1/* 2 * Copyright (c) 2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"), 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit UserAuthenticationKit 19 */ 20 21import userAuth from '@ohos.userIAM.userAuth'; 22 23/** 24 * User access control 25 * 26 * @namespace userAccessCtrl 27 * @syscap SystemCapability.UserIAM.UserAuth.Core 28 * @since 18 29 */ 30declare namespace userAccessCtrl { 31 /** 32 * Verify the authentication token. 33 * 34 * @permission ohos.permission.USE_USER_ACCESS_MANAGER 35 * @param { Uint8Array } authToken - AuthToken to be verified. 36 * @param { number } allowableDuration - Allowable time interval from the authToken is issued till now in milliseconds. 37 * @returns { Promise<AuthToken> } Returns parsed authToken. 38 * @throws { BusinessError } 201 - Permission denied. 39 * @throws { BusinessError } 202 - Not system application. 40 * @throws { BusinessError } 401 - Incorrect parameters. Possible causes: 41 * <br>1. Mandatory parameters are left unspecified. 42 * <br>2. Incorrect parameter types. 43 * <br>3. Parameter verification failed. 44 * @throws { BusinessError } 12500002 - General operation error. 45 * @throws { BusinessError } 12500015 - AuthToken integrity check failed. 46 * @throws { BusinessError } 12500016 - AuthToken has expired. 47 * @syscap SystemCapability.UserIAM.UserAuth.Core 48 * @systemapi Hide this for inner system use. 49 * @since 18 50 */ 51 function verifyAuthToken(authToken: Uint8Array, allowableDuration: number): Promise<AuthToken>; 52 53 /** 54 * Authentication token. 55 * 56 * @typedef AuthToken 57 * @syscap SystemCapability.UserIAM.UserAuth.Core 58 * @systemapi Hide this for inner system use. 59 * @since 18 60 */ 61 interface AuthToken { 62 /** 63 * Pass in challenge value. 64 * 65 * @type { Uint8Array } 66 * @syscap SystemCapability.UserIAM.UserAuth.Core 67 * @systemapi Hide this for inner system use. 68 * @since 18 69 */ 70 challenge: Uint8Array; 71 72 /** 73 * Trust level of authentication result. 74 * 75 * @type { userAuth.AuthTrustLevel } 76 * @syscap SystemCapability.UserIAM.UserAuth.Core 77 * @systemapi Hide this for inner system use. 78 * @since 18 79 */ 80 authTrustLevel: userAuth.AuthTrustLevel; 81 82 /** 83 * Credential type for authentication. 84 * 85 * @type { userAuth.UserAuthType } 86 * @syscap SystemCapability.UserIAM.UserAuth.Core 87 * @systemapi Hide this for inner system use. 88 * @since 18 89 */ 90 authType: userAuth.UserAuthType; 91 92 /** 93 * The type of authToken. 94 * 95 * @type { AuthTokenType } 96 * @syscap SystemCapability.UserIAM.UserAuth.Core 97 * @systemapi Hide this for inner system use. 98 * @since 18 99 */ 100 tokenType: AuthTokenType; 101 102 /** 103 * The user id of authToken. 104 * 105 * @type { number } 106 * @syscap SystemCapability.UserIAM.UserAuth.Core 107 * @systemapi Hide this for inner system use. 108 * @since 18 109 */ 110 userId: number; 111 112 /** 113 * The time interval from the authToken is issued till now in milliseconds. 114 * 115 * @type { bigint } 116 * @syscap SystemCapability.UserIAM.UserAuth.Core 117 * @systemapi Hide this for inner system use. 118 * @since 18 119 */ 120 timeInterval: bigint; 121 122 /** 123 * The secure uid of authToken. 124 * 125 * @type { ?bigint } 126 * @syscap SystemCapability.UserIAM.UserAuth.Core 127 * @systemapi Hide this for inner system use. 128 * @since 18 129 */ 130 secureUid?: bigint; 131 132 /** 133 * The enrolled id of authToken. 134 * 135 * @type { ?bigint } 136 * @syscap SystemCapability.UserIAM.UserAuth.Core 137 * @systemapi Hide this for inner system use. 138 * @since 18 139 */ 140 enrolledId?: bigint; 141 142 /** 143 * The credential id of authToken. 144 * 145 * @type { ?bigint } 146 * @syscap SystemCapability.UserIAM.UserAuth.Core 147 * @systemapi Hide this for inner system use. 148 * @since 18 149 */ 150 credentialId?: bigint; 151 } 152 153 /** 154 * The issued type for authToken. 155 * 156 * @enum { number } 157 * @syscap SystemCapability.UserIAM.UserAuth.Core 158 * @systemapi Hide this for inner system use. 159 * @since 18 160 */ 161 enum AuthTokenType { 162 /** 163 * AuthToken is issued locally. 164 * 165 * @syscap SystemCapability.UserIAM.UserAuth.Core 166 * @systemapi Hide this for inner system use. 167 * @since 18 168 */ 169 TOKEN_TYPE_LOCAL_AUTH = 0, 170 171 /** 172 * AuthToken is re-issued. 173 * 174 * @syscap SystemCapability.UserIAM.UserAuth.Core 175 * @systemapi Hide this for inner system use. 176 * @since 18 177 */ 178 TOKEN_TYPE_LOCAL_RESIGN = 1, 179 180 /** 181 * AuthToken is issued remotely. 182 * 183 * @syscap SystemCapability.UserIAM.UserAuth.Core 184 * @systemapi Hide this for inner system use. 185 * @since 18 186 */ 187 TOKEN_TYPE_COAUTH = 2 188 } 189} 190 191export default userAccessCtrl; 192