1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup AccountIAM 18 * @{ 19 * 20 * @brief Provides account identity and access management. 21 * 22 * Provides the capability to manage the identity and access of the local account. 23 * 24 * @since 8.0 25 * @version 8.0 26 */ 27 28 /** 29 * @file account_iam_client.h 30 * 31 * @brief Declares account iam client interfaces. 32 * 33 * @since 8.0 34 * @version 8.0 35 */ 36 #ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 37 #define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 38 39 #include <map> 40 #include <mutex> 41 #include <vector> 42 #include <set> 43 #include "account_iam_client_callback.h" 44 #include "account_iam_info.h" 45 #include "account_error_no.h" 46 #include "account_permission_manager.h" 47 #include "iaccount_iam.h" 48 49 namespace OHOS { 50 namespace AccountSA { 51 class AccountIAMClient { 52 public: 53 /** 54 * Gets the instance of AccountIAMClient. 55 * @return the instance of AccountIAMClient. 56 */ 57 static AccountIAMClient &GetInstance(); 58 59 /** 60 * @brief Opens session. 61 * @permission ohos.permission.MANAGE_USER_IDM 62 * @param userId - Indicates the user identification. 63 * @param challenge - Indicates the challenge value. 64 * @return error code, see account_error_no.h 65 */ 66 int32_t OpenSession(int32_t userId, std::vector<uint8_t> &challenge); 67 68 /** 69 * @brief Closes session. 70 * @permission ohos.permission.MANAGE_USER_IDM 71 * @param userId - Indicates the user identification. 72 * @return error code, see account_error_no.h 73 */ 74 int32_t CloseSession(int32_t userId); 75 76 /** 77 * @brief Adds credential information. 78 * @permission ohos.permission.MANAGE_USER_IDM 79 * @param userId - Indicates the user identification. 80 * @param credentialInfo - Indicates the credential information. 81 * @param callback - Indicates the callback to get results and acquireInfo. 82 */ 83 void AddCredential( 84 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 85 86 /** 87 * @brief Updates credential. 88 * @permission ohos.permission.MANAGE_USER_IDM 89 * @param userId - Indicates the user identification. 90 * @param credentialInfo - Indicates the credential information. 91 * @param callback - Indicates the callback to get results and acquireInfo. 92 */ 93 void UpdateCredential( 94 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 95 96 /** 97 * @brief Cancels entry with a challenge value. 98 * @permission ohos.permission.MANAGE_USER_IDM 99 * @param userId - Indicates the user identification. 100 * @return error code, see account_error_no.h 101 */ 102 int32_t Cancel(int32_t userId); 103 104 /** 105 * @brief Deletes the user credential information. 106 * @permission ohos.permission.MANAGE_USER_IDM 107 * @param userId - Indicates the user identification. 108 * @param credentialId - Indicates the credential index. 109 * @param authToken - Indicates the authentication token. 110 * @param callback - Indicates the callback to get the deletion result. 111 */ 112 void DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, 113 const std::shared_ptr<IDMCallback>& callback); 114 115 /** 116 * @brief Deletes the user with the authentication token. 117 * @permission ohos.permission.MANAGE_USER_IDM 118 * @param userId - Indicates the user identification. 119 * @param authToken - Indicates the authentication token. 120 * @param callback - Indicates the callback to get the deletion result. 121 */ 122 void DelUser(int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback); 123 124 /** 125 * @brief Gets authentication information. 126 * @permission ohos.permission.USE_USER_IDM 127 * @param userId - Indicates the user identification. 128 * @param authType - Indicates the authentication type. 129 * @param callback - Indicates the callback to get all registered credential information of 130 * the specified type for the current user. 131 * @return error code, see account_error_no.h 132 */ 133 int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback); 134 135 /** 136 * @brief Executes user authentication. 137 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 138 * @param challenge - Indicates the challenge value. 139 * @param authType - Indicates the authentication type. 140 * @param authTrustLevel - Indicates the trust level of authentication result. 141 * @param callback - Indicates the callback to get result and acquireInfo. 142 * @return a context ID for cancellation. 143 */ 144 uint64_t Auth(const std::vector<uint8_t> &challenge, AuthType authType, AuthTrustLevel authTrustLevel, 145 const std::shared_ptr<IDMCallback> &callback); 146 147 /** 148 * @brief Executes user authentication. 149 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 150 * @param userId - Indicates the user identification. 151 * @param challenge - Indicates the challenge value. 152 * @param authType - Indicates the authentication type. 153 * @param authTrustLevel - Indicates the trust level of authentication result. 154 * @param callback - Indicates the callback to get result and acquireInfo. 155 * @return a context ID for cancellation. 156 */ 157 uint64_t AuthUser(int32_t userId, const std::vector<uint8_t> &challenge, AuthType authType, 158 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 159 160 /** 161 * @brief Cancels authentication with context ID. 162 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 163 * @param contextID - Indicates the authentication context ID. 164 * @return error code, see account_error_no.h 165 */ 166 int32_t CancelAuth(uint64_t contextId); 167 168 /** 169 * @brief Checks whether the authentication capability is available. 170 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 171 * @param authType - Indicates the credential type for authentication. 172 * @param authTrustLevel - Indicates the trust level of authentication result. 173 * @param status - Indicates a status result. 174 * @return error code, see account_error_no.h 175 */ 176 int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status); 177 178 /** 179 * @brief Gets the property based on the specified request information. 180 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 181 * @param userId - Indicates the user identification. 182 * @param request - Indicates the request information, including authentication type, and property type list. 183 * @param callback - Indicates the callback for getting an executor property. 184 * @return error code, see account_error_no.h 185 */ 186 void GetProperty( 187 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 188 189 /** 190 * @brief Sets property that can be used to initialize algorithms. 191 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 192 * @param userId - Indicates the user identification. 193 * @param request - Indicates the request information, including authentication type and the key-value to be set. 194 * @param callback - Indicates the callback for getting result. 195 * @return error code, see account_error_no.h 196 */ 197 void SetProperty( 198 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 199 200 /** 201 * @brief Registers inputer. 202 * @permission ohos.permission.ACCESS_PIN_AUTH 203 * @param inputer - Indicates the password input box callback 204 * @return error code, see account_error_no.h 205 */ 206 ErrCode RegisterPINInputer(const std::shared_ptr<IInputer> &inputer); 207 208 /** 209 * @brief Unregisters inputer. 210 * @permission ohos.permission.ACCESS_PIN_AUTH 211 * @return error code, see account_error_no.h 212 */ 213 ErrCode UnregisterPINInputer(); 214 215 /** 216 * @brief Registers credential inputer by authentication type. 217 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 218 * @param authType - Indicates the authentication type. 219 * @param inputer - Indicates the credential input box callback. 220 * @return error code, see account_error_no.h 221 */ 222 ErrCode RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer); 223 224 /** 225 * @brief Unregisters credential inputer by authentication type. 226 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 227 * @param authType - Indicates the authentication type. 228 * @return error code, see account_error_no.h 229 */ 230 ErrCode UnregisterInputer(int32_t authType); 231 232 /** 233 * @brief Gets the state of the specified account. 234 * @param userId - Indicates the user identification. 235 * @return the state of the specified account 236 */ 237 IAMState GetAccountState(int32_t userId); 238 239 /** 240 * @brief Sets the authentication subtype of the specified account. 241 * @param userId - Indicates the user identification. 242 * @param authSubType - Indicates the authentication subtype. 243 */ 244 void SetAuthSubType(int32_t userId, int32_t authSubType); 245 246 /** 247 * @brief Gets the authentication subtype of the specified account. 248 * @param userId - Indicates the user identification. 249 * @return the authentication subtype. 250 */ 251 int32_t GetAuthSubType(int32_t userId); 252 253 /** 254 * @brief Sets the credential of the specified account. 255 * @param userId - Indicates the user identification. 256 * @param credential - Indicates the credential. 257 */ 258 void SetCredential(int32_t userId, const std::vector<uint8_t> &credential); 259 260 /** 261 * @brief Gets the credential information of the specified account. 262 * @param userId - Indicates the user identification. 263 * @param credItem - Indicates the credential information. 264 */ 265 void GetCredential(int32_t userId, CredentialItem &credItem); 266 267 /** 268 * @brief Clears the credential of the specified account. 269 * @param userId - Indicates the user identification. 270 */ 271 void ClearCredential(int32_t userId); 272 273 private: 274 AccountIAMClient() = default; 275 ~AccountIAMClient() = default; 276 DISALLOW_COPY_AND_MOVE(AccountIAMClient); 277 class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient { 278 public: 279 AccountIAMDeathRecipient() = default; 280 ~AccountIAMDeathRecipient() override = default; 281 void OnRemoteDied(const wptr<IRemoteObject>& remote) override; 282 283 private: 284 DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient); 285 }; 286 ErrCode GetAccountIAMProxy(); 287 void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote); 288 bool GetCurrentUserId(int32_t &userId); 289 uint64_t StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback); 290 ErrCode RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer); 291 ErrCode UnregisterDomainInputer(); 292 bool CheckSelfPermission(const std::string &permissionName); 293 294 private: 295 std::mutex mutex_; 296 std::mutex pinMutex_; 297 std::mutex domainMutex_; 298 std::map<int32_t, CredentialItem> credentialMap_; 299 sptr<IAccountIAM> proxy_ = nullptr; 300 sptr<AccountIAMDeathRecipient> deathRecipient_ = nullptr; 301 std::shared_ptr<IInputer> pinInputer_ = nullptr; 302 std::shared_ptr<IInputer> domainInputer_ = nullptr; 303 }; 304 } // namespace AccountSA 305 } // namespace OHOS 306 #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H