1 /*
2 * Copyright (C) 2022-2023 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "enroll_specification_check.h"
17
18 #include "adaptor_log.h"
19 #include "idm_database.h"
20 #include "idm_session.h"
21
22 #ifdef IAM_TEST_ENABLE
23 #define IAM_STATIC
24 #else
25 #define IAM_STATIC static
26 #endif
27
28 typedef struct {
29 AuthType authType;
30 uint32_t maxErollNumber;
31 } SpecificationMap;
32
33 IAM_STATIC SpecificationMap g_specificationMap[] = {
34 {PIN_AUTH, MAX_NUMBER_OF_PIN_PER_USER},
35 {FACE_AUTH, MAX_NUMBER_OF_FACE_PER_USER},
36 {FINGER_AUTH, MAX_NUMBER_OF_FINGERS_PER_USER},
37 };
38
GetMaxNumber(uint32_t authType)39 IAM_STATIC uint32_t GetMaxNumber(uint32_t authType)
40 {
41 for (uint32_t i = 0; i < sizeof(g_specificationMap) / sizeof(SpecificationMap); ++i) {
42 if (g_specificationMap[i].authType == authType) {
43 return g_specificationMap[i].maxErollNumber;
44 }
45 }
46 return INVALID_AUTH_TYPE_EROLL_NUMBER;
47 }
48
CheckIdmOperationToken(int32_t userId,UserAuthTokenHal * authToken)49 ResultCode CheckIdmOperationToken(int32_t userId, UserAuthTokenHal *authToken)
50 {
51 if (authToken == NULL) {
52 LOG_ERROR("auth token is null");
53 return RESULT_BAD_PARAM;
54 }
55 UserAuthTokenPlain tokenPlain = {0};
56 ResultCode ret = UserAuthTokenVerify(authToken, &tokenPlain);
57 if (ret != RESULT_SUCCESS) {
58 LOG_ERROR("UserAuthTokenVerify fail");
59 return RESULT_BAD_MATCH;
60 }
61 if (tokenPlain.tokenDataPlain.authType != PIN_AUTH) {
62 LOG_ERROR("need pin token");
63 return RESULT_VERIFY_TOKEN_FAIL;
64 }
65 ret = CheckChallenge(tokenPlain.tokenDataPlain.challenge, CHALLENGE_LEN);
66 if (ret != RESULT_SUCCESS) {
67 LOG_ERROR("check challenge failed, token is invalid");
68 return RESULT_BAD_MATCH;
69 }
70 int32_t userIdGet;
71 ret = GetUserId(&userIdGet);
72 if (ret != RESULT_SUCCESS || userIdGet != userId || userIdGet != tokenPlain.tokenDataToEncrypt.userId) {
73 LOG_ERROR("check userId failed");
74 return RESULT_BAD_MATCH;
75 }
76 uint64_t secureUid;
77 ret = GetSecureUid(userId, &secureUid);
78 if (ret != RESULT_SUCCESS || secureUid != tokenPlain.tokenDataToEncrypt.secureUid) {
79 LOG_ERROR("check secureUid failed, token is invalid");
80 return RESULT_BAD_MATCH;
81 }
82 if (!IsValidTokenTime(tokenPlain.tokenDataPlain.time)) {
83 LOG_ERROR("check token time failed, token is invalid");
84 return RESULT_VERIFY_TOKEN_FAIL;
85 }
86 return RESULT_SUCCESS;
87 }
88
CheckSpecification(int32_t userId,uint32_t authType)89 ResultCode CheckSpecification(int32_t userId, uint32_t authType)
90 {
91 CredentialCondition condition = {};
92 SetCredentialConditionAuthType(&condition, authType);
93 SetCredentialConditionUserId(&condition, userId);
94 LinkedList *credList = QueryCredentialLimit(&condition);
95 if (credList == NULL) {
96 LOG_ERROR("query credential failed");
97 return RESULT_UNKNOWN;
98 }
99 uint32_t maxNumber = GetMaxNumber(authType);
100 if (credList->getSize(credList) >= maxNumber) {
101 LOG_ERROR("the erolled quantity has reached the upper limit, authType is %{public}u", authType);
102 DestroyLinkedList(credList);
103 return RESULT_EXCEED_LIMIT;
104 }
105 DestroyLinkedList(credList);
106 return RESULT_SUCCESS;
107 }