• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2022 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "enroll_specification_check.h"
17 
18 #include "adaptor_log.h"
19 #include "idm_database.h"
20 #include "idm_session.h"
21 
22 typedef struct {
23     AuthType authType;
24     uint32_t maxErollNumber;
25 } SpecificationMap;
26 
27 static SpecificationMap g_specificationMap[] = {
28     {PIN_AUTH, MAX_NUMBER_OF_PIN_PER_USER},
29     {FACE_AUTH, MAX_NUMBER_OF_FACE_PER_USER},
30     {FINGER_AUTH, MAX_NUMBER_OF_FINGERS_PER_USER},
31 };
32 
GetMaxNumber(uint32_t authType)33 static uint32_t GetMaxNumber(uint32_t authType)
34 {
35     for (uint32_t i = 0; i < sizeof(g_specificationMap) / sizeof(SpecificationMap); ++i) {
36         if (g_specificationMap[i].authType == authType) {
37             return g_specificationMap[i].maxErollNumber;
38         }
39     }
40     return INVALID_AUTH_TYPE_EROLL_NUMBER;
41 }
42 
CheckIdmOperationToken(int32_t userId,UserAuthTokenHal * authToken)43 ResultCode CheckIdmOperationToken(int32_t userId, UserAuthTokenHal *authToken)
44 {
45     if (authToken == NULL) {
46         LOG_ERROR("auth token is null");
47         return RESULT_BAD_PARAM;
48     }
49     if (authToken->authType != PIN_AUTH) {
50         LOG_ERROR("need pin token");
51         return RESULT_VERIFY_TOKEN_FAIL;
52     }
53     ResultCode ret = CheckChallenge(authToken->challenge, CHALLENGE_LEN);
54     if (ret != RESULT_SUCCESS) {
55         LOG_ERROR("check challenge failed, token is invalid");
56         return RESULT_BAD_MATCH;
57     }
58     int32_t userIdGet;
59     ret = GetUserId(&userIdGet);
60     if (ret != RESULT_SUCCESS || userIdGet != userId) {
61         LOG_ERROR("check userId failed");
62         return RESULT_BAD_MATCH;
63     }
64     uint64_t secureUid;
65     ret = GetSecureUid(userId, &secureUid);
66     if (ret != RESULT_SUCCESS || secureUid != authToken->secureUid) {
67         LOG_ERROR("check secureUid failed, token is invalid");
68         return RESULT_BAD_MATCH;
69     }
70     if (!IsValidTokenTime(authToken->time)) {
71         LOG_ERROR("check token time failed, token is invalid");
72         return RESULT_VERIFY_TOKEN_FAIL;
73     }
74     return UserAuthTokenVerify(authToken);
75 }
76 
CheckSpecification(int32_t userId,uint32_t authType)77 ResultCode CheckSpecification(int32_t userId, uint32_t authType)
78 {
79     CredentialCondition condition = {};
80     SetCredentialConditionAuthType(&condition, authType);
81     SetCredentialConditionUserId(&condition, userId);
82     LinkedList *credList = QueryCredentialLimit(&condition);
83     if (credList == NULL) {
84         LOG_ERROR("query credential failed");
85         return RESULT_UNKNOWN;
86     }
87     uint32_t maxNumber = GetMaxNumber(authType);
88     if (credList->getSize(credList) >= maxNumber) {
89         LOG_ERROR("the erolled quantity has reached the upper limit, authType is %{public}u", authType);
90         DestroyLinkedList(credList);
91         return RESULT_EXCEED_LIMIT;
92     }
93     DestroyLinkedList(credList);
94     return RESULT_SUCCESS;
95 }