1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include <securec.h>
17
18 #include "anonymizer.h"
19 #include "auth_identity_service_adapter.h"
20 #include "auth_log.h"
21 #include "auth_session_fsm.h"
22 #include "bus_center_manager.h"
23 #include "device_auth.h"
24 #include "device_auth_defines.h"
25 #include "lnn_decision_db.h"
26 #include "lnn_heartbeat_ctrl.h"
27 #include "lnn_ohos_account_adapter.h"
28 #include "softbus_adapter_json.h"
29 #include "softbus_adapter_mem.h"
30
31 #define FIELD_AUTHORIZED_SCOPE "authorizedScope"
32 #define AUTH_APPID "softbus_auth"
33 #define SCOPE_USER 2
34 #define INT32_T_TO_STRING_MAX_LEN 21
35
36 typedef enum {
37 ACCOUNT_RELATED = 1,
38 ACCOUNT_UNRELATED = 2,
39 ACCOUNT_SHARE = 3,
40 ACCOUNT_BUTT,
41 } SoftbusCredType;
42
IdServiceGenerateQueryParam(const char * udidHash,const char * accountHash,bool isSameAccount)43 static char *IdServiceGenerateQueryParam(const char *udidHash, const char *accountHash, bool isSameAccount)
44 {
45 (void)accountHash;
46 int32_t credType = isSameAccount ? ACCOUNT_RELATED : ACCOUNT_BUTT;
47
48 cJSON *msg = cJSON_CreateObject();
49 if (msg == NULL) {
50 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
51 return NULL;
52 }
53
54 if (!AddStringToJsonObject(msg, FIELD_DEVICE_ID_HASH, udidHash) ||
55 (isSameAccount && !AddNumberToJsonObject(msg, FIELD_CRED_TYPE, credType))) {
56 AUTH_LOGE(AUTH_HICHAIN, "add json object fail");
57 cJSON_Delete(msg);
58 return NULL;
59 }
60
61 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service cred type=%{public}d", credType);
62
63 char *data = cJSON_PrintUnformatted(msg);
64 if (data == NULL) {
65 AUTH_LOGE(AUTH_HICHAIN, "json transform unformatted fail");
66 }
67 cJSON_Delete(msg);
68 return data;
69 }
70
IdServiceGenerateQueryParamByCredType(int32_t peerUserId,const char * udidHash,SoftbusCredType credType)71 static char *IdServiceGenerateQueryParamByCredType(int32_t peerUserId, const char *udidHash, SoftbusCredType credType)
72 {
73 char peerUserIdString[INT32_T_TO_STRING_MAX_LEN] = {0};
74 if (sprintf_s(peerUserIdString, INT32_T_TO_STRING_MAX_LEN, "%d", peerUserId) == -1) {
75 AUTH_LOGE(AUTH_HICHAIN, "int32_t to string fail");
76 return NULL;
77 }
78
79 cJSON *msg = cJSON_CreateObject();
80 if (msg == NULL) {
81 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
82 return NULL;
83 }
84
85 if (!AddStringToJsonObject(msg, FIELD_DEVICE_ID_HASH, udidHash) ||
86 !AddNumberToJsonObject(msg, FIELD_CRED_TYPE, credType) ||
87 (credType == ACCOUNT_UNRELATED && !AddStringToJsonObject(msg, FIELD_PEER_USER_SPACE_ID, peerUserIdString))) {
88 AUTH_LOGE(AUTH_HICHAIN, "add json object fail");
89 cJSON_Delete(msg);
90 return NULL;
91 }
92
93 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service cred type=%{public}d", credType);
94
95 char *data = cJSON_PrintUnformatted(msg);
96 if (data == NULL) {
97 AUTH_LOGE(AUTH_HICHAIN, "json transform unformatted fail");
98 }
99 cJSON_Delete(msg);
100 return data;
101 }
102
IdServiceGetCredMgrInstance()103 static const CredManager *IdServiceGetCredMgrInstance()
104 {
105 int32_t ret = InitDeviceAuthService();
106 if (ret != 0) {
107 AUTH_LOGE(AUTH_HICHAIN, "hichain identity service init device auth service fail err=%{public}d", ret);
108 return NULL;
109 }
110
111 return GetCredMgrInstance();
112 }
113
IdServiceGetCredAuthInstance()114 static const CredAuthManager *IdServiceGetCredAuthInstance()
115 {
116 int32_t ret = InitDeviceAuthService();
117 if (ret != 0) {
118 AUTH_LOGE(AUTH_HICHAIN, "hichain identity service init device auth service fail err=%{public}d", ret);
119 return NULL;
120 }
121
122 return GetCredAuthInstance();
123 }
124
IdServiceQueryCredential(int32_t userId,const char * udidHash,const char * accountidHash,bool isSameAccount,char ** credList)125 int32_t IdServiceQueryCredential(int32_t userId, const char *udidHash, const char *accountidHash,
126 bool isSameAccount, char **credList)
127 {
128 const CredManager *credManger = IdServiceGetCredMgrInstance();
129 AUTH_CHECK_AND_RETURN_RET_LOGE(credManger != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI,
130 AUTH_HICHAIN, "hichain identity service not initialized");
131
132 char *authParams = IdServiceGenerateQueryParam(udidHash, accountidHash, isSameAccount);
133 AUTH_CHECK_AND_RETURN_RET_LOGE(authParams != NULL, SOFTBUS_CREATE_JSON_ERR,
134 AUTH_HICHAIN, "hichain identity service generate query parameter fail");
135
136 int32_t ret = credManger->queryCredentialByParams(userId, authParams, credList);
137 cJSON_free(authParams);
138 if (ret != HC_SUCCESS) {
139 uint32_t authErrCode = 0;
140 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
141 AUTH_LOGE(AUTH_HICHAIN,
142 "hichain identity service query credential list fail err=%{public}d, authErrCode=%{public}d",
143 ret, authErrCode);
144 return authErrCode;
145 }
146 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service get credential list");
147
148 return SOFTBUS_OK;
149 }
150
IsInvalidCredList(const char * credList)151 static bool IsInvalidCredList(const char *credList)
152 {
153 if (credList == NULL) {
154 AUTH_LOGE(AUTH_HICHAIN, "parameter is null");
155 return true;
156 }
157
158 cJSON *credIdJson = CreateJsonObjectFromString(credList);
159 if (credIdJson == NULL) {
160 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
161 return true;
162 }
163
164 int32_t arraySize = GetArrayItemNum(credIdJson);
165 cJSON_Delete(credIdJson);
166 if (arraySize == 0) {
167 AUTH_LOGE(AUTH_HICHAIN, "array size is 0");
168 return true;
169 }
170 return false;
171 }
172
AuthIdServiceQueryCredential(int32_t peerUserId,const char * udidHash,const char * accountidHash,bool isSameAccount,char ** credList)173 int32_t AuthIdServiceQueryCredential(int32_t peerUserId, const char *udidHash, const char *accountidHash,
174 bool isSameAccount, char **credList)
175 {
176 AUTH_CHECK_AND_RETURN_RET_LOGE(udidHash != NULL && accountidHash != NULL && credList != NULL,
177 SOFTBUS_INVALID_PARAM, AUTH_HICHAIN, "invalid param");
178 const CredManager *credManger = IdServiceGetCredMgrInstance();
179 AUTH_CHECK_AND_RETURN_RET_LOGE(credManger != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI,
180 AUTH_HICHAIN, "hichain identity service not initialized");
181 int32_t localUserId = GetActiveOsAccountIds();
182 if (isSameAccount) {
183 char *authParams = IdServiceGenerateQueryParamByCredType(peerUserId, udidHash, ACCOUNT_RELATED);
184 AUTH_CHECK_AND_RETURN_RET_LOGE(authParams != NULL, SOFTBUS_CREATE_JSON_ERR,
185 AUTH_HICHAIN, "hichain identity service generate query parameter fail");
186 int32_t ret = credManger->queryCredentialByParams(localUserId, authParams, credList);
187 cJSON_free(authParams);
188 if (ret != HC_SUCCESS) {
189 uint32_t authErrCode = 0;
190 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
191 AUTH_LOGE(AUTH_HICHAIN,
192 "hichain identity service query credential list fail err=%{public}d, authErrCode=%{public}d",
193 ret, authErrCode);
194 return authErrCode;
195 }
196 return SOFTBUS_OK;
197 }
198
199 char *authParams = IdServiceGenerateQueryParamByCredType(peerUserId, udidHash, ACCOUNT_SHARE);
200 AUTH_CHECK_AND_RETURN_RET_LOGE(authParams != NULL, SOFTBUS_CREATE_JSON_ERR,
201 AUTH_HICHAIN, "hichain identity service generate query parameter fail");
202 int32_t ret = credManger->queryCredentialByParams(localUserId, authParams, credList);
203 cJSON_free(authParams);
204 if (ret != HC_SUCCESS || IsInvalidCredList(*credList)) {
205 IdServiceDestroyCredentialList(credList);
206 *credList = NULL;
207 authParams = IdServiceGenerateQueryParamByCredType(peerUserId, udidHash, ACCOUNT_UNRELATED);
208 AUTH_CHECK_AND_RETURN_RET_LOGE(authParams != NULL, SOFTBUS_CREATE_JSON_ERR,
209 AUTH_HICHAIN, "hichain identity service generate query parameter fail");
210
211 ret = credManger->queryCredentialByParams(localUserId, authParams, credList);
212 cJSON_free(authParams);
213 }
214 if (ret != HC_SUCCESS) {
215 uint32_t authErrCode = 0;
216 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
217 AUTH_LOGE(AUTH_HICHAIN,
218 "hichain identity service query credential list fail err=%{public}d, authErrCode=%{public}d",
219 ret, authErrCode);
220 return authErrCode;
221 }
222 return SOFTBUS_OK;
223 }
224
IdServiceDestroyCredentialList(char ** returnData)225 void IdServiceDestroyCredentialList(char **returnData)
226 {
227 if (returnData == NULL) {
228 AUTH_LOGE(AUTH_HICHAIN, "parameter is null");
229 return;
230 }
231
232 const CredManager *credManger = IdServiceGetCredMgrInstance();
233 if (credManger == NULL) {
234 AUTH_LOGE(AUTH_HICHAIN, "hichain identity service get cred manager fail");
235 return;
236 }
237
238 credManger->destroyInfo(returnData);
239 }
240
IdServiceCopyCredId(char * credId)241 static char *IdServiceCopyCredId(char *credId)
242 {
243 char *credIdMem = (char *)SoftBusCalloc(strlen(credId) + 1);
244 if (credIdMem == NULL) {
245 AUTH_LOGE(AUTH_HICHAIN, "credId calloc fail");
246 return NULL;
247 }
248
249 if (strcpy_s(credIdMem, strlen(credId) + 1, credId) != EOK) {
250 AUTH_LOGE(AUTH_HICHAIN, "strcpy_s cred id fail");
251 SoftBusFree(credIdMem);
252 credIdMem = NULL;
253 } else {
254 char *anonyCredId = NULL;
255 Anonymize(credIdMem, &anonyCredId);
256 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service get credid=%{public}s", AnonymizeWrapper(anonyCredId));
257 AnonymizeFree(anonyCredId);
258 }
259
260 return credIdMem;
261 }
262
IdServiceGetCredTypeByCredId(int32_t userId,char * credId,int32_t * credType)263 static int32_t IdServiceGetCredTypeByCredId(int32_t userId, char *credId, int32_t *credType)
264 {
265 const CredManager *credManger = IdServiceGetCredMgrInstance();
266 AUTH_CHECK_AND_RETURN_RET_LOGE(credManger != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI,
267 AUTH_HICHAIN, "hichain identity service not initialized");
268
269 char *credInfo = NULL;
270 int32_t ret = credManger->queryCredInfoByCredId(userId, credId, &credInfo);
271 if (ret != HC_SUCCESS) {
272 uint32_t authErrCode = 0;
273 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
274 AUTH_LOGE(AUTH_HICHAIN,
275 "hichain identity service quere credential info failed, err=%{public}d, authErrCode=%{public}d",
276 ret, authErrCode);
277 return authErrCode;
278 }
279
280 cJSON *credInfoJson = CreateJsonObjectFromString(credInfo);
281 IdServiceDestroyCredentialList(&credInfo);
282 if (credInfoJson == NULL) {
283 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
284 return SOFTBUS_CREATE_JSON_ERR;
285 }
286
287 if (!GetJsonObjectInt32Item(credInfoJson, FIELD_CRED_TYPE, credType)) {
288 AUTH_LOGE(AUTH_HICHAIN, "cred type not found");
289 cJSON_Delete(credInfoJson);
290 return SOFTBUS_PARSE_JSON_ERR;
291 }
292
293 if (*credType == ACCOUNT_UNRELATED) {
294 int32_t scope = 0;
295 if (!GetJsonObjectInt32Item(credInfoJson, FIELD_AUTHORIZED_SCOPE, &scope)) {
296 AUTH_LOGE(AUTH_HICHAIN, "scope not found");
297 cJSON_Delete(credInfoJson);
298 return SOFTBUS_PARSE_JSON_ERR;
299 }
300
301 *credType = (scope == SCOPE_USER) ? *credType : ACCOUNT_BUTT;
302 }
303 cJSON_Delete(credInfoJson);
304
305 return SOFTBUS_OK;
306 }
307
IdServiceGetCredIdFromCredList(int32_t userId,const char * credList)308 char *IdServiceGetCredIdFromCredList(int32_t userId, const char *credList)
309 {
310 if (credList == NULL) {
311 AUTH_LOGE(AUTH_HICHAIN, "parameter is null");
312 return NULL;
313 }
314
315 cJSON *credIdJson = CreateJsonObjectFromString(credList);
316 if (credIdJson == NULL) {
317 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
318 return NULL;
319 }
320
321 int32_t arraySize = GetArrayItemNum(credIdJson);
322 if (arraySize == 0) {
323 AUTH_LOGE(AUTH_HICHAIN, "array size is 0");
324 cJSON_Delete(credIdJson);
325 return NULL;
326 }
327
328 AUTH_LOGD(AUTH_HICHAIN, "array size is %{public}d", arraySize);
329
330 char *credId = NULL;
331 char *credIdMem = NULL;
332 int32_t credType = ACCOUNT_BUTT;
333 for (int32_t i = 0; i < arraySize; i++) {
334 cJSON *item = GetArrayItemFromArray(credIdJson, i);
335 if (item == NULL) {
336 AUTH_LOGE(AUTH_HICHAIN, "get array item is null");
337 break;
338 }
339 char *credIdTmp = cJSON_GetStringValue(item);
340 if (credIdTmp == NULL) {
341 AUTH_LOGE(AUTH_HICHAIN, "get credId string fail");
342 break;
343 }
344
345 int32_t credTypeTmp = ACCOUNT_BUTT;
346 int32_t ret = IdServiceGetCredTypeByCredId(userId, credIdTmp, &credTypeTmp);
347 if (ret != SOFTBUS_OK) {
348 AUTH_LOGE(AUTH_HICHAIN, "get cred type fail");
349 break;
350 }
351
352 credId = (credTypeTmp < credType) ? credIdTmp : credId;
353 credType = (credTypeTmp < credType) ? credTypeTmp : credType;
354 }
355
356 if ((credId != NULL) && (credType != ACCOUNT_BUTT)) {
357 credIdMem = IdServiceCopyCredId(credId);
358 if (credIdMem == NULL) {
359 AUTH_LOGE(AUTH_HICHAIN, "copy credId fail");
360 }
361 }
362
363 cJSON_Delete(credIdJson);
364 return credIdMem;
365 }
366
IdServiceGenerateAuthParam(HiChainAuthParam * hiChainParam)367 char *IdServiceGenerateAuthParam(HiChainAuthParam *hiChainParam)
368 {
369 if (hiChainParam == NULL) {
370 AUTH_LOGE(AUTH_HICHAIN, "parameter is null");
371 return NULL;
372 }
373
374 cJSON *msg = cJSON_CreateObject();
375 if (msg == NULL) {
376 AUTH_LOGE(AUTH_HICHAIN, "create json fail");
377 return NULL;
378 }
379
380 if (!AddStringToJsonObject(msg, FIELD_CRED_ID, hiChainParam->credId)) {
381 AUTH_LOGE(AUTH_HICHAIN, "add json object fail");
382 cJSON_Delete(msg);
383 return NULL;
384 }
385
386 char *data = cJSON_PrintUnformatted(msg);
387 if (data == NULL) {
388 AUTH_LOGE(AUTH_HICHAIN, "json transform unformatted fail");
389 }
390 cJSON_Delete(msg);
391 return data;
392 }
393
IdServiceAuthCredential(int32_t userId,int64_t authReqId,const char * authParams,const DeviceAuthCallback * cb)394 int32_t IdServiceAuthCredential(int32_t userId, int64_t authReqId, const char *authParams, const DeviceAuthCallback *cb)
395 {
396 AUTH_CHECK_AND_RETURN_RET_LOGE(authParams != NULL && cb != NULL, SOFTBUS_INVALID_PARAM, AUTH_HICHAIN,
397 "authParams or cb is null");
398
399 const CredAuthManager *credAuthManger = IdServiceGetCredAuthInstance();
400 AUTH_CHECK_AND_RETURN_RET_LOGE(credAuthManger != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI,
401 AUTH_HICHAIN, "hichain identity service not initialized");
402
403 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service start authenticate credential");
404 int32_t ret = credAuthManger->authCredential(userId, authReqId, authParams, cb);
405 if (ret != HC_SUCCESS) {
406 uint32_t authErrCode = 0;
407 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
408 AUTH_LOGE(AUTH_HICHAIN,
409 "hichain identity service authenticate credential failed, err=%{public}d, authErrCode=%{public}d",
410 ret, authErrCode);
411 return authErrCode;
412 }
413
414 return SOFTBUS_OK;
415 }
416
IdServiceProcessCredData(int64_t authSeq,const uint8_t * data,uint32_t len,DeviceAuthCallback * cb)417 int32_t IdServiceProcessCredData(int64_t authSeq, const uint8_t *data, uint32_t len, DeviceAuthCallback *cb)
418 {
419 AUTH_CHECK_AND_RETURN_RET_LOGE(data != NULL && cb != NULL, SOFTBUS_INVALID_PARAM, AUTH_HICHAIN,
420 "data or cb is null");
421
422 const CredAuthManager *credAuthManger = IdServiceGetCredAuthInstance();
423 AUTH_CHECK_AND_RETURN_RET_LOGE(credAuthManger != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI,
424 AUTH_HICHAIN, "hichain identity service not initialized");
425
426 AUTH_LOGD(AUTH_HICHAIN, "hichain identity service start process cred data");
427 int32_t ret = credAuthManger->processCredData(authSeq, data, len, cb);
428 if (ret != HC_SUCCESS) {
429 uint32_t authErrCode = 0;
430 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
431 AUTH_LOGE(AUTH_HICHAIN,
432 "hichain identity service process cred data failed, ret=%{public}d, authErrCode=%{public}d",
433 ret, authErrCode);
434 return authErrCode;
435 }
436
437 return SOFTBUS_OK;
438 }
439
GetCredInfoFromJson(const char * credInfo,SoftBusCredInfo * info)440 static int32_t GetCredInfoFromJson(const char *credInfo, SoftBusCredInfo *info)
441 {
442 JsonObj *json = JSON_Parse(credInfo, strlen(credInfo));
443 if (json == NULL) {
444 AUTH_LOGE(AUTH_HICHAIN, "parse json fail");
445 return SOFTBUS_PARSE_JSON_ERR;
446 }
447 if (!JSON_GetInt32FromOject(json, FIELD_CRED_TYPE, &(info->credIdType)) ||
448 !JSON_GetInt32FromOject(json, FIELD_SUBJECT, &(info->subject)) ||
449 !JSON_GetStringFromObject(json, FIELD_DEVICE_ID, info->udid, UDID_BUF_LEN) ||
450 !JSON_GetStringFromObject(json, FIELD_USER_ID, info->userId, MAX_ACCOUNT_HASH_LEN)) {
451 AUTH_LOGD(AUTH_HICHAIN, "parse credential info json fail");
452 JSON_Delete(json);
453 return SOFTBUS_GET_INFO_FROM_JSON_FAIL;
454 }
455 JSON_Delete(json);
456 return SOFTBUS_OK;
457 }
458
GetCredInfoByUserIdAndCredId(int32_t userId,const char * credId,SoftBusCredInfo * credInfo)459 static int32_t GetCredInfoByUserIdAndCredId(int32_t userId, const char *credId, SoftBusCredInfo *credInfo)
460 {
461 if (credId == NULL || credInfo == NULL) {
462 AUTH_LOGE(AUTH_HICHAIN, "invalid param");
463 return SOFTBUS_INVALID_PARAM;
464 }
465 const CredManager *credManager = IdServiceGetCredMgrInstance();
466 AUTH_CHECK_AND_RETURN_RET_LOGE(credManager != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI, AUTH_HICHAIN,
467 "hichain identity service not initialized");
468 char *credInfoMsg = NULL;
469
470 int32_t ret = credManager->queryCredInfoByCredId(userId, credId, &credInfoMsg);
471 if (ret != HC_SUCCESS) {
472 uint32_t authErrCode = 0;
473 (void)GetSoftbusHichainAuthErrorCode((uint32_t)ret, &authErrCode);
474 AUTH_LOGE(AUTH_HICHAIN,
475 "hichain identity service quere credential info failed, err=%{public}d, authErrCode=%{public}d", ret,
476 authErrCode);
477 return authErrCode;
478 }
479 ret = GetCredInfoFromJson(credInfoMsg, credInfo);
480 if (ret != SOFTBUS_OK) {
481 AUTH_LOGE(AUTH_HICHAIN, "get credential info from json fail");
482 IdServiceDestroyCredentialList(&credInfoMsg);
483 return ret;
484 }
485 IdServiceDestroyCredentialList(&credInfoMsg);
486 AUTH_LOGI(AUTH_HICHAIN, "potential device credIdType=%{public}d", credInfo->credIdType);
487 return SOFTBUS_OK;
488 }
489
IdServiceIsPotentialTrustedDevice(const char * udidHash,const char * accountIdHash,bool isSameAccount)490 bool IdServiceIsPotentialTrustedDevice(const char *udidHash, const char *accountIdHash, bool isSameAccount)
491 {
492 if (accountIdHash == NULL || udidHash == NULL) {
493 AUTH_LOGE(AUTH_HICHAIN, "invalid param");
494 return false;
495 }
496
497 char *credList = NULL;
498 int32_t userId = GetActiveOsAccountIds();
499 SoftBusCredInfo credInfo = { 0 };
500 AUTH_LOGI(AUTH_HICHAIN, "get userId=%{public}d", userId);
501 int32_t ret = IdServiceQueryCredential(userId, udidHash, accountIdHash, isSameAccount, &credList);
502 if (ret != SOFTBUS_OK) {
503 AUTH_LOGE(AUTH_HICHAIN, "query credential fail, ret=%{public}d", ret);
504 return false;
505 }
506 char *credId = IdServiceGetCredIdFromCredList(userId, credList);
507 if (credId == NULL) {
508 AUTH_LOGE(AUTH_HICHAIN, "get cred id fail");
509 IdServiceDestroyCredentialList(&credList);
510 return false;
511 }
512 IdServiceDestroyCredentialList(&credList);
513 if (GetCredInfoByUserIdAndCredId(userId, credId, &credInfo) != SOFTBUS_OK) {
514 AUTH_LOGE(AUTH_HICHAIN, "get cred info fail");
515 SoftBusFree(credId);
516 return false;
517 }
518 SoftBusFree(credId);
519 return credInfo.credIdType == ACCOUNT_SHARE;
520 }
521
IsLocalCredInfo(const char * udid)522 static bool IsLocalCredInfo(const char *udid)
523 {
524 char localUdid[UDID_BUF_LEN] = { 0 };
525 if (LnnGetLocalStrInfo(STRING_KEY_DEV_UDID, localUdid, UDID_BUF_LEN) != SOFTBUS_OK) {
526 AUTH_LOGE(AUTH_HICHAIN, "get local udid fail");
527 return false;
528 }
529 return strcmp(udid, localUdid) == 0;
530 }
531
IdServiceHandleCredAdd(const char * credInfo)532 static void IdServiceHandleCredAdd(const char *credInfo)
533 {
534 SoftBusCredInfo info = { 0 };
535 int32_t localDevTypeId = 0;
536 if (GetCredInfoFromJson(credInfo, &info) != SOFTBUS_OK) {
537 AUTH_LOGE(AUTH_HICHAIN, "get credential info from json fail");
538 return;
539 }
540 if (IsLocalCredInfo(info.udid)) {
541 AUTH_LOGI(AUTH_HICHAIN, "id service no need handle");
542 return;
543 }
544 if (LnnGetLocalNumInfo(NUM_KEY_DEV_TYPE_ID, &localDevTypeId) == SOFTBUS_OK && localDevTypeId == TYPE_TV_ID &&
545 (info.credIdType == ACCOUNT_SHARE || info.credIdType == ACCOUNT_UNRELATED)) {
546 AUTH_LOGI(AUTH_HICHAIN, "id service not start heartbeat");
547 return;
548 }
549 if (LnnInsertSpecificTrustedDevInfo(info.udid) != SOFTBUS_OK) {
550 AUTH_LOGE(AUTH_HICHAIN, "id service insert trust info fail");
551 return;
552 }
553 LnnHbOnTrustedRelationIncreased(info.credIdType == ACCOUNT_SHARE ? AUTH_SHARE : AUTH_PEER_TO_PEER_GROUP);
554 }
555
IsExitPotentialTrusted(const char * udid)556 static bool IsExitPotentialTrusted(const char *udid)
557 {
558 uint8_t udidHashResult[SHA_256_HASH_LEN] = { 0 };
559 char udidShortHashStr[DISC_MAX_DEVICE_ID_LEN] = { 0 };
560 uint8_t localAccountHash[SHA_256_HASH_LEN] = { 0 };
561 char accountHexHash[SHA_256_HEX_HASH_LEN] = { 0 };
562 if (LnnGetLocalByteInfo(BYTE_KEY_ACCOUNT_HASH, localAccountHash, SHA_256_HASH_LEN) != SOFTBUS_OK) {
563 AUTH_LOGE(AUTH_HICHAIN, "get local account hash fail");
564 return false;
565 }
566 if (ConvertBytesToHexString(accountHexHash, SHA_256_HEX_HASH_LEN, localAccountHash, SHA_256_HASH_LEN) !=
567 SOFTBUS_OK) {
568 AUTH_LOGE(AUTH_HICHAIN, "convert account hash fail");
569 return false;
570 }
571 if (SoftBusGenerateStrHash((const unsigned char *)udid, strlen(udid), (unsigned char *)udidHashResult) !=
572 SOFTBUS_OK) {
573 AUTH_LOGE(AUTH_HICHAIN, "gen udid hash err");
574 return false;
575 }
576 (void)ConvertBytesToHexString(udidShortHashStr, HB_SHORT_UDID_HASH_HEX_LEN + 1,
577 (const unsigned char *)udidHashResult, HB_SHORT_UDID_HASH_LEN);
578 udidShortHashStr[HB_SHORT_UDID_HASH_HEX_LEN + 1] = '\0';
579
580 return IdServiceIsPotentialTrustedDevice(udidShortHashStr, accountHexHash, false);
581 }
582
OnCredAdd(const char * credId,const char * credInfo)583 static void OnCredAdd(const char *credId, const char *credInfo)
584 {
585 AUTH_LOGI(AUTH_HICHAIN, "OnCredAdd enter");
586 if (credId == NULL || credInfo == NULL) {
587 AUTH_LOGE(AUTH_HICHAIN, "id service invalid param");
588 return;
589 }
590 IdServiceHandleCredAdd(credInfo);
591 }
592
OnCredDelete(const char * credId,const char * credInfo)593 static void OnCredDelete(const char *credId, const char *credInfo)
594 {
595 if (credId == NULL || credInfo == NULL) {
596 AUTH_LOGE(AUTH_HICHAIN, "id service invalid param");
597 return;
598 }
599 SoftBusCredInfo info = { 0 };
600 if (GetCredInfoFromJson(credInfo, &info) != SOFTBUS_OK) {
601 AUTH_LOGE(AUTH_HICHAIN, "id service parse json fail");
602 return;
603 }
604 if (IsExitPotentialTrusted(info.udid)) {
605 AUTH_LOGI(AUTH_HICHAIN, "id service no need delete");
606 return;
607 }
608 LnnDeleteSpecificTrustedDevInfo(info.udid, GetActiveOsAccountIds());
609 LnnHbOnTrustedRelationReduced();
610 }
611
OnCredUpdate(const char * credId,const char * credInfo)612 static void OnCredUpdate(const char *credId, const char *credInfo)
613 {
614 if (credId == NULL || credInfo == NULL) {
615 AUTH_LOGE(AUTH_HICHAIN, "id service invalid param");
616 return;
617 }
618 IdServiceHandleCredAdd(credInfo);
619 }
620
621 static CredChangeListener g_regCredChangeListener = {
622 .onCredAdd = OnCredAdd,
623 .onCredDelete = OnCredDelete,
624 .onCredUpdate = OnCredUpdate,
625 };
626
IdServiceRegCredMgr(void)627 int32_t IdServiceRegCredMgr(void)
628 {
629 AUTH_LOGI(AUTH_HICHAIN, "id service init reg");
630 const CredManager *credManager = IdServiceGetCredMgrInstance();
631 AUTH_CHECK_AND_RETURN_RET_LOGE(credManager != NULL, SOFTBUS_AUTH_GET_CRED_INSTANCE_FALI, AUTH_HICHAIN,
632 "hichain identity service not initialized");
633
634 if (credManager->registerChangeListener == NULL) {
635 AUTH_LOGE(AUTH_HICHAIN, "id service register listener is NULL");
636 return SOFTBUS_AUTH_REG_CRED_CHANGE_FAIL;
637 }
638 if (credManager->registerChangeListener(AUTH_APPID, &g_regCredChangeListener) != SOFTBUS_OK) {
639 AUTH_LOGE(AUTH_HICHAIN, "id service reg cred change fail");
640 return SOFTBUS_AUTH_REG_CRED_CHANGE_FAIL;
641 }
642 return SOFTBUS_OK;
643 }
644
IdServiceUnRegCredMgr(void)645 void IdServiceUnRegCredMgr(void)
646 {
647 const CredManager *credManager = IdServiceGetCredMgrInstance();
648 if (credManager == NULL) {
649 AUTH_LOGI(AUTH_HICHAIN, "hichain identity service get cred manager fail");
650 return;
651 }
652 if ((credManager->unregisterChangeListener != NULL) &&
653 credManager->unregisterChangeListener(AUTH_APPID) != SOFTBUS_OK) {
654 AUTH_LOGE(AUTH_HICHAIN, "id service reg cred change fail");
655 }
656 }