1 /*
2 * Copyright (c) 2022-2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_callback.h"
17
18 #include <mutex>
19 #include <securec.h>
20 #include <string>
21 #include "access_token.h"
22 #include "accesstoken_kit.h"
23 #include "account_iam_info.h"
24 #include "account_info_report.h"
25 #include "account_log_wrapper.h"
26 #include "account_hisysevent_adapter.h"
27 #include "iinner_os_account_manager.h"
28 #include "inner_account_iam_manager.h"
29 #ifdef SUPPORT_DOMAIN_ACCOUNTS
30 #include "inner_domain_account_manager.h"
31 #endif // SUPPORT_DOMAIN_ACCOUNTS
32 #include "ipc_skeleton.h"
33 #include "os_account_delete_user_idm_callback.h"
34 #include "storage_service_errno.h"
35 #include "token_setproc.h"
36 #include "user_auth_client.h"
37 #include "user_idm_client.h"
38 #include "os_account_constants.h"
39
40 namespace OHOS {
41 namespace AccountSA {
42 namespace {
43 const char OPERATION_REENROLL[] = "re-enroll";
44 }
45
46 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
47 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
48
49 const std::vector<uint8_t> TEMP_PIN = {50, 48, 50, 52, 48, 56};
50
SetContextId(uint16_t contextId)51 void AuthCallbackDeathRecipient::SetContextId(uint16_t contextId)
52 {
53 contextId_ = contextId;
54 }
55
OnRemoteDied(const wptr<IRemoteObject> & remote)56 void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
57 {
58 ACCOUNT_LOGI("remote callback died, cancel authentication");
59 if (contextId_ > 0) {
60 UserAuthClient::GetInstance().CancelAuthentication(contextId_);
61 }
62 }
63
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,const sptr<IIDMCallback> & callback)64 AuthCallback::AuthCallback(
65 uint32_t userId, AuthType authType, AuthIntent authIntent, const sptr<IIDMCallback> &callback)
66 : userId_(userId), authType_(authType), authIntent_(authIntent), innerCallback_(callback)
67 {
68 // save caller tokenId for pin re-enroll
69 if (authType == AuthType::PIN) {
70 callerTokenId_ = IPCSkeleton::GetCallingTokenID();
71 }
72 }
73
AuthCallback(uint32_t userId,AuthType authType,AuthIntent authIntent,bool isRemoteAuth,const sptr<IIDMCallback> & callback)74 AuthCallback::AuthCallback(uint32_t userId, AuthType authType, AuthIntent authIntent,
75 bool isRemoteAuth, const sptr<IIDMCallback> &callback)
76 : userId_(userId), authType_(authType), authIntent_(authIntent),
77 isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
78 {
79 // save caller tokenId for pin re-enroll
80 if (authType == AuthType::PIN) {
81 callerTokenId_ = IPCSkeleton::GetCallingTokenID();
82 }
83 }
84
UpdateCredInfo(const Attributes & extraInfo)85 UpdateCredInfo::UpdateCredInfo(const Attributes &extraInfo)
86 {
87 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
88 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
89 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
90 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
91 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
92 }
93
~UpdateCredInfo()94 UpdateCredInfo::~UpdateCredInfo()
95 {
96 std::fill(token.begin(), token.end(), 0);
97 std::fill(newSecret.begin(), newSecret.end(), 0);
98 std::fill(oldSecret.begin(), oldSecret.end(), 0);
99 }
100
ReEnrollCallback(const sptr<IIDMCallback> & innerCallback)101 ReEnrollCallback::ReEnrollCallback(const sptr<IIDMCallback> &innerCallback) : innerCallback_(innerCallback)
102 {}
103
OnResult(int32_t result,const std::vector<uint8_t> & extraInfoBuffer)104 ErrCode ReEnrollCallback::OnResult(int32_t result, const std::vector<uint8_t>& extraInfoBuffer)
105 {
106 std::unique_lock<std::mutex> lock(mutex_);
107 ACCOUNT_LOGE("ReEnroll: UpdateCredential call to ReEnroll OnResult, result is %{public}d", result);
108 result_ = result;
109 isCalled_ = true;
110 onResultCondition_.notify_one();
111 return ERR_OK;
112 }
113
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const std::vector<uint8_t> & extraInfoBuffer)114 ErrCode ReEnrollCallback::OnAcquireInfo(
115 int32_t module, uint32_t acquireInfo, const std::vector<uint8_t>& extraInfoBuffer)
116 {
117 std::unique_lock<std::mutex> lock(mutex_);
118 ACCOUNT_LOGI("ReEnroll: UpdateCredential call to ReEnroll OnAcquireInfo");
119 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfoBuffer);
120 return ERR_OK;
121 }
122
InnerHandleReEnroll(const std::vector<uint8_t> & token)123 ErrCode AuthCallback::InnerHandleReEnroll(const std::vector<uint8_t> &token)
124 {
125 //set first caller to sceneboard
126 SetFirstCallerTokenID(callerTokenId_);
127 sptr<ReEnrollCallback> callback = new (std::nothrow) ReEnrollCallback(innerCallback_);
128 if (callback == nullptr) {
129 ACCOUNT_LOGE("ReEnroll: failed to allocate callback");
130 return ERR_ACCOUNT_COMMON_INSUFFICIENT_MEMORY_ERROR;
131 }
132 CredentialParameters credInfo = {
133 .authType = AuthType::PIN,
134 // `pinType` is unused in iam
135 .pinType = PinSubType::PIN_SIX,
136 .token = token
137 };
138 InnerAccountIAMManager::GetInstance().UpdateCredential(userId_, credInfo, callback);
139 std::fill(credInfo.token.begin(), credInfo.token.end(), 0);
140 std::unique_lock<std::mutex> lock(callback->mutex_);
141 bool done = callback->onResultCondition_.wait_for(lock, std::chrono::seconds(Constants::REENROLL_WAIT_TIME),
142 [cb = callback]() { return cb->isCalled_; });
143 ErrCode result = callback->result_;
144 if (!done) {
145 ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, timeout");
146 return ERR_ACCOUNT_COMMON_OPERATION_TIMEOUT;
147 }
148 return result;
149 }
150
HandleReEnroll(const Attributes & extraInfo,int32_t accountId,const std::vector<uint8_t> & token)151 void AuthCallback::HandleReEnroll(const Attributes &extraInfo, int32_t accountId, const std::vector<uint8_t> &token)
152 {
153 bool needReEnroll = false;
154 extraInfo.GetBoolValue(Attributes::ATTR_RE_ENROLL_FLAG, needReEnroll);
155 if (!needReEnroll) {
156 return;
157 }
158 if (authType_ == AuthType::PIN) {
159 ACCOUNT_LOGI("ReEnroll: need re-enroll for accountId %{public}d", accountId);
160 ErrCode result = InnerHandleReEnroll(token);
161 if (result != ERR_OK) {
162 ACCOUNT_LOGE("ReEnroll: UpdateCredential failed, result is %{public}d", result);
163 ReportOsAccountOperationFail(accountId, "ReEnroll", result, "UpdateCredential failed");
164 } else {
165 ACCOUNT_LOGI("ReEnroll: UpdateCredential successful");
166 ReportOsAccountLifeCycle(accountId, OPERATION_REENROLL);
167 }
168 } else {
169 ACCOUNT_LOGW("ReEnroll: re-enroll flag exist but authType:%{public}d is not pin", authType_);
170 }
171 // ATTR_RE_ENROLL_FLAG is true means iam opened a session, remeber to close it
172 InnerAccountIAMManager::GetInstance().CloseSession(userId_);
173 }
174
UnlockAccount(int32_t accountId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret,bool & isUpdateVerifiedStatus)175 ErrCode AuthCallback::UnlockAccount(int32_t accountId, const std::vector<uint8_t> &token,
176 const std::vector<uint8_t> &secret, bool &isUpdateVerifiedStatus)
177 {
178 ErrCode ret = ERR_OK;
179 if (authType_ == AuthType::PIN) {
180 if (secret.empty()) {
181 ACCOUNT_LOGI("No need to active user.");
182 return ERR_OK;
183 }
184 (void)InnerAccountIAMManager::GetInstance().HandleFileKeyException(accountId, secret, token);
185 bool isVerified = false;
186 (void)IInnerOsAccountManager::GetInstance().IsOsAccountVerified(accountId, isVerified);
187 bool needActivateKey = true;
188 if (isVerified) {
189 ret = InnerAccountIAMManager::GetInstance().CheckNeedReactivateUserKey(accountId, needActivateKey);
190 if (ret != ERR_OK) {
191 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to check need reactivate user key");
192 ACCOUNT_LOGE("Failed to check need reactivate key, ret = %{public}d.", ret);
193 }
194 }
195
196 if (needActivateKey) {
197 // el2 file decryption
198 ret = InnerAccountIAMManager::GetInstance().ActivateUserKey(accountId, token, secret);
199 if (ret != 0 && ret != ErrNo::E_PARAMS_NULLPTR_ERR) {
200 ACCOUNT_LOGE("Failed to activate user key");
201 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to activate user key");
202 return ret;
203 }
204 ret = InnerAccountIAMManager::GetInstance().PrepareStartUser(accountId);
205 if (ret != 0) {
206 ACCOUNT_LOGE("Failed to prepare start user");
207 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to prepare start user");
208 }
209 isUpdateVerifiedStatus = true;
210 }
211 }
212 ret = UnlockUserScreen(accountId, token, secret, isUpdateVerifiedStatus);
213 return ret;
214 }
215
UnlockUserScreen(int32_t accountId,const std::vector<uint8_t> & token,const std::vector<uint8_t> & secret,bool & isUpdateVerifiedStatus)216 ErrCode AuthCallback::UnlockUserScreen(int32_t accountId, const std::vector<uint8_t> &token,
217 const std::vector<uint8_t> &secret, bool &isUpdateVerifiedStatus)
218 {
219 ErrCode ret = ERR_OK;
220 if (!isUpdateVerifiedStatus) {
221 if (authType_ == AuthType::RECOVERY_KEY) {
222 ACCOUNT_LOGI("No need to unlock screen.");
223 return ERR_OK;
224 }
225 bool lockScreenStatus = false;
226 ret = InnerAccountIAMManager::GetInstance().GetLockScreenStatus(accountId, lockScreenStatus);
227 if (ret != 0) {
228 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to get lock status");
229 }
230 if (!lockScreenStatus) {
231 ACCOUNT_LOGI("start unlock user screen");
232 // el3\4 file decryption
233 ret = InnerAccountIAMManager::GetInstance().UnlockUserScreen(accountId, token, secret);
234 if (ret != 0) {
235 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to unlock user");
236 return ret;
237 }
238 }
239 }
240 return ret;
241 }
242
HandleAuthResult(const Attributes & extraInfo,int32_t accountId,bool & isUpdateVerifiedStatus)243 ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
244 {
245 // domain account authentication
246 if (authType_ == static_cast<AuthType>(IAMAuthType::DOMAIN)) {
247 return ERR_OK;
248 }
249 std::vector<uint8_t> token;
250 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
251 std::vector<uint8_t> secret;
252 if (!extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret)) {
253 ACCOUNT_LOGW("No secret to support user unlock");
254 secret.clear();
255 }
256 ErrCode ret = UnlockAccount(accountId, token, secret, isUpdateVerifiedStatus);
257 std::fill(secret.begin(), secret.end(), 0);
258 if (ret != ERR_OK) {
259 int32_t remainTimes = 0;
260 int32_t freezingTime = 0;
261 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
262 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
263 Attributes errInfo;
264 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
265 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
266 innerCallback_->OnResult(ResultCode::FAIL, errInfo.Serialize());
267 std::fill(token.begin(), token.end(), 0);
268 return ret;
269 }
270 #ifdef SUPPORT_DOMAIN_ACCOUNTS
271 // send msg for domain account offline authentication
272 InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
273 #endif // SUPPORT_DOMAIN_ACCOUNTS
274 HandleReEnroll(extraInfo, accountId, token);
275 std::fill(token.begin(), token.end(), 0);
276 return ret;
277 }
278
SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> & deathRecipient)279 void AuthCallback::SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> &deathRecipient)
280 {
281 deathRecipient_ = deathRecipient;
282 }
283
IsOsAccountDeactivatingOrLocking(int32_t authedAccountId)284 static bool IsOsAccountDeactivatingOrLocking(int32_t authedAccountId)
285 {
286 bool isDeactivating = false;
287 IInnerOsAccountManager::GetInstance().IsOsAccountDeactivating(authedAccountId, isDeactivating);
288 if (isDeactivating) {
289 ACCOUNT_LOGW("The target account is deactivating, accountId:%{public}d", authedAccountId);
290 return true;
291 }
292 #ifdef SUPPORT_LOCK_OS_ACCOUNT
293 bool isLocking = false;
294 IInnerOsAccountManager::GetInstance().IsOsAccountLocking(authedAccountId, isLocking);
295 if (isLocking) {
296 ACCOUNT_LOGW("The target account is isLocking, accountId:%{public}d", authedAccountId);
297 return true;
298 }
299 #endif
300 return false;
301 }
302
OnResult(int32_t result,const Attributes & extraInfo)303 void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
304 {
305 int32_t authedAccountId = 0;
306 if (!extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, authedAccountId)) {
307 ACCOUNT_LOGE("Get account id from auth result failed");
308 authedAccountId = static_cast<int32_t>(userId_);
309 }
310 ACCOUNT_LOGI("Auth ret: authType=%{public}d, result=%{public}d, id=%{public}d", authType_, result, authedAccountId);
311 if (innerCallback_ == nullptr) {
312 ACCOUNT_LOGE("innerCallback_ is nullptr");
313 return;
314 }
315 sptr<IRemoteObject> remoteObject = innerCallback_->AsObject();
316 if ((deathRecipient_ != nullptr) && (remoteObject != nullptr)) {
317 remoteObject->RemoveDeathRecipient(deathRecipient_);
318 }
319 if (result != 0) {
320 innerCallback_->OnResult(result, extraInfo.Serialize());
321 ReportOsAccountOperationFail(authedAccountId, "auth", result,
322 "Failed to auth, type:" + std::to_string(authType_));
323 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
324 }
325 // private pin auth
326 if ((authType_ == AuthType::PRIVATE_PIN) || (authIntent_ == AuthIntent::QUESTION_AUTH)) {
327 ACCOUNT_LOGI("Private pin auth");
328 innerCallback_->OnResult(result, extraInfo.Serialize());
329 return;
330 }
331 if (isRemoteAuth_) {
332 ACCOUNT_LOGI("Remote auth");
333 innerCallback_->OnResult(result, extraInfo.Serialize());
334 return;
335 }
336 if (IsOsAccountDeactivatingOrLocking(authedAccountId)) {
337 innerCallback_->OnResult(result, extraInfo.Serialize());
338 return;
339 }
340 bool isUpdateVerifiedStatus = false;
341 if (HandleAuthResult(extraInfo, authedAccountId, isUpdateVerifiedStatus) != ERR_OK) {
342 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, ResultCode::FAIL);
343 }
344 innerCallback_->OnResult(result, extraInfo.Serialize());
345 if (isUpdateVerifiedStatus) {
346 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsVerified(authedAccountId, true);
347 }
348 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsLoggedIn(authedAccountId, true);
349 AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
350 }
351
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)352 void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
353 {
354 if (innerCallback_ == nullptr) {
355 ACCOUNT_LOGE("innerCallback_ is nullptr");
356 return;
357 }
358 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo.Serialize());
359 }
360
OnRemoteDied(const wptr<IRemoteObject> & remote)361 void IDMCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
362 {
363 ACCOUNT_LOGW("Remote callback died, cancel cred");
364 if (userId_ > 0) {
365 UserIDMClient::GetInstance().Cancel(userId_);
366 }
367 }
368
IDMCallbackDeathRecipient(uint32_t userId)369 IDMCallbackDeathRecipient::IDMCallbackDeathRecipient(uint32_t userId) : userId_(userId)
370 {}
371
AddCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)372 AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
373 const sptr<IIDMCallback> &callback)
374 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
375 {}
376
~AddCredCallback()377 AddCredCallback::~AddCredCallback()
378 {
379 std::fill(credInfo_.token.begin(), credInfo_.token.end(), 0);
380 }
381
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)382 void AddCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
383 {
384 deathRecipient_ = deathRecipient;
385 }
386
AddUserKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)387 static ErrCode AddUserKey(int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
388 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
389 {
390 ErrCode errCode = InnerAccountIAMManager::GetInstance().UpdateStorageUserAuth(
391 userId, secureUid, token, oldSecret, newSecret);
392 if (errCode != ERR_OK) {
393 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update user auth");
394 return errCode;
395 }
396 errCode = InnerAccountIAMManager::GetInstance().UpdateStorageKeyContext(userId);
397 if (errCode != ERR_OK) {
398 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update key context");
399 }
400 return errCode;
401 }
402
DeleteSecretFlag(const uint32_t userId,const std::string & operation)403 static inline void DeleteSecretFlag(const uint32_t userId, const std::string &operation)
404 {
405 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId) +
406 Constants::PATH_SEPARATOR + Constants::USER_SECRET_FLAG_FILE_NAME;
407 auto accountFileOperator = std::make_shared<AccountFileOperator>();
408 ErrCode code = accountFileOperator->DeleteDirOrFile(path);
409 if (code != ERR_OK) {
410 ReportOsAccountOperationFail(userId, operation, code, "Failed to delete iam_fault file");
411 }
412 }
413
OnResult(int32_t result,const Attributes & extraInfo)414 void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
415 {
416 std::unique_lock<std::mutex> lock(mutex_);
417 ACCOUNT_LOGI("Add cred result, userId:%{public}d, authType:%{public}d, result:%{public}d.",
418 userId_, credInfo_.authType, result);
419 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
420 ACCOUNT_LOGE("innerCallback_ is nullptr");
421 isCalled_ = true;
422 return onResultCondition_.notify_one();
423 }
424 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
425 auto &innerIamMgr = InnerAccountIAMManager::GetInstance();
426 if ((result == 0) && (credInfo_.authType == AuthType::PIN)) {
427 innerIamMgr.SetState(userId_, AFTER_ADD_CRED);
428 uint64_t credentialId = 0;
429 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
430 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, credentialId);
431 uint64_t secureUid = 0;
432 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
433 std::vector<uint8_t> newSecret;
434 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
435 std::vector<uint8_t> token;
436 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
437 std::vector<uint8_t> oldSecret;
438 ErrCode code = AddUserKey(userId_, secureUid, token, oldSecret, newSecret);
439 std::fill(newSecret.begin(), newSecret.end(), 0);
440 std::fill(token.begin(), token.end(), 0);
441 std::fill(oldSecret.begin(), oldSecret.end(), 0);
442 if (code == ERR_OK) {
443 DeleteSecretFlag(userId_, "addCredential");
444 }
445 }
446 if (result != 0) {
447 ReportOsAccountOperationFail(userId_, "addCredential", result,
448 "Failed to add credential, type: " + std::to_string(credInfo_.authType));
449 if (credInfo_.authType == AuthType::PIN) {
450 DeleteSecretFlag(userId_, "addCredential");
451 }
452 } else {
453 ReportOsAccountLifeCycle(userId_,
454 std::string(Constants::OPERATION_ADD_CRED) + "_" + std::to_string(credInfo_.authType));
455 }
456 innerIamMgr.SetState(userId_, AFTER_OPEN_SESSION);
457 innerCallback_->OnResult(result, extraInfo.Serialize());
458 isCalled_ = true;
459 onResultCondition_.notify_one();
460 }
461
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)462 void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
463 {
464 if (innerCallback_ == nullptr) {
465 ACCOUNT_LOGE("innerCallback_ is nullptr");
466 return;
467 }
468 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo.Serialize());
469 }
470
UpdateCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)471 UpdateCredCallback::UpdateCredCallback(
472 uint32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
473 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
474 {}
475
~UpdateCredCallback()476 UpdateCredCallback::~UpdateCredCallback()
477 {
478 std::fill(credInfo_.token.begin(), credInfo_.token.end(), 0);
479 }
480
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)481 void UpdateCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
482 {
483 deathRecipient_ = deathRecipient;
484 }
485
DeleteCredential(uint32_t userId,uint64_t credentialId,const std::vector<uint8_t> & token)486 static void DeleteCredential(uint32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
487 {
488 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, token, nullptr);
489 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, token, idmCallback);
490 }
491
InnerOnResult(int32_t result,const Attributes & extraInfo)492 void UpdateCredCallback::InnerOnResult(int32_t result, const Attributes &extraInfo)
493 {
494 ACCOUNT_LOGI("UpdateCredCallback, userId=%{public}d, result=%{public}d.", userId_, result);
495 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
496 ACCOUNT_LOGE("inner callback is nullptr");
497 return;
498 }
499 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
500 auto &innerIamMgr = InnerAccountIAMManager::GetInstance();
501 if (result != 0) {
502 ReportOsAccountOperationFail(userId_, "updateCredential", result,
503 "Failed to update credential, type: " + std::to_string(credInfo_.authType));
504 } else {
505 ReportOsAccountLifeCycle(userId_,
506 std::string(Constants::OPERATION_UPDATE_CRED) + "_" + std::to_string(credInfo_.authType));
507 }
508 if ((result != 0) || (credInfo_.authType != AuthType::PIN)) {
509 ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
510 innerCallback_->OnResult(result, extraInfo.Serialize());
511 return;
512 }
513 innerIamMgr.SetState(userId_, AFTER_OPEN_SESSION);
514 UpdateCredInfo updateCredInfo(extraInfo);
515 ErrCode code = ERR_OK;
516 if (updateCredInfo.oldSecret.empty()) {
517 code = innerIamMgr.UpdateUserAuthWithRecoveryKey(credInfo_.token,
518 updateCredInfo.newSecret, updateCredInfo.secureUid, userId_);
519 } else {
520 code = innerIamMgr.UpdateStorageUserAuth(userId_, updateCredInfo.secureUid,
521 updateCredInfo.token, updateCredInfo.oldSecret, updateCredInfo.newSecret);
522 }
523 if (code != ERR_OK) {
524 DeleteCredential(userId_, updateCredInfo.credentialId, credInfo_.token);
525 ReportOsAccountOperationFail(userId_, "updateCredential", code,
526 updateCredInfo.oldSecret.empty() ? "Failed to update user auth with recovery key"
527 : "Failed to update user auth");
528 innerCallback_->OnResult(code, extraInfo.Serialize());
529 return;
530 }
531 uint64_t oldCredentialId = 0;
532 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_OLD_CREDENTIAL_ID, oldCredentialId);
533 auto idmCallback = std::make_shared<CommitCredUpdateCallback>(userId_, updateCredInfo, innerCallback_);
534 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
535 result = SetFirstCallerTokenID(selfToken);
536 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
537 UserIDMClient::GetInstance().DeleteCredential(userId_, oldCredentialId, credInfo_.token, idmCallback);
538 std::unique_lock<std::mutex> delLock(idmCallback->mutex_);
539 idmCallback->onResultCondition_.wait(delLock, [idmCallback] { return idmCallback->isCalled_; });
540 }
541
OnResult(int32_t result,const Attributes & extraInfo)542 void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
543 {
544 std::unique_lock<std::mutex> updateLock(mutex_);
545 InnerOnResult(result, extraInfo);
546 isCalled_ = true;
547 onResultCondition_.notify_one();
548 }
549
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)550 void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
551 {
552 if (innerCallback_ == nullptr) {
553 ACCOUNT_LOGE("innerCallback_ is nullptr");
554 return;
555 }
556 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo.Serialize());
557 }
558
VerifyTokenCallbackWrapper(uint32_t userId,const std::vector<uint8_t> & token,Security::AccessToken::AccessTokenID callerTokenId,const sptr<IIDMCallback> & callback)559 VerifyTokenCallbackWrapper::VerifyTokenCallbackWrapper(uint32_t userId, const std::vector<uint8_t> &token,
560 Security::AccessToken::AccessTokenID callerTokenId, const sptr<IIDMCallback> &callback)
561 : userId_(userId), token_(token), callerTokenId_(callerTokenId), innerCallback_(callback)
562 {}
563
~VerifyTokenCallbackWrapper()564 VerifyTokenCallbackWrapper::~VerifyTokenCallbackWrapper()
565 {
566 std::fill(token_.begin(), token_.end(), 0);
567 }
568
OnResult(int32_t result,const Attributes & extraInfo)569 void VerifyTokenCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
570 {
571 std::unique_lock<std::mutex> verifyLock(mutex_);
572 InnerOnResult(result, extraInfo);
573 isCalled_ = true;
574 onResultCondition_.notify_one();
575 }
576
InnerOnResult(int32_t result,const Attributes & extraInfo)577 void VerifyTokenCallbackWrapper::InnerOnResult(int32_t result, const Attributes &extraInfo)
578 {
579 ACCOUNT_LOGI("Verify token result = %{public}d, userId = %{public}d", result, userId_);
580 if (result != ERR_OK) {
581 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to verify token");
582 innerCallback_->OnResult(result, extraInfo.Serialize());
583 return;
584 }
585 uint64_t secureUid = 0;
586 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
587 std::vector<uint8_t> rootSecret;
588 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, rootSecret);
589 // add secret delete operation flag
590 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
591 Constants::PATH_SEPARATOR + Constants::USER_SECRET_FLAG_FILE_NAME;
592 auto accountFileOperator = std::make_shared<AccountFileOperator>();
593 ErrCode code = accountFileOperator->InputFileByPathAndContent(path, "");
594 if (code != ERR_OK) {
595 ReportOsAccountOperationFail(userId_, "deleteCredential", code, "Failed to write iam_fault file");
596 ACCOUNT_LOGE("Input file fail, path=%{public}s", path.c_str());
597 }
598 auto &innerIamMgr = InnerAccountIAMManager::GetInstance();
599 ErrCode errCode = innerIamMgr.UpdateStorageUserAuth(userId_, secureUid, token_, rootSecret, {});
600 std::fill(rootSecret.begin(), rootSecret.end(), 0);
601 if (errCode != ERR_OK) {
602 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update user auth");
603 DeleteSecretFlag(userId_, "deleteCredential");
604 Attributes emptyExtraInfo;
605 innerCallback_->OnResult(ResultCode::FAIL, emptyExtraInfo.Serialize());
606 return;
607 }
608 result = SetFirstCallerTokenID(callerTokenId_);
609 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
610 auto deleteUserCallback = std::make_shared<CommitDelCredCallback>(userId_, innerCallback_);
611 UserIDMClient::GetInstance().DeleteUser(userId_, token_, deleteUserCallback);
612 std::unique_lock<std::mutex> lock(deleteUserCallback->mutex_);
613 deleteUserCallback->onResultCondition_.wait(lock, [deleteUserCallback] { return deleteUserCallback->isCalled_; });
614 }
615
CommitDelCredCallback(uint32_t userId,const sptr<IIDMCallback> callback)616 CommitDelCredCallback::CommitDelCredCallback(uint32_t userId, const sptr<IIDMCallback> callback)
617 : userId_(userId), innerCallback_(callback)
618 {}
619
OnResult(int32_t result,const UserIam::UserAuth::Attributes & extraInfo)620 void CommitDelCredCallback::OnResult(int32_t result, const UserIam::UserAuth::Attributes &extraInfo)
621 {
622 std::unique_lock<std::mutex> lock(mutex_);
623 ACCOUNT_LOGI("Commit delete user result = %{public}d, userId = %{public}d", result, userId_);
624 isCalled_ = true;
625 if (result != ERR_OK) {
626 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete user's credential");
627 } else {
628 DeleteSecretFlag(userId_, "deleteCredential");
629 ReportOsAccountLifeCycle(userId_, std::string(Constants::OPERATION_DELETE_CRED) + "_0" + "_commit");
630 ErrCode errCode = InnerAccountIAMManager::GetInstance().UpdateStorageKeyContext(userId_);
631 if (errCode != ERR_OK) {
632 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update key context");
633 }
634 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0);
635 }
636 innerCallback_->OnResult(result, extraInfo.Serialize());
637 onResultCondition_.notify_one();
638 }
639
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const UserIam::UserAuth::Attributes & extraInfo)640 void CommitDelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo,
641 const UserIam::UserAuth::Attributes &extraInfo)
642 {
643 ACCOUNT_LOGI("IAM OnAcquireInfo callback! module %{public}d, acquire %{public}u.", module, acquireInfo);
644 }
645
CommitCredUpdateCallback(int32_t userId,const UpdateCredInfo & extraUpdateInfo,const sptr<IIDMCallback> & callback)646 CommitCredUpdateCallback::CommitCredUpdateCallback(int32_t userId,
647 const UpdateCredInfo &extraUpdateInfo, const sptr<IIDMCallback> &callback)
648 : userId_(userId), extraUpdateInfo_(extraUpdateInfo), innerCallback_(callback)
649 {}
650
InnerOnResult(int32_t result,const Attributes & extraInfo)651 void CommitCredUpdateCallback::InnerOnResult(int32_t result, const Attributes &extraInfo)
652 {
653 ACCOUNT_LOGI("CommitCredUpdateCallback, result=%{public}d.", result);
654 if (innerCallback_ == nullptr) {
655 ACCOUNT_LOGE("innerCallback_ is nullptr");
656 return;
657 }
658
659 auto &innerIamMgr = InnerAccountIAMManager::GetInstance();
660 if (result != 0) {
661 ACCOUNT_LOGE("CommitCredUpdateCallback fail code=%{public}d", result);
662 ReportOsAccountOperationFail(userId_, std::string(Constants::OPERATION_UPDATE_CRED) + "_commit",
663 result, "Failed to commit credential update");
664 innerCallback_->OnResult(result, extraInfo.Serialize());
665 innerIamMgr.SetState(userId_, AFTER_OPEN_SESSION);
666 return;
667 } else {
668 ReportOsAccountLifeCycle(userId_,
669 std::string(Constants::OPERATION_UPDATE_CRED) + "_" + std::to_string(AuthType::PIN) + "_commit");
670 }
671 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, extraUpdateInfo_.credentialId);
672 Attributes extraInfoResult;
673 extraInfoResult.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, extraUpdateInfo_.credentialId);
674 innerIamMgr.SetState(userId_, AFTER_UPDATE_CRED);
675 innerCallback_->OnResult(result, extraInfoResult.Serialize());
676 ErrCode updateRet = innerIamMgr.UpdateStorageKeyContext(userId_);
677 if (updateRet != ERR_OK) {
678 ReportOsAccountOperationFail(userId_, std::string(Constants::OPERATION_UPDATE_CRED) + "_commit",
679 updateRet, "Failed to update key context");
680 } else {
681 DeleteSecretFlag(userId_, std::string(Constants::OPERATION_UPDATE_CRED) + "_commit");
682 }
683 }
684
OnResult(int32_t result,const Attributes & extraInfo)685 void CommitCredUpdateCallback::OnResult(int32_t result, const Attributes &extraInfo)
686 {
687 std::unique_lock<std::mutex> lock(mutex_);
688 InnerOnResult(result, extraInfo);
689 isCalled_ = true;
690 onResultCondition_.notify_one();
691 }
692
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)693 void CommitCredUpdateCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
694 {
695 ACCOUNT_LOGE("CommitCredUpdateCallback OnAcquireInfo");
696 }
697
DelCredCallback(int32_t userId,bool isPIN,std::vector<uint8_t> token,const sptr<IIDMCallback> & callback)698 DelCredCallback::DelCredCallback(int32_t userId, bool isPIN, std::vector<uint8_t> token,
699 const sptr<IIDMCallback> &callback)
700 : userId_(userId), isPIN_(isPIN), token_(token), innerCallback_(callback)
701 {}
702
~DelCredCallback()703 DelCredCallback::~DelCredCallback()
704 {
705 std::fill(token_.begin(), token_.end(), 0);
706 }
707
OnResult(int32_t result,const Attributes & extraInfo)708 void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
709 {
710 ACCOUNT_LOGI("DelCredCallback, result=%{public}d, userId=%{public}d", result, userId_);
711 if (innerCallback_ == nullptr) {
712 ACCOUNT_LOGE("innerCallback_ is nullptr");
713 return;
714 }
715 auto &innerIamMgr = InnerAccountIAMManager::GetInstance();
716 if ((result == 0) && isPIN_) {
717 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0); // 0-invalid credentialId
718 std::vector<uint8_t> newSecret;
719 std::vector<uint8_t> oldSecret;
720 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
721 uint64_t secureUid = 0;
722 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
723 ErrCode updateRet = innerIamMgr.UpdateStorageUserAuth(userId_, secureUid, token_, oldSecret, newSecret);
724 std::fill(newSecret.begin(), newSecret.end(), 0);
725 std::fill(oldSecret.begin(), oldSecret.end(), 0);
726 if (updateRet != ERR_OK) {
727 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update user auth");
728 }
729 updateRet = innerIamMgr.UpdateStorageKeyContext(userId_);
730 if (updateRet != ERR_OK) {
731 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update key context");
732 }
733 }
734 if (result != 0) {
735 ACCOUNT_LOGE("DelCredCallback fail code=%{public}d, userId=%{public}d", result, userId_);
736 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete credential");
737 } else {
738 ReportOsAccountLifeCycle(userId_, std::string(Constants::OPERATION_DELETE_CRED));
739 }
740
741 innerIamMgr.SetState(userId_, AFTER_OPEN_SESSION);
742 innerCallback_->OnResult(result, extraInfo.Serialize());
743 }
744
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)745 void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
746 {
747 ACCOUNT_LOGI("DelCredCallback, userId=%{public}d", userId_);
748 if (innerCallback_ == nullptr) {
749 ACCOUNT_LOGE("innerCallback_ is nullptr");
750 return;
751 }
752 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo.Serialize());
753 }
754
GetCredInfoCallbackWrapper(int32_t userId,int32_t authType,const sptr<IGetCredInfoCallback> & callback)755 GetCredInfoCallbackWrapper::GetCredInfoCallbackWrapper(
756 int32_t userId, int32_t authType, const sptr<IGetCredInfoCallback> &callback)
757 : userId_(userId), authType_(authType), innerCallback_(callback)
758 {}
759
OnCredentialInfo(int32_t result,const std::vector<CredentialInfo> & infoList)760 void GetCredInfoCallbackWrapper::OnCredentialInfo(int32_t result, const std::vector<CredentialInfo> &infoList)
761 {
762 ACCOUNT_LOGI("Get credential info ret:%{public}d, userId:%{public}d, authType:%{public}d",
763 result, userId_, authType_);
764 if (innerCallback_ == nullptr) {
765 ACCOUNT_LOGE("InnerCallback_ is nullptr");
766 return;
767 }
768 if (result != 0) {
769 REPORT_OS_ACCOUNT_FAIL(userId_, "getCredentialInfo", result,
770 "Failed to get credential info, authType:" + std::to_string(authType_));
771 }
772 if (result == ERR_IAM_NOT_ENROLLED) {
773 result = 0;
774 }
775 if ((result == 0) && (authType_ == 0)) {
776 bool isAvailable = InnerAccountIAMManager::GetInstance().CheckDomainAuthAvailable(userId_);
777 if (isAvailable) {
778 ACCOUNT_LOGI("Domain auth is support");
779 std::vector<CredentialInfo> newInfoList = infoList;
780 CredentialInfo info;
781 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
782 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
783 newInfoList.emplace_back(info);
784 auto infoListIam = ConvertToCredentialInfoIamList(newInfoList);
785 innerCallback_->OnCredentialInfo(result, infoListIam);
786 return;
787 }
788 }
789 auto infoListIam = ConvertToCredentialInfoIamList(infoList);
790 innerCallback_->OnCredentialInfo(result, infoListIam);
791 }
792
GetCredentialInfoSyncCallback(int32_t userId)793 GetCredentialInfoSyncCallback::GetCredentialInfoSyncCallback(int32_t userId)
794 : userId_(userId)
795 {}
796
OnCredentialInfo(int32_t result,const std::vector<UserIam::UserAuth::CredentialInfo> & infoList)797 void GetCredentialInfoSyncCallback::OnCredentialInfo(int32_t result,
798 const std::vector<UserIam::UserAuth::CredentialInfo> &infoList)
799 {
800 ACCOUNT_LOGI("Get credential result:%{public}d, userId:%{public}d, infoListSize:%{public}zu",
801 result, userId_, infoList.size());
802 std::unique_lock<std::mutex> lock(secureMtx_);
803 result_ = result;
804 if (result == ERR_OK) {
805 for (auto &info : infoList) {
806 if ((info.authType == AuthType::PIN) && (!info.isAbandoned)) {
807 hasPIN_ = true;
808 break;
809 }
810 }
811 }
812 isCalled_ = true;
813 secureCv_.notify_all();
814 }
815
GetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)816 GetPropCallbackWrapper::GetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
817 : userId_(userId), innerCallback_(callback)
818 {}
819
OnResult(int32_t result,const Attributes & extraInfo)820 void GetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
821 {
822 ACCOUNT_LOGI("Get property, result:%{public}d, userId:%{public}d", result, userId_);
823 if (innerCallback_ == nullptr) {
824 ACCOUNT_LOGE("inner callback is nullptr");
825 return;
826 }
827 if (result != 0) {
828 ReportOsAccountOperationFail(userId_, "getProperty", result, "Failed to get property");
829 }
830 innerCallback_->OnResult(result, extraInfo.Serialize());
831 }
832
SetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)833 SetPropCallbackWrapper::SetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
834 : userId_(userId), innerCallback_(callback)
835 {}
836
OnResult(int32_t result,const Attributes & extraInfo)837 void SetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
838 {
839 ACCOUNT_LOGI("Set property, result:%{public}d, userId:%{public}d", result, userId_);
840 if (innerCallback_ == nullptr) {
841 ACCOUNT_LOGE("inner callback is nullptr");
842 return;
843 }
844 if (result != 0) {
845 ReportOsAccountOperationFail(userId_, "setProperty", result, "Failed to set property");
846 }
847 innerCallback_->OnResult(result, extraInfo.Serialize());
848 }
849
GetSecUserInfoCallbackWrapper(int32_t userId,AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)850 GetSecUserInfoCallbackWrapper::GetSecUserInfoCallbackWrapper(
851 int32_t userId, AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
852 : userId_(userId), authType_(authType), innerCallback_(callback)
853 {}
854
OnSecUserInfo(int32_t result,const SecUserInfo & info)855 void GetSecUserInfoCallbackWrapper::OnSecUserInfo(int32_t result, const SecUserInfo &info)
856 {
857 ACCOUNT_LOGI("Get sec user info, result:%{public}d, authType_:%{public}d", result, authType_);
858 static_cast<void>(result);
859 if (innerCallback_ == nullptr) {
860 ACCOUNT_LOGE("Inner callback is nullptr");
861 return;
862 }
863 if (result != 0) {
864 REPORT_OS_ACCOUNT_FAIL(userId_, "getEnrolledId", result,
865 "Failed to get sec user info, type = " + std::to_string(authType_));
866 }
867 auto it = std::find_if(info.enrolledInfo.begin(), info.enrolledInfo.end(), [this](const auto& item) {
868 return item.authType == authType_;
869 });
870 if (it != info.enrolledInfo.end()) {
871 innerCallback_->OnEnrolledId(ERR_OK, it->enrolledId);
872 } else {
873 innerCallback_->OnEnrolledId(ERR_IAM_NOT_ENROLLED, 0);
874 }
875 }
876
GetSecureUidCallback(int32_t userId)877 GetSecureUidCallback::GetSecureUidCallback(int32_t userId): userId_(userId)
878 {}
879
OnSecUserInfo(int32_t result,const SecUserInfo & info)880 void GetSecureUidCallback::OnSecUserInfo(int32_t result, const SecUserInfo &info)
881 {
882 static_cast<void>(result);
883 ACCOUNT_LOGI("SecUserInfo call back userId=%{public}d", userId_);
884 std::unique_lock<std::mutex> lck(secureMtx_);
885 this->secureUid_ = info.secureUid;
886 isCalled_ = true;
887 secureCv_.notify_all();
888 }
889
PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> & callback)890 PrepareRemoteAuthCallbackWrapper::PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> &callback)
891 : innerCallback_(callback)
892 {}
893
OnResult(int32_t result)894 void PrepareRemoteAuthCallbackWrapper::OnResult(int32_t result)
895 {
896 ACCOUNT_LOGI("Prepare remote auth, result:%{public}d.", result);
897 if (innerCallback_ == nullptr) {
898 ACCOUNT_LOGE("Inner callback is nullptr.");
899 return;
900 }
901 if (result != 0) {
902 ACCOUNT_LOGE("PrepareRemoteAuth, result=%{public}d fail to prepare remote auth.", result);
903 REPORT_OS_ACCOUNT_FAIL(0, "prepareRemoteAuth", result, "Failed to prepare remote auth");
904 }
905 innerCallback_->OnResult(result);
906 }
907
908 #ifdef SUPPORT_DOMAIN_ACCOUNTS
GetDomainAuthStatusInfoCallback(const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)909 GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback(
910 const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
911 : request_(request), innerCallback_(callback)
912 {}
913
OnResult(int32_t result,Parcel & parcel)914 void GetDomainAuthStatusInfoCallback::OnResult(int32_t result, Parcel &parcel)
915 {
916 ACCOUNT_LOGI("Get domain auth status info, result=%{public}d.", result);
917 if (innerCallback_ == nullptr) {
918 ACCOUNT_LOGE("inner callback is nullptr");
919 return;
920 }
921 Attributes attributes;
922 std::shared_ptr<AuthStatusInfo> infoPtr(AuthStatusInfo::Unmarshalling(parcel));
923 if (infoPtr == nullptr) {
924 ACCOUNT_LOGE("Unmarshalling parcel to auth status info failed.");
925 innerCallback_->OnResult(ERR_ACCOUNT_COMMON_READ_PARCEL_ERROR, attributes.Serialize());
926 return;
927 }
928 attributes.SetInt32Value(Attributes::ATTR_PIN_SUB_TYPE, static_cast<int32_t>(IAMAuthSubType::DOMAIN_MIXED));
929 attributes.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, infoPtr->remainingTimes);
930 attributes.SetInt32Value(Attributes::ATTR_FREEZING_TIME, infoPtr->freezingTime);
931 innerCallback_->OnResult(result, attributes.Serialize());
932 }
933 #endif // SUPPORT_DOMAIN_ACCOUNTS
934 } // namespace AccountSA
935 } // namespace OHOS
936