1 /*
2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_callback.h"
17
18 #include "account_info_report.h"
19 #include "account_log_wrapper.h"
20 #include "iinner_os_account_manager.h"
21 #include "inner_account_iam_manager.h"
22 #include "inner_domain_account_manager.h"
23 #include "user_auth_client.h"
24 #include "user_idm_client.h"
25
26 namespace OHOS {
27 namespace AccountSA {
28 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
29 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
30
AuthCallback(uint32_t userId,AuthType authType,const sptr<IIDMCallback> & callback)31 AuthCallback::AuthCallback(uint32_t userId, AuthType authType, const sptr<IIDMCallback> &callback)
32 : userId_(userId), authType_(authType), innerCallback_(callback)
33 {}
34
OnResult(int32_t result,const Attributes & extraInfo)35 void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
36 {
37 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
38 if (innerCallback_ == nullptr) {
39 ACCOUNT_LOGE("innerCallback_ is nullptr");
40 return;
41 }
42 if (result != 0) {
43 ACCOUNT_LOGI("auth failed and return result");
44 innerCallback_->OnResult(result, extraInfo);
45 AccountInfoReport::ReportSecurityInfo("", userId_, ReportEvent::EVENT_LOGIN, -1); // -1:fail
46 return;
47 }
48 std::vector<uint8_t> token;
49 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
50 if (authType_ != static_cast<AuthType>(IAMAuthType::DOMAIN)) {
51 InnerDomainAccountManager::GetInstance().AuthWithToken(userId_, token);
52 }
53 if (authType_ != AuthType::PIN) {
54 innerCallback_->OnResult(result, extraInfo);
55 AccountInfoReport::ReportSecurityInfo("", userId_, ReportEvent::EVENT_LOGIN, 0); // 0:success
56 return;
57 }
58 std::vector<uint8_t> secret;
59 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
60 int32_t activeResult =
61 InnerAccountIAMManager::GetInstance().ActivateUserKey(userId_, token, secret);
62 if (activeResult != 0) {
63 ACCOUNT_LOGE("failed to activate user key");
64 int32_t remainTimes = 0;
65 int32_t freezingTime = 0;
66 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
67 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
68 Attributes errInfo;
69 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
70 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
71 innerCallback_->OnResult(ResultCode::FAIL, errInfo);
72 } else {
73 ACCOUNT_LOGI("activate user key success");
74 innerCallback_->OnResult(result, extraInfo);
75 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsVerified(userId_, true);
76 }
77 AccountInfoReport::ReportSecurityInfo("", userId_, ReportEvent::EVENT_LOGIN, 0); // 0:success
78 }
79
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)80 void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
81 {
82 if (innerCallback_ == nullptr) {
83 ACCOUNT_LOGE("innerCallback_ is nullptr");
84 return;
85 }
86 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
87 }
88
IDMAuthCallback(uint32_t userId,const CredentialParameters & credInfo,int32_t oldResult,const Attributes & reqResult,const sptr<IIDMCallback> & idmCallback)89 IDMAuthCallback::IDMAuthCallback(uint32_t userId, const CredentialParameters &credInfo,
90 int32_t oldResult, const Attributes &reqResult, const sptr<IIDMCallback> &idmCallback)
91 : userId_(userId), credInfo_(credInfo), oldResult_(oldResult), idmCallback_(idmCallback)
92 {
93 reqResult.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_);
94 reqResult.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid_);
95 reqResult_.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_);
96 }
97
OnResult(int32_t result,const Attributes & extraInfo)98 void IDMAuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
99 {
100 if (idmCallback_ == nullptr) {
101 ACCOUNT_LOGE("inner callback is nullptr");
102 return;
103 }
104 if (result != 0) {
105 idmCallback_->OnResult(ResultCode::FAIL, reqResult_);
106 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
107 return;
108 }
109 std::vector<uint8_t> token;
110 std::vector<uint8_t> secret;
111 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
112 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
113 int32_t updateKeyResult = InnerAccountIAMManager::GetInstance().UpdateUserKey(
114 userId_, secureUid_, credentialId_, token, secret);
115 if (updateKeyResult == 0) {
116 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
117 idmCallback_->OnResult(oldResult_, reqResult_);
118 return;
119 }
120 IAMState state = InnerAccountIAMManager::GetInstance().GetState(userId_);
121 if (state == AFTER_ADD_CRED) {
122 ACCOUNT_LOGE("failed to unlock user key, delete the added credential");
123 InnerAccountIAMManager::GetInstance().SetState(userId_, ROLL_BACK_ADD_CRED);
124 auto delCallback = std::make_shared<DelCredCallback>(userId_, credentialId_, token, idmCallback_);
125 UserIDMClient::GetInstance().DeleteCredential(userId_, credentialId_, token, delCallback);
126 } else if (state == AFTER_UPDATE_CRED) {
127 ACCOUNT_LOGE("failed to unlock user key, restore the old credential");
128 InnerAccountIAMManager::GetInstance().SetState(userId_, ROLL_BACK_UPDATE_CRED);
129 credInfo_.token = token;
130 auto updateCallback = std::make_shared<UpdateCredCallback>(userId_, credInfo_, idmCallback_);
131 UserIDMClient::GetInstance().UpdateCredential(0, credInfo_, updateCallback);
132 } else {
133 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
134 idmCallback_->OnResult(oldResult_, reqResult_);
135 }
136 }
137
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)138 void IDMAuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
139 {
140 ACCOUNT_LOGW("unsupported operation");
141 }
142
AddCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)143 AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
144 const sptr<IIDMCallback> &callback)
145 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
146 {}
147
OnResult(int32_t result,const Attributes & extraInfo)148 void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
149 {
150 if (innerCallback_ == nullptr) {
151 ACCOUNT_LOGE("inner callback is nullptr");
152 return;
153 }
154 if (result != 0 || credInfo_.authType != AuthType::PIN) {
155 ACCOUNT_LOGE("failed to add credential, result = %{public}d", result);
156 innerCallback_->OnResult(result, extraInfo);
157 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
158 return;
159 }
160
161 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsCreateSecret(userId_, true);
162 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_ADD_CRED);
163 std::vector<uint8_t> challenge;
164 InnerAccountIAMManager::GetInstance().GetChallenge(userId_, challenge);
165 auto callback = std::make_shared<IDMAuthCallback>(userId_, credInfo_, result, extraInfo, innerCallback_);
166 UserAuthClient::GetInstance().BeginAuthentication(
167 userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback);
168 }
169
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)170 void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
171 {
172 if (innerCallback_ == nullptr) {
173 ACCOUNT_LOGE("innerCallback_ is nullptr");
174 return;
175 }
176 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
177 }
178
UpdateCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)179 UpdateCredCallback::UpdateCredCallback(
180 uint32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
181 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
182 {}
183
OnResult(int32_t result,const Attributes & extraInfo)184 void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
185 {
186 if (innerCallback_ == nullptr) {
187 ACCOUNT_LOGE("inner callback is nullptr");
188 return;
189 }
190 IAMState state = InnerAccountIAMManager::GetInstance().GetState(userId_);
191 if (state == ROLL_BACK_UPDATE_CRED) {
192 if (result != 0) {
193 ACCOUNT_LOGE("roll back credential failed");
194 }
195 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
196 Attributes errResult;
197 innerCallback_->OnResult(ResultCode::FAIL, errResult);
198 return;
199 }
200 if (result != 0 || credInfo_.authType != AuthType::PIN) {
201 ACCOUNT_LOGE("failed to update credential");
202 innerCallback_->OnResult(result, extraInfo);
203 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
204 return;
205 }
206 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_UPDATE_CRED);
207 std::vector<uint8_t> challenge;
208 InnerAccountIAMManager::GetInstance().GetChallenge(userId_, challenge);
209 auto callback = std::make_shared<IDMAuthCallback>(userId_, credInfo_, result, extraInfo, innerCallback_);
210 UserAuthClient::GetInstance().BeginAuthentication(
211 userId_, challenge, AuthType::PIN, AuthTrustLevel::ATL4, callback);
212 }
213
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)214 void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
215 {
216 if (innerCallback_ == nullptr) {
217 ACCOUNT_LOGE("innerCallback_ is nullptr");
218 return;
219 }
220 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
221 }
222
DelCredCallback(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)223 DelCredCallback::DelCredCallback(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
224 const sptr<IIDMCallback> &callback)
225 : userId_(userId), credentialId_(credentialId), authToken_(authToken), innerCallback_(callback)
226 {}
227
OnResult(int32_t result,const Attributes & extraInfo)228 void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
229 {
230 if (innerCallback_ == nullptr) {
231 ACCOUNT_LOGE("innerCallback_ is nullptr");
232 return;
233 }
234 IAMState state = InnerAccountIAMManager::GetInstance().GetState(userId_);
235 if (state == ROLL_BACK_ADD_CRED) {
236 if (result != 0) {
237 ACCOUNT_LOGE("roll back credential failed");
238 }
239 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
240 Attributes errResult;
241 innerCallback_->OnResult(ResultCode::FAIL, errResult);
242 return;
243 }
244 if (result != 0) {
245 InnerAccountIAMManager::GetInstance().RestoreUserKey(userId_, credentialId_, authToken_);
246 }
247 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_OPEN_SESSION);
248 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsCreateSecret(userId_, false);
249 innerCallback_->OnResult(result, extraInfo);
250 }
251
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)252 void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
253 {
254 if (innerCallback_ == nullptr) {
255 ACCOUNT_LOGE("inner callback is nullptr");
256 return;
257 }
258 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
259 }
260
GetCredInfoCallbackWrapper(int32_t userId,int32_t authType,const sptr<IGetCredInfoCallback> & callback)261 GetCredInfoCallbackWrapper::GetCredInfoCallbackWrapper(
262 int32_t userId, int32_t authType, const sptr<IGetCredInfoCallback> &callback)
263 : userId_(userId), authType_(authType), innerCallback_(callback)
264 {}
265
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)266 void GetCredInfoCallbackWrapper::OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
267 {
268 if (innerCallback_ == nullptr) {
269 return;
270 }
271 if (authType_ == 0) {
272 bool isAvailable = InnerAccountIAMManager::GetInstance().CheckDomainAuthAvailable(userId_);
273 if (isAvailable) {
274 std::vector<CredentialInfo> newInfoList = infoList;
275 CredentialInfo info;
276 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
277 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
278 newInfoList.emplace_back(info);
279 return innerCallback_->OnCredentialInfo(newInfoList);
280 }
281 }
282 return innerCallback_->OnCredentialInfo(infoList);
283 }
284
GetPropCallbackWrapper(const sptr<IGetSetPropCallback> & callback)285 GetPropCallbackWrapper::GetPropCallbackWrapper(const sptr<IGetSetPropCallback> &callback) : innerCallback_(callback)
286 {}
287
OnResult(int32_t result,const Attributes & extraInfo)288 void GetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
289 {
290 if (innerCallback_ == nullptr) {
291 ACCOUNT_LOGE("inner callback is nullptr");
292 return;
293 }
294 innerCallback_->OnResult(result, extraInfo);
295 }
296
SetPropCallbackWrapper(const sptr<IGetSetPropCallback> & callback)297 SetPropCallbackWrapper::SetPropCallbackWrapper(const sptr<IGetSetPropCallback> &callback) : innerCallback_(callback)
298 {}
299
OnResult(int32_t result,const Attributes & extraInfo)300 void SetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
301 {
302 if (innerCallback_ == nullptr) {
303 ACCOUNT_LOGE("inner callback is nullptr");
304 return;
305 }
306 innerCallback_->OnResult(result, extraInfo);
307 }
308
GetDomainAuthStatusInfoCallback(const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)309 GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback(
310 const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
311 : request_(request), innerCallback_(callback)
312 {}
313
OnResult(int32_t result,Parcel & parcel)314 void GetDomainAuthStatusInfoCallback::OnResult(int32_t result, Parcel &parcel)
315 {
316 if (innerCallback_ == nullptr) {
317 ACCOUNT_LOGE("inner callback is nullptr");
318 return;
319 }
320 Attributes attributes;
321 std::shared_ptr<AuthStatusInfo> infoPtr(AuthStatusInfo::Unmarshalling(parcel));
322 if (infoPtr == nullptr) {
323 innerCallback_->OnResult(result, attributes);
324 return;
325 }
326 attributes.SetInt32Value(Attributes::ATTR_PIN_SUB_TYPE, static_cast<int32_t>(IAMAuthSubType::DOMAIN_MIXED));
327 attributes.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, infoPtr->remainingTimes);
328 attributes.SetInt32Value(Attributes::ATTR_FREEZING_TIME, infoPtr->freezingTime);
329 innerCallback_->OnResult(result, attributes);
330 }
331 } // namespace AccountSA
332 } // namespace OHOS
333