1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "inner_account_iam_manager.h"
17
18 #include "account_iam_callback.h"
19 #include "account_log_wrapper.h"
20 #include "domain_account_callback_service.h"
21 #include "account_hisysevent_adapter.h"
22 #include "iinner_os_account_manager.h"
23 #include "inner_domain_account_manager.h"
24 #include "iservice_registry.h"
25 #include "system_ability_definition.h"
26 #include "user_auth_client.h"
27 #include "user_auth_client_impl.h"
28 #include "user_idm_client.h"
29
30 namespace OHOS {
31 namespace AccountSA {
32 namespace {
33 #ifdef HAS_STORAGE_PART
34 const int32_t ERROR_STORAGE_KEY_NOT_EXIST = -2;
35 #endif
36 }
37 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
38 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
39 using UserAuthClientImpl = UserIam::UserAuth::UserAuthClientImpl;
40
InnerAccountIAMManager()41 InnerAccountIAMManager::InnerAccountIAMManager()
42 {
43 userStateMap_[0] = IDLE;
44 }
45
GetInstance()46 InnerAccountIAMManager &InnerAccountIAMManager::GetInstance()
47 {
48 static InnerAccountIAMManager *instance = new (std::nothrow) InnerAccountIAMManager();
49 return *instance;
50 }
51
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)52 void InnerAccountIAMManager::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
53 {
54 challenge = UserIDMClient::GetInstance().OpenSession(userId);
55 std::lock_guard<std::mutex> lock(mutex_);
56 userStateMap_[userId] = AFTER_OPEN_SESSION;
57 userChallengeMap_[userId] = challenge;
58 }
59
CloseSession(int32_t userId)60 void InnerAccountIAMManager::CloseSession(int32_t userId)
61 {
62 UserIDMClient::GetInstance().CloseSession(userId);
63 std::lock_guard<std::mutex> lock(mutex_);
64 if (userId == 0) {
65 userStateMap_[0] = IDLE;
66 } else {
67 userStateMap_.erase(userId);
68 }
69 userChallengeMap_.erase(userId);
70 }
71
AddCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)72 void InnerAccountIAMManager::AddCredential(
73 int32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
74 {
75 if (callback == nullptr) {
76 ACCOUNT_LOGE("callback is nullptr");
77 return;
78 }
79
80 sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
81 if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
82 (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
83 ACCOUNT_LOGE("Failed to add death recipient for AddCred");
84 return;
85 }
86 auto idmCallbackWrapper = std::make_shared<AddCredCallback>(userId, credInfo, callback);
87 idmCallbackWrapper->SetDeathRecipient(deathRecipient);
88 UserIDMClient::GetInstance().AddCredential(userId, credInfo, idmCallbackWrapper);
89 }
90
UpdateCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)91 void InnerAccountIAMManager::UpdateCredential(
92 int32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
93 {
94 if (callback == nullptr) {
95 ACCOUNT_LOGE("callback is nullptr");
96 return;
97 }
98 Attributes emptyResult;
99 if (credInfo.token.empty()) {
100 ACCOUNT_LOGE("token is empty");
101 callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult);
102 return;
103 }
104
105 sptr<IDMCallbackDeathRecipient> deathRecipient = new (std::nothrow) IDMCallbackDeathRecipient(userId);
106 if ((deathRecipient == nullptr) || (callback->AsObject() == nullptr) ||
107 (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
108 ACCOUNT_LOGE("Failed to add death recipient for UpdateCred");
109 return;
110 }
111
112 auto idmCallbackWrapper = std::make_shared<UpdateCredCallback>(userId, credInfo, callback);
113 idmCallbackWrapper->SetDeathRecipient(deathRecipient);
114 UserIDMClient::GetInstance().UpdateCredential(userId, credInfo, idmCallbackWrapper);
115 }
116
DelCred(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)117 void InnerAccountIAMManager::DelCred(
118 int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
119 {
120 if (callback == nullptr) {
121 ACCOUNT_LOGE("callback is nullptr");
122 return;
123 }
124 Attributes emptyResult;
125 if (authToken.empty()) {
126 ACCOUNT_LOGD("token is empty");
127 callback->OnResult(ResultCode::INVALID_PARAMETERS, emptyResult);
128 return;
129 }
130 uint64_t pinCredentialId = 0;
131 (void)IInnerOsAccountManager::GetInstance().GetOsAccountCredentialId(userId, pinCredentialId);
132 bool isPIN = (pinCredentialId != 0) && (credentialId == pinCredentialId);
133
134 auto idmCallback = std::make_shared<DelCredCallback>(userId, isPIN, authToken, callback);
135 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, authToken, idmCallback);
136 }
137
DelUser(int32_t userId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)138 void InnerAccountIAMManager::DelUser(
139 int32_t userId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
140 {
141 if (callback == nullptr) {
142 ACCOUNT_LOGE("callback is nullptr");
143 return;
144 }
145 Attributes errResult;
146 if (authToken.empty()) {
147 ACCOUNT_LOGE("token is empty");
148 callback->OnResult(ResultCode::INVALID_PARAMETERS, errResult);
149 return;
150 }
151
152 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, authToken, callback);
153 UserIDMClient::GetInstance().DeleteUser(userId, authToken, idmCallback);
154 }
155
IsNonPINAllowed(int32_t userId)156 static bool IsNonPINAllowed(int32_t userId)
157 {
158 bool isVerified = false;
159 (void) IInnerOsAccountManager::GetInstance().IsOsAccountVerified(userId, isVerified);
160 return isVerified;
161 }
162
GetCredentialInfo(int32_t userId,AuthType authType,const sptr<IGetCredInfoCallback> & callback)163 void InnerAccountIAMManager::GetCredentialInfo(
164 int32_t userId, AuthType authType, const sptr<IGetCredInfoCallback> &callback)
165 {
166 if (!IsNonPINAllowed(userId)) {
167 if ((authType != AuthType::PIN) && (authType != AuthType::ALL)) {
168 ACCOUNT_LOGD("unsupported auth type: %{public}d", authType);
169 std::vector<CredentialInfo> infoList;
170 return callback->OnCredentialInfo(infoList);
171 }
172 authType = AuthType::PIN;
173 }
174 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
175 std::vector<CredentialInfo> infoList;
176 if (CheckDomainAuthAvailable(userId)) {
177 CredentialInfo info;
178 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
179 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
180 infoList.emplace_back(info);
181 }
182 return callback->OnCredentialInfo(infoList);
183 }
184 auto getCallback = std::make_shared<GetCredInfoCallbackWrapper>(userId, static_cast<int32_t>(authType), callback);
185 UserIDMClient::GetInstance().GetCredentialInfo(userId, authType, getCallback);
186 }
187
Cancel(int32_t userId)188 int32_t InnerAccountIAMManager::Cancel(int32_t userId)
189 {
190 std::lock_guard<std::mutex> lock(mutex_);
191 auto it = userStateMap_.find(userId);
192 if ((it == userStateMap_.end()) || (it->second >= AFTER_ADD_CRED)) {
193 return ResultCode::GENERAL_ERROR;
194 }
195 return UserIDMClient::GetInstance().Cancel(userId);
196 }
197
PrepareRemoteAuth(const std::string & remoteNetworkId,const sptr<IPreRemoteAuthCallback> & callback)198 int32_t InnerAccountIAMManager::PrepareRemoteAuth(
199 const std::string &remoteNetworkId, const sptr<IPreRemoteAuthCallback> &callback)
200 {
201 if (callback == nullptr) {
202 ACCOUNT_LOGE("callback is nullptr");
203 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
204 }
205 ACCOUNT_LOGI("Start IAM PrepareRemoteAuth.");
206 auto prepareCallback = std::make_shared<PrepareRemoteAuthCallbackWrapper>(callback);
207 return UserAuthClient::GetInstance().PrepareRemoteAuth(remoteNetworkId, prepareCallback);
208 }
209
CopyAuthParam(const AuthParam & authParam,UserIam::UserAuth::AuthParam & iamAuthParam)210 void InnerAccountIAMManager::CopyAuthParam(const AuthParam &authParam, UserIam::UserAuth::AuthParam &iamAuthParam)
211 {
212 iamAuthParam.userId = authParam.userId;
213 iamAuthParam.challenge = authParam.challenge;
214 iamAuthParam.authType = authParam.authType;
215 iamAuthParam.authTrustLevel = authParam.authTrustLevel;
216 iamAuthParam.authIntent = static_cast<UserIam::UserAuth::AuthIntent>(authParam.authIntent);
217 if (authParam.remoteAuthParam != std::nullopt) {
218 iamAuthParam.remoteAuthParam = UserIam::UserAuth::RemoteAuthParam();
219 if (authParam.remoteAuthParam.value().verifierNetworkId != std::nullopt) {
220 iamAuthParam.remoteAuthParam.value().verifierNetworkId =
221 authParam.remoteAuthParam.value().verifierNetworkId.value();
222 }
223 if (authParam.remoteAuthParam.value().collectorNetworkId != std::nullopt) {
224 iamAuthParam.remoteAuthParam.value().collectorNetworkId =
225 authParam.remoteAuthParam.value().collectorNetworkId.value();
226 }
227 if (authParam.remoteAuthParam.value().collectorTokenId != std::nullopt) {
228 iamAuthParam.remoteAuthParam.value().collectorTokenId =
229 authParam.remoteAuthParam.value().collectorTokenId.value();
230 }
231 }
232 }
233
AuthUser(AuthParam & authParam,const sptr<IIDMCallback> & callback,uint64_t & contextId)234 int32_t InnerAccountIAMManager::AuthUser(
235 AuthParam &authParam, const sptr<IIDMCallback> &callback, uint64_t &contextId)
236 {
237 if (callback == nullptr) {
238 ACCOUNT_LOGE("callback is nullptr");
239 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
240 }
241 if ((authParam.authType != AuthType::PIN) && (!IsNonPINAllowed(authParam.userId))) {
242 ACCOUNT_LOGE("unsupported auth type: %{public}d", authParam.authType);
243 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
244 }
245 OsAccountInfo osAccountInfo;
246 if (IInnerOsAccountManager::GetInstance().QueryOsAccountById(authParam.userId, osAccountInfo) != ERR_OK) {
247 ACCOUNT_LOGE("Account does not exist");
248 return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
249 }
250 sptr<AuthCallbackDeathRecipient> deathRecipient = new (std::nothrow) AuthCallbackDeathRecipient();
251 if ((deathRecipient == nullptr) || (!callback->AsObject()->AddDeathRecipient(deathRecipient))) {
252 ACCOUNT_LOGE("failed to add death recipient for auth callback");
253 return ERR_ACCOUNT_COMMON_ADD_DEATH_RECIPIENT;
254 }
255
256 auto callbackWrapper =
257 std::make_shared<AuthCallback>(authParam.userId, osAccountInfo.GetCredentialId(), authParam.authType, callback);
258 callbackWrapper->SetDeathRecipient(deathRecipient);
259
260 UserIam::UserAuth::AuthParam iamAuthParam;
261 CopyAuthParam(authParam, iamAuthParam);
262 ACCOUNT_LOGI("Start IAM AuthUser.");
263 contextId = UserAuthClient::GetInstance().BeginAuthentication(iamAuthParam, callbackWrapper);
264 deathRecipient->SetContextId(contextId);
265 return ERR_OK;
266 }
267
CancelAuth(uint64_t contextId)268 int32_t InnerAccountIAMManager::CancelAuth(uint64_t contextId)
269 {
270 return UserAuthClient::GetInstance().CancelAuthentication(contextId);
271 }
272
GetAvailableStatus(AuthType authType,AuthTrustLevel authTrustLevel,int32_t & status)273 int32_t InnerAccountIAMManager::GetAvailableStatus(
274 AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status)
275 {
276 if (static_cast<int32_t>(authType) != static_cast<int32_t>(IAMAuthType::DOMAIN)) {
277 status = UserAuthClientImpl::Instance().GetAvailableStatus(authType, authTrustLevel);
278 return ERR_OK;
279 }
280 bool isPluginAvailable = InnerDomainAccountManager::GetInstance().IsPluginAvailable();
281 if (isPluginAvailable) {
282 status = ERR_JS_SUCCESS;
283 } else {
284 status = ERR_JS_AUTH_TYPE_NOT_SUPPORTED;
285 }
286 return ERR_OK;
287 }
288
GetDomainAuthStatusInfo(int32_t userId,const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)289 ErrCode InnerAccountIAMManager::GetDomainAuthStatusInfo(
290 int32_t userId, const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
291 {
292 OsAccountInfo osAccountInfo;
293 ErrCode result = IInnerOsAccountManager::GetInstance().QueryOsAccountById(userId, osAccountInfo);
294 if (result != ERR_OK) {
295 ACCOUNT_LOGE("failed to get account info");
296 return result;
297 }
298 DomainAccountInfo domainAccountInfo;
299 osAccountInfo.GetDomainInfo(domainAccountInfo);
300 if (domainAccountInfo.accountName_.empty()) {
301 ACCOUNT_LOGE("the target user is not a domain account");
302 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
303 }
304 std::shared_ptr<DomainAccountCallback> statusCallback =
305 std::make_shared<GetDomainAuthStatusInfoCallback>(request, callback);
306 if (statusCallback == nullptr) {
307 ACCOUNT_LOGE("failed to create GetDomainAuthStatusInfoCallback");
308 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
309 }
310 return InnerDomainAccountManager::GetInstance().GetAuthStatusInfo(domainAccountInfo, statusCallback);
311 }
312
CheckDomainAuthAvailable(int32_t userId)313 bool InnerAccountIAMManager::CheckDomainAuthAvailable(int32_t userId)
314 {
315 OsAccountInfo osAccountInfo;
316 if (IInnerOsAccountManager::GetInstance().QueryOsAccountById(userId, osAccountInfo) != ERR_OK) {
317 ACCOUNT_LOGE("failed to get account info");
318 return false;
319 }
320 DomainAccountInfo domainAccountInfo;
321 osAccountInfo.GetDomainInfo(domainAccountInfo);
322 bool isAvailable = InnerDomainAccountManager::GetInstance().IsPluginAvailable();
323 return !domainAccountInfo.accountName_.empty() && isAvailable;
324 }
325
GetProperty(int32_t userId,const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)326 void InnerAccountIAMManager::GetProperty(
327 int32_t userId, const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
328 {
329 if (callback == nullptr) {
330 ACCOUNT_LOGE("callback is nullptr");
331 return;
332 }
333 Attributes attributes;
334 if ((request.authType != AuthType::PIN) && (!IsNonPINAllowed(userId))) {
335 ACCOUNT_LOGE("unsupported auth type: %{public}d", request.authType);
336 callback->OnResult(ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE, attributes);
337 return;
338 }
339 if (static_cast<int32_t>(request.authType) != static_cast<int32_t>(IAMAuthType::DOMAIN)) {
340 auto getCallback = std::make_shared<GetPropCallbackWrapper>(userId, callback);
341 UserAuthClient::GetInstance().GetProperty(userId, request, getCallback);
342 return;
343 }
344 ErrCode result = GetDomainAuthStatusInfo(userId, request, callback);
345 if (result != ERR_OK) {
346 callback->OnResult(result, attributes);
347 }
348 }
349
SetProperty(int32_t userId,const SetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)350 void InnerAccountIAMManager::SetProperty(
351 int32_t userId, const SetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
352 {
353 if (static_cast<int32_t>(request.authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
354 Attributes result;
355 callback->OnResult(ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE, result);
356 return;
357 }
358 auto setCallback = std::make_shared<SetPropCallbackWrapper>(userId, callback);
359 UserAuthClient::GetInstance().SetProperty(userId, request, setCallback);
360 }
361
GetEnrolledId(int32_t accountId,AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)362 void InnerAccountIAMManager::GetEnrolledId(
363 int32_t accountId, AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
364 {
365 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
366 ACCOUNT_LOGE("Unsupported auth type");
367 uint64_t emptyId = 0;
368 callback->OnEnrolledId(ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE, emptyId);
369 return;
370 }
371 auto GetSecUserInfoCallback = std::make_shared<GetSecUserInfoCallbackWrapper>(authType, callback);
372 UserIDMClient::GetInstance().GetSecUserInfo(accountId, GetSecUserInfoCallback);
373 }
374
GetState(int32_t userId)375 IAMState InnerAccountIAMManager::GetState(int32_t userId)
376 {
377 std::lock_guard<std::mutex> lock(mutex_);
378 auto it = userStateMap_.find(userId);
379 if (it != userStateMap_.end()) {
380 return it->second;
381 }
382 return userStateMap_[0];
383 }
384
SetState(int32_t userId,IAMState state)385 void InnerAccountIAMManager::SetState(int32_t userId, IAMState state)
386 {
387 std::lock_guard<std::mutex> lock(mutex_);
388 userStateMap_[userId] = state;
389 }
390
GetChallenge(int32_t userId,std::vector<uint8_t> & challenge)391 void InnerAccountIAMManager::GetChallenge(int32_t userId, std::vector<uint8_t> &challenge)
392 {
393 std::lock_guard<std::mutex> lock(mutex_);
394 auto it = userChallengeMap_.find(userId);
395 if (it != userChallengeMap_.end()) {
396 challenge = it->second;
397 } else {
398 challenge = userChallengeMap_[0];
399 }
400 }
401
UpdateStorageKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)402 ErrCode InnerAccountIAMManager::UpdateStorageKey(
403 int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
404 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
405 {
406 #ifdef HAS_STORAGE_PART
407 ErrCode result = GetStorageManagerProxy();
408 if (result != ERR_OK) {
409 ACCOUNT_LOGE("fail to get storage proxy");
410 return result;
411 }
412 result = storageMgrProxy_->UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
413 if ((result != ERR_OK) && (result != ERROR_STORAGE_KEY_NOT_EXIST)) {
414 ACCOUNT_LOGE("fail to update user auth");
415 return result;
416 }
417
418 result = storageMgrProxy_->UpdateKeyContext(userId);
419 if (result != ERR_OK) {
420 ACCOUNT_LOGE("Fail to update key context, userId=%{public}d, result=%{public}d", userId, result);
421 ReportOsAccountOperationFail(userId, "updateStorageKeyContext", result,
422 "Failed to notice storage update key context");
423 }
424 return result;
425 #else
426 return ERR_OK;
427 #endif
428 }
429
UpdateStorageKeyContext(const int32_t userId)430 ErrCode InnerAccountIAMManager::UpdateStorageKeyContext(const int32_t userId)
431 {
432 ACCOUNT_LOGI("Enter, userId=%{public}d", userId);
433 #ifdef HAS_STORAGE_PART
434 ErrCode code = GetStorageManagerProxy();
435 if (code != ERR_OK) {
436 ACCOUNT_LOGE("Fail to get storage proxy");
437 return code;
438 }
439 code = storageMgrProxy_->UpdateKeyContext(userId);
440 if (code != ERR_OK) {
441 ACCOUNT_LOGE("Fail to update key context, userId=%{public}d, code=%{public}d", userId, code);
442 ReportOsAccountOperationFail(userId, "updateStorageKeyContext", code,
443 "Failed to notice storage update key context");
444 return code;
445 }
446 #endif
447 return ERR_OK;
448 }
449
UpdateStorageUserAuth(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)450 ErrCode InnerAccountIAMManager::UpdateStorageUserAuth(int32_t userId, uint64_t secureUid,
451 const std::vector<uint8_t> &token, const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
452 {
453 ACCOUNT_LOGI("Enter, userId=%{public}d", userId);
454 #ifdef HAS_STORAGE_PART
455 ErrCode code = GetStorageManagerProxy();
456 if (code != ERR_OK) {
457 ACCOUNT_LOGE("Fail to get storage proxy");
458 return code;
459 }
460
461 code = storageMgrProxy_->UpdateUserAuth(userId, secureUid, token, oldSecret, newSecret);
462 if ((code != ERR_OK) && (code != ERROR_STORAGE_KEY_NOT_EXIST)) {
463 ACCOUNT_LOGE("Fail to update user auth, userId=%{public}d, code=%{public}d", userId, code);
464 ReportOsAccountOperationFail(userId, "updateStorageUserAuth", code,
465 "Failed to notice storage update user auth");
466 return code;
467 }
468 #endif
469 return ERR_OK;
470 }
471
GetLockScreenStatus(uint32_t userId,bool & lockScreenStatus)472 ErrCode InnerAccountIAMManager::GetLockScreenStatus(uint32_t userId, bool &lockScreenStatus)
473 {
474 #ifdef HAS_STORAGE_PART
475 ErrCode result = GetStorageManagerProxy();
476 if (result != ERR_OK) {
477 ACCOUNT_LOGE("fail to get storage proxy");
478 return result;
479 }
480 result = storageMgrProxy_->GetLockScreenStatus(userId, lockScreenStatus);
481 if (result != ERR_OK) {
482 ACCOUNT_LOGE("failed to get lock screen status");
483 return result;
484 }
485 #endif
486 return ERR_OK;
487 }
488
UnlockUserScreen(int32_t userId)489 ErrCode InnerAccountIAMManager::UnlockUserScreen(int32_t userId)
490 {
491 #ifdef HAS_STORAGE_PART
492 ErrCode result = GetStorageManagerProxy();
493 if (result != ERR_OK) {
494 ACCOUNT_LOGE("fail to get storage proxy");
495 return result;
496 }
497 result = storageMgrProxy_->UnlockUserScreen(userId);
498 if (result != ERR_OK) {
499 ACCOUNT_LOGE("fail to unlock screen");
500 return result;
501 }
502 #endif
503 return ERR_OK;
504 }
505
ActivateUserKey(int32_t userId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret)506 ErrCode InnerAccountIAMManager::ActivateUserKey(
507 int32_t userId, const std::vector<uint8_t> &token, const std::vector<uint8_t> &secret)
508 {
509 #ifdef HAS_STORAGE_PART
510 ErrCode result = GetStorageManagerProxy();
511 if (result != ERR_OK) {
512 ACCOUNT_LOGE("fail to get storage proxy");
513 return result;
514 }
515 result = storageMgrProxy_->ActiveUserKey(userId, token, secret);
516 if (result != ERR_OK && result != ERROR_STORAGE_KEY_NOT_EXIST) {
517 ACCOUNT_LOGE("fail to active user key, error code: %{public}d", result);
518 return result;
519 }
520 storageMgrProxy_->PrepareStartUser(userId);
521 #endif
522 return ERR_OK;
523 }
524
525
GetStorageManagerProxy()526 ErrCode InnerAccountIAMManager::GetStorageManagerProxy()
527 {
528 #ifdef HAS_STORAGE_PART
529 if (storageMgrProxy_ != nullptr) {
530 return ERR_OK;
531 }
532 auto systemAbilityManager = SystemAbilityManagerClient::GetInstance().GetSystemAbilityManager();
533 if (systemAbilityManager == nullptr) {
534 ACCOUNT_LOGE("failed to get system ability mgr");
535 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY_MANAGER;
536 }
537 auto remote = systemAbilityManager->GetSystemAbility(STORAGE_MANAGER_MANAGER_ID);
538 if (remote == nullptr) {
539 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID service");
540 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
541 }
542 storageMgrProxy_ = iface_cast<StorageManager::IStorageManager>(remote);
543 if (storageMgrProxy_ == nullptr) {
544 ACCOUNT_LOGE("failed to get STORAGE_MANAGER_MANAGER_ID proxy");
545 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
546 }
547 return ERR_OK;
548 #else
549 return ERR_ACCOUNT_COMMON_GET_SYSTEM_ABILITY;
550 #endif
551 }
552 } // namespace AccountSA
553 } // namespace OHOS
554