1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "simple_auth_context.h"
16
17 #include <set>
18 #include <vector>
19
20 #include "auth_common.h"
21 #include "iam_check.h"
22 #include "iam_logger.h"
23 #include "iam_para2str.h"
24 #include "resource_node.h"
25 #include "resource_node_utils.h"
26 #include "schedule_node.h"
27 #include "schedule_node_callback.h"
28 #include "user_idm_database.h"
29
30 #define LOG_TAG "USER_AUTH_SA"
31 namespace OHOS {
32 namespace UserIam {
33 namespace UserAuth {
GetPropertyTemplateIds(Authentication::AuthResultInfo & resultInfo)34 std::optional<std::vector<uint64_t>> SimpleAuthContext::GetPropertyTemplateIds(
35 Authentication::AuthResultInfo &resultInfo)
36 {
37 IAM_LOGI("start");
38 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, std::nullopt);
39 auto scheduleNode = scheduleList_[0];
40 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleNode != nullptr, std::nullopt);
41 if (scheduleNode->GetAuthType() != PRIVATE_PIN) {
42 return scheduleNode->GetTemplateIdList();
43 }
44
45 std::vector<uint64_t> templateIds;
46 std::vector<std::shared_ptr<CredentialInfoInterface>> credInfos;
47 int32_t ret = UserIdmDatabase::Instance().GetCredentialInfo(resultInfo.userId, scheduleNode->GetAuthType(),
48 credInfos);
49 if (ret != SUCCESS) {
50 IAM_LOGE("get credential fail, ret:%{public}d, userId:%{public}d, authType:%{public}d", ret,
51 resultInfo.userId, scheduleNode->GetAuthType());
52 return std::nullopt;
53 }
54
55 for (auto &iter : credInfos) {
56 if (scheduleNode->GetAuthIntent() == QUESTION_AUTH) {
57 if (iter->GetAuthSubType() == PIN_QUESTION) {
58 templateIds.push_back(iter->GetTemplateId());
59 break;
60 }
61 } else {
62 if (iter->GetAuthSubType() != PIN_QUESTION) {
63 templateIds.push_back(iter->GetTemplateId());
64 break;
65 }
66 }
67 }
68
69 return templateIds;
70 }
71
GetPropertyForAuthResult(Authentication::AuthResultInfo & resultInfo)72 ResultCode SimpleAuthContext::GetPropertyForAuthResult(Authentication::AuthResultInfo &resultInfo)
73 {
74 IAM_LOGI("start");
75 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, GENERAL_ERROR);
76 auto scheduleNode = scheduleList_[0];
77 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleNode != nullptr, GENERAL_ERROR);
78 if (scheduleNode->GetAuthType() == PIN) {
79 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_OF_PIN;
80 } else {
81 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_EXCEPT_PIN;
82 }
83 if (resultInfo.result != FAIL && resultInfo.result != LOCKED) {
84 IAM_LOGI("no need GetPropertyFromExecutor, nextLockDuration:%{public}d", resultInfo.nextFailLockoutDuration);
85 return SUCCESS;
86 }
87
88 auto resourceNode = scheduleNode->GetVerifyExecutor().lock();
89 IF_FALSE_LOGE_AND_RETURN_VAL(resourceNode != nullptr, GENERAL_ERROR);
90 auto optionalTemplateIdList = GetPropertyTemplateIds(resultInfo);
91 IF_FALSE_LOGE_AND_RETURN_VAL(optionalTemplateIdList.has_value(), GENERAL_ERROR);
92 std::vector<uint64_t> templateIdList = optionalTemplateIdList.value();
93 std::vector<uint32_t> keys = { Attributes::ATTR_FREEZING_TIME, Attributes::ATTR_REMAIN_TIMES};
94 if (scheduleNode->GetAuthType() == PIN) {
95 keys.push_back(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION);
96 }
97 Attributes attr;
98 attr.SetUint32ArrayValue(Attributes::ATTR_KEY_LIST, keys);
99 attr.SetUint32Value(Attributes::ATTR_PROPERTY_MODE, PROPERTY_MODE_GET);
100 attr.SetUint64ArrayValue(Attributes::ATTR_TEMPLATE_ID_LIST, templateIdList);
101
102 Attributes values;
103 int32_t ret = resourceNode->GetProperty(attr, values);
104 IF_FALSE_LOGE_AND_RETURN_VAL(ret == SUCCESS, GENERAL_ERROR);
105
106 if (scheduleNode->GetAuthType() == PIN) {
107 bool getNextDurationRet = values.GetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
108 resultInfo.nextFailLockoutDuration);
109 IF_FALSE_LOGE_AND_RETURN_VAL(getNextDurationRet == true, GENERAL_ERROR);
110 }
111 bool getFreezingTimeRet = values.GetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
112 IF_FALSE_LOGE_AND_RETURN_VAL(getFreezingTimeRet == true, GENERAL_ERROR);
113 bool getRemainTimesRet = values.GetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
114 IF_FALSE_LOGE_AND_RETURN_VAL(getRemainTimesRet == true, GENERAL_ERROR);
115
116 IAM_LOGI("success, nextFailLockoutDuration:%{public}d, freezingTime:%{public}d, remainTime:%{public}d",
117 resultInfo.nextFailLockoutDuration, resultInfo.freezingTime, resultInfo.remainTimes);
118 return SUCCESS;
119 }
120
SimpleAuthContext(uint64_t contextId,std::shared_ptr<Authentication> auth,std::shared_ptr<ContextCallback> callback,bool needSubscribeAppState)121 SimpleAuthContext::SimpleAuthContext(uint64_t contextId, std::shared_ptr<Authentication> auth,
122 std::shared_ptr<ContextCallback> callback, bool needSubscribeAppState)
123 : BaseContext("SimpleAuth", contextId, callback, needSubscribeAppState),
124 auth_(auth)
125 {
126 }
127
SimpleAuthContext(const std::string & type,uint64_t contextId,std::shared_ptr<Authentication> auth,std::shared_ptr<ContextCallback> callback)128 SimpleAuthContext::SimpleAuthContext(const std::string &type, uint64_t contextId, std::shared_ptr<Authentication> auth,
129 std::shared_ptr<ContextCallback> callback)
130 : BaseContext(type, contextId, callback, true),
131 auth_(auth)
132 {
133 }
134
GetContextType() const135 ContextType SimpleAuthContext::GetContextType() const
136 {
137 return CONTEXT_SIMPLE_AUTH;
138 }
139
GetTokenId() const140 uint32_t SimpleAuthContext::GetTokenId() const
141 {
142 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, 0);
143 return auth_->GetAccessTokenId();
144 }
145
GetUserId() const146 int32_t SimpleAuthContext::GetUserId() const
147 {
148 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, INVALID_USER_ID);
149 return auth_->GetUserId();
150 }
151
GetAuthType() const152 int32_t SimpleAuthContext::GetAuthType() const
153 {
154 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, INVALID_AUTH_TYPE);
155 return auth_->GetAuthType();
156 }
157
GetCallerName() const158 std::string SimpleAuthContext::GetCallerName() const
159 {
160 IF_FALSE_LOGE_AND_RETURN_VAL(callback_ != nullptr, "");
161 return callback_->GetCallerName();
162 }
163
OnStart()164 bool SimpleAuthContext::OnStart()
165 {
166 IAM_LOGI("%{public}s start", GetDescription());
167 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
168 bool startRet = auth_->Start(scheduleList_, shared_from_this());
169 if (!startRet) {
170 IAM_LOGE("%{public}s auth start fail", GetDescription());
171 SetLatestError(auth_->GetLatestError());
172 return startRet;
173 }
174 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, false);
175 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_[0] != nullptr, false);
176 bool startScheduleRet = scheduleList_[0]->StartSchedule();
177 IF_FALSE_LOGE_AND_RETURN_VAL(startScheduleRet, false);
178 IAM_LOGI("%{public}s Schedule:%{public}s Type:%{public}d success", GetDescription(),
179 GET_MASKED_STRING(scheduleList_[0]->GetScheduleId()).c_str(), scheduleList_[0]->GetAuthType());
180 return true;
181 }
182
OnResult(int32_t resultCode,const std::shared_ptr<Attributes> & scheduleResultAttr)183 void SimpleAuthContext::OnResult(int32_t resultCode, const std::shared_ptr<Attributes> &scheduleResultAttr)
184 {
185 IAM_LOGI("%{public}s receive result code %{public}d", GetDescription(), resultCode);
186 Authentication::AuthResultInfo resultInfo = {};
187 bool updateRet = UpdateScheduleResult(scheduleResultAttr, resultInfo);
188 IAM_LOGI("update result %{public}d, resultInfo result %{public}d", updateRet, resultInfo.result);
189 if (!updateRet) {
190 IAM_LOGE("%{public}s UpdateScheduleResult fail", GetDescription());
191 if (resultCode == SUCCESS) {
192 resultCode = GetLatestError();
193 }
194 resultInfo.result = resultCode;
195 } else if (resultCode != resultInfo.result) {
196 resultInfo.result = (resultInfo.result == SUCCESS ? resultCode : resultInfo.result);
197 }
198 if (GetPropertyForAuthResult(resultInfo) != SUCCESS) {
199 IAM_LOGE("GetPropertyForAuthResult failed");
200 }
201 InvokeResultCallback(resultInfo);
202 SendAuthExecutorMsg();
203 IAM_LOGI("%{public}s on result %{public}d finish", GetDescription(), resultInfo.result);
204 }
205
OnStop()206 bool SimpleAuthContext::OnStop()
207 {
208 IAM_LOGI("%{public}s start", GetDescription());
209 if (scheduleList_.size() == 1 && scheduleList_[0] != nullptr) {
210 scheduleList_[0]->StopSchedule();
211 }
212
213 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
214 bool cancelRet = auth_->Cancel();
215 if (!cancelRet) {
216 IAM_LOGE("%{public}s auth stop fail", GetDescription());
217 SetLatestError(auth_->GetLatestError());
218 return cancelRet;
219 }
220 return true;
221 }
222
SendAuthExecutorMsg()223 void SimpleAuthContext::SendAuthExecutorMsg()
224 {
225 IF_FALSE_LOGE_AND_RETURN(auth_ != nullptr);
226 auto authExecutorMsgs = auth_->GetAuthExecutorMsgs();
227 for (auto &authExecutorMsg : authExecutorMsgs) {
228 ResourceNodeUtils::SendMsgToExecutor(
229 authExecutorMsg.executorIndex, authExecutorMsg.commandId, authExecutorMsg.msg);
230 }
231 }
232
UpdateScheduleResult(const std::shared_ptr<Attributes> & scheduleResultAttr,Authentication::AuthResultInfo & resultInfo)233 bool SimpleAuthContext::UpdateScheduleResult(const std::shared_ptr<Attributes> &scheduleResultAttr,
234 Authentication::AuthResultInfo &resultInfo)
235 {
236 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
237 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleResultAttr != nullptr, false);
238 std::vector<uint8_t> scheduleResult;
239 bool getResultCodeRet = scheduleResultAttr->GetUint8ArrayValue(Attributes::ATTR_RESULT, scheduleResult);
240 IF_FALSE_LOGE_AND_RETURN_VAL(getResultCodeRet == true, false);
241 bool updateRet = auth_->Update(scheduleResult, resultInfo);
242 if (!updateRet) {
243 IAM_LOGE("%{public}s auth update fail", GetDescription());
244 SetLatestError(auth_->GetLatestError());
245 return updateRet;
246 }
247 return true;
248 }
249
SetCredentialDigest(const Authentication::AuthResultInfo & resultInfo,Attributes & finalResult) const250 bool SimpleAuthContext::SetCredentialDigest(const Authentication::AuthResultInfo &resultInfo,
251 Attributes &finalResult) const
252 {
253 uint64_t credentialDigest = resultInfo.credentialDigest;
254 if (resultInfo.sdkVersion < INNER_API_VERSION_10000) {
255 credentialDigest = resultInfo.credentialDigest & UINT16_MAX;
256 }
257 bool setCredentialDigestRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_DIGEST,
258 credentialDigest);
259 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialDigestRet == true, false);
260 bool setCredentialCountRet = finalResult.SetUint16Value(Attributes::ATTR_CREDENTIAL_COUNT,
261 resultInfo.credentialCount);
262 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialCountRet == true, false);
263
264 return true;
265 }
266
InvokeResultCallback(const Authentication::AuthResultInfo & resultInfo) const267 void SimpleAuthContext::InvokeResultCallback(const Authentication::AuthResultInfo &resultInfo) const
268 {
269 IAM_LOGI("%{public}s start", GetDescription());
270 IF_FALSE_LOGE_AND_RETURN(callback_ != nullptr);
271 Attributes finalResult;
272 bool setResultCodeRet = finalResult.SetInt32Value(Attributes::ATTR_RESULT_CODE, resultInfo.result);
273 IF_FALSE_LOGE_AND_RETURN(setResultCodeRet == true);
274 bool setNextDurationRet = finalResult.SetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
275 resultInfo.nextFailLockoutDuration);
276 IF_FALSE_LOGE_AND_RETURN(setNextDurationRet == true);
277 if (resultInfo.result == FAIL || resultInfo.result == LOCKED || resultInfo.result == SUCCESS) {
278 bool setFreezingTimeRet = finalResult.SetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
279 IF_FALSE_LOGE_AND_RETURN(setFreezingTimeRet == true);
280 bool setRemainTimesRet = finalResult.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
281 IF_FALSE_LOGE_AND_RETURN(setRemainTimesRet == true);
282 }
283 if ((resultInfo.result == SUCCESS || resultInfo.token.size() != 0) && resultInfo.sdkVersion > API_VERSION_9) {
284 bool credentialDigest = SetCredentialDigest(resultInfo, finalResult);
285 IF_FALSE_LOGE_AND_RETURN(credentialDigest == true);
286 }
287 if (resultInfo.result == SUCCESS) {
288 bool setUserIdRet = finalResult.SetInt32Value(Attributes::ATTR_USER_ID, resultInfo.userId);
289 IF_FALSE_LOGE_AND_RETURN(setUserIdRet == true);
290 IAM_LOGI("matched userId: %{public}d.", resultInfo.userId);
291 bool setCredentialIdRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_ID, resultInfo.credentialId);
292 IF_FALSE_LOGE_AND_RETURN(setCredentialIdRet == true);
293 IAM_LOGI("matched credentialId: %{public}s.", GET_MASKED_STRING(resultInfo.credentialId).c_str());
294 bool setExpiredRet = finalResult.SetInt64Value(Attributes::ATTR_PIN_EXPIRED_INFO, resultInfo.pinExpiredInfo);
295 IF_FALSE_LOGE_AND_RETURN(setExpiredRet == true);
296 }
297 if (resultInfo.token.size() != 0) {
298 IAM_LOGI("result token size: %{public}zu.", resultInfo.token.size());
299 bool setSignatureResult = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNATURE, resultInfo.token);
300 IF_FALSE_LOGE_AND_RETURN(setSignatureResult == true);
301 }
302 if (resultInfo.rootSecret.size() != 0) {
303 bool setRootSecret = finalResult.SetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, resultInfo.rootSecret);
304 IF_FALSE_LOGE_AND_RETURN(setRootSecret == true);
305 }
306 if (resultInfo.remoteAuthResultMsg.size() != 0) {
307 bool setRemoteAuthResultMsg = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNED_AUTH_RESULT,
308 resultInfo.remoteAuthResultMsg);
309 IF_FALSE_LOGE_AND_RETURN(setRemoteAuthResultMsg == true);
310 }
311 bool setReEnrollFlagRet = finalResult.SetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, resultInfo.reEnrollFlag);
312 IF_FALSE_LOGE_AND_RETURN(setReEnrollFlagRet == true);
313
314 callback_->SetTraceAuthFinishReason("SimpleAuthContext InvokeResultCallback");
315 callback_->OnResult(resultInfo.result, finalResult);
316 IAM_LOGI("%{public}s invoke result callback success, result %{public}d", GetDescription(), resultInfo.result);
317 }
318 } // namespace UserAuth
319 } // namespace UserIam
320 } // namespace OHOS
321