_crypto_manager::crypto::{Crypto, SecretKey};
@@ -142,15 +142,4 @@ pub(crate) fn decrypt(calling_info: &CallingInfo, db_data: &mut DbMap) -> Result
         return Err(ErrCode::IpcError);
     }
     Ok(())
-}
-
-// todo : yyd : 改入参
-pub(crate) fn init_decrypt(
-    _calling_info: &CallingInfo,
-    _input: &AssetMap,
-    _auth_type: &u32,
-    _access_type: &u32,
-) -> Result<Vec<u8>> {
-    // todo 这里需要等init_decrypt的接口搞定之后再写 先写个假的放上去
-    Ok(vec![1, 2, 2, 2, 2, 1])
-}
+}

services/core_service/src/operations/operation_post_query.rs

@@ -29,4 +29,5 @@ fn check_arguments(query: &AssetMap) -> Result<()> {
 // todo: to implement
 pub(crate) fn post_query(handle: &AssetMap, _calling_info: &CallingInfo) -> Result<()> {
     check_arguments(handle)
+    // todo 根据外部传入的challenge，删除crypto manager中的crypto
 }

services/core_service/src/operations/operation_pre_query.rs

@@ -16,14 +16,20 @@
 //! This module prepares for querying Asset that required secondary identity authentication.
 
 use asset_common::{
-    definition::{AssetMap, AuthType, ErrCode, Result, Tag, Value},
+    definition::{Accessibility, AssetMap, AuthType, ErrCode, Result, Tag, Value},
     loge, logi,
 };
+use asset_crypto_manager::{
+    crypto::{Crypto, SecretKey},
+    huks_ffi::{CHALLENGE_LEN, HKS_KEY_PURPOSE_DECRYPT},
+};
 use asset_db_operator::{
     database_table_helper::{DefaultDatabaseHelper, COLUMN_ACCESSIBILITY, COLUMN_AUTH_TYPE},
     types::DbMap,
 };
 
+use asset_hasher::sha256;
+
 use crate::{ calling_info::CallingInfo, operations::common, };
 
 const OPTIONAL_ATTRS: [Tag; 1] = [Tag::AuthValidityPeriod];
@@ -34,10 +40,17 @@ fn check_arguments(attributes: &AssetMap) -> Result<()> {
     valid_tags.extend_from_slice(&common::ACCESS_CONTROL_ATTRS);
     valid_tags.extend_from_slice(&OPTIONAL_ATTRS);
     common::check_tag_validity(attributes, &valid_tags)?;
-    common::check_value_validity(attributes)
+    common::check_value_validity(attributes)?;
+
+    let auth_type = AuthType::Any as u32;
+    match attributes.get(&Tag::AuthType) {
+        Some(Value::Number(val)) if *val == auth_type => Ok(()),
+        None => Ok(()),
+        _ => Err(ErrCode::InvalidArgument)
+    }
 }
 
-fn query_access_types(calling_info: &CallingInfo, db_data: &DbMap) -> Result<Vec<u32>> {
+fn query_access_types(calling_info: &CallingInfo, db_data: &DbMap) -> Result<Vec<Accessibility>> {
     let results = DefaultDatabaseHelper::query_columns_default_once(
         calling_info.user_id(),
         &vec![COLUMN_ACCESSIBILITY],
@@ -53,10 +66,10 @@ fn query_access_types(calling_info: &CallingInfo, db_data: &DbMap) -> Result<Vec
     // into list
     let mut access_types = Vec::new();
     for db_result in results {
-        let Value::Number(access_type) = db_result.get(&COLUMN_ACCESSIBILITY).unwrap() else {
-            return Err(ErrCode::InvalidArgument);
-        };
-        access_types.push(*access_type);
+        match db_result.get(&COLUMN_ACCESSIBILITY) {
+            Some(Value::Number(access_type)) => access_types.push(Accessibility::try_from(*access_type)?),
+            _ => return Err(ErrCode::InvalidArgument),
+        }
     }
     Ok(access_types)
 }
@@ -66,27 +79,39 @@ pub(crate) fn pre_query(query: &AssetMap, calling_info: &CallingInfo) -> Result<
 
     let mut db_data = common::into_db_map(query);
     common::add_owner_info(calling_info, &mut db_data);
-    db_data.insert(COLUMN_AUTH_TYPE, Value::Number(AuthType::Any as u32));
-
+    db_data.entry(COLUMN_AUTH_TYPE).or_insert(Value::Number(AuthType::Any as u32));
 
     let access_types = query_access_types(calling_info, &db_data)?;
 
-    // use secret key to get challenge
-    let mut challenge_vec = Vec::new();
-    // todo 遍历每一个密钥，获取challenge
-    let challenge_seperator = b'_';
+    if access_types.is_empty() {
+        return Err(ErrCode::NotFound);
+    }
+
+    let mut challenge = vec![0; CHALLENGE_LEN as usize];
+    let mut cryptos = Vec::with_capacity(4);
     for (idx, access_type) in access_types.iter().enumerate() {
-        let tmp_challenge = common::init_decrypt(calling_info, query, &(AuthType::Any as u32), access_type)?;
-        challenge_vec.extend(tmp_challenge);
-        if idx < access_types.len() - 1 {
-            challenge_vec.push(challenge_seperator);
+
+        // get_or_default
+        let Value::Number(exp_time) = query.get(&Tag::AuthValidityPeriod).unwrap_or(&Value::Number(60)) else {
+            return Err(ErrCode::InvalidArgument);
+        };
+
+        let secret_key = SecretKey::new(
+            calling_info.user_id(), &sha256(calling_info.owner_info()), AuthType::Any, *access_type);
+        let mut crypto = Crypto::new(
+            HKS_KEY_PURPOSE_DECRYPT, secret_key, idx as u32, *exp_time);
+
+        match crypto.init_crypto() {
+            Ok(the_challenge) => {
+                challenge[(idx * 8)..((idx + 1) * 8)].copy_from_slice(&the_challenge[(idx * 8)..((idx + 1) * 8)]);
+            },
+            Err(e) => return Err(e)
         }
-        // todo 根据challenge等信息创建session
-    }
-    if challenge_vec.is_empty() {
-        Err(ErrCode::NotFound)
-    } else {
-        logi!("get challenge successful!");
-        Ok(challenge_vec)
+        cryptos.push(crypto);
     }
+
+    // todo 在所有crypto都生成challenge之后再往crypto manager中添加cryptos
+
+    logi!("get challenge successful!");  // todo delete
+    Ok(challenge)
 }

services/core_service/src/operations/operation_query.rs

@@ -46,6 +46,10 @@ fn query_all(calling_info: &CallingInfo, db_data: &mut DbMap) -> Result<Vec<Asse
             Err(ErrCode::NotFound)
         },
         1 => {
+            // 1. 查询结果中authType是否为any, 不是直接decrypt
+            // 2. 二次访问控制流程：判断入参是否有challenge和authToken, 没有报错
+            // 3.                 crypto manager 查询指定challenge、密钥别名的crypto
+            // 4.                 调用crypto的exec_crypt接口
             common::decrypt(calling_info, &mut results[0])?;
             into_asset_maps(&results)
         },