1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_client.h"
17
18 #include "accesstoken_kit.h"
19 #include "account_error_no.h"
20 #include "account_iam_callback_service.h"
21 #include "account_log_wrapper.h"
22 #include "account_proxy.h"
23 #include "account_permission_manager.h"
24 #include "ipc_skeleton.h"
25 #include "ohos_account_kits_impl.h"
26 #include "os_account_manager.h"
27 #ifdef HAS_PIN_AUTH_PART
28 #include "pinauth_register.h"
29 #endif
30
31 namespace OHOS {
32 namespace AccountSA {
33 namespace {
34 const std::string PERMISSION_ACCESS_PIN_AUTH = "ohos.permission.ACCESS_PIN_AUTH";
35 const std::string PERMISSION_MANAGE_USER_IDM = "ohos.permission.MANAGE_USER_IDM";
36 const std::string PERMISSION_ACCESS_USER_AUTH_INTERNAL = "ohos.permission.ACCESS_USER_AUTH_INTERNAL";
37 }
38
GetInstance()39 AccountIAMClient &AccountIAMClient::GetInstance()
40 {
41 static AccountIAMClient *instance = new (std::nothrow) AccountIAMClient();
42 return *instance;
43 }
44
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)45 int32_t AccountIAMClient::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
46 {
47 auto proxy = GetAccountIAMProxy();
48 if (proxy == nullptr) {
49 return ERR_ACCOUNT_COMMON_GET_PROXY;
50 }
51 return proxy->OpenSession(userId, challenge);
52 }
53
CloseSession(int32_t userId)54 int32_t AccountIAMClient::CloseSession(int32_t userId)
55 {
56 auto proxy = GetAccountIAMProxy();
57 if (proxy == nullptr) {
58 return ERR_ACCOUNT_COMMON_GET_PROXY;
59 }
60 return proxy->CloseSession(userId);
61 }
62
AddCredential(int32_t userId,const CredentialParameters & credInfo,const std::shared_ptr<IDMCallback> & callback)63 void AccountIAMClient::AddCredential(
64 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback)
65 {
66 if (callback == nullptr) {
67 ACCOUNT_LOGE("the callback for adding credential is nullptr");
68 return;
69 }
70 Attributes emptyResult;
71 auto proxy = GetAccountIAMProxy();
72 if (proxy == nullptr) {
73 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
74 return;
75 }
76 if ((userId == 0) && (!GetCurrentUserId(userId))) {
77 ACCOUNT_LOGE("fail to add credential for invalid userId");
78 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
79 return;
80 }
81 if (credInfo.authType == AuthType::PIN) {
82 SetAuthSubType(userId, static_cast<int32_t>(credInfo.pinType.value_or(PinSubType::PIN_MAX)));
83 }
84 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
85 proxy->AddCredential(userId, credInfo, wrapper);
86 }
87
UpdateCredential(int32_t userId,const CredentialParameters & credInfo,const std::shared_ptr<IDMCallback> & callback)88 void AccountIAMClient::UpdateCredential(
89 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback)
90 {
91 if (callback == nullptr) {
92 ACCOUNT_LOGE("the callback for updating credential is nullptr");
93 return;
94 }
95 Attributes emptyResult;
96 auto proxy = GetAccountIAMProxy();
97 if (proxy == nullptr) {
98 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
99 return;
100 }
101 if ((userId == 0) && (!GetCurrentUserId(userId))) {
102 ACCOUNT_LOGE("fail to update credential for invalid userId");
103 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
104 return;
105 }
106 if (credInfo.authType == AuthType::PIN) {
107 SetAuthSubType(userId, static_cast<int32_t>(credInfo.pinType.value_or(PinSubType::PIN_MAX)));
108 }
109 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
110 proxy->UpdateCredential(userId, credInfo, wrapper);
111 }
112
DelCred(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const std::shared_ptr<IDMCallback> & callback)113 void AccountIAMClient::DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
114 const std::shared_ptr<IDMCallback>& callback)
115 {
116 if (callback == nullptr) {
117 ACCOUNT_LOGE("the callback for deleting credential is nullptr");
118 return;
119 }
120 Attributes emptyResult;
121 auto proxy = GetAccountIAMProxy();
122 if (proxy == nullptr) {
123 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
124 return;
125 }
126 if ((userId == 0) && (!GetCurrentUserId(userId))) {
127 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
128 return;
129 }
130 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
131 proxy->DelCred(userId, credentialId, authToken, wrapper);
132 }
133
DelUser(int32_t userId,const std::vector<uint8_t> & authToken,const std::shared_ptr<IDMCallback> & callback)134 void AccountIAMClient::DelUser(
135 int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback)
136 {
137 if (callback == nullptr) {
138 ACCOUNT_LOGE("the callback for deleting user is nullptr");
139 return;
140 }
141 Attributes emptyResult;
142 auto proxy = GetAccountIAMProxy();
143 if (proxy == nullptr) {
144 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
145 return;
146 }
147 if ((userId == 0) && (!GetCurrentUserId(userId))) {
148 callback->OnResult(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyResult);
149 return;
150 }
151 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(userId, callback);
152 proxy->DelUser(userId, authToken, wrapper);
153 }
154
GetCredentialInfo(int32_t userId,AuthType authType,const std::shared_ptr<GetCredInfoCallback> & callback)155 int32_t AccountIAMClient::GetCredentialInfo(
156 int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback)
157 {
158 auto proxy = GetAccountIAMProxy();
159 if (proxy == nullptr) {
160 return ERR_ACCOUNT_COMMON_GET_PROXY;
161 }
162 sptr<IGetCredInfoCallback> wrapper = new (std::nothrow) GetCredInfoCallbackService(callback);
163 ErrCode result = proxy->GetCredentialInfo(userId, authType, wrapper);
164 if ((result != ERR_OK) && (callback != nullptr)) {
165 std::vector<CredentialInfo> infoList;
166 callback->OnCredentialInfo(result, infoList);
167 }
168 return result;
169 }
170
Cancel(int32_t userId)171 int32_t AccountIAMClient::Cancel(int32_t userId)
172 {
173 auto proxy = GetAccountIAMProxy();
174 if (proxy == nullptr) {
175 return ERR_ACCOUNT_COMMON_GET_PROXY;
176 }
177 return proxy->Cancel(userId);
178 }
179
180 #ifdef HAS_PIN_AUTH_PART
StartDomainAuth(int32_t userId,const std::shared_ptr<IDMCallback> & callback)181 uint64_t AccountIAMClient::StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback)
182 {
183 std::lock_guard<std::mutex> lock(domainMutex_);
184 Attributes emptyResult;
185 if (domainInputer_ == nullptr) {
186 ACCOUNT_LOGE("the registered inputer is not found or invalid");
187 callback->OnResult(ERR_ACCOUNT_IAM_KIT_INPUTER_NOT_REGISTERED, emptyResult);
188 return 0;
189 }
190 domainInputer_->OnGetData(IAMAuthType::DOMAIN, std::vector<uint8_t>(),
191 std::make_shared<DomainCredentialRecipient>(userId, callback));
192 return 0;
193 }
194 #endif
195
PrepareRemoteAuth(const std::string & remoteNetworkId,const std::shared_ptr<PreRemoteAuthCallback> & callback)196 int32_t AccountIAMClient::PrepareRemoteAuth(
197 const std::string &remoteNetworkId, const std::shared_ptr<PreRemoteAuthCallback> &callback)
198 {
199 if (callback == nullptr) {
200 ACCOUNT_LOGE("Callback for PrepareRemoteAuth is nullptr.");
201 return ERR_ACCOUNT_COMMON_NULL_PTR_ERROR;
202 }
203 auto proxy = GetAccountIAMProxy();
204 if (proxy == nullptr) {
205 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY);
206 return ERR_ACCOUNT_COMMON_GET_PROXY;
207 }
208 sptr<IPreRemoteAuthCallback> wrapper = new (std::nothrow) PreRemoteAuthCallbackService(callback);
209 return proxy->PrepareRemoteAuth(remoteNetworkId, wrapper);
210 }
211
Auth(AuthOptions & authOptions,const std::vector<uint8_t> & challenge,AuthType authType,AuthTrustLevel authTrustLevel,const std::shared_ptr<IDMCallback> & callback)212 uint64_t AccountIAMClient::Auth(AuthOptions& authOptions, const std::vector<uint8_t> &challenge,
213 AuthType authType, AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback)
214 {
215 return AuthUser(authOptions, challenge, authType, authTrustLevel, callback);
216 }
217
AuthUser(AuthOptions & authOptions,const std::vector<uint8_t> & challenge,AuthType authType,AuthTrustLevel authTrustLevel,const std::shared_ptr<IDMCallback> & callback)218 uint64_t AccountIAMClient::AuthUser(
219 AuthOptions &authOptions, const std::vector<uint8_t> &challenge, AuthType authType,
220 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback)
221 {
222 uint64_t contextId = 0;
223 if (callback == nullptr) {
224 ACCOUNT_LOGE("callback is nullptr");
225 return contextId;
226 }
227 auto proxy = GetAccountIAMProxy();
228 if (proxy == nullptr) {
229 return contextId;
230 }
231 if ((authOptions.accountId == 0) && (!GetCurrentUserId(authOptions.accountId))) {
232 return contextId;
233 }
234 #ifdef HAS_PIN_AUTH_PART
235 if (static_cast<int32_t>(authType) == static_cast<int32_t>(IAMAuthType::DOMAIN)) {
236 return StartDomainAuth(authOptions.accountId, callback);
237 }
238 #endif
239 sptr<IIDMCallback> wrapper = new (std::nothrow) IDMCallbackService(authOptions.accountId, callback);
240 AuthParam authParam;
241 authParam.challenge = challenge;
242 authParam.authType = authType;
243 authParam.authTrustLevel = authTrustLevel;
244 authParam.userId = authOptions.accountId;
245 authParam.authIntent = authOptions.authIntent;
246 if (authOptions.hasRemoteAuthOptions) {
247 authParam.remoteAuthParam = RemoteAuthParam();
248 if (authOptions.remoteAuthOptions.hasVerifierNetworkId) {
249 authParam.remoteAuthParam.value().verifierNetworkId = authOptions.remoteAuthOptions.verifierNetworkId;
250 }
251 if (authOptions.remoteAuthOptions.hasCollectorNetworkId) {
252 authParam.remoteAuthParam.value().collectorNetworkId = authOptions.remoteAuthOptions.collectorNetworkId;
253 }
254 if (authOptions.remoteAuthOptions.hasCollectorTokenId) {
255 authParam.remoteAuthParam.value().collectorTokenId = authOptions.remoteAuthOptions.collectorTokenId;
256 }
257 }
258 ErrCode result = proxy->AuthUser(authParam, wrapper, contextId);
259 if (result != ERR_OK) {
260 Attributes emptyResult;
261 callback->OnResult(result, emptyResult);
262 }
263 return contextId;
264 }
265
CancelAuth(uint64_t contextId)266 int32_t AccountIAMClient::CancelAuth(uint64_t contextId)
267 {
268 auto proxy = GetAccountIAMProxy();
269 if (proxy == nullptr) {
270 return ERR_ACCOUNT_COMMON_GET_PROXY;
271 }
272 return proxy->CancelAuth(contextId);
273 }
274
GetAvailableStatus(AuthType authType,AuthTrustLevel authTrustLevel,int32_t & status)275 int32_t AccountIAMClient::GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status)
276 {
277 auto proxy = GetAccountIAMProxy();
278 if (proxy == nullptr) {
279 return ERR_ACCOUNT_COMMON_GET_PROXY;
280 }
281 if (authTrustLevel < UserIam::UserAuth::ATL1 || authTrustLevel > UserIam::UserAuth::ATL4) {
282 ACCOUNT_LOGE("authTrustLevel is not in correct range");
283 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
284 }
285 if (authType < UserIam::UserAuth::ALL) {
286 ACCOUNT_LOGE("authType is not in correct range");
287 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
288 }
289 return proxy->GetAvailableStatus(authType, authTrustLevel, status);
290 }
291
GetProperty(int32_t userId,const GetPropertyRequest & request,const std::shared_ptr<GetSetPropCallback> & callback)292 void AccountIAMClient::GetProperty(
293 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback)
294 {
295 if (callback == nullptr) {
296 ACCOUNT_LOGE("the callback for getting property is nullptr");
297 return;
298 }
299 Attributes emptyResult;
300 auto proxy = GetAccountIAMProxy();
301 if (proxy == nullptr) {
302 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
303 return;
304 }
305 sptr<IGetSetPropCallback> wrapper = new (std::nothrow) GetSetPropCallbackService(callback);
306 proxy->GetProperty(userId, request, wrapper);
307 }
308
SetProperty(int32_t userId,const SetPropertyRequest & request,const std::shared_ptr<GetSetPropCallback> & callback)309 void AccountIAMClient::SetProperty(
310 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback)
311 {
312 if (callback == nullptr) {
313 ACCOUNT_LOGE("the callback for setting property is nullptr");
314 return;
315 }
316 Attributes emptyResult;
317 auto proxy = GetAccountIAMProxy();
318 if (proxy == nullptr) {
319 callback->OnResult(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
320 return;
321 }
322 sptr<IGetSetPropCallback> wrapper = new (std::nothrow) GetSetPropCallbackService(callback);
323 proxy->SetProperty(userId, request, wrapper);
324 }
325
GetEnrolledId(int32_t accountId,AuthType authType,const std::shared_ptr<GetEnrolledIdCallback> & callback)326 void AccountIAMClient::GetEnrolledId(
327 int32_t accountId, AuthType authType, const std::shared_ptr<GetEnrolledIdCallback> &callback)
328 {
329 if (callback == nullptr) {
330 ACCOUNT_LOGE("The callback for get enrolled id is nullptr");
331 return;
332 }
333 uint64_t emptyResult = 0;
334 auto proxy = GetAccountIAMProxy();
335 if (proxy == nullptr) {
336 callback->OnEnrolledId(ERR_ACCOUNT_COMMON_GET_PROXY, emptyResult);
337 return;
338 }
339 sptr<IGetEnrolledIdCallback> wrapper = new (std::nothrow) GetEnrolledIdCallbackService(callback);
340 if (wrapper == nullptr) {
341 callback->OnEnrolledId(ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR, emptyResult);
342 return;
343 }
344 proxy->GetEnrolledId(accountId, authType, wrapper);
345 }
346
CheckSelfPermission(const std::string & permissionName)347 bool AccountIAMClient::CheckSelfPermission(const std::string &permissionName)
348 {
349 Security::AccessToken::AccessTokenID tokenId = IPCSkeleton::GetSelfTokenID();
350 ErrCode result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenId, permissionName);
351 return result == Security::AccessToken::TypePermissionState::PERMISSION_GRANTED;
352 }
353
354 #ifdef HAS_PIN_AUTH_PART
RegisterPINInputer(const std::shared_ptr<IInputer> & inputer)355 ErrCode AccountIAMClient::RegisterPINInputer(const std::shared_ptr<IInputer> &inputer)
356 {
357 std::lock_guard<std::mutex> lock(pinMutex_);
358 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
359 if (result != ERR_OK) {
360 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
361 return result;
362 }
363 if (pinInputer_ != nullptr) {
364 ACCOUNT_LOGE("inputer is already registered");
365 return ERR_ACCOUNT_IAM_KIT_INPUTER_ALREADY_REGISTERED;
366 }
367 int32_t userId = 0;
368 if (!GetCurrentUserId(userId)) {
369 return ERR_ACCOUNT_IAM_KIT_GET_USERID_FAIL;
370 }
371 auto iamInputer = std::make_shared<IAMInputer>(userId, inputer);
372 if (iamInputer == nullptr) {
373 ACCOUNT_LOGE("failed to create IAMInputer");
374 return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
375 }
376 if (UserIam::PinAuth::PinAuthRegister::GetInstance().RegisterInputer(iamInputer)) {
377 pinInputer_ = inputer;
378 return ERR_OK;
379 }
380 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
381 }
382
RegisterDomainInputer(const std::shared_ptr<IInputer> & inputer)383 ErrCode AccountIAMClient::RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer)
384 {
385 std::lock_guard<std::mutex> lock(domainMutex_);
386 if (domainInputer_ != nullptr) {
387 ACCOUNT_LOGE("inputer is already registered");
388 return ERR_ACCOUNT_IAM_KIT_INPUTER_ALREADY_REGISTERED;
389 }
390 domainInputer_ = inputer;
391 return ERR_OK;
392 }
393
RegisterInputer(int32_t authType,const std::shared_ptr<IInputer> & inputer)394 ErrCode AccountIAMClient::RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer)
395 {
396 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
397 if (result != ERR_OK) {
398 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
399 return result;
400 }
401 if ((!CheckSelfPermission(PERMISSION_ACCESS_USER_AUTH_INTERNAL)) &&
402 (!CheckSelfPermission(PERMISSION_MANAGE_USER_IDM))) {
403 ACCOUNT_LOGE("failed to check permission");
404 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
405 }
406 if (inputer == nullptr) {
407 ACCOUNT_LOGE("inputer is nullptr");
408 return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
409 }
410 switch (authType) {
411 case IAMAuthType::DOMAIN:
412 return RegisterDomainInputer(inputer);
413 default:
414 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
415 }
416 }
417
UnregisterInputer(int32_t authType)418 ErrCode AccountIAMClient::UnregisterInputer(int32_t authType)
419 {
420 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
421 if (result != ERR_OK) {
422 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
423 return result;
424 }
425 if ((!CheckSelfPermission(PERMISSION_ACCESS_USER_AUTH_INTERNAL)) &&
426 (!CheckSelfPermission(PERMISSION_MANAGE_USER_IDM))) {
427 ACCOUNT_LOGE("failed to check permission");
428 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
429 }
430 switch (authType) {
431 case IAMAuthType::DOMAIN:
432 return UnregisterDomainInputer();
433 default:
434 return ERR_ACCOUNT_IAM_UNSUPPORTED_AUTH_TYPE;
435 }
436 return ERR_OK;
437 }
438
UnregisterPINInputer()439 ErrCode AccountIAMClient::UnregisterPINInputer()
440 {
441 ErrCode result = AccountPermissionManager::CheckSystemApp(false);
442 if (result != ERR_OK) {
443 ACCOUNT_LOGE("is not system application, result = %{public}u.", result);
444 return result;
445 }
446 if (!CheckSelfPermission(PERMISSION_ACCESS_PIN_AUTH)) {
447 ACCOUNT_LOGE("failed to check permission");
448 return ERR_ACCOUNT_COMMON_PERMISSION_DENIED;
449 }
450 UserIam::PinAuth::PinAuthRegister::GetInstance().UnRegisterInputer();
451 std::lock_guard<std::mutex> lock(pinMutex_);
452 pinInputer_ = nullptr;
453 return ERR_OK;
454 }
455
UnregisterDomainInputer()456 ErrCode AccountIAMClient::UnregisterDomainInputer()
457 {
458 std::lock_guard<std::mutex> lock(domainMutex_);
459 domainInputer_ = nullptr;
460 return ERR_OK;
461 }
462 #endif
463
GetAccountState(int32_t userId)464 IAMState AccountIAMClient::GetAccountState(int32_t userId)
465 {
466 auto proxy = GetAccountIAMProxy();
467 if (proxy == nullptr) {
468 return IDLE;
469 }
470 return proxy->GetAccountState(userId);
471 }
472
GetCredential(int32_t userId,CredentialItem & credItem)473 void AccountIAMClient::GetCredential(int32_t userId, CredentialItem &credItem)
474 {
475 std::lock_guard<std::mutex> lock(mutex_);
476 auto it = credentialMap_.find(userId);
477 if (it != credentialMap_.end()) {
478 credItem = it->second;
479 }
480 }
481
SetCredential(int32_t userId,const std::vector<uint8_t> & credential)482 void AccountIAMClient::SetCredential(int32_t userId, const std::vector<uint8_t> &credential)
483 {
484 std::lock_guard<std::mutex> lock(mutex_);
485 auto it = credentialMap_.find(userId);
486 if (it != credentialMap_.end()) {
487 it->second.oldCredential = it->second.credential;
488 it->second.credential = credential;
489 return;
490 }
491 credentialMap_[userId] = {
492 .credential = credential
493 };
494 }
495
ClearCredential(int32_t userId)496 void AccountIAMClient::ClearCredential(int32_t userId)
497 {
498 std::lock_guard<std::mutex> lock(mutex_);
499 credentialMap_.erase(userId);
500 }
501
SetAuthSubType(int32_t userId,int32_t authSubType)502 void AccountIAMClient::SetAuthSubType(int32_t userId, int32_t authSubType)
503 {
504 std::lock_guard<std::mutex> lock(mutex_);
505 auto it = credentialMap_.find(userId);
506 if (it != credentialMap_.end()) {
507 return;
508 }
509 credentialMap_[userId] = {
510 .type = authSubType
511 };
512 }
513
GetAuthSubType(int32_t userId)514 int32_t AccountIAMClient::GetAuthSubType(int32_t userId)
515 {
516 std::lock_guard<std::mutex> lock(mutex_);
517 auto it = credentialMap_.find(userId);
518 if (it != credentialMap_.end()) {
519 return it->second.type;
520 }
521 return 0;
522 }
523
GetCurrentUserId(int32_t & userId)524 bool AccountIAMClient::GetCurrentUserId(int32_t &userId)
525 {
526 std::vector<int32_t> userIds;
527 if ((OsAccountManager::QueryActiveOsAccountIds(userIds) != ERR_OK) || userIds.empty()) {
528 ACCOUNT_LOGE("fail to get activated os account ids");
529 return false;
530 }
531 userId = userIds[0];
532 return true;
533 }
534
ResetAccountIAMProxy(const wptr<IRemoteObject> & remote)535 void AccountIAMClient::ResetAccountIAMProxy(const wptr<IRemoteObject>& remote)
536 {
537 std::lock_guard<std::mutex> lock(mutex_);
538 if (proxy_ == nullptr) {
539 ACCOUNT_LOGE("proxy is nullptr");
540 return;
541 }
542 auto serviceRemote = proxy_->AsObject();
543 if ((serviceRemote != nullptr) && (serviceRemote == remote.promote())) {
544 serviceRemote->RemoveDeathRecipient(deathRecipient_);
545 proxy_ = nullptr;
546 }
547 }
548
OnRemoteDied(const wptr<IRemoteObject> & remote)549 void AccountIAMClient::AccountIAMDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
550 {
551 if (remote == nullptr) {
552 ACCOUNT_LOGE("remote is nullptr");
553 return;
554 }
555 AccountIAMClient::GetInstance().ResetAccountIAMProxy(remote);
556 }
557
GetAccountIAMProxy()558 sptr<IAccountIAM> AccountIAMClient::GetAccountIAMProxy()
559 {
560 std::lock_guard<std::mutex> lock(mutex_);
561 if (proxy_ != nullptr) {
562 return proxy_;
563 }
564 sptr<IRemoteObject> object = OhosAccountKitsImpl::GetInstance().GetAccountIAMService();
565 if (object == nullptr) {
566 ACCOUNT_LOGE("failed to get account iam service");
567 return nullptr;
568 }
569 deathRecipient_ = new (std::nothrow) AccountIAMDeathRecipient();
570 if (deathRecipient_ == nullptr) {
571 ACCOUNT_LOGE("failed to create account iam death recipient");
572 return nullptr;
573 }
574 if (!object->AddDeathRecipient(deathRecipient_)) {
575 ACCOUNT_LOGE("failed to add account iam death recipient");
576 deathRecipient_ = nullptr;
577 return nullptr;
578 }
579 proxy_ = iface_cast<IAccountIAM>(object);
580 if (proxy_ == nullptr) {
581 ACCOUNT_LOGE("failed to get account iam proxy");
582 }
583 return proxy_;
584 }
585 } // namespace AccountSA
586 } // namespace OHOS
587