1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "authentication_impl.h"
16
17 #include "iam_hitrace_helper.h"
18 #include "iam_logger.h"
19 #include "schedule_node_helper.h"
20
21 #define LOG_TAG "USER_AUTH_SA"
22 namespace OHOS {
23 namespace UserIam {
24 namespace UserAuth {
AuthenticationImpl(uint64_t contextId,const AuthenticationPara & authPara)25 AuthenticationImpl::AuthenticationImpl(uint64_t contextId, const AuthenticationPara &authPara)
26 : contextId_(contextId), authPara_(authPara)
27 {
28 }
29
~AuthenticationImpl()30 AuthenticationImpl::~AuthenticationImpl()
31 {
32 Cancel();
33 }
34
SetLatestError(int32_t error)35 void AuthenticationImpl::SetLatestError(int32_t error)
36 {
37 if (error != ResultCode::SUCCESS) {
38 latestError_ = error;
39 }
40 }
41
GetLatestError() const42 int32_t AuthenticationImpl::GetLatestError() const
43 {
44 return latestError_;
45 }
46
SetExecutor(uint32_t executorIndex)47 void AuthenticationImpl::SetExecutor(uint32_t executorIndex)
48 {
49 executorIndex_ = executorIndex;
50 }
51
SetChallenge(const std::vector<uint8_t> & challenge)52 void AuthenticationImpl::SetChallenge(const std::vector<uint8_t> &challenge)
53 {
54 challenge_ = challenge;
55 }
56
SetAccessTokenId(uint32_t tokenId)57 void AuthenticationImpl::SetAccessTokenId(uint32_t tokenId)
58 {
59 tokenId_ = tokenId;
60 }
61
SetEndAfterFirstFail(bool endAfterFirstFail)62 void AuthenticationImpl::SetEndAfterFirstFail(bool endAfterFirstFail)
63 {
64 endAfterFirstFail_ = endAfterFirstFail;
65 }
66
SetCollectorUdid(std::string & collectorUdid)67 void AuthenticationImpl::SetCollectorUdid(std::string &collectorUdid)
68 {
69 collectorUdid_ = collectorUdid;
70 }
71
GetAccessTokenId() const72 uint32_t AuthenticationImpl::GetAccessTokenId() const
73 {
74 return tokenId_;
75 }
76
GetUserId() const77 int32_t AuthenticationImpl::GetUserId() const
78 {
79 return authPara_.userId;
80 }
81
GetAuthType() const82 int32_t AuthenticationImpl::GetAuthType() const
83 {
84 return authPara_.authType;
85 }
86
GetAuthExecutorMsgs() const87 std::vector<Authentication::AuthExecutorMsg> AuthenticationImpl::GetAuthExecutorMsgs() const
88 {
89 return authExecutorMsgs_;
90 }
91
GetAuthParam(HdiAuthParam & param)92 bool AuthenticationImpl::GetAuthParam(HdiAuthParam ¶m)
93 {
94 HdiCallerType callerType = ConvertATokenTypeToCallerType(authPara_.callerType);
95 if (callerType == HDI_CALLER_TYPE_INVALID) {
96 IAM_LOGE("ConvertATokenTypeToCallerType failed, ATokenType:%{public}d", authPara_.callerType);
97 return false;
98 }
99 param = {
100 .baseParam = {
101 .userId = authPara_.userId,
102 .authTrustLevel = authPara_.atl,
103 .executorSensorHint = executorSensorHint_,
104 .challenge = challenge_,
105 .callerName = authPara_.callerName,
106 .callerType = callerType,
107 .apiVersion = authPara_.sdkVersion,
108 },
109 .authType = authPara_.authType,
110 .authIntent = authPara_.authIntent,
111 .isOsAccountVerified = authPara_.isOsAccountVerified,
112 .collectorUdid = collectorUdid_,
113 };
114 return true;
115 }
116
Start(std::vector<std::shared_ptr<ScheduleNode>> & scheduleList,std::shared_ptr<ScheduleNodeCallback> callback)117 bool AuthenticationImpl::Start(std::vector<std::shared_ptr<ScheduleNode>> &scheduleList,
118 std::shared_ptr<ScheduleNodeCallback> callback)
119 {
120 IAM_LOGI("UserId:%{public}d AuthType:%{public}d ATL:%{public}u authIntent:%{public}d",
121 authPara_.userId, authPara_.authType, authPara_.atl, authPara_.authIntent);
122 auto hdi = HdiWrapper::GetHdiInstance();
123 if (!hdi) {
124 IAM_LOGE("bad hdi");
125 return false;
126 }
127 HdiAuthParam param = {};
128 if (!GetAuthParam(param)) {
129 IAM_LOGE("GetAuthParam failed");
130 return false;
131 }
132
133 std::vector<HdiScheduleInfo> infos;
134 IamHitraceHelper traceHelper("hdi BeginAuthentication");
135 auto result = hdi->BeginAuthentication(contextId_, param, infos);
136 if (result != HDF_SUCCESS) {
137 IAM_LOGE("hdi BeginAuthentication failed, err is %{public}d", result);
138 SetLatestError(result);
139 return false;
140 }
141 if (infos.empty()) {
142 IAM_LOGE("hdi BeginAuthentication failed, infos is empty");
143 return false;
144 }
145
146 ScheduleNodeHelper::NodeOptionalPara para;
147 para.tokenId = tokenId_;
148 para.endAfterFirstFail = endAfterFirstFail_;
149 para.collectorTokenId = authPara_.collectorTokenId;
150 para.authIntent = authPara_.authIntent;
151 para.userId = authPara_.userId;
152
153 if (!ScheduleNodeHelper::BuildFromHdi(infos, callback, scheduleList, para)) {
154 IAM_LOGE("BuildFromHdi failed");
155 return false;
156 }
157
158 running_ = true;
159 return true;
160 }
161
Update(const std::vector<uint8_t> & scheduleResult,AuthResultInfo & resultInfo)162 bool AuthenticationImpl::Update(const std::vector<uint8_t> &scheduleResult, AuthResultInfo &resultInfo)
163 {
164 auto hdi = HdiWrapper::GetHdiInstance();
165 if (!hdi) {
166 IAM_LOGE("bad hdi");
167 return false;
168 }
169
170 HdiAuthResultInfo info;
171 HdiEnrolledState enrolledState;
172 auto result = hdi->UpdateAuthenticationResult(contextId_, scheduleResult, info, enrolledState);
173 if (result != HDF_SUCCESS) {
174 IAM_LOGE("hdi UpdateAuthenticationResult failed, err is %{public}d", result);
175 SetLatestError(result);
176 }
177
178 for (auto &[executorIndex, commandId, msg] : info.msgs) {
179 Authentication::AuthExecutorMsg authExecutorMsg = {executorIndex, commandId, msg};
180 authExecutorMsgs_.emplace_back(authExecutorMsg);
181 }
182
183 resultInfo.result = static_cast<decltype(resultInfo.result)>(info.result);
184 resultInfo.freezingTime = info.lockoutDuration;
185 resultInfo.remainTimes = info.remainAttempts;
186 resultInfo.token = info.token;
187 resultInfo.rootSecret = info.rootSecret;
188 resultInfo.pinExpiredInfo = info.pinExpiredInfo;
189 resultInfo.credentialDigest = enrolledState.credentialDigest;
190 resultInfo.credentialCount = enrolledState.credentialCount;
191 resultInfo.sdkVersion = authPara_.sdkVersion;
192 resultInfo.userId = info.userId;
193 resultInfo.remoteAuthResultMsg = info.remoteAuthResultMsg;
194 resultInfo.credentialId = info.credentialId;
195 resultInfo.reEnrollFlag = info.reEnrollFlag;
196
197 if (resultInfo.result != SUCCESS) {
198 SetLatestError(resultInfo.result);
199 }
200
201 return result == HDF_SUCCESS && resultInfo.result == SUCCESS;
202 }
203
Cancel()204 bool AuthenticationImpl::Cancel()
205 {
206 if (!running_) {
207 return false;
208 }
209 running_ = false;
210
211 auto hdi = HdiWrapper::GetHdiInstance();
212 if (!hdi) {
213 IAM_LOGE("bad hdi");
214 return false;
215 }
216
217 auto result = hdi->CancelAuthentication(contextId_);
218 if (result != HDF_SUCCESS) {
219 IAM_LOGE("hdi CancelAuthentication failed, err is %{public}d", result);
220 SetLatestError(result);
221 return false;
222 }
223 return true;
224 }
225 } // namespace UserAuth
226 } // namespace UserIam
227 } // namespace OHOS