openharmony/useriam_auth_executor_mgr
1
0
Fork 0
mirror of https://gitee.com/openharmony/useriam_auth_executor_mgr synced 2024-11-26 22:30:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
195 Commits 13 Branches 8 Tags 708 KiB
C++ 56.4%
C 43.6%
master
Go to file
openharmony_ci a0675148e5
!125 bug fix 
Merge pull request !125 from 马腾飞/master
2022-04-20 15:20:23 +00:00
common fix: codex 2022-04-16 15:52:57 +08:00
figures update docs 2022-03-16 17:35:57 +08:00
frameworks/kitsimpl !114 64位随机数掩码打印日志整改 2022-04-01 10:05:16 +00:00
interfaces/innerkits 64位数掩码打印 2022-03-31 20:28:09 +08:00
sa_profile bug fix 2022-04-20 20:59:05 +08:00
services 64位数掩码打印 2022-03-31 20:28:09 +08:00
test bug fix 2022-03-18 09:51:26 +08:00
utils 64位数掩码打印 2022-03-31 20:28:09 +08:00
auth_executor_mgr.gni Fix file rights and end symbol 2022-03-13 14:41:52 +08:00
bundle.json Fix file rights and end symbol 2022-03-13 14:41:52 +08:00
LICENSE Fix file rights and end symbol 2022-03-13 14:41:52 +08:00
OAT.xml fix: codex review and log liuwenkai@huawei.com 2022-03-19 21:10:22 +08:00
README_ZH.md fix doc 2022-03-17 12:54:01 +08:00
README.md !94 更新英文README 2022-03-17 15:41:52 +00:00

README.md

Authentication Executor Management (auth_executor_mgr)

Introduction

As a basic component of the User Identity & Access Management (IAM) subsystem, Authentication Executor Management (auth_executor_mgr) manages and schedules authentication resources in the system. Currently, password authentication and facial authentication are supported.

The user authentication unit on the device is called authentication executor.

The auth_executor_mgr module provides a set of resource management APIs. After implementing these APIs, the authentication executor can connect to auth_executor_mgr to provide authentication capabilities for the system.

Figure 1 auth_executor_mgr architecture

auth_executor_mgr_architecture.png

The OpenHarmony framework implements the auth_executor_mgr service and has encapsulated the collaborative scheduling and resource management APIs. Device vendors need to adapt some functions of the auth_executor_mgr component to meet higher security requirements. The APIs that need to be adapted by device vendors are defined in the IAM common HDI.

Directory Structure

//base/user_iam/auth_executor_mgr
├── common					# Directory for storing the IAM common HDI
├── frameworks				# Framework code
├── interfaces				# Directory for storing external interfaces
│   └── innerkits			# Header files exposed to the internal subsystem
├── sa_profile				# Profile of the Service ability
├── services				# Implementation of the Service ability
├── test					# Directory for storing test code
├── utils					# Directory for storing utility code
├── auth_executor_mgr.gni	# Build configuration
└── bundle.json				# Component description file

Usage

Available APIs

Table 1 APIs for managing authentication resources

API Description
uint64_t Register(std::shared_ptr executorInfo, std::shared_ptr callback); Registers an authentication executor to transfer basic authentication information.
void QueryStatus(AuthExecutor &executorInfo, std::shared_ptr callback); Obtains the authentication executor status (whether the authentication executor has been registered).

Table 2 APIs for executing authentication

API Description
virtual void OnMessengerReady(const sptr<IExecutorMessenger> &messenger); Notifies the authentication executor that the messenger is available and transfers the messenger for subsequent communication with the executor.
virtual int32_t OnBeginExecute(uint64_t scheduleId, std::vector<uint8_t> &publicKey, std::shared_ptr commandAttrs); Instructs the authentication executor to perform authentication-related operations. The operation attributes are passed in by commandAttrs.
virtual int32_t OnEndExecute(uint64_t scheduleId, std::shared_ptr consumerAttr); Instructs the authentication executor to complete this operation.
virtual int32_t OnSetProperty(std::shared_ptr properties); Sets property information.
virtual int32_t OnGetProperty(std::shared_ptr conditions, std::shared_ptr values); Obtains property information.

Table 3 APIs for managing the messenger

API Description
virtual int32_t SendData(uint64_t scheduleId, uint64_t transNum, int32_t srcType, int32_t dstType, std::shared_ptr<AuthMessage> msg) override; Sends a message from the authentication executor to the auth_executor_mgr. The message content is specified by the authentication executor, for example, a message indicating dark light during facial authentication.
virtual int32_t Finish(uint64_t scheduleId, int32_t srcType, int32_t resultCode, std::shared_ptr finalResult) override; Sends a message from the authentication executor to the auth_executor_mgr to complete this operation. The message contains the result of the operation.

Usage Guidelines

  • The auth_executor_mgr Service ability provides interconnection APIs for the authentication executors. The authentication executors call the related API to register with the auth_executor_mgr.
  • The APIs defined in the common\interface\coauth_interface.h header file must be implemented in a TEE. The authentication executor information cannot be tampered with, and the result returned by the authentication executor must be verified in the TEE.

Repositories Involved

useriam_auth_executor_mgr

useriam_user_idm

useriam_user_auth

useriam_pin_auth

useriam_faceauth