1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "user_idm_funcs.h"
17
18 #include "securec.h"
19
20 #include "adaptor_log.h"
21 #include "adaptor_memory.h"
22 #include "adaptor_time.h"
23 #include "coauth.h"
24 #include "enroll_specification_check.h"
25 #include "executor_message.h"
26 #include "idm_database.h"
27 #include "udid_manager.h"
28
29 #ifdef IAM_TEST_ENABLE
30 #define IAM_STATIC
31 #else
32 #define IAM_STATIC static
33 #endif
34
SetScheduleParam(const PermissionCheckParam * param,ScheduleParam * scheduleParam)35 IAM_STATIC ResultCode SetScheduleParam(const PermissionCheckParam *param, ScheduleParam *scheduleParam)
36 {
37 scheduleParam->associateId.userId = param->userId;
38 scheduleParam->authType = param->authType;
39 scheduleParam->userType = param->userType;
40 scheduleParam->scheduleMode = SCHEDULE_MODE_ENROLL;
41 scheduleParam->collectorSensorHint = param->executorSensorHint;
42
43 Uint8Array localUdid = { scheduleParam->localUdid, UDID_LEN };
44 bool getLocalUdidRet = GetLocalUdid(&localUdid);
45 Uint8Array collectorUdid = { scheduleParam->collectorUdid, UDID_LEN };
46 bool getCollectorUdidRet = GetLocalUdid(&collectorUdid);
47 if (!getLocalUdidRet || !getCollectorUdidRet) {
48 LOG_ERROR("get udid failed");
49 return RESULT_GENERAL_ERROR;
50 }
51 return RESULT_SUCCESS;
52 }
53
GenerateIdmSchedule(const PermissionCheckParam * param)54 IAM_STATIC CoAuthSchedule *GenerateIdmSchedule(const PermissionCheckParam *param)
55 {
56 ScheduleParam scheduleParam = {};
57 if (SetScheduleParam(param, &scheduleParam) != RESULT_SUCCESS) {
58 LOG_ERROR("SetScheduleParam failed");
59 return NULL;
60 }
61
62 if (scheduleParam.collectorSensorHint != INVALID_SENSOR_HINT) {
63 ResultCode ret = QueryCollecterMatcher(scheduleParam.authType, scheduleParam.collectorSensorHint,
64 &scheduleParam.executorMatcher);
65 if (ret != RESULT_SUCCESS) {
66 LOG_ERROR("QueryCollecterMatcher failed");
67 return NULL;
68 }
69 }
70
71 LinkedList *credList = NULL;
72 if (QueryCredentialFunc(param->userId, param->authType, &credList) != RESULT_SUCCESS) {
73 LOG_ERROR("query credential failed");
74 return NULL;
75 }
76 uint64_t templateIdsBuffer[MAX_CREDENTIAL_OUTPUT];
77 uint32_t len = 0;
78 LinkedListNode *temp = credList->head;
79 while (temp != NULL) {
80 if (temp->data == NULL) {
81 LOG_ERROR("list node is invalid");
82 DestroyLinkedList(credList);
83 return NULL;
84 }
85 CredentialInfoHal *credentialHal = (CredentialInfoHal *)(temp->data);
86 if (len >= MAX_CREDENTIAL_OUTPUT) {
87 LOG_ERROR("len out of bound");
88 DestroyLinkedList(credList);
89 return NULL;
90 }
91 templateIdsBuffer[len] = credentialHal->templateId;
92 ++len;
93 temp = temp->next;
94 }
95
96 Uint64Array templateIds = { templateIdsBuffer, len };
97 scheduleParam.templateIds = &templateIds;
98
99 DestroyLinkedList(credList);
100 return GenerateSchedule(&scheduleParam);
101 }
102
GenerateCoAuthSchedule(PermissionCheckParam * param,bool isUpdate,uint64_t * scheduleId)103 IAM_STATIC ResultCode GenerateCoAuthSchedule(PermissionCheckParam *param, bool isUpdate, uint64_t *scheduleId)
104 {
105 CoAuthSchedule *enrollSchedule = GenerateIdmSchedule(param);
106 if (enrollSchedule == NULL) {
107 LOG_ERROR("enrollSchedule malloc failed");
108 return RESULT_NO_MEMORY;
109 }
110 ResultCode ret = AddCoAuthSchedule(enrollSchedule);
111 if (ret != RESULT_SUCCESS) {
112 LOG_ERROR("add coauth schedule failed");
113 goto EXIT;
114 }
115 ret = AssociateCoauthSchedule(enrollSchedule->scheduleId, param->authType, isUpdate);
116 if (ret != RESULT_SUCCESS) {
117 LOG_ERROR("idm associate coauth schedule failed");
118 RemoveCoAuthSchedule(enrollSchedule->scheduleId);
119 goto EXIT;
120 }
121 *scheduleId = enrollSchedule->scheduleId;
122
123 EXIT:
124 DestroyCoAuthSchedule(enrollSchedule);
125 return ret;
126 }
127
CheckEnrollPermission(PermissionCheckParam param,uint64_t * scheduleId)128 ResultCode CheckEnrollPermission(PermissionCheckParam param, uint64_t *scheduleId)
129 {
130 if (scheduleId == NULL) {
131 LOG_ERROR("scheduleId is null");
132 return RESULT_BAD_PARAM;
133 }
134 if (!GetEnableStatus(param.userId, param.authType)) {
135 LOG_ERROR("authType is not support %{public}d", param.authType);
136 return RESULT_TYPE_NOT_SUPPORT;
137 }
138 ResultCode ret = IsValidUserType(param.userType);
139 if (ret != RESULT_SUCCESS) {
140 LOG_ERROR("userType is invalid");
141 return ret;
142 }
143 ret = CheckSessionValid(param.userId);
144 if (ret != RESULT_SUCCESS) {
145 LOG_ERROR("session is invalid");
146 return ret;
147 }
148 UserAuthTokenHal *authToken = (UserAuthTokenHal *)param.token;
149 ret = CheckSpecification(param.userId, param.authType);
150 if (ret != RESULT_SUCCESS) {
151 LOG_ERROR("check specification failed, authType is %{public}u, ret is %{public}d", param.authType, ret);
152 return ret;
153 }
154 if (param.authType != PIN_AUTH) {
155 ret = CheckIdmOperationToken(param.userId, authToken);
156 if (ret != RESULT_SUCCESS) {
157 LOG_ERROR("a valid token is required");
158 return RESULT_VERIFY_TOKEN_FAIL;
159 }
160 }
161
162 return GenerateCoAuthSchedule(¶m, false, scheduleId);
163 }
164
CheckUpdatePermission(PermissionCheckParam param,uint64_t * scheduleId)165 ResultCode CheckUpdatePermission(PermissionCheckParam param, uint64_t *scheduleId)
166 {
167 if (scheduleId == NULL || param.authType != PIN_AUTH) {
168 LOG_ERROR("param is invalid");
169 return RESULT_BAD_PARAM;
170 }
171 if (!GetEnableStatus(param.userId, param.authType)) {
172 LOG_ERROR("authType is not support %{public}d", param.authType);
173 return RESULT_TYPE_NOT_SUPPORT;
174 }
175 ResultCode ret = CheckSessionValid(param.userId);
176 if (ret != RESULT_SUCCESS) {
177 LOG_ERROR("session is invalid");
178 return ret;
179 }
180 ret = CheckSpecification(param.userId, param.authType);
181 if (ret != RESULT_EXCEED_LIMIT) {
182 LOG_ERROR("no pin or exception, authType is %{public}u, ret is %{public}d", param.authType, ret);
183 return ret;
184 }
185 UserAuthTokenHal *authToken = (UserAuthTokenHal *)param.token;
186 ret = CheckIdmOperationToken(param.userId, authToken);
187 if (ret != RESULT_SUCCESS) {
188 LOG_ERROR("a valid token is required");
189 return RESULT_VERIFY_TOKEN_FAIL;
190 }
191
192 return GenerateCoAuthSchedule(¶m, true, scheduleId);
193 }
194
GetInfoFromResult(CredentialInfoHal * credentialInfo,const ExecutorResultInfo * result,const CoAuthSchedule * schedule)195 IAM_STATIC void GetInfoFromResult(CredentialInfoHal *credentialInfo, const ExecutorResultInfo *result,
196 const CoAuthSchedule *schedule)
197 {
198 credentialInfo->authType = schedule->authType;
199 credentialInfo->templateId = result->templateId;
200 credentialInfo->capabilityLevel = result->capabilityLevel;
201 credentialInfo->executorSensorHint = GetScheduleVerifierSensorHint(schedule);
202 credentialInfo->executorMatcher = schedule->executors[0].executorMatcher;
203 credentialInfo->credentialType = result->authSubType;
204 }
205
GetCredentialInfoFromSchedule(const ExecutorResultInfo * executorInfo,CredentialInfoHal * credentialInfo,const CoAuthSchedule * schedule)206 IAM_STATIC ResultCode GetCredentialInfoFromSchedule(const ExecutorResultInfo *executorInfo,
207 CredentialInfoHal *credentialInfo, const CoAuthSchedule *schedule)
208 {
209 uint64_t currentScheduleId;
210 uint32_t scheduleAuthType;
211 ResultCode ret = GetEnrollScheduleInfo(¤tScheduleId, &scheduleAuthType);
212 if (ret != RESULT_SUCCESS || executorInfo->scheduleId != currentScheduleId) {
213 LOG_ERROR("schedule is mismatch");
214 return RESULT_GENERAL_ERROR;
215 }
216 ret = CheckSessionTimeout();
217 if (ret != RESULT_SUCCESS) {
218 LOG_ERROR("idm session is time out");
219 return ret;
220 }
221 GetInfoFromResult(credentialInfo, executorInfo, schedule);
222 return RESULT_SUCCESS;
223 }
224
GetEnrollTokenDataPlain(const CredentialInfoHal * credentialInfo,TokenDataPlain * dataPlain)225 IAM_STATIC ResultCode GetEnrollTokenDataPlain(const CredentialInfoHal *credentialInfo, TokenDataPlain *dataPlain)
226 {
227 ResultCode ret = GetChallenge(dataPlain->challenge, CHALLENGE_LEN);
228 if (ret != RESULT_SUCCESS) {
229 LOG_ERROR("get challenge fail");
230 return ret;
231 }
232
233 dataPlain->time = GetSystemTime();
234 dataPlain->authTrustLevel = ATL3;
235 dataPlain->authType = credentialInfo->authType;
236 dataPlain->authMode = SCHEDULE_MODE_ENROLL;
237 return RESULT_SUCCESS;
238 }
239
GetEnrollTokenDataToEncrypt(const CredentialInfoHal * credentialInfo,int32_t userId,TokenDataToEncrypt * data)240 IAM_STATIC ResultCode GetEnrollTokenDataToEncrypt(const CredentialInfoHal *credentialInfo, int32_t userId,
241 TokenDataToEncrypt *data)
242 {
243 data->userId = userId;
244 uint64_t secureUid;
245 ResultCode ret = GetSecureUid(userId, &secureUid);
246 if (ret != RESULT_SUCCESS) {
247 LOG_ERROR("get secure uid failed");
248 return ret;
249 }
250 data->secureUid = secureUid;
251 EnrolledInfoHal enrolledInfo = {};
252 ret = GetEnrolledInfoAuthType(userId, credentialInfo->authType, &enrolledInfo);
253 if (ret != RESULT_SUCCESS) {
254 LOG_ERROR("get enrolled info failed");
255 return ret;
256 }
257 data->enrolledId = enrolledInfo.enrolledId;
258 data->credentialId = credentialInfo->credentialId;
259 return RESULT_SUCCESS;
260 }
261
GetAuthTokenForPinEnroll(const CredentialInfoHal * credentialInfo,int32_t userId)262 IAM_STATIC Buffer *GetAuthTokenForPinEnroll(const CredentialInfoHal *credentialInfo, int32_t userId)
263 {
264 UserAuthTokenPlainHal tokenPlain = {};
265 ResultCode ret = GetEnrollTokenDataPlain(credentialInfo, &(tokenPlain.tokenDataPlain));
266 if (ret != RESULT_SUCCESS) {
267 LOG_ERROR("GetEnrollTokenDataPlain fail");
268 return NULL;
269 }
270 ret = GetEnrollTokenDataToEncrypt(credentialInfo, userId, &(tokenPlain.tokenDataToEncrypt));
271 if (ret != RESULT_SUCCESS) {
272 LOG_ERROR("GetEnrollTokenDataToEncrypt fail");
273 return NULL;
274 }
275
276 UserAuthTokenHal authTokenHal = {};
277 ret = UserAuthTokenSign(&tokenPlain, &authTokenHal);
278 if (ret != RESULT_SUCCESS) {
279 LOG_ERROR("generate pin enroll authToken fail");
280 return NULL;
281 }
282 Buffer *authToken = CreateBufferByData((uint8_t *)(&authTokenHal), sizeof(UserAuthTokenHal));
283 if (!IsBufferValid(authToken)) {
284 LOG_ERROR("create authToken buffer fail");
285 return NULL;
286 }
287
288 return authToken;
289 }
290
ProcessAddPinCredential(int32_t userId,const CredentialInfoHal * credentialInfo,const ExecutorResultInfo * executorResultInfo,Buffer ** rootSecret,Buffer ** authToken)291 IAM_STATIC ResultCode ProcessAddPinCredential(int32_t userId, const CredentialInfoHal *credentialInfo,
292 const ExecutorResultInfo *executorResultInfo, Buffer **rootSecret, Buffer **authToken)
293 {
294 ResultCode ret = SetPinSubType(userId, executorResultInfo->authSubType);
295 if (ret != RESULT_SUCCESS) {
296 LOG_ERROR("set pin sub type failed");
297 return ret;
298 }
299 *rootSecret = CopyBuffer(executorResultInfo->rootSecret);
300 if ((*rootSecret) == NULL) {
301 LOG_ERROR("copy rootSecret fail");
302 return RESULT_NO_MEMORY;
303 }
304 *authToken = GetAuthTokenForPinEnroll(credentialInfo, userId);
305 if (!IsBufferValid(*authToken)) {
306 LOG_ERROR("authToken is invalid");
307 DestoryBuffer(*rootSecret);
308 *rootSecret = NULL;
309 return RESULT_NO_MEMORY;
310 }
311
312 return RESULT_SUCCESS;
313 }
314
AddCredentialFunc(int32_t userId,const Buffer * scheduleResult,uint64_t * credentialId,Buffer ** rootSecret,Buffer ** authToken)315 ResultCode AddCredentialFunc(
316 int32_t userId, const Buffer *scheduleResult, uint64_t *credentialId, Buffer **rootSecret, Buffer **authToken)
317 {
318 if (!IsBufferValid(scheduleResult) || credentialId == NULL || rootSecret == NULL || authToken == NULL) {
319 LOG_ERROR("param is null");
320 return RESULT_BAD_PARAM;
321 }
322 int32_t sessionUserId;
323 ResultCode ret = GetUserId(&sessionUserId);
324 if (ret != RESULT_SUCCESS || sessionUserId != userId) {
325 LOG_ERROR("userId mismatch");
326 return RESULT_UNKNOWN;
327 }
328 ExecutorResultInfo *executorResultInfo = CreateExecutorResultInfo(scheduleResult);
329 if (executorResultInfo == NULL) {
330 LOG_ERROR("executorResultInfo is null");
331 return RESULT_UNKNOWN;
332 }
333 const CoAuthSchedule *schedule = GetCoAuthSchedule(executorResultInfo->scheduleId);
334 if (schedule == NULL) {
335 LOG_ERROR("schedule is null");
336 ret = RESULT_GENERAL_ERROR;
337 goto EXIT;
338 }
339 CredentialInfoHal credentialInfo;
340 ret = GetCredentialInfoFromSchedule(executorResultInfo, &credentialInfo, schedule);
341 if (ret != RESULT_SUCCESS) {
342 LOG_ERROR("failed to get credential info result");
343 goto EXIT;
344 }
345 ret = AddCredentialInfo(userId, &credentialInfo, schedule->userType);
346 if (ret != RESULT_SUCCESS) {
347 LOG_ERROR("add credential failed");
348 goto EXIT;
349 }
350 *credentialId = credentialInfo.credentialId;
351 if (credentialInfo.authType != PIN_AUTH) {
352 goto EXIT;
353 }
354 ret = ProcessAddPinCredential(userId, &credentialInfo, executorResultInfo, rootSecret, authToken);
355 if (ret != RESULT_SUCCESS) {
356 LOG_ERROR("ProcessAddPinCredential fail");
357 goto EXIT;
358 }
359
360 EXIT:
361 DestroyExecutorResultInfo(executorResultInfo);
362 return ret;
363 }
364
DeleteCredentialFunc(CredentialDeleteParam param,CredentialInfoHal * credentialInfo)365 ResultCode DeleteCredentialFunc(CredentialDeleteParam param, CredentialInfoHal *credentialInfo)
366 {
367 if (credentialInfo == NULL) {
368 LOG_ERROR("param is null");
369 return RESULT_BAD_PARAM;
370 }
371 UserAuthTokenHal token;
372 if (memcpy_s(&token, sizeof(UserAuthTokenHal), param.token, AUTH_TOKEN_LEN) != EOK) {
373 LOG_ERROR("token copy failed");
374 return RESULT_BAD_COPY;
375 }
376 ResultCode ret = CheckIdmOperationToken(param.userId, &token);
377 if (ret != RESULT_SUCCESS) {
378 LOG_ERROR("token is invalid");
379 return RESULT_VERIFY_TOKEN_FAIL;
380 }
381
382 ret = DeleteCredentialInfo(param.userId, param.credentialId, credentialInfo);
383 if (ret != RESULT_SUCCESS) {
384 LOG_ERROR("delete database info failed");
385 return RESULT_BAD_SIGN;
386 }
387 return ret;
388 }
389
QueryCredentialFunc(int32_t userId,uint32_t authType,LinkedList ** creds)390 ResultCode QueryCredentialFunc(int32_t userId, uint32_t authType, LinkedList **creds)
391 {
392 if (creds == NULL) {
393 LOG_ERROR("creds is null");
394 return RESULT_BAD_PARAM;
395 }
396 CredentialCondition condition = {};
397 SetCredentialConditionUserId(&condition, userId);
398 if (authType != DEFAULT_AUTH_TYPE) {
399 SetCredentialConditionAuthType(&condition, authType);
400 }
401 *creds = QueryCredentialLimit(&condition);
402 if (*creds == NULL) {
403 LOG_ERROR("query credential failed");
404 return RESULT_UNKNOWN;
405 }
406 LOG_INFO("query credential success");
407 return RESULT_SUCCESS;
408 }
409
GetUserInfoFunc(int32_t userId,uint64_t * secureUid,uint64_t * pinSubType,EnrolledInfoHal ** enrolledInfoArray,uint32_t * enrolledNum)410 ResultCode GetUserInfoFunc(int32_t userId, uint64_t *secureUid, uint64_t *pinSubType,
411 EnrolledInfoHal **enrolledInfoArray, uint32_t *enrolledNum)
412 {
413 if (secureUid == NULL || pinSubType == NULL || enrolledInfoArray == NULL || enrolledNum == NULL) {
414 LOG_ERROR("param is null");
415 return RESULT_BAD_PARAM;
416 }
417 ResultCode ret = GetSecureUid(userId, secureUid);
418 if (ret != RESULT_SUCCESS) {
419 LOG_ERROR("get secureUid failed");
420 return ret;
421 }
422 ret = GetPinSubType(userId, pinSubType);
423 if (ret != RESULT_SUCCESS) {
424 LOG_ERROR("get pinSubType failed");
425 return ret;
426 }
427 return GetEnrolledInfo(userId, enrolledInfoArray, enrolledNum);
428 }
429
GetDeletedCredential(int32_t userId,CredentialInfoHal * deletedCredential)430 IAM_STATIC ResultCode GetDeletedCredential(int32_t userId, CredentialInfoHal *deletedCredential)
431 {
432 CredentialCondition condition = {};
433 SetCredentialConditionAuthType(&condition, PIN_AUTH);
434 SetCredentialConditionUserId(&condition, userId);
435 LinkedList *credList = QueryCredentialLimit(&condition);
436 if (credList == NULL || credList->head == NULL || credList->head->data == NULL) {
437 LOG_ERROR("query credential failed");
438 DestroyLinkedList(credList);
439 return RESULT_UNKNOWN;
440 }
441 if (credList->getSize(credList) != MAX_NUMBER_OF_PIN_PER_USER) {
442 LOG_ERROR("pin num is invalid");
443 DestroyLinkedList(credList);
444 return RESULT_UNKNOWN;
445 }
446 *deletedCredential = *((CredentialInfoHal *)credList->head->data);
447 DestroyLinkedList(credList);
448 return RESULT_SUCCESS;
449 }
450
CheckResultValid(uint64_t scheduleId,int32_t userId)451 IAM_STATIC ResultCode CheckResultValid(uint64_t scheduleId, int32_t userId)
452 {
453 uint64_t currentScheduleId;
454 uint32_t scheduleAuthType;
455 ResultCode ret = GetEnrollScheduleInfo(¤tScheduleId, &scheduleAuthType);
456 if (ret != RESULT_SUCCESS || scheduleId != currentScheduleId) {
457 LOG_ERROR("schedule is mismatch");
458 return RESULT_GENERAL_ERROR;
459 }
460 ret = CheckSessionTimeout();
461 if (ret != RESULT_SUCCESS) {
462 LOG_ERROR("idm session is time out");
463 return ret;
464 }
465 int32_t userIdGet;
466 ret = GetUserId(&userIdGet);
467 if (ret != RESULT_SUCCESS || userId != userIdGet) {
468 LOG_ERROR("check userId failed");
469 return RESULT_REACH_LIMIT;
470 }
471 if (scheduleAuthType != PIN_AUTH) {
472 LOG_ERROR("only pin is allowed to be updated");
473 return RESULT_UNKNOWN;
474 }
475 return RESULT_SUCCESS;
476 }
477
GetUpdateCredentialOutput(int32_t userId,const Buffer * rootSecret,const CredentialInfoHal * credentialInfo,UpdateCredentialOutput * output)478 IAM_STATIC ResultCode GetUpdateCredentialOutput(int32_t userId, const Buffer *rootSecret,
479 const CredentialInfoHal *credentialInfo, UpdateCredentialOutput *output)
480 {
481 if (credentialInfo->authType != PIN_AUTH && credentialInfo->authType != DEFAULT_AUTH_TYPE) {
482 LOG_ERROR("bad authType");
483 return RESULT_GENERAL_ERROR;
484 }
485 CredentialInfoHal credInfo = (*credentialInfo);
486 credInfo.authType = PIN_AUTH;
487
488 output->credentialId = credInfo.credentialId;
489 output->rootSecret = CopyBuffer(rootSecret);
490 if (!IsBufferValid(output->rootSecret)) {
491 LOG_ERROR("copy rootSecret fail");
492 goto ERROR;
493 }
494 output->oldRootSecret = GetCacheRootSecret(userId);
495 if (!IsBufferValid(output->oldRootSecret)) {
496 LOG_ERROR("GetCacheRootSecret fail");
497 goto ERROR;
498 }
499 output->authToken = GetAuthTokenForPinEnroll(&credInfo, userId);
500 if (!IsBufferValid(output->authToken)) {
501 LOG_ERROR("authToken is invalid");
502 goto ERROR;
503 }
504 return RESULT_SUCCESS;
505
506 ERROR:
507 DestoryBuffer(output->rootSecret);
508 output->rootSecret = NULL;
509 DestoryBuffer(output->oldRootSecret);
510 output->oldRootSecret = NULL;
511 DestoryBuffer(output->authToken);
512 output->authToken = NULL;
513 return RESULT_NO_MEMORY;
514 }
515
UpdateCredentialFunc(int32_t userId,const Buffer * scheduleResult,UpdateCredentialOutput * output)516 ResultCode UpdateCredentialFunc(int32_t userId, const Buffer *scheduleResult, UpdateCredentialOutput *output)
517 {
518 if (!IsBufferValid(scheduleResult) || output == NULL) {
519 LOG_ERROR("param is invalid");
520 return RESULT_BAD_PARAM;
521 }
522 ExecutorResultInfo *executorResultInfo = CreateExecutorResultInfo(scheduleResult);
523 if (executorResultInfo == NULL) {
524 LOG_ERROR("executorResultInfo is null");
525 return RESULT_UNKNOWN;
526 }
527 ResultCode ret = CheckResultValid(executorResultInfo->scheduleId, userId);
528 if (ret != RESULT_SUCCESS) {
529 LOG_ERROR("check result failed");
530 goto EXIT;
531 }
532 ret = GetDeletedCredential(userId, &(output->deletedCredential));
533 if (ret != RESULT_SUCCESS) {
534 LOG_ERROR("get old credential failed");
535 goto EXIT;
536 }
537 const CoAuthSchedule *schedule = GetCoAuthSchedule(executorResultInfo->scheduleId);
538 if (schedule == NULL) {
539 LOG_ERROR("schedule is null");
540 ret = RESULT_UNKNOWN;
541 goto EXIT;
542 }
543 CredentialInfoHal credentialInfo;
544 GetInfoFromResult(&credentialInfo, executorResultInfo, schedule);
545 ret = AddCredentialInfo(userId, &credentialInfo, schedule->userType);
546 if (ret != RESULT_SUCCESS) {
547 LOG_ERROR("failed to add credential");
548 goto EXIT;
549 }
550 ret = GetUpdateCredentialOutput(userId, executorResultInfo->rootSecret, &credentialInfo, output);
551 if (ret != RESULT_SUCCESS) {
552 LOG_ERROR("GetUpdateCredentialOutputRootSecret fail");
553 goto EXIT;
554 }
555
556 EXIT:
557 DestroyExecutorResultInfo(executorResultInfo);
558 return ret;
559 }
560
QueryAllExtUserInfoFunc(UserInfoResult * userInfos,uint32_t userInfolen,uint32_t * userInfoCount)561 ResultCode QueryAllExtUserInfoFunc(UserInfoResult *userInfos, uint32_t userInfolen, uint32_t *userInfoCount)
562 {
563 ResultCode ret = GetAllExtUserInfo(userInfos, userInfolen, userInfoCount);
564 if (ret != RESULT_SUCCESS) {
565 LOG_ERROR("GetAllExtUserInfo failed");
566 return RESULT_BAD_PARAM;
567 }
568
569 return RESULT_SUCCESS;
570 }
QueryCredentialByIdFunc(uint64_t credentialId,LinkedList ** creds)571 ResultCode QueryCredentialByIdFunc(uint64_t credentialId, LinkedList **creds)
572 {
573 if (creds == NULL) {
574 LOG_ERROR("creds is null");
575 return RESULT_BAD_PARAM;
576 }
577 CredentialCondition condition = {};
578 SetCredentialConditionCredentialId(&condition, credentialId);
579 SetCredentiaConditionNeedCachePin(&condition);
580 *creds = QueryCredentialLimit(&condition);
581 if (*creds == NULL) {
582 LOG_ERROR("query credential failed");
583 return RESULT_UNKNOWN;
584 }
585 LOG_INFO("query credential success");
586 return RESULT_SUCCESS;
587 }