1 /*
2 * Copyright (C) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "identity_service_impl.h"
17
18 #include "alg_defs.h"
19 #include "alg_loader.h"
20 #include "clib_error.h"
21 #include "common_defs.h"
22 #include "credential_data_manager.h"
23 #include "device_auth.h"
24 #include "device_auth_defines.h"
25 #include "hal_error.h"
26 #include "hc_log.h"
27
28 #include "identity_operation.h"
29 #include "identity_service_defines.h"
30 #include "permission_adapter.h"
31
AddCredentialImplInner(int32_t osAccountId,CJson * reqJson,Credential * credential,char ** returnData)32 static int32_t AddCredentialImplInner(int32_t osAccountId, CJson *reqJson, Credential *credential,
33 char **returnData)
34 {
35 uint8_t method = DEFAULT_VAL;
36 Uint8Buff keyValue = { NULL, 0 };
37 int32_t ret = CheckAndSetCredInfo(osAccountId, credential, reqJson, &method, &keyValue);
38 if (ret != IS_SUCCESS) {
39 return ret;
40 }
41 Uint8Buff credIdByte = { NULL, 0 };
42 if ((ret = GenerateCredId(osAccountId, credential, &credIdByte)) != IS_SUCCESS) {
43 HcFree(keyValue.val);
44 return ret;
45 }
46 if ((ret = AddKeyValueToHuks(osAccountId, &credIdByte, credential, method, &keyValue)) != IS_SUCCESS) {
47 HcFree(keyValue.val);
48 HcFree(credIdByte.val);
49 return ret;
50 }
51 HcFree(keyValue.val);
52 if ((ret = AddCredAndSaveDb(osAccountId, credential)) != IS_SUCCESS) {
53 if (GetLoaderInstance()->deleteKey(&credIdByte, false, osAccountId) != IS_SUCCESS) {
54 LOGE("Failed to delete key from HUKS");
55 }
56 HcFree(credIdByte.val);
57 return ret;
58 }
59 HcFree(credIdByte.val);
60 if (DeepCopyString(StringGet(&credential->credId), returnData) != EOK) {
61 LOGE("Failed to return credId");
62 return IS_ERR_MEMORY_COPY;
63 }
64 return IS_SUCCESS;
65 }
66
AddCredentialImpl(int32_t osAccountId,const char * requestParams,char ** returnData)67 int32_t AddCredentialImpl(int32_t osAccountId, const char *requestParams, char **returnData)
68 {
69 CJson *reqJson = CreateJsonFromString(requestParams);
70 if (reqJson == NULL) {
71 LOGE("Failed to create reqJson from string!");
72 return IS_ERR_JSON_CREATE;
73 }
74 Credential *credential = CreateCredential();
75 if (credential == NULL) {
76 LOGE("Failed to malloc Credential");
77 FreeJson(reqJson);
78 return IS_ERR_ALLOC_MEMORY;
79 }
80 int32_t ret = AddCredentialImplInner(osAccountId, reqJson, credential, returnData);
81 FreeJson(reqJson);
82 DestroyCredential(credential);
83 return ret;
84 }
85
ExportCredentialImpl(int32_t osAccountId,const char * credId,char ** returnData)86 int32_t ExportCredentialImpl(int32_t osAccountId, const char *credId, char **returnData)
87 {
88 Credential *credential = NULL;
89 int32_t ret = GetCredentialById(osAccountId, credId, &credential);
90 if (ret != IS_SUCCESS) {
91 return ret;
92 }
93 ret = CheckOwnerUidPermission(credential);
94 DestroyCredential(credential);
95 if (ret != IS_SUCCESS) {
96 return ret;
97 }
98 Uint8Buff credIdByte = { NULL, 0 };
99
100 ret = GetValidKeyAlias(osAccountId, credId, &credIdByte);
101 if (ret == HAL_ERR_KEY_NOT_EXIST) {
102 LOGE("Huks key not exist!");
103 DelCredById(osAccountId, credId);
104 return IS_ERR_HUKS_KEY_NOT_EXIST;
105 }
106 if (ret == HAL_ERR_HUKS) {
107 LOGE("Huks check key exist failed");
108 return IS_ERR_HUKS_CHECK_KEY_EXIST_FAILED;
109 }
110 if (ret != IS_SUCCESS) {
111 LOGE("Failed to check key exist in HUKS");
112 return ret;
113 }
114
115 KeyParams keyParams = { { credIdByte.val, credIdByte.length, true }, false, osAccountId };
116 uint8_t pubKeyVal[KEY_VALUE_MAX_LENGTH] = { 0 };
117 Uint8Buff keyValue = { pubKeyVal, KEY_VALUE_MAX_LENGTH };
118 ret = GetLoaderInstance()->exportPublicKey(&keyParams, &keyValue);
119 HcFree(credIdByte.val);
120 if (ret == HAL_ERR_HUKS) {
121 LOGE("Huks export key failed!");
122 return IS_ERR_HUKS_EXPORT_KEY_FAILED;
123 }
124 if (ret != IS_SUCCESS) {
125 LOGE("Failed to export key");
126 return ret;
127 }
128
129 ret = AddKeyValueToReturn(keyValue, returnData);
130 if (ret != IS_SUCCESS) {
131 return ret;
132 }
133 return IS_SUCCESS;
134 }
135
QueryCredentialByParamsImpl(int32_t osAccountId,const char * requestParams,char ** returnData)136 int32_t QueryCredentialByParamsImpl(int32_t osAccountId, const char *requestParams, char **returnData)
137 {
138 CJson *reqJson = CreateJsonFromString(requestParams);
139 if (reqJson == NULL) {
140 LOGE("Failed to create reqJson from string!");
141 return IS_ERR_JSON_CREATE;
142 }
143
144 QueryCredentialParams queryParams = InitQueryCredentialParams();
145 SetQueryParamsFromJson(&queryParams, reqJson);
146 if (CheckInterfacePermission(CRED_PRIVILEGE_PERMISSION) != HC_SUCCESS) {
147 LOGI("no privilege permission, need to check ownerUid.");
148 queryParams.ownerUid = GetCallingUid();
149 }
150
151 CredentialVec credentialVec = CreateCredentialVec();
152 int32_t ret = QueryCredentials(osAccountId, &queryParams, &credentialVec);
153 if (ret != IS_SUCCESS) {
154 LOGE("Failed to query credentials");
155 FreeJson(reqJson);
156 ClearCredentialVec(&credentialVec);
157 return ret;
158 }
159 if (credentialVec.size(&credentialVec) == 0) {
160 LOGW("No credential found");
161 FreeJson(reqJson);
162 ClearCredentialVec(&credentialVec);
163 return GenerateReturnEmptyArrayStr(returnData);
164 }
165
166 CJson *credIdJson = CreateJsonArray();
167 if (credIdJson == NULL) {
168 LOGE("Failed to create credIdJson object");
169 FreeJson(reqJson);
170 ClearCredentialVec(&credentialVec);
171 return IS_ERR_JSON_CREATE;
172 }
173
174 ret = GetCredIdsFromCredVec(osAccountId, reqJson, &credentialVec, credIdJson);
175 FreeJson(reqJson);
176 ClearCredentialVec(&credentialVec);
177 if (ret != IS_SUCCESS) {
178 FreeJson(credIdJson);
179 return ret;
180 }
181
182 *returnData = PackJsonToString(credIdJson);
183 FreeJson(credIdJson);
184 if (*returnData == NULL) {
185 LOGE("Failed to pack json to string");
186 return IS_ERR_PACKAGE_JSON_TO_STRING_FAIL;
187 }
188
189 return IS_SUCCESS;
190 }
191
CheckQueryPermission(Credential * credential,int32_t uid)192 static int32_t CheckQueryPermission(Credential *credential, int32_t uid)
193 {
194 if (uid == DEV_AUTH_UID) {
195 return IS_SUCCESS;
196 }
197 if (CheckInterfacePermission(CRED_PRIVILEGE_PERMISSION) == IS_SUCCESS) {
198 return IS_SUCCESS;
199 }
200 int32_t ret = CheckOwnerUidPermission(credential);
201 if (ret != IS_SUCCESS) {
202 LOGE("don't have privilege or owner uid permission to query cred info");
203 return ret;
204 }
205 return IS_SUCCESS;
206 }
207
CheckDeletePermission(Credential * credential)208 static int32_t CheckDeletePermission(Credential *credential)
209 {
210 if (CheckInterfacePermission(CRED_PRIVILEGE_PERMISSION) == IS_SUCCESS) {
211 LOGI("delete credential with privilege permission!");
212 return IS_SUCCESS;
213 }
214 return CheckOwnerUidPermission(credential);
215 }
216
QueryCredInfoByCredIdImpl(int32_t osAccountId,int32_t uid,const char * credId,char ** returnData)217 int32_t QueryCredInfoByCredIdImpl(int32_t osAccountId, int32_t uid, const char *credId, char **returnData)
218 {
219 Credential *credential = NULL;
220 int32_t ret = GetCredentialById(osAccountId, credId, &credential);
221 if (ret != IS_SUCCESS) {
222 LOGE("Failed to get credential by credId, ret = %" LOG_PUB "d", ret);
223 return ret;
224 }
225 ret = CheckQueryPermission(credential, uid);
226 if (ret != IS_SUCCESS) {
227 DestroyCredential(credential);
228 return ret;
229 }
230 CJson *credInfoJson = CreateJson();
231 if (credInfoJson == NULL) {
232 LOGE("Failed to create credInfoJson object");
233 DestroyCredential(credential);
234 return IS_ERR_JSON_CREATE;
235 }
236
237 ret = GenerateReturnCredInfo(credential, credInfoJson);
238 DestroyCredential(credential);
239 if (ret != IS_SUCCESS) {
240 LOGE("Failed to generate return credential info");
241 FreeJson(credInfoJson);
242 return ret;
243 }
244
245 *returnData = PackJsonToString(credInfoJson);
246 FreeJson(credInfoJson);
247 if (*returnData == NULL) {
248 LOGE("Failed to pack json to string");
249 return IS_ERR_PACKAGE_JSON_TO_STRING_FAIL;
250 }
251
252 return IS_SUCCESS;
253 }
254
DeleteCredentialImpl(int32_t osAccountId,const char * credId)255 int32_t DeleteCredentialImpl(int32_t osAccountId, const char *credId)
256 {
257 Credential *credential = NULL;
258 int32_t ret = GetCredentialById(osAccountId, credId, &credential);
259 if (ret != IS_SUCCESS) {
260 LOGE("Failed to get credential by credId, ret = %" LOG_PUB "d", ret);
261 return ret;
262 }
263 ret = CheckDeletePermission(credential);
264 int32_t credentialUid = credential->ownerUid;
265 DestroyCredential(credential);
266 if (ret != IS_SUCCESS) {
267 return ret;
268 }
269
270 uint32_t credIdByteLen = HcStrlen(credId) / BYTE_TO_HEX_OPER_LENGTH;
271 Uint8Buff credIdByte = { NULL, credIdByteLen };
272 credIdByte.val = (uint8_t *)HcMalloc(credIdByteLen, 0);
273 if (credIdByte.val == NULL) {
274 LOGE("Failed to malloc credIdByte");
275 return IS_ERR_ALLOC_MEMORY;
276 }
277
278 ret = HexStringToByte(credId, credIdByte.val, credIdByte.length);
279 if (ret != IS_SUCCESS) {
280 LOGE("Failed to convert credId to byte, invalid credId, ret: %" LOG_PUB "d", ret);
281 HcFree(credIdByte.val);
282 return IS_ERR_INVALID_HEX_STRING;
283 }
284
285 if (credentialUid != DEV_AUTH_UID) {
286 ret = GetLoaderInstance()->deleteKey(&credIdByte, false, osAccountId);
287 }
288 HcFree(credIdByte.val);
289 if (ret == HAL_ERR_HUKS) {
290 LOGW("Huks delete key failed, error: %" LOG_PUB "d, continue to delete local cred", IS_ERR_HUKS_DELETE_FAILED);
291 }
292
293 ret = DelCredById(osAccountId, credId);
294 if (ret != IS_SUCCESS) {
295 LOGE("Failed to delete local credential");
296 return ret;
297 }
298 LOGI("Delete credential success");
299 return IS_SUCCESS;
300 }
301
DelCredsWithHash(int32_t osAccountId,CJson * reqJson,CredentialVec * credentialVec,CJson * credIdJson)302 static int32_t DelCredsWithHash(int32_t osAccountId, CJson *reqJson, CredentialVec *credentialVec, CJson *credIdJson)
303 {
304 Credential **ptr;
305 uint32_t index;
306 int32_t ret = IS_SUCCESS;
307 FOR_EACH_HC_VECTOR(*credentialVec, index, ptr) {
308 if (*ptr == NULL) {
309 continue;
310 }
311 Credential *credential = (Credential *)(*ptr);
312 const char *credId = StringGet(&credential->credId);
313 if (credId == NULL) {
314 LOGE("Failed to get credId");
315 continue;
316 }
317
318 if (!IsCredHashMatch(credential, reqJson)) {
319 continue;
320 }
321
322 ret = AddStringToArray(credIdJson, credId);
323 if (ret != IS_SUCCESS) {
324 LOGE("Failed to add credId to json");
325 return IS_ERR_JSON_ADD;
326 }
327 ret = DeleteCredentialImpl(osAccountId, credId);
328 }
329 return ret;
330 }
331
DeleteCredByParamsImpl(int32_t osAccountId,const char * requestParams,char ** returnData)332 int32_t DeleteCredByParamsImpl(int32_t osAccountId, const char *requestParams, char **returnData)
333 {
334 CJson *reqJson = CreateJsonFromString(requestParams);
335 if (reqJson == NULL) {
336 LOGE("Failed to create reqJson from string!");
337 return IS_ERR_JSON_CREATE;
338 }
339 QueryCredentialParams delParams = InitQueryCredentialParams();
340 SetQueryParamsFromJson(&delParams, reqJson);
341 delParams.ownerUid = GetCallingUid();
342
343 CredentialVec credentialVec = CreateCredentialVec();
344 int32_t ret = QueryCredentials(osAccountId, &delParams, &credentialVec);
345 if (ret != IS_SUCCESS) {
346 LOGE("Failed to query credentials");
347 FreeJson(reqJson);
348 ClearCredentialVec(&credentialVec);
349 return ret;
350 }
351 CJson *credIdJson = CreateJsonArray();
352 if (credIdJson == NULL) {
353 LOGE("Failed to create credIdJson");
354 FreeJson(reqJson);
355 ClearCredentialVec(&credentialVec);
356 return IS_ERR_JSON_CREATE;
357 }
358 ret = DelCredsWithHash(osAccountId, reqJson, &credentialVec, credIdJson);
359 FreeJson(reqJson);
360 ClearCredentialVec(&credentialVec);
361 if (ret != IS_SUCCESS) {
362 LOGE("Failed to get and delete credential in vec");
363 FreeJson(credIdJson);
364 return ret;
365 }
366 *returnData = PackJsonToString(credIdJson);
367 FreeJson(credIdJson);
368 if (*returnData == NULL) {
369 LOGE("Failed to pack json to string");
370 return IS_ERR_PACKAGE_JSON_TO_STRING_FAIL;
371 }
372 return ret;
373 }
374
UpdateCredInfoImpl(int32_t osAccountId,const char * credId,const char * requestParams)375 int32_t UpdateCredInfoImpl(int32_t osAccountId, const char *credId, const char *requestParams)
376 {
377 Credential *credential = NULL;
378 int32_t ret = GetCredentialById(osAccountId, credId, &credential);
379 if (ret != IS_SUCCESS) {
380 LOGE("Failed to get credential by credId, ret: %" LOG_PUB "d", ret);
381 return ret;
382 }
383
384 ret = CheckOwnerUidPermission(credential);
385 if (ret != IS_SUCCESS) {
386 DestroyCredential(credential);
387 return ret;
388 }
389
390 CJson *reqJson = CreateJsonFromString(requestParams);
391 if (reqJson == NULL) {
392 LOGE("Failed to create reqJson from string!");
393 DestroyCredential(credential);
394 return IS_ERR_JSON_CREATE;
395 }
396 ret = UpdateInfoFromJson(credential, reqJson);
397 FreeJson(reqJson);
398 if (ret != IS_SUCCESS) {
399 LOGE("Failed to set update info");
400 DestroyCredential(credential);
401 return ret;
402 }
403
404 ret = AddCredAndSaveDb(osAccountId, credential);
405 DestroyCredential(credential);
406 if (ret != IS_SUCCESS) {
407 LOGE("Failed to add credential to db");
408 return ret;
409 }
410
411 return IS_SUCCESS;
412 }
413
AddUpdateCred(int32_t osAccountId,CJson * baseInfoJson,QueryCredentialParams * queryParams)414 static int32_t AddUpdateCred(int32_t osAccountId, CJson *baseInfoJson, QueryCredentialParams *queryParams)
415 {
416 int32_t ret = AddUpdateInfoToJson(queryParams, baseInfoJson);
417 if (ret != IS_SUCCESS) {
418 LOGE("Failed to add update info to json");
419 return ret;
420 }
421 char *addCredReq = PackJsonToString(baseInfoJson);
422 if (addCredReq == NULL) {
423 LOGE("Failed to pack baseInfoJson to addCredReq");
424 return IS_ERR_PACKAGE_JSON_TO_STRING_FAIL;
425 }
426 char *addRetStr = NULL;
427 ret = AddCredentialImpl(osAccountId, addCredReq, &addRetStr);
428 FreeJsonString(addCredReq);
429 HcFree(addRetStr);
430 return ret;
431 }
432
DelCredInVec(int32_t osAccountId,CredentialVec * credVec)433 static int32_t DelCredInVec(int32_t osAccountId, CredentialVec *credVec)
434 {
435 uint32_t index;
436 Credential **ptr;
437 int32_t ret = IS_SUCCESS;
438 FOR_EACH_HC_VECTOR(*credVec, index, ptr) {
439 if (*ptr == NULL) {
440 continue;
441 }
442 Credential *credential = (Credential *)(*ptr);
443 const char *credId = StringGet(&credential->credId);
444 if (credId == NULL) {
445 continue;
446 }
447 ret = DeleteCredentialImpl(osAccountId, credId);
448 if (ret != IS_SUCCESS) {
449 LOGE("Failed to delete credential, ret = %" LOG_PUB "d", ret);
450 return ret;
451 }
452 }
453 return IS_SUCCESS;
454 }
455
ProcessAbnormalCreds(int32_t osAccountId,CJson * baseInfoJson,QueryCredentialParams * queryParams)456 static int32_t ProcessAbnormalCreds(int32_t osAccountId, CJson *baseInfoJson, QueryCredentialParams *queryParams)
457 {
458 int32_t ret = DelCredential(osAccountId, queryParams);
459 if (ret != IS_SUCCESS) {
460 LOGE("Failed to delete abnormal credentials, ret = %" LOG_PUB "d", ret);
461 return ret;
462 }
463 return AddUpdateCred(osAccountId, baseInfoJson, queryParams);
464 }
465
HandleUpdateCredsBySize(int32_t osAccountId,CJson * baseInfoJson,QueryCredentialParams * queryParams,CredentialVec * updateCredVec,CredentialVec * selfCredVec)466 static int32_t HandleUpdateCredsBySize(int32_t osAccountId, CJson *baseInfoJson,
467 QueryCredentialParams *queryParams, CredentialVec *updateCredVec, CredentialVec *selfCredVec)
468 {
469 int32_t ret = IS_ERROR;
470 uint32_t updateMatchSize = updateCredVec->size(updateCredVec);
471 switch (updateMatchSize) {
472 case UPDATE_MATCHED_NUM_ZERO:
473 ret = AddUpdateCred(osAccountId, baseInfoJson, queryParams); // == 0 need add
474 break;
475 case UPDATE_MATCHED_NUM_ONE:
476 ret = EraseUpdateCredIdInSelfVec(updateCredVec, selfCredVec); // update info exists in self vec
477 break;
478 default:
479 ret = ProcessAbnormalCreds(osAccountId, baseInfoJson, queryParams); // > 1 need del old
480 break;
481 }
482 return ret;
483 }
484
ProcessUpdateInfo(int32_t osAccountId,CJson * updateInfoList,CJson * baseInfoJson,QueryCredentialParams * queryParams,CredentialVec * selfCredVec)485 static int32_t ProcessUpdateInfo(int32_t osAccountId, CJson *updateInfoList,
486 CJson *baseInfoJson, QueryCredentialParams *queryParams, CredentialVec *selfCredVec)
487 {
488 int32_t ret = IS_SUCCESS;
489 int32_t updateInfoNum = GetItemNum(updateInfoList);
490 for (int32_t i = 0; i < updateInfoNum; i++) {
491 CJson *item = GetItemFromArray(updateInfoList, i); // shallow copy
492 if (item == NULL) {
493 LOGE("updateInfoList item is NULL");
494 return IS_ERR_JSON_GET;
495 }
496 CredentialVec updateCredVec = CreateCredentialVec();
497 ret = GetUpdateCredVec(osAccountId, item, queryParams, &updateCredVec);
498 if (ret != IS_SUCCESS) {
499 ClearCredentialVec(&updateCredVec);
500 return ret;
501 }
502 ret = HandleUpdateCredsBySize(osAccountId, baseInfoJson, queryParams, &updateCredVec, selfCredVec);
503 ClearCredentialVec(&updateCredVec);
504 if (ret != IS_SUCCESS) {
505 return ret;
506 }
507 }
508 return ret;
509 }
510
GetCurrentCredIds(int32_t osAccountId,CJson * baseInfoJson,char ** returnData)511 static int32_t GetCurrentCredIds(int32_t osAccountId, CJson *baseInfoJson, char **returnData)
512 {
513 char *queryStr = NULL;
514 int32_t ret = GetQueryJsonStr(baseInfoJson, &queryStr);
515 if (ret != IS_SUCCESS) {
516 return ret;
517 }
518 ret = QueryCredentialByParamsImpl(osAccountId, queryStr, returnData);
519 FreeJsonString(queryStr);
520 return ret;
521 }
522
BatchUpdateCredsImplInner(int32_t osAccountId,CJson * baseInfoJson,CJson * updateInfoList,char ** returnData)523 static int32_t BatchUpdateCredsImplInner(int32_t osAccountId,
524 CJson *baseInfoJson, CJson *updateInfoList, char **returnData)
525 {
526 QueryCredentialParams queryParams = InitQueryCredentialParams();
527 int32_t ret = SetRequiredParamsFromJson(&queryParams, baseInfoJson);
528 if (ret != IS_SUCCESS) {
529 return ret;
530 }
531 queryParams.ownerUid = GetCallingUid();
532
533 CredentialVec selfCredVec = CreateCredentialVec();
534 ret = QueryCredentials(osAccountId, &queryParams, &selfCredVec);
535 if (ret != IS_SUCCESS) {
536 ClearCredentialVec(&selfCredVec);
537 return ret;
538 }
539
540 ret = ProcessUpdateInfo(osAccountId, updateInfoList, baseInfoJson, &queryParams, &selfCredVec);
541 if (ret != IS_SUCCESS) {
542 ClearCredentialVec(&selfCredVec);
543 return ret;
544 }
545
546 ret = DelCredInVec(osAccountId, &selfCredVec);
547 ClearCredentialVec(&selfCredVec);
548 if (ret != IS_SUCCESS) {
549 return ret;
550 }
551 return GetCurrentCredIds(osAccountId, baseInfoJson, returnData);
552 }
553
BatchUpdateCredsImpl(int32_t osAccountId,const char * requestParams,char ** returnData)554 int32_t BatchUpdateCredsImpl(int32_t osAccountId, const char *requestParams, char **returnData)
555 {
556 CJson *reqJson = CreateJsonFromString(requestParams);
557 if (reqJson == NULL) {
558 LOGE("Failed to create reqJson from string!");
559 return IS_ERR_JSON_CREATE;
560 }
561 CJson *baseInfoJson = GetObjFromJson(reqJson, FIELD_BASE_INFO);
562 CJson *updateInfoList = GetObjFromJson(reqJson, FIELD_UPDATE_LISTS);
563 if (baseInfoJson == NULL || updateInfoList == NULL) {
564 LOGE("baseInfoJson or updateLists is NULL");
565 FreeJson(reqJson);
566 return IS_ERR_INVALID_PARAMS;
567 }
568 int32_t ret = BatchUpdateCredsImplInner(osAccountId, baseInfoJson, updateInfoList, returnData);
569 FreeJson(reqJson);
570 return ret;
571 }
572
AgreeCredentialImplInner(int32_t osAccountId,const char * selfCredId,CJson * reqJson,Credential * agreeCredential,char ** returnData)573 static int32_t AgreeCredentialImplInner(int32_t osAccountId, const char *selfCredId,
574 CJson *reqJson, Credential *agreeCredential, char **returnData)
575 {
576 Uint8Buff keyValue = { NULL, 0 };
577 Uint8Buff agreeCredIdByte = { NULL, 0 };
578 int32_t ret = SetAgreeCredInfo(osAccountId, reqJson, agreeCredential, &keyValue, &agreeCredIdByte);
579 if (ret != IS_SUCCESS) {
580 return ret;
581 }
582
583 uint8_t peerKeyAliasVal[SHA256_LEN] = { 0 };
584 Uint8Buff peerKeyAlias = { peerKeyAliasVal, SHA256_LEN };
585 ret = ImportAgreeKeyValue(osAccountId, agreeCredential, &keyValue, &peerKeyAlias);
586 if (ret != IS_SUCCESS) {
587 HcFree(keyValue.val);
588 HcFree(agreeCredIdByte.val);
589 return ret;
590 }
591
592 Uint8Buff selfCredIdByte = { NULL, 0 };
593 ret = CheckAndDelInvalidCred(osAccountId, selfCredId, &selfCredIdByte);
594 if (ret != IS_SUCCESS) {
595 HcFree(keyValue.val);
596 HcFree(agreeCredIdByte.val);
597 return ret;
598 }
599
600 ret = ComputePskAndDelInvalidKey(osAccountId,
601 agreeCredential->algorithmType, &selfCredIdByte, &peerKeyAlias, &agreeCredIdByte);
602 HcFree(keyValue.val);
603 HcFree(selfCredIdByte.val);
604 HcFree(agreeCredIdByte.val);
605 if (ret != IS_SUCCESS) {
606 return ret;
607 }
608 ret = AddCredAndSaveDb(osAccountId, agreeCredential);
609 if (ret != IS_SUCCESS) {
610 return ret;
611 }
612 if (DeepCopyString(StringGet(&agreeCredential->credId), returnData) != EOK) {
613 LOGE("Failed to return credId");
614 return IS_ERR_MEMORY_COPY;
615 }
616 return IS_SUCCESS;
617 }
618
AgreeCredentialImpl(int32_t osAccountId,const char * selfCredId,const char * requestParams,char ** returnData)619 int32_t AgreeCredentialImpl(int32_t osAccountId, const char *selfCredId, const char *requestParams, char **returnData)
620 {
621 CJson *reqJson = CreateJsonFromString(requestParams);
622 if (reqJson == NULL) {
623 LOGE("Failed to create reqJson from string!");
624 return IS_ERR_JSON_CREATE;
625 }
626 Credential *agreeCredential = CreateCredential();
627 if (agreeCredential == NULL) {
628 LOGE("Failed to malloc agreeCredential");
629 FreeJson(reqJson);
630 return IS_ERR_ALLOC_MEMORY;
631 }
632 int32_t ret = AgreeCredentialImplInner(osAccountId, selfCredId, reqJson, agreeCredential, returnData);
633 FreeJson(reqJson);
634 DestroyCredential(agreeCredential);
635 return ret;
636 }
637
RegCredListener(const char * appId,const CredChangeListener * listener)638 int32_t RegCredListener(const char *appId, const CredChangeListener *listener)
639 {
640 if ((appId == NULL) || (listener == NULL)) {
641 LOGE("The input parameter contains NULL value!");
642 return IS_ERR_INVALID_PARAMS;
643 }
644 if (!IsCredListenerSupported()) {
645 LOGE("Broadcast is not supported!");
646 return IS_ERR_NOT_SUPPORT;
647 }
648 return AddCredListener(appId, listener);
649 }
650
UnRegCredListener(const char * appId)651 int32_t UnRegCredListener(const char *appId)
652 {
653 if (appId == NULL) {
654 LOGE("The input parameter contains NULL value!");
655 return IS_ERR_INVALID_PARAMS;
656 }
657 if (!IsCredListenerSupported()) {
658 LOGE("Broadcast is not supported!");
659 return IS_ERR_NOT_SUPPORT;
660 }
661 return RemoveCredListener(appId);
662 }
663