1 /*
2 * Copyright (c) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "dm_auth_message_processor.h"
16
17 #include <zlib.h>
18 #include <iostream>
19 #include <sstream>
20
21 #include <mbedtls/base64.h>
22 #include "parameter.h"
23
24 #include "access_control_profile.h"
25 #include "distributed_device_profile_client.h"
26 #include "service_info_profile.h"
27 #include "service_info_unique_key.h"
28
29 #include "deviceprofile_connector.h"
30 #include "dm_log.h"
31 #include "dm_constants.h"
32 #include "dm_anonymous.h"
33 #include "dm_auth_manager_base.h"
34 #include "dm_auth_context.h"
35 #include "dm_auth_state_machine.h"
36 #include "dm_crypto.h"
37
38 #ifdef SUPPORT_MSDP
39 #include "spatial_awareness_mgr_client.h"
40 #endif
41
42 namespace OHOS {
43 namespace DistributedHardware {
44
45 const char* TAG_LNN_PUBLIC_KEY = "lnnPublicKey";
46 const char* TAG_TRANSMIT_PUBLIC_KEY = "transmitPublicKey";
47 const char* TAG_LNN_CREDENTIAL_ID = "lnnCredentialId";
48 const char* TAG_TRANSMIT_CREDENTIAL_ID = "transmitCredentialId";
49 const char* TAG_CONFIRM_OPERATION_V2 = "confirmOperation";
50 const char* TAG_AUTH_TYPE_LIST = "authTypeList";
51 const char* TAG_CURRENT_AUTH_TYPE_IDX = "currentAuthTypeIdx";
52
53 // IS interface input parameter json format string key
54 const char* TAG_METHOD = "method";
55 const char* TAG_PEER_USER_SPACE_ID = "peerUserSpaceId";
56 const char* TAG_SUBJECT = "subject";
57 const char* TAG_CRED_TYPE = "credType";
58 const char* TAG_KEY_FORMAT = "keyFormat";
59 const char* TAG_ALGORITHM_TYPE = "algorithmType";
60 const char* TAG_PROOF_TYPE = "proofType";
61 const char* TAG_KEY_VALUE = "keyValue";
62 const char* TAG_AUTHORIZED_SCOPE = "authorizedScope";
63 const char* TAG_AUTHORIZED_APP_LIST = "authorizedAppList";
64 const char* TAG_CREDENTIAL_OWNER = "credOwner";
65 const char* TAG_SYNC = "syncMessage";
66 const char* TAG_ACCESS = "dmAccess";
67 const char* TAG_PROXY = "proxy";
68 const char* TAG_ACL = "accessControlTable";
69 const char* TAG_ACCESSER = "dmAccesser";
70 const char* TAG_ACCESSEE = "dmAccessee";
71 const char* TAG_SERVICEINFO = "serviceInfo";
72 const char* TAG_USER_CONFIRM_OPT = "userConfirmOpt";
73 // The local SK information is synchronized to the remote end to construct acl-accesser/accessee.
74 const char* TAG_TRANSMIT_SK_ID = "accessAppSKId";
75 const char* TAG_LNN_SK_ID = "accessUserSKId";
76 const char* TAG_TRANSMIT_SK_TIMESTAMP = "accessAppSKTimeStamp";
77 const char* TAG_LNN_SK_TIMESTAMP = "accessUserSKTimeStamp";
78 const char* TAG_USER_ID = "userId";
79 const char* TAG_TOKEN_ID = "tokenId";
80 const char* TAG_NETWORKID_ID = "networkId";
81 const char* TAG_ISSUER = "issuer";
82
83 const char* TAG_DEVICE_VERSION = "deviceVersion";
84 const char* TAG_DEVICE_NAME = "deviceName";
85 const char* TAG_DEVICE_ID_HASH = "deviceIdHash";
86 const char* TAG_ACCOUNT_ID_HASH = "accountIdHash";
87 const char* TAG_TOKEN_ID_HASH = "tokenIdHash";
88 const char* TAG_PKG_NAME = "pkgName";
89 const char* TAG_ACL_CHECKSUM = "aclCheckSum";
90 const char* TAG_COMPRESS_ORI_LEN = "compressOriLen";
91 const char* TAG_COMPRESS = "compressMsg";
92 const char* TAG_STATE = "state";
93 const char* TAG_REASON = "reason";
94 const char* TAG_PEER_USER_ID = "peerUserId";
95 const char* TAG_PEER_DISPLAY_ID = "peerDisplayId";
96 const char* TAG_EXTRA_INFO = "extraInfo";
97 const char* TAG_ACL_TYPE_LIST = "aclTypeList";
98 const char* TAG_CERT_TYPE_LIST = "certTypeList";
99
100 const char* TAG_IS_ONLINE = "isOnline";
101 const char* TAG_IS_AUTHED = "isAuthed";
102 const char* TAG_CREDENTIAL_INFO = "credentialInfo";
103 const char* TAG_CERT_INFO = "certInfo";
104 const char* TAG_LANGUAGE = "language";
105 const char* TAG_ULTRASONIC_SIDE = "ultrasonicSide";
106 const char* TAG_REMAINING_FROZEN_TIME = "remainingFrozenTime";
107 const char* TAG_IS_SUPPORT_ULTRASONIC = "isSupportUltrasonic";
108
109 constexpr const char* TAG_CUSTOM_DESCRIPTION = "CUSTOMDESC";
110
111 namespace {
112
113 constexpr const int32_t DM_HASH_LEN = 32;
114 const char* TAG_DEVICE_TYPE = "DEVICETYPE";
115 constexpr int32_t DM_ULTRASONIC_FORWARD = 0;
116 constexpr int32_t DM_ULTRASONIC_REVERSE = 1;
117 constexpr uint32_t MAX_SESSION_KEY_LENGTH = 512;
118 constexpr uint32_t MAX_MESSAGE_LENGTH = 64 * 1024 * 1024;
119
ParseDmAccessToSync(const std::string & jsonString,DmAccess & access,bool isUseDeviceFullName)120 void ParseDmAccessToSync(const std::string &jsonString, DmAccess &access, bool isUseDeviceFullName)
121 {
122 JsonObject accessjson(jsonString);
123 DmAccessToSync srcAccessToSync = accessjson.Get<DmAccessToSync>();
124 access.deviceName = (isUseDeviceFullName ? srcAccessToSync.deviceNameFull : srcAccessToSync.deviceName);
125 access.deviceId = srcAccessToSync.deviceId;
126 access.userId = srcAccessToSync.userId;
127 access.accountId = srcAccessToSync.accountId;
128 access.tokenId = static_cast<int64_t>(srcAccessToSync.tokenId);
129 access.bundleName = srcAccessToSync.bundleName;
130 access.pkgName = srcAccessToSync.pkgName;
131 access.bindLevel = srcAccessToSync.bindLevel;
132 access.sessionKeyId = srcAccessToSync.sessionKeyId;
133 access.skTimeStamp = srcAccessToSync.skTimeStamp;
134 return;
135 }
136
SaveToDmAccessSync(DmAccessToSync & accessToSync,const std::shared_ptr<DmAuthContext> context,const DmAccess & accessSide)137 void SaveToDmAccessSync(DmAccessToSync &accessToSync, const std::shared_ptr<DmAuthContext> context,
138 const DmAccess &accessSide)
139 {
140 accessToSync.deviceName = accessSide.deviceName;
141 accessToSync.deviceNameFull = context->softbusConnector->GetLocalDeviceName();
142 accessToSync.deviceId = accessSide.deviceId;
143 accessToSync.userId = accessSide.userId;
144 accessToSync.accountId = accessSide.accountId;
145 accessToSync.tokenId = accessSide.tokenId;
146 accessToSync.bundleName = accessSide.bundleName;
147 accessToSync.pkgName = accessSide.pkgName;
148 accessToSync.bindLevel = accessSide.bindLevel;
149 }
150
ParseInfoToDmAccess(const JsonObject & jsonObject,DmAccess & access)151 int32_t ParseInfoToDmAccess(const JsonObject &jsonObject, DmAccess &access)
152 {
153 // transmit session key is mandatory
154 if (!IsString(jsonObject, TAG_TRANSMIT_SK_ID)) {
155 LOGE("ParseSyncMessage TAG_TRANSMIT_SK_ID error");
156 return ERR_DM_FAILED;
157 }
158 access.transmitSessionKeyId = std::atoi(jsonObject[TAG_TRANSMIT_SK_ID].Get<std::string>().c_str());
159
160 if (!IsInt64(jsonObject, TAG_TRANSMIT_SK_TIMESTAMP)) {
161 LOGE("ParseSyncMessage TAG_TRANSMIT_SK_TIMESTAMP error");
162 return ERR_DM_FAILED;
163 }
164 access.transmitSkTimeStamp = jsonObject[TAG_TRANSMIT_SK_TIMESTAMP].Get<int64_t>();
165
166 if (!IsString(jsonObject, TAG_TRANSMIT_CREDENTIAL_ID)) {
167 LOGE("ParseSyncMessage TAG_TRANSMIT_CREDENTIAL_ID error");
168 return ERR_DM_FAILED;
169 }
170 access.transmitCredentialId = jsonObject[TAG_TRANSMIT_CREDENTIAL_ID].Get<std::string>().c_str();
171
172 if (!IsString(jsonObject, TAG_DMVERSION)) {
173 LOGE("ParseSyncMessage TAG_DMVERSION error");
174 return ERR_DM_FAILED;
175 }
176 access.dmVersion = jsonObject[TAG_DMVERSION].Get<std::string>();
177
178 // lnn session key is optional
179 if (IsString(jsonObject, TAG_LNN_SK_ID)) {
180 access.lnnSessionKeyId = std::atoi(jsonObject[TAG_LNN_SK_ID].Get<std::string>().c_str());
181 }
182 if (IsInt64(jsonObject, TAG_LNN_SK_TIMESTAMP)) {
183 access.lnnSkTimeStamp = jsonObject[TAG_LNN_SK_TIMESTAMP].Get<int64_t>();
184 }
185
186 if (IsString(jsonObject, TAG_LNN_CREDENTIAL_ID)) {
187 access.lnnCredentialId = jsonObject[TAG_LNN_CREDENTIAL_ID].Get<std::string>().c_str();
188 }
189
190 return DM_OK;
191 }
192
IsMessageValid(const JsonItemObject & jsonObject)193 bool IsMessageValid(const JsonItemObject &jsonObject)
194 {
195 if (jsonObject.IsDiscarded()) {
196 LOGE("DmAuthMessageProcessor::ParseMessage failed, decodeRequestAuth jsonStr error");
197 return false;
198 }
199 if (!jsonObject[TAG_MSG_TYPE].IsNumberInteger()) {
200 LOGE("DmAuthMessageProcessor::ParseMessage failed, message type error.");
201 return false;
202 }
203 return true;
204 }
205 }
206
SaveSessionKey(const uint8_t * sessionKey,const uint32_t keyLen)207 int32_t DmAuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen)
208 {
209 if (cryptoMgr_ == nullptr) {
210 LOGE("DmAuthMessageProcessor::SaveSessionKey failed, cryptoMgr_ is nullptr.");
211 return ERR_DM_FAILED;
212 }
213 return cryptoMgr_->ProcessSessionKey(sessionKey, keyLen);
214 }
215
SaveSessionKeyToDP(int32_t userId,int32_t & skId)216 int32_t DmAuthMessageProcessor::SaveSessionKeyToDP(int32_t userId, int32_t &skId)
217 {
218 if (cryptoMgr_ == nullptr) {
219 LOGE("DmAuthMessageProcessor::SaveSessionKeyToDP failed, cryptoMgr_ is nullptr.");
220 return ERR_DM_FAILED;
221 }
222 return DeviceProfileConnector::GetInstance().PutSessionKey(userId, cryptoMgr_->GetSessionKey(), skId);
223 }
224
SaveDerivativeSessionKeyToDP(int32_t userId,const std::string & suffix,int32_t & skId)225 int32_t DmAuthMessageProcessor::SaveDerivativeSessionKeyToDP(int32_t userId, const std::string &suffix, int32_t &skId)
226 {
227 if (cryptoMgr_ == nullptr) {
228 LOGE("DmAuthMessageProcessor::SaveSessionKeyToDP failed, cryptoMgr_ is nullptr.");
229 return ERR_DM_FAILED;
230 }
231 std::vector<unsigned char> sessionKey = cryptoMgr_->GetSessionKey();
232 size_t keyLen = sessionKey.size();
233 std::string keyStr(sessionKey.begin(), sessionKey.end());
234 std::string newKeyStr = Crypto::Sha256(keyStr + suffix);
235 DMSessionKey newSessionKey;
236 size_t newKeyLen = std::min(keyLen, newKeyStr.size());
237 if (newKeyLen == 0 || newKeyLen > MAX_SESSION_KEY_LENGTH) {
238 LOGE("newKeyLen invaild, cannot allocate memory.");
239 return ERR_DM_FAILED;
240 }
241 newSessionKey.key = (uint8_t*)calloc(newKeyLen, sizeof(uint8_t));
242 if (memcpy_s(newSessionKey.key, newKeyLen, newKeyStr.c_str(), newKeyLen) != DM_OK) {
243 LOGE("copy key data failed.");
244 if (newSessionKey.key != nullptr) {
245 (void)memset_s(newSessionKey.key, newKeyLen, 0, newKeyLen);
246 free(newSessionKey.key);
247 newSessionKey.key = nullptr;
248 newSessionKey.keyLen = 0;
249 }
250 return ERR_DM_FAILED;
251 }
252 newSessionKey.keyLen = newKeyLen;
253 int ret = DeviceProfileConnector::GetInstance().PutSessionKey(userId,
254 std::vector<unsigned char>(newSessionKey.key, newSessionKey.key + newSessionKey.keyLen), skId);
255 if (ret != DM_OK) {
256 LOGE("DP save user session key failed %{public}d", ret);
257 }
258 if (newSessionKey.key != nullptr) {
259 (void)memset_s(newSessionKey.key, newSessionKey.keyLen, 0, newSessionKey.keyLen);
260 free(newSessionKey.key);
261 newSessionKey.key = nullptr;
262 newSessionKey.keyLen = 0;
263 }
264 return ret;
265 }
266
GetSessionKey(int32_t userId,int32_t & skId)267 int32_t DmAuthMessageProcessor::GetSessionKey(int32_t userId, int32_t &skId)
268 {
269 std::vector<unsigned char> sessionKey;
270 int32_t ret = DeviceProfileConnector::GetInstance().GetSessionKey(userId, skId, sessionKey);
271 if (ret != DM_OK) {
272 LOGE("failed: %{public}d", ret);
273 return ret;
274 }
275 CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL);
276 return cryptoMgr_->ProcessSessionKey(sessionKey.data(), sessionKey.size());
277 }
278
DeleteSessionKeyToDP(int32_t userId,int32_t skId)279 int32_t DmAuthMessageProcessor::DeleteSessionKeyToDP(int32_t userId, int32_t skId)
280 {
281 return DeviceProfileConnector::GetInstance().DeleteSessionKey(userId, skId);
282 }
283
SetAccessControlList(std::shared_ptr<DmAuthContext> context,DistributedDeviceProfile::AccessControlProfile & profile)284 void DmAuthMessageProcessor::SetAccessControlList(std::shared_ptr<DmAuthContext> context,
285 DistributedDeviceProfile::AccessControlProfile &profile)
286 {
287 uint32_t authenticationType = ALLOW_AUTH_ONCE;
288 if (context->confirmOperation == USER_OPERATION_TYPE_ALLOW_AUTH_ALWAYS) {
289 authenticationType = ALLOW_AUTH_ALWAYS;
290 }
291 profile.SetAuthenticationType(authenticationType);
292 profile.SetStatus(ACTIVE);
293 profile.SetDeviceIdType((int32_t)DistributedDeviceProfile::DeviceIdType::UDID);
294 }
295
SetTransmitAccessControlList(std::shared_ptr<DmAuthContext> context,DistributedDeviceProfile::Accesser & accesser,DistributedDeviceProfile::Accessee & accessee)296 void DmAuthMessageProcessor::SetTransmitAccessControlList(std::shared_ptr<DmAuthContext> context,
297 DistributedDeviceProfile::Accesser &accesser, DistributedDeviceProfile::Accessee &accessee)
298 {
299 accesser.SetAccesserDeviceId(context->accesser.deviceId);
300 accesser.SetAccesserUserId(context->accesser.userId);
301 accesser.SetAccesserAccountId(context->accesser.accountId);
302 accesser.SetAccesserTokenId(context->accesser.tokenId);
303 accesser.SetAccesserBundleName(context->accesser.pkgName);
304 accesser.SetAccesserDeviceName(context->accesser.deviceName);
305 accesser.SetAccesserCredentialIdStr(context->accesser.transmitCredentialId);
306 accesser.SetAccesserSessionKeyId(context->accesser.transmitSessionKeyId);
307 accesser.SetAccesserSKTimeStamp(context->accesser.transmitSkTimeStamp);
308 accesser.SetAccesserExtraData(context->accesser.extraInfo);
309
310 accessee.SetAccesseeDeviceId(context->accessee.deviceId);
311 accessee.SetAccesseeUserId(context->accessee.userId);
312 accessee.SetAccesseeAccountId(context->accessee.accountId);
313 accessee.SetAccesseeTokenId(context->accessee.tokenId);
314 accessee.SetAccesseeBundleName(context->accessee.pkgName);
315 accessee.SetAccesseeDeviceName(context->accessee.deviceName);
316 accessee.SetAccesseeCredentialIdStr(context->accessee.transmitCredentialId); // 依赖dp
317 accessee.SetAccesseeSessionKeyId(context->accessee.transmitSessionKeyId);
318 accessee.SetAccesseeSKTimeStamp(context->accessee.transmitSkTimeStamp);
319 accessee.SetAccesseeExtraData(context->accessee.extraInfo);
320 }
321
SetLnnAccessControlList(std::shared_ptr<DmAuthContext> context,DistributedDeviceProfile::Accesser & accesser,DistributedDeviceProfile::Accessee & accessee)322 void DmAuthMessageProcessor::SetLnnAccessControlList(std::shared_ptr<DmAuthContext> context,
323 DistributedDeviceProfile::Accesser &accesser, DistributedDeviceProfile::Accessee &accessee)
324 {
325 accesser.SetAccesserDeviceId(context->accesser.deviceId);
326 accesser.SetAccesserUserId(context->accesser.userId);
327 accesser.SetAccesserAccountId(context->accesser.accountId);
328 accesser.SetAccesserTokenId(0);
329 accesser.SetAccesserDeviceName(context->accesser.deviceName);
330 accesser.SetAccesserCredentialIdStr(context->accesser.lnnCredentialId);
331 accesser.SetAccesserSessionKeyId(context->accesser.lnnSessionKeyId);
332 accesser.SetAccesserSKTimeStamp(context->accesser.lnnSkTimeStamp);
333 accesser.SetAccesserExtraData(context->accesser.extraInfo);
334
335 accessee.SetAccesseeDeviceId(context->accessee.deviceId);
336 accessee.SetAccesseeUserId(context->accessee.userId);
337 accessee.SetAccesseeAccountId(context->accessee.accountId);
338 accessee.SetAccesseeTokenId(0);
339 accessee.SetAccesseeDeviceName(context->accessee.deviceName);
340 accessee.SetAccesseeCredentialIdStr(context->accessee.lnnCredentialId);
341 accessee.SetAccesseeSessionKeyId(context->accessee.lnnSessionKeyId);
342 accessee.SetAccesseeSKTimeStamp(context->accessee.lnnSkTimeStamp);
343 accessee.SetAccesseeExtraData(context->accessee.extraInfo);
344 }
345
PutAccessControlList(std::shared_ptr<DmAuthContext> context,DmAccess & access,std::string trustDeviceId)346 int32_t DmAuthMessageProcessor::PutAccessControlList(std::shared_ptr<DmAuthContext> context,
347 DmAccess &access, std::string trustDeviceId)
348 {
349 LOGI("Start.");
350 DistributedDeviceProfile::Accesser accesser;
351 DistributedDeviceProfile::Accessee accessee;
352 SetLnnAccessControlList(context, accesser, accessee);
353 DistributedDeviceProfile::AccessControlProfile profile;
354 SetAccessControlList(context, profile);
355 profile.SetTrustDeviceId(trustDeviceId);
356 profile.SetDeviceIdHash(access.deviceIdHash);
357 profile.SetBindType(access.lnnBindType);
358 profile.SetAccessee(accessee);
359 profile.SetAccesser(accesser);
360 JsonObject extraData;
361 if (access.isPutLnnAcl && access.bindLevel != static_cast<int32_t>(USER)) {
362 profile.SetBindLevel(USER);
363 std::string isLnnAclTrue = std::string(ACL_IS_LNN_ACL_VAL_TRUE);
364 extraData[ACL_IS_LNN_ACL_KEY] = isLnnAclTrue;
365 profile.SetExtraData(extraData.Dump());
366 int32_t ret =
367 DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile);
368 if (ret != DM_OK) {
369 LOGE("PutAccessControlProfile failed.");
370 }
371 }
372 bool isAuthed = (context->direction == DM_AUTH_SOURCE) ? context->accesser.isAuthed : context->accessee.isAuthed;
373 if (!context->IsProxyBind || context->subjectProxyOnes.empty() || (context->IsCallingProxyAsSubject && !isAuthed)) {
374 std::string isLnnAclFalse = std::string(ACL_IS_LNN_ACL_VAL_FALSE);
375 extraData[ACL_IS_LNN_ACL_KEY] = isLnnAclFalse;
376 profile.SetExtraData(extraData.Dump());
377 profile.SetBindLevel(access.bindLevel);
378 SetTransmitAccessControlList(context, accesser, accessee);
379 profile.SetBindLevel(access.bindLevel);
380 profile.SetBindType(access.transmitBindType);
381 profile.SetAccessee(accessee);
382 profile.SetAccesser(accesser);
383 int32_t ret =
384 DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile);
385 if (ret != DM_OK) {
386 LOGE("PutAccessControlProfile failed.");
387 }
388 }
389 return PutProxyAccessControlList(context, profile, accesser, accessee);
390 }
391
SetProxyAccess(std::shared_ptr<DmAuthContext> context,DmProxyAuthContext & proxyAuthContext,DistributedDeviceProfile::Accesser & accesser,DistributedDeviceProfile::Accessee & accessee)392 int32_t DmAuthMessageProcessor::SetProxyAccess(std::shared_ptr<DmAuthContext> context,
393 DmProxyAuthContext &proxyAuthContext, DistributedDeviceProfile::Accesser &accesser,
394 DistributedDeviceProfile::Accessee &accessee)
395 {
396 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
397 accesser.SetAccesserTokenId(proxyAuthContext.proxyAccesser.tokenId);
398 accesser.SetAccesserBundleName(proxyAuthContext.proxyAccesser.bundleName);
399 accesser.SetAccesserCredentialIdStr(proxyAuthContext.proxyAccesser.transmitCredentialId);
400 accesser.SetAccesserSessionKeyId(proxyAuthContext.proxyAccesser.transmitSessionKeyId);
401 accesser.SetAccesserSKTimeStamp(proxyAuthContext.proxyAccesser.skTimeStamp);
402 JsonObject accesserProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
403 accesserProxyObj.PushBack(context->accesser.tokenId);
404 JsonObject accesserExtObj;
405 if (!context->accesser.extraInfo.empty()) {
406 accesserExtObj.Parse(context->accesser.extraInfo);
407 }
408 accesserExtObj[TAG_PROXY] = accesserProxyObj.Dump();
409 accesser.SetAccesserExtraData(accesserExtObj.Dump());
410
411 accessee.SetAccesseeTokenId(proxyAuthContext.proxyAccessee.tokenId);
412 accessee.SetAccesseeBundleName(proxyAuthContext.proxyAccessee.bundleName);
413 accessee.SetAccesseeCredentialIdStr(proxyAuthContext.proxyAccessee.transmitCredentialId);
414 accessee.SetAccesseeSessionKeyId(proxyAuthContext.proxyAccessee.transmitSessionKeyId);
415 accessee.SetAccesseeSKTimeStamp(proxyAuthContext.proxyAccessee.skTimeStamp);
416 JsonObject accesseeProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
417 accesseeProxyObj.PushBack(context->accessee.tokenId);
418 JsonObject accesseeExtObj;
419 if (!context->accessee.extraInfo.empty()) {
420 accesseeExtObj.Parse(context->accessee.extraInfo);
421 }
422 accesseeExtObj[TAG_PROXY] = accesseeProxyObj.Dump();
423 accessee.SetAccesseeExtraData(accesseeExtObj.Dump());
424 return DM_OK;
425 }
426
PutProxyAccessControlList(std::shared_ptr<DmAuthContext> context,DistributedDeviceProfile::AccessControlProfile & profile,DistributedDeviceProfile::Accesser & accesser,DistributedDeviceProfile::Accessee & accessee)427 int32_t DmAuthMessageProcessor::PutProxyAccessControlList(std::shared_ptr<DmAuthContext> context,
428 DistributedDeviceProfile::AccessControlProfile &profile, DistributedDeviceProfile::Accesser &accesser,
429 DistributedDeviceProfile::Accessee &accessee)
430 {
431 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
432 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
433 return DM_OK;
434 }
435 for (auto &app : context->subjectProxyOnes) {
436 if (context->direction == DM_AUTH_SOURCE ? app.proxyAccesser.isAuthed : app.proxyAccessee.isAuthed) {
437 continue;
438 }
439 SetProxyAccess(context, app, accesser, accessee);
440 JsonObject extraData;
441 std::string isLnnAclFalse = std::string(ACL_IS_LNN_ACL_VAL_FALSE);
442 extraData[ACL_IS_LNN_ACL_KEY] = isLnnAclFalse;
443 profile.SetExtraData(extraData.Dump());
444 profile.SetBindLevel(context->direction == DM_AUTH_SOURCE ? app.proxyAccesser.bindLevel :
445 app.proxyAccessee.bindLevel);
446 profile.SetBindType(context->direction == DM_AUTH_SOURCE ? context->accesser.transmitBindType :
447 context->accessee.transmitBindType);
448 profile.SetAccessee(accessee);
449 profile.SetAccesser(accesser);
450 int32_t ret =
451 DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile);
452 if (ret != DM_OK) {
453 LOGE("PutAccessControlProfile failed. %{public}d", ret);
454 return ret;
455 }
456 }
457 SetAclProxyRelate(context);
458 return DM_OK;
459 }
460
ConstructCreateMessageFuncMap()461 void DmAuthMessageProcessor::ConstructCreateMessageFuncMap()
462 {
463 createMessageFuncMap_ = {
464 {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage},
465 {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage},
466 {DmMessageType::MSG_TYPE_REQ_USER_CONFIRM, &DmAuthMessageProcessor::CreateMessageReqUserConfirm},
467 {DmMessageType::MSG_TYPE_RESP_USER_CONFIRM, &DmAuthMessageProcessor::CreateMessageRespUserConfirm},
468 {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqPinAuthStart},
469 {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_MSG_NEGOTIATE, &DmAuthMessageProcessor::CreateMessageReqPinAuthNegotiate},
470 {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_START, &DmAuthMessageProcessor::CreateMessageRespPinAuthStart},
471 {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE,
472 &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate},
473 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange},
474 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange},
475 {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageReqSKDerive},
476 {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::CreateMessageRspSKDerive},
477 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart},
478 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE,
479 &DmAuthMessageProcessor::CreateCredentialNegotiateMessage},
480 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage},
481 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE,
482 &DmAuthMessageProcessor::CreateCredentialNegotiateMessage},
483 {DmMessageType::MSG_TYPE_REQ_DATA_SYNC, &DmAuthMessageProcessor::CreateSyncMessage},
484 {DmMessageType::MSG_TYPE_RESP_DATA_SYNC, &DmAuthMessageProcessor::CreateMessageSyncResp},
485 {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish},
486 {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish},
487 };
488 }
489
ConstructParseMessageFuncMap()490 void DmAuthMessageProcessor::ConstructParseMessageFuncMap()
491 {
492 paraseMessageFuncMap_ = {
493 {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage},
494 {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate},
495 {DmMessageType::MSG_TYPE_REQ_USER_CONFIRM, &DmAuthMessageProcessor::ParseMessageReqUserConfirm},
496 {DmMessageType::MSG_TYPE_RESP_USER_CONFIRM, &DmAuthMessageProcessor::ParseMessageRespUserConfirm},
497 {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_START, &DmAuthMessageProcessor::ParseMessageReqPinAuthStart},
498 {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_MSG_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageReqPinAuthNegotiate},
499 {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_START, &DmAuthMessageProcessor::ParseMessageRespPinAuthStart},
500 {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE,
501 &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate},
502 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange},
503 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange},
504 {DmMessageType::MSG_TYPE_REQ_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageReqSKDerive},
505 {DmMessageType::MSG_TYPE_RESP_SK_DERIVE, &DmAuthMessageProcessor::ParseMessageRspSKDerive},
506 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage},
507 {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit},
508 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit},
509 {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE,
510 &DmAuthMessageProcessor::ParseMessageNegotiateTransmit},
511 {DmMessageType::MSG_TYPE_REQ_DATA_SYNC, &DmAuthMessageProcessor::ParseMessageSyncReq},
512 {DmMessageType::MSG_TYPE_RESP_DATA_SYNC, &DmAuthMessageProcessor::ParseMessageSyncResp},
513 {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish},
514 {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish},
515 };
516 }
517
DmAuthMessageProcessor()518 DmAuthMessageProcessor::DmAuthMessageProcessor()
519 {
520 LOGI("DmAuthMessageProcessor constructor");
521 cryptoMgr_ = std::make_shared<CryptoMgr>();
522 ConstructCreateMessageFuncMap();
523 ConstructParseMessageFuncMap();
524 DmAuthUltrasonicMessageProcessor();
525 }
526
~DmAuthMessageProcessor()527 DmAuthMessageProcessor::~DmAuthMessageProcessor()
528 {
529 if (cryptoMgr_ != nullptr) {
530 cryptoMgr_->ClearSessionKey();
531 cryptoMgr_ = nullptr;
532 }
533 }
534
ParseMessage(std::shared_ptr<DmAuthContext> context,const std::string & message)535 int32_t DmAuthMessageProcessor::ParseMessage(std::shared_ptr<DmAuthContext> context, const std::string &message)
536 {
537 JsonObject jsonObject(message);
538 if (context == nullptr || !IsMessageValid(jsonObject)) {
539 return ERR_DM_FAILED;
540 }
541 DmMessageType msgType = static_cast<DmMessageType>(jsonObject[TAG_MSG_TYPE].Get<int32_t>());
542 context->msgType = msgType;
543 LOGI("DmAuthMessageProcessor::ParseMessage message type %{public}d", context->msgType);
544 if (CheckLogicalSessionId(jsonObject, context) != DM_OK) {
545 LOGE("CheckLogicalSessionId failed.");
546 return ERR_DM_FAILED;
547 }
548 auto itr = paraseMessageFuncMap_.find(msgType);
549 if (itr == paraseMessageFuncMap_.end()) {
550 LOGI("DmAuthMessageProcessor::ParseMessage message type error %{public}d", context->msgType);
551 return ERR_DM_FAILED;
552 }
553 return (this->*(itr->second))(jsonObject, context);
554 }
555
DmAuthUltrasonicMessageProcessor()556 void DmAuthMessageProcessor::DmAuthUltrasonicMessageProcessor()
557 {
558 LOGI("DmAuthUltrasonicMessageProcessor enter.");
559 createMessageFuncMap_[DmMessageType::MSG_TYPE_REVERSE_ULTRASONIC_START] =
560 &DmAuthMessageProcessor::CreateMessageReverseUltrasonicStart;
561 createMessageFuncMap_[DmMessageType::MSG_TYPE_REVERSE_ULTRASONIC_DONE] =
562 &DmAuthMessageProcessor::CreateMessageReverseUltrasonicDone;
563 createMessageFuncMap_[DmMessageType::MSG_TYPE_FORWARD_ULTRASONIC_START] =
564 &DmAuthMessageProcessor::CreateMessageForwardUltrasonicStart;
565 createMessageFuncMap_[DmMessageType::MSG_TYPE_FORWARD_ULTRASONIC_NEGOTIATE] =
566 &DmAuthMessageProcessor::CreateMessageForwardUltrasonicNegotiate;
567
568 paraseMessageFuncMap_[DmMessageType::MSG_TYPE_REVERSE_ULTRASONIC_START] =
569 &DmAuthMessageProcessor::ParseMessageReverseUltrasonicStart;
570 paraseMessageFuncMap_[DmMessageType::MSG_TYPE_REVERSE_ULTRASONIC_DONE] =
571 &DmAuthMessageProcessor::ParseMessageReverseUltrasonicDone;
572 paraseMessageFuncMap_[DmMessageType::MSG_TYPE_FORWARD_ULTRASONIC_START] =
573 &DmAuthMessageProcessor::ParseMessageForwardUltrasonicStart;
574 paraseMessageFuncMap_[DmMessageType::MSG_TYPE_FORWARD_ULTRASONIC_NEGOTIATE] =
575 &DmAuthMessageProcessor::ParseMessageForwardUltrasonicNegotiate;
576 LOGI("DmAuthUltrasonicMessageProcessor leave.");
577 return;
578 }
579
stringToVectorAuthType(const std::string & str)580 static std::vector<DmAuthType> stringToVectorAuthType(const std::string& str)
581 {
582 std::vector<DmAuthType> vec;
583 std::istringstream iss(str);
584 int32_t num;
585 while (iss >> num) {
586 vec.push_back(static_cast<DmAuthType>(num));
587 }
588 return vec;
589 }
590
vectorAuthTypeToString(const std::vector<DmAuthType> & vec)591 static std::string vectorAuthTypeToString(const std::vector<DmAuthType>& vec)
592 {
593 std::ostringstream oss;
594 for (size_t i = 0; i < vec.size(); ++i) {
595 oss << static_cast<int32_t>(vec[i]);
596 if (i != vec.size() - 1) {
597 oss << " "; // Add a separator (e.g. space)
598 }
599 }
600 return oss.str();
601 }
602
ParseMessageNegotiateTransmit(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)603 int32_t DmAuthMessageProcessor::ParseMessageNegotiateTransmit(const JsonObject &jsonObject,
604 std::shared_ptr<DmAuthContext> context)
605 {
606 if (jsonObject.IsDiscarded() || !jsonObject.Contains(TAG_DATA) || !jsonObject[TAG_DATA].IsString()) {
607 LOGE("DmAuthMessageProcessor::ParseMessageNegotiateTransmit Unlegal json string failed");
608 return ERR_DM_FAILED;
609 }
610
611 context->transmitData = jsonObject[TAG_DATA].Get<std::string>();
612
613 switch (context->msgType) {
614 case MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE: // 161
615 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkCredentialAuthNegotiateState>());
616 break;
617 case MSG_TYPE_RESP_CREDENTIAL_AUTH_START: // 170
618 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcCredentialAuthNegotiateState>());
619 break;
620 case MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE: // 171
621 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcCredentialAuthDoneState>());
622 break;
623 default:
624 return ERR_DM_FAILED;
625 }
626
627 return DM_OK;
628 }
629
ParseMessageRespPinAuthNegotiate(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)630 int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate(const JsonObject &jsonObject,
631 std::shared_ptr<DmAuthContext> context)
632 {
633 if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) {
634 LOGE("DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate failed, decodeRequestAuth jsonStr error");
635 return ERR_DM_FAILED;
636 }
637
638 context->transmitData = jsonObject[TAG_DATA].Get<std::string>();
639 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcPinAuthDoneState>());
640 return DM_OK;
641 }
642
ParseMessageReqCredExchange(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)643 int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &jsonObject,
644 std::shared_ptr<DmAuthContext> context)
645 {
646 if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) {
647 LOGE("DecodeRequestAuth jsonStr error");
648 return ERR_DM_FAILED;
649 }
650
651 std::string plainText;
652 if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get<std::string>(), plainText) != DM_OK) {
653 LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, decrypt data failed.");
654 return ERR_DM_FAILED;
655 }
656 JsonObject jsonData(plainText);
657
658 // First authentication, parse lnn public key
659 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
660 if (!jsonData[TAG_LNN_PUBLIC_KEY].IsString()) {
661 LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, first auth, no lnnPublicKey.");
662 return ERR_DM_FAILED;
663 }
664 context->accesser.lnnPublicKey = jsonData[TAG_LNN_PUBLIC_KEY].Get<std::string>();
665 }
666
667 if (!jsonData[TAG_TRANSMIT_PUBLIC_KEY].IsString() ||
668 !jsonData[TAG_DEVICE_ID].IsString() ||
669 !jsonData[TAG_PEER_USER_SPACE_ID].IsNumberInteger() ||
670 !jsonData[TAG_TOKEN_ID].IsNumberInteger()) {
671 LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error.");
672 return ERR_DM_FAILED;
673 }
674 context->accesser.transmitPublicKey = jsonData[TAG_TRANSMIT_PUBLIC_KEY].Get<std::string>();
675 context->accesser.deviceId = jsonData[TAG_DEVICE_ID].Get<std::string>();
676 context->accesser.userId = jsonData[TAG_PEER_USER_SPACE_ID].Get<int32_t>();
677 context->accesser.tokenId = jsonData[TAG_TOKEN_ID].Get<int64_t>();
678 ParseProxyCredExchangeToSync(context, jsonData);
679 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkCredentialExchangeState>());
680 return DM_OK;
681 }
682
683 // parse 150
ParseMessageRspCredExchange(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)684 int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject,
685 std::shared_ptr<DmAuthContext> context)
686 {
687 LOGI("DmAuthMessageProcessor::ParseMessageRspCredExchange start.");
688 if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) {
689 LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange, DecodeRequestAuth jsonStr error");
690 return ERR_DM_FAILED;
691 }
692
693 std::string plainText;
694 if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get<std::string>(), plainText) != DM_OK) {
695 LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange error, decrypt data failed.");
696 return ERR_DM_FAILED;
697 }
698
699 JsonObject jsonData(plainText);
700
701 // First authentication, parse lnn public key
702 std::string tmpString = "";
703 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
704 if (!jsonData[TAG_LNN_PUBLIC_KEY].IsString()) {
705 LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange failed, first auth but no lnnPublicKey.");
706 return ERR_DM_FAILED;
707 }
708 context->accessee.lnnPublicKey = jsonData[TAG_LNN_PUBLIC_KEY].Get<std::string>();
709 }
710
711 // First authentication, parse transmit public key
712 if (!jsonData[TAG_TRANSMIT_PUBLIC_KEY].IsString() ||
713 !jsonData[TAG_DEVICE_ID].IsString() ||
714 !jsonData[TAG_PEER_USER_SPACE_ID].IsNumberInteger() ||
715 !jsonData[TAG_TOKEN_ID].IsNumberInteger()) {
716 LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange failed, decode MSG_TYPE_RESP_CREDENTIAL_EXCHANGE "
717 "message error.");
718 return ERR_DM_FAILED;
719 }
720 context->accessee.transmitPublicKey = jsonData[TAG_TRANSMIT_PUBLIC_KEY].Get<std::string>();
721 context->accessee.deviceId = jsonData[TAG_DEVICE_ID].Get<std::string>();
722 context->accessee.userId = jsonData[TAG_PEER_USER_SPACE_ID].Get<int32_t>();
723 context->accessee.tokenId = jsonData[TAG_TOKEN_ID].Get<int64_t>();
724 ParseProxyCredExchangeToSync(context, jsonData);
725 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcCredentialAuthStartState>());
726 return DM_OK;
727 }
728
729 // parse 141
ParseMessageReqSKDerive(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)730 int32_t DmAuthMessageProcessor::ParseMessageReqSKDerive(const JsonObject &jsonObject,
731 std::shared_ptr<DmAuthContext> context)
732 {
733 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
734 CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL);
735 if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) {
736 LOGE("DecodeRequestAuth jsonStr error");
737 return ERR_DM_FAILED;
738 }
739 std::string plainText;
740 if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get<std::string>(), plainText) != DM_OK) {
741 LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, decrypt data failed.");
742 return ERR_DM_FAILED;
743 }
744 JsonObject jsonData(plainText);
745 // First authentication, parse lnn public key
746 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
747 if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) {
748 LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive() error, first auth, no lnnPublicKey.");
749 return ERR_DM_FAILED;
750 }
751 context->accesser.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get<std::string>();
752 }
753 if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) {
754 LOGE("DmAuthMessageProcessor::ParseMessageReqSKDerive, MSG_TYPE_REQ_SK_DERIVE message error.");
755 return ERR_DM_FAILED;
756 }
757 context->accesser.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get<std::string>();
758 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkSKDeriveState>());
759 return DM_OK;
760 }
761
762 // parse 151
ParseMessageRspSKDerive(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)763 int32_t DmAuthMessageProcessor::ParseMessageRspSKDerive(const JsonObject &jsonObject,
764 std::shared_ptr<DmAuthContext> context)
765 {
766 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
767 CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL);
768 if (jsonObject.IsDiscarded() || !jsonObject[TAG_DATA].IsString()) {
769 LOGE("DecodeRequestAuth jsonStr error");
770 return ERR_DM_FAILED;
771 }
772 std::string plainText;
773 if (cryptoMgr_->DecryptMessage(jsonObject[TAG_DATA].Get<std::string>(), plainText) != DM_OK) {
774 LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, decrypt data failed.");
775 return ERR_DM_FAILED;
776 }
777 JsonObject jsonData(plainText);
778 // First authentication, parse lnn public key
779 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
780 if (!jsonData[TAG_LNN_CREDENTIAL_ID].IsString()) {
781 LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive() error, first auth, no lnnPublicKey.");
782 return ERR_DM_FAILED;
783 }
784 context->accessee.lnnCredentialId = jsonData[TAG_LNN_CREDENTIAL_ID].Get<std::string>();
785 }
786 if (!jsonData[TAG_TRANSMIT_CREDENTIAL_ID].IsString()) {
787 LOGE("DmAuthMessageProcessor::ParseMessageRspSKDerive, MSG_TYPE_RESP_SK_DERIVE message error.");
788 return ERR_DM_FAILED;
789 }
790 context->accessee.transmitCredentialId = jsonData[TAG_TRANSMIT_CREDENTIAL_ID].Get<std::string>();
791 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcSKDeriveState>());
792 return DM_OK;
793 }
794
ParseProxyCredExchangeToSync(std::shared_ptr<DmAuthContext> & context,JsonObject & jsonObject)795 int32_t DmAuthMessageProcessor::ParseProxyCredExchangeToSync(std::shared_ptr<DmAuthContext> &context,
796 JsonObject &jsonObject)
797 {
798 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
799 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
800 return DM_OK;
801 }
802 if (!IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
803 LOGE("no subjectProxyOnes");
804 return ERR_DM_FAILED;
805 }
806 std::string subjectProxyOnesStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
807 JsonObject allProxyObj;
808 allProxyObj.Parse(subjectProxyOnesStr);
809 for (auto const &item : allProxyObj.Items()) {
810 if (!IsString(item, TAG_PROXY_CONTEXT_ID)) {
811 continue;
812 }
813 DmProxyAuthContext proxyAuthContext;
814 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
815 auto it = std::find(context->subjectProxyOnes.begin(), context->subjectProxyOnes.end(), proxyAuthContext);
816 if (it != context->subjectProxyOnes.end()) {
817 if (!IsInt64(item, TAG_TOKEN_ID)) {
818 LOGE("no tokenId");
819 return ERR_DM_FAILED;
820 }
821 DmProxyAccess &access = (context->direction == DM_AUTH_SOURCE) ? it->proxyAccessee : it->proxyAccesser;
822 access.tokenId = item[TAG_TOKEN_ID].Get<int64_t>();
823 }
824 }
825 return DM_OK;
826 }
827
CreateMessage(DmMessageType msgType,std::shared_ptr<DmAuthContext> context)828 std::string DmAuthMessageProcessor::CreateMessage(DmMessageType msgType, std::shared_ptr<DmAuthContext> context)
829 {
830 LOGI("DmAuthMessageProcessor::CreateMessage start. msgType is %{public}d", msgType);
831 JsonObject jsonObj;
832 jsonObj[TAG_MSG_TYPE] = msgType;
833 jsonObj[DM_TAG_LOGICAL_SESSION_ID] = context->logicalSessionId;
834 auto itr = createMessageFuncMap_.find(msgType);
835 if (itr == createMessageFuncMap_.end()) {
836 LOGE("DmAuthMessageProcessor::CreateMessage msgType %{public}d error.", msgType);
837 return "";
838 }
839 int32_t ret = (this->*(itr->second))(context, jsonObj);
840 LOGI("start. message is %{public}s", GetAnonyJsonString(jsonObj.Dump()).c_str());
841 return (ret == DM_OK) ? jsonObj.Dump() : "";
842 }
843
CreateCredentialNegotiateMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)844 int32_t DmAuthMessageProcessor::CreateCredentialNegotiateMessage(std::shared_ptr<DmAuthContext> context,
845 JsonObject &jsonObject)
846 {
847 std::string encryptMsg;
848 jsonObject[TAG_DATA] = context->transmitData;
849 return DM_OK;
850 }
851
CreateNegotiateOldMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)852 int32_t DmAuthMessageProcessor::CreateNegotiateOldMessage(std::shared_ptr<DmAuthContext> context,
853 JsonObject &jsonObject)
854 {
855 jsonObject[TAG_CRYPTO_SUPPORT] = false;
856 jsonObject[TAG_AUTH_TYPE] = context->authType;
857 jsonObject[TAG_REPLY] = context->reply;
858 jsonObject[TAG_LOCAL_DEVICE_ID] = context->accesser.deviceId;
859 jsonObject[TAG_ACCOUNT_GROUPID] = context->accesser.accountGroupIdHash;
860
861 jsonObject[TAG_BIND_LEVEL] = context->accesser.oldBindLevel; // compatible issue
862 jsonObject[TAG_LOCAL_ACCOUNTID] = context->accesser.accountId;
863 jsonObject[TAG_LOCAL_USERID] = context->accesser.userId;
864 jsonObject[TAG_ISONLINE] = false;
865 jsonObject[TAG_AUTHED] = false;
866 jsonObject[TAG_HOST] = context->pkgName;
867 jsonObject[TAG_TOKENID] = context->accesser.tokenId;
868 jsonObject[TAG_IDENTICAL_ACCOUNT] = false;
869 jsonObject[TAG_HAVE_CREDENTIAL] = false;
870 jsonObject[TAG_REMOTE_DEVICE_NAME] = context->accesser.deviceName;
871
872 return DM_OK;
873 }
874
875 // Create 80 message.
CreateNegotiateMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)876 int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptr<DmAuthContext> context, JsonObject &jsonObject)
877 {
878 // create old message for compatible in import auth code
879 if (context->authType == DmAuthType::AUTH_TYPE_IMPORT_AUTH_CODE) {
880 CreateNegotiateOldMessage(context, jsonObject);
881 }
882 jsonObject[TAG_DMVERSION] = "";
883 jsonObject[TAG_EDITION] = DM_VERSION_5_0_5;
884 jsonObject[TAG_BUNDLE_NAME] = context->accesser.bundleName;
885 jsonObject[TAG_PEER_BUNDLE_NAME] = context->accessee.oldBundleName;
886
887 jsonObject[TAG_PKG_NAME] = context->pkgName;
888
889 jsonObject[TAG_DM_VERSION_V2] = context->accesser.dmVersion;
890 jsonObject[TAG_USER_ID] = context->accesser.userId;
891 jsonObject[TAG_DEVICE_NAME] = context->accesser.deviceName;
892 jsonObject[TAG_DEVICE_ID_HASH] = context->accesser.deviceIdHash;
893 jsonObject[TAG_ACCOUNT_ID_HASH] = context->accesser.accountIdHash;
894 jsonObject[TAG_TOKEN_ID_HASH] = context->accesser.tokenIdHash;
895 jsonObject[TAG_BUNDLE_NAME_V2] = context->accesser.bundleName;
896 jsonObject[TAG_EXTRA_INFO] = context->accesser.extraInfo;
897
898 jsonObject[TAG_PEER_BUNDLE_NAME_V2] = context->accessee.bundleName;
899 jsonObject[TAG_ULTRASONIC_SIDE] = static_cast<int32_t>(context->ultrasonicInfo);
900 jsonObject[TAG_PEER_DISPLAY_ID] = context->accessee.displayId;
901 jsonObject[TAG_PEER_PKG_NAME] = context->accessee.pkgName;
902 jsonObject[TAG_HOST_PKGLABEL] = context->pkgLabel;
903
904 if (!context->businessId.empty()) {
905 jsonObject[DM_BUSINESS_ID] = context->businessId;
906 }
907 CreateProxyNegotiateMessage(context, jsonObject);
908 return DM_OK;
909 }
910
CreateProxyNegotiateMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)911 int32_t DmAuthMessageProcessor::CreateProxyNegotiateMessage(std::shared_ptr<DmAuthContext> context,
912 JsonObject &jsonObject)
913 {
914 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
915 jsonObject[PARAM_KEY_IS_PROXY_BIND] = context->IsProxyBind;
916 jsonObject[PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT] = context->IsCallingProxyAsSubject;
917 if (context != nullptr && context->IsProxyBind && !context->subjectProxyOnes.empty()) {
918 jsonObject[TAG_AUTH_TYPE] = context->authType;
919 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
920 for (const auto &app : context->subjectProxyOnes) {
921 JsonObject object;
922 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
923 object[TAG_HOST_PKGLABEL] = app.pkgLabel;
924 object[TAG_BUNDLE_NAME] = app.proxyAccesser.bundleName;
925 object[TAG_PEER_BUNDLE_NAME] = app.proxyAccessee.bundleName;
926 object[TAG_TOKEN_ID_HASH] = app.proxyAccesser.tokenIdHash;
927 allProxyObj.PushBack(object);
928 }
929 jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
930 }
931 return DM_OK;
932 }
933
934 // Create 90 message.
CreateRespNegotiateMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)935 int32_t DmAuthMessageProcessor::CreateRespNegotiateMessage(std::shared_ptr<DmAuthContext> context,
936 JsonObject &jsonObject)
937 {
938 jsonObject[TAG_DEVICE_VERSION] = context->accessee.dmVersion;
939 jsonObject[TAG_DEVICE_NAME] = context->accessee.deviceName;
940
941 jsonObject[TAG_DEVICE_ID_HASH] = context->accessee.deviceIdHash;
942 jsonObject[TAG_ACCOUNT_ID_HASH] = context->accessee.accountIdHash;
943 jsonObject[TAG_TOKEN_ID_HASH] = context->accessee.tokenIdHash;
944 jsonObject[TAG_USER_ID] = context->accessee.userId;
945 jsonObject[TAG_ACL_TYPE_LIST] = context->accessee.aclTypeList;
946 jsonObject[TAG_CERT_TYPE_LIST] = context->accessee.credTypeList;
947 jsonObject[TAG_LANGUAGE] = context->accessee.language;
948 jsonObject[TAG_EXTRA_INFO] = context->accessee.extraInfo;
949 jsonObject[TAG_NETWORKID_ID] = context->accessee.networkId;
950 jsonObject[TAG_CERT_RANDOM] = context->accessee.certRandom;
951
952 jsonObject[TAG_IS_ONLINE] = context->accesser.isOnline;
953 CreateProxyRespNegotiateMessage(context, jsonObject);
954 return DM_OK;
955 }
956
CreateProxyRespNegotiateMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)957 int32_t DmAuthMessageProcessor::CreateProxyRespNegotiateMessage(std::shared_ptr<DmAuthContext> context,
958 JsonObject &jsonObject)
959 {
960 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
961 jsonObject[PARAM_KEY_IS_PROXY_BIND] = context->IsProxyBind;
962 if (context->IsProxyBind && !context->subjectProxyOnes.empty()) {
963 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
964 for (const auto &app : context->subjectProxyOnes) {
965 JsonObject object;
966 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
967 object[TAG_TOKEN_ID_HASH] = app.proxyAccessee.tokenIdHash;
968 object[TAG_ACL_TYPE_LIST] = app.proxyAccessee.aclTypeList;
969 object[TAG_CERT_TYPE_LIST] = app.proxyAccessee.credTypeList;
970 allProxyObj.PushBack(object);
971 }
972 jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
973 }
974 return DM_OK;
975 }
976
977 // Create 140 message.
CreateMessageReqCredExchange(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)978 int32_t DmAuthMessageProcessor::CreateMessageReqCredExchange(std::shared_ptr<DmAuthContext> context,
979 JsonObject &jsonObject)
980 {
981 JsonObject jsonData;
982 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
983 jsonData[TAG_LNN_PUBLIC_KEY] = context->accesser.lnnPublicKey;
984 }
985 jsonData[TAG_TRANSMIT_PUBLIC_KEY] = context->accesser.transmitPublicKey;
986 jsonData[TAG_DEVICE_ID] = context->accesser.deviceId;
987 jsonData[TAG_PEER_USER_SPACE_ID] = context->accesser.userId;
988 jsonData[TAG_TOKEN_ID] = context->accesser.tokenId;
989 CreateProxyCredExchangeMessage(context, jsonData);
990 std::string plainText = jsonData.Dump();
991 std::string cipherText;
992 int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText);
993 if (ret != DM_OK) {
994 LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed.");
995 return ret;
996 }
997 jsonObject[TAG_DATA] = cipherText;
998 return ret;
999 }
1000
1001 // Create 150 message.
CreateMessageRspCredExchange(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1002 int32_t DmAuthMessageProcessor::CreateMessageRspCredExchange(std::shared_ptr<DmAuthContext> context,
1003 JsonObject &jsonObject)
1004 {
1005 LOGI("DmAuthMessageProcessor::CreateMessageRspCredExchange start.");
1006 JsonObject jsonData;
1007 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
1008 jsonData[TAG_LNN_PUBLIC_KEY] = context->accessee.lnnPublicKey;
1009 }
1010 jsonData[TAG_TRANSMIT_PUBLIC_KEY] = context->accessee.transmitPublicKey;
1011 jsonData[TAG_DEVICE_ID] = context->accessee.deviceId;
1012 jsonData[TAG_PEER_USER_SPACE_ID] = context->accessee.userId;
1013 jsonData[TAG_TOKEN_ID] = context->accessee.tokenId;
1014 CreateProxyCredExchangeMessage(context, jsonData);
1015 std::string plainText = jsonData.Dump();
1016 std::string cipherText;
1017 LOGI("plainText=%{public}s", GetAnonyJsonString(plainText).c_str());
1018 int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText);
1019 if (ret != DM_OK) {
1020 LOGI("DmAuthMessageProcessor::CreateMessageRspCredExchange encryptMessage failed.");
1021 return ret;
1022 }
1023 jsonObject[TAG_DATA] = cipherText;
1024 return ret;
1025 }
1026
CreateProxyCredExchangeMessage(std::shared_ptr<DmAuthContext> & context,JsonObject & jsonData)1027 int32_t DmAuthMessageProcessor::CreateProxyCredExchangeMessage(std::shared_ptr<DmAuthContext> &context,
1028 JsonObject &jsonData)
1029 {
1030 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1031 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
1032 return DM_OK;
1033 }
1034 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
1035 for (const auto &app : context->subjectProxyOnes) {
1036 const DmProxyAccess &access = (context->direction == DM_AUTH_SOURCE) ? app.proxyAccesser : app.proxyAccessee;
1037 JsonObject object;
1038 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
1039 object[TAG_TOKEN_ID] = access.tokenId;
1040 allProxyObj.PushBack(object);
1041 }
1042 jsonData[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
1043 return DM_OK;
1044 }
1045
1046 //LCOV_EXCL_START
1047 // Create 141 message.
CreateMessageReqSKDerive(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1048 int32_t DmAuthMessageProcessor::CreateMessageReqSKDerive(std::shared_ptr<DmAuthContext> context,
1049 JsonObject &jsonObject)
1050 {
1051 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1052 CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL);
1053 JsonObject jsonData;
1054 jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accesser.transmitCredentialId;
1055 // First certification
1056 if (context->accesser.isGenerateLnnCredential && context->accesser.bindLevel != static_cast<int32_t>(USER)) {
1057 jsonData[TAG_LNN_CREDENTIAL_ID] = context->accesser.lnnCredentialId;
1058 }
1059 std::string plainText = jsonData.Dump();
1060 std::string cipherText;
1061 int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText);
1062 if (ret != DM_OK) {
1063 LOGE("DmAuthMessageProcessor::CreateMessageReqSKDerive encryptMessage failed.");
1064 return ret;
1065 }
1066 jsonObject[TAG_DATA] = cipherText;
1067 return ret;
1068 }
1069
1070 // Create 151 message.
CreateMessageRspSKDerive(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1071 int32_t DmAuthMessageProcessor::CreateMessageRspSKDerive(std::shared_ptr<DmAuthContext> context,
1072 JsonObject &jsonObject)
1073 {
1074 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1075 CHECK_NULL_RETURN(cryptoMgr_, ERR_DM_POINT_NULL);
1076 JsonObject jsonData;
1077 jsonData[TAG_TRANSMIT_CREDENTIAL_ID] = context->accessee.transmitCredentialId;
1078 // First certification
1079 if (context->accessee.isGenerateLnnCredential && context->accessee.bindLevel != static_cast<int32_t>(USER)) {
1080 jsonData[TAG_LNN_CREDENTIAL_ID] = context->accessee.lnnCredentialId;
1081 }
1082 std::string plainText = jsonData.Dump();
1083 std::string cipherText;
1084 int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText);
1085 if (ret != DM_OK) {
1086 LOGE("DmAuthMessageProcessor::CreateMessageRspSKDerive encryptMessage failed.");
1087 return ret;
1088 }
1089 jsonObject[TAG_DATA] = cipherText;
1090 return ret;
1091 }
1092 //LCOV_EXCL_STOP
1093
1094 // Create 160 message.
CreateMessageReqCredAuthStart(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1095 int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr<DmAuthContext> context,
1096 JsonObject &jsonObject)
1097 {
1098 std::string onTransmitData;
1099
1100 JsonObject jsonData;
1101 jsonObject[TAG_DATA] = context->transmitData;
1102 return DM_OK;
1103 }
1104
1105 // Create 190 message.
CreateMessageSyncResp(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1106 int32_t DmAuthMessageProcessor::CreateMessageSyncResp(std::shared_ptr<DmAuthContext> context,
1107 JsonObject &jsonObject)
1108 {
1109 DmAccess access;
1110 if (context->direction == DM_AUTH_SINK) {
1111 access = context->accessee;
1112 } else {
1113 access = context->accesser;
1114 }
1115
1116 std::string encSyncMsg;
1117 int32_t ret = EncryptSyncMessage(context, access, encSyncMsg);
1118 if (ret != DM_OK) {
1119 LOGE("DmAuthMessageProcessor::CreateMessageSyncResp encrypt failed");
1120 return ret;
1121 }
1122 jsonObject[TAG_SYNC] = encSyncMsg;
1123 return ret;
1124 }
1125
1126 // Create 200 message.
CreateMessageFinish(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)1127 int32_t DmAuthMessageProcessor::CreateMessageFinish(std::shared_ptr<DmAuthContext> context,
1128 JsonObject &jsonObject)
1129 {
1130 jsonObject[TAG_REPLY] = context->reply;
1131 jsonObject[TAG_REASON] = context->reason;
1132 jsonObject[TAG_REMAINING_FROZEN_TIME] = context->remainingFrozenTime;
1133 return DM_OK;
1134 }
1135
CheckAccessValidityAndAssign(std::shared_ptr<DmAuthContext> & context,DmAccess & access,DmAccess & accessTmp)1136 bool DmAuthMessageProcessor::CheckAccessValidityAndAssign(std::shared_ptr<DmAuthContext> &context, DmAccess &access,
1137 DmAccess &accessTmp)
1138 {
1139 const DmAccess &selfAccess = (context->direction == DM_AUTH_SOURCE) ? context->accesser : context->accessee;
1140
1141 bool isSame = accessTmp.dmVersion == access.dmVersion &&
1142 accessTmp.deviceName == access.deviceName &&
1143 Crypto::GetUdidHash(accessTmp.deviceId) == access.deviceIdHash &&
1144 accessTmp.userId == access.userId &&
1145 Crypto::GetAccountIdHash16(accessTmp.accountId) == access.accountIdHash &&
1146 Crypto::GetTokenIdHash(std::to_string(accessTmp.tokenId)) == access.tokenIdHash &&
1147 accessTmp.bundleName == access.bundleName &&
1148 accessTmp.pkgName == access.pkgName &&
1149 accessTmp.bindLevel == selfAccess.bindLevel;
1150 if (isSame) {
1151 access.transmitSessionKeyId = accessTmp.transmitSessionKeyId;
1152 access.transmitSkTimeStamp = accessTmp.transmitSkTimeStamp;
1153 access.transmitCredentialId = accessTmp.transmitCredentialId;
1154 access.lnnSessionKeyId = accessTmp.lnnSessionKeyId;
1155 access.lnnSkTimeStamp = accessTmp.lnnSkTimeStamp;
1156 access.lnnCredentialId = accessTmp.lnnCredentialId;
1157 access.tokenId = accessTmp.tokenId;
1158 }
1159 return isSame;
1160 }
1161
ParseSyncMessage(std::shared_ptr<DmAuthContext> & context,DmAccess & access,JsonObject & jsonObject)1162 int32_t DmAuthMessageProcessor::ParseSyncMessage(std::shared_ptr<DmAuthContext> &context,
1163 DmAccess &access, JsonObject &jsonObject)
1164 {
1165 DmAccess accessTmp;
1166 if (ParseInfoToDmAccess(jsonObject, accessTmp) != DM_OK) {
1167 LOGE("Parse DataSync prarm err");
1168 return ERR_DM_FAILED;
1169 }
1170
1171 if (!IsString(jsonObject, TAG_ACCESS)) {
1172 LOGE("ParseSyncMessage TAG_ACCESS error");
1173 return ERR_DM_FAILED;
1174 }
1175 std::string srcAccessStr = jsonObject[TAG_ACCESS].Get<std::string>();
1176 // Parse into access
1177 ParseDmAccessToSync(srcAccessStr, accessTmp, false);
1178 // check access validity
1179 if (ParseProxyAccessToSync(context, jsonObject) != DM_OK) {
1180 LOGE("ParseProxyAccessToSync error, stop auth.");
1181 return ERR_DM_FAILED;
1182 }
1183 if (!CheckAccessValidityAndAssign(context, access, accessTmp)) {
1184 LOGE("ParseSyncMessage CheckAccessValidityAndAssign error, data between two stages different, stop auth.");
1185 return ERR_DM_FAILED;
1186 }
1187 ParseDmAccessToSync(srcAccessStr, access, true);
1188 if (!IsString(jsonObject, TAG_ACL_CHECKSUM)) { // Re-parse the acl
1189 LOGE("ParseSyncMessage TAG_ACL_CHECKSUM error");
1190 return ERR_DM_FAILED;
1191 }
1192 access.aclStrList = jsonObject[TAG_ACL_CHECKSUM].Get<std::string>();
1193 if (context->direction == DmAuthDirection::DM_AUTH_SOURCE) {
1194 LOGI("Source parse sink user confirm opt");
1195 int32_t userConfirmOpt = static_cast<int32_t>(USER_OPERATION_TYPE_CANCEL_AUTH);
1196 if (IsInt32(jsonObject, TAG_USER_CONFIRM_OPT)) {
1197 userConfirmOpt = jsonObject[TAG_USER_CONFIRM_OPT].Get<int32_t>();
1198 }
1199 if (userConfirmOpt == static_cast<int32_t>(USER_OPERATION_TYPE_ALLOW_AUTH) ||
1200 userConfirmOpt == static_cast<int32_t>(USER_OPERATION_TYPE_ALLOW_AUTH_ALWAYS)) {
1201 context->confirmOperation = static_cast<UiAction>(userConfirmOpt);
1202 }
1203 }
1204 ParseCert(jsonObject, context);
1205 return DM_OK;
1206 }
1207
ParseProxyAccessToSync(std::shared_ptr<DmAuthContext> & context,JsonObject & jsonObject)1208 int32_t DmAuthMessageProcessor::ParseProxyAccessToSync(std::shared_ptr<DmAuthContext> &context,
1209 JsonObject &jsonObject)
1210 {
1211 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1212 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
1213 return DM_OK;
1214 }
1215 if (!IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
1216 LOGE("no subjectProxyOnes");
1217 return ERR_DM_FAILED;
1218 }
1219 std::string subjectProxyOnesStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
1220 JsonObject allProxyObj;
1221 allProxyObj.Parse(subjectProxyOnesStr);
1222 for (auto const &item : allProxyObj.Items()) {
1223 if (!IsString(item, TAG_PROXY_CONTEXT_ID)) {
1224 LOGE("no proxyContextId");
1225 return ERR_DM_FAILED;
1226 }
1227 DmProxyAuthContext proxyAuthContext;
1228 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
1229 auto it = std::find(context->subjectProxyOnes.begin(), context->subjectProxyOnes.end(), proxyAuthContext);
1230 if (it != context->subjectProxyOnes.end()) {
1231 if (!IsInt64(item, TAG_TOKEN_ID) || !IsString(item, TAG_TRANSMIT_SK_ID) ||
1232 !IsInt32(item, TAG_BIND_LEVEL) || !IsInt64(item, TAG_TRANSMIT_SK_TIMESTAMP) ||
1233 !IsString(item, TAG_TRANSMIT_CREDENTIAL_ID)) {
1234 LOGE("proxyContext format error");
1235 return ERR_DM_FAILED;
1236 }
1237
1238 DmProxyAccess &access = (context->direction == DM_AUTH_SOURCE) ? it->proxyAccessee : it->proxyAccesser;
1239 DmProxyAccess &selfAccess = (context->direction == DM_AUTH_SOURCE) ? it->proxyAccesser : it->proxyAccessee;
1240 if (Crypto::GetTokenIdHash(std::to_string(item[TAG_TOKEN_ID].Get<int64_t>())) == access.tokenIdHash &&
1241 item[TAG_BIND_LEVEL].Get<int32_t>() == selfAccess.bindLevel) {
1242 access.tokenId = item[TAG_TOKEN_ID].Get<int64_t>();
1243 access.bindLevel = item[TAG_BIND_LEVEL].Get<int32_t>();
1244 access.transmitSessionKeyId = std::atoi(item[TAG_TRANSMIT_SK_ID].Get<std::string>().c_str());
1245 access.skTimeStamp = item[TAG_TRANSMIT_SK_TIMESTAMP].Get<int64_t>();
1246 access.transmitCredentialId = item[TAG_TRANSMIT_CREDENTIAL_ID].Get<std::string>();
1247 } else {
1248 LOGE("tokenId or bindLevel invaild");
1249 return ERR_DM_FAILED;
1250 }
1251 } else {
1252 LOGE("proxyContextId not exist");
1253 return ERR_DM_FAILED;
1254 }
1255 }
1256 return DM_OK;
1257 }
1258
DecryptSyncMessage(std::shared_ptr<DmAuthContext> & context,DmAccess & access,std::string & enSyncMsg)1259 int32_t DmAuthMessageProcessor::DecryptSyncMessage(std::shared_ptr<DmAuthContext> &context,
1260 DmAccess &access, std::string &enSyncMsg)
1261 {
1262 std::string syncMsgCompress = "";
1263 int32_t ret = cryptoMgr_->DecryptMessage(enSyncMsg, syncMsgCompress);
1264 if (ret != DM_OK) {
1265 LOGE("syncMsg error");
1266 return ret;
1267 }
1268 JsonObject plainJson(syncMsgCompress);
1269 if (plainJson.IsDiscarded()) {
1270 LOGE("plainJson error");
1271 return ERR_DM_FAILED;
1272 }
1273 if (!plainJson[TAG_COMPRESS_ORI_LEN].IsNumberInteger()) {
1274 LOGE("TAG_COMPRESS_ORI_LEN json error");
1275 return ERR_DM_FAILED;
1276 }
1277 int32_t dataLen = plainJson[TAG_COMPRESS_ORI_LEN].Get<int32_t>();
1278 if (!plainJson[TAG_COMPRESS].IsString()) {
1279 LOGE("TAG_COMPRESS_ORI_LEN json error");
1280 return ERR_DM_FAILED;
1281 }
1282 std::string compressMsg = plainJson[TAG_COMPRESS].Get<std::string>();
1283 std::string compressBase64 = Base64Decode(compressMsg);
1284 std::string syncMsg = DecompressSyncMsg(compressBase64, dataLen);
1285 JsonObject jsonObject(syncMsg);
1286 if (jsonObject.IsDiscarded()) {
1287 LOGE("jsonStr error");
1288 return ERR_DM_FAILED;
1289 }
1290
1291 ret = ParseSyncMessage(context, access, jsonObject);
1292 if (ret != DM_OK) {
1293 LOGE("ParseSyncMessage jsonStr error");
1294 return ret;
1295 }
1296 return DM_OK;
1297 }
1298
1299 // Parse 180 message, save remote encrypted quadruple, acl, sp skid
ParseMessageSyncReq(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1300 int32_t DmAuthMessageProcessor::ParseMessageSyncReq(const JsonObject &jsonObject,
1301 std::shared_ptr<DmAuthContext> context)
1302 {
1303 if (!jsonObject[TAG_SYNC].IsString()) {
1304 LOGE("ParseMessageSyncReq json error");
1305 return ERR_DM_FAILED;
1306 }
1307 std::string enSyncMsg = jsonObject[TAG_SYNC].Get<std::string>();
1308 // Decrypt data and parse data into context
1309 int32_t ret = DecryptSyncMessage(context, context->accesser, enSyncMsg);
1310 if (ret != DM_OK) {
1311 LOGE("DecryptSyncMessage enSyncMsg error");
1312 return ret;
1313 }
1314 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkDataSyncState>());
1315 return DM_OK;
1316 }
1317
1318 // Parse 190 message save the remote encrypted quadruple, acl sp skid
ParseMessageSyncResp(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1319 int32_t DmAuthMessageProcessor::ParseMessageSyncResp(const JsonObject &jsonObject,
1320 std::shared_ptr<DmAuthContext> context)
1321 {
1322 if (!jsonObject[TAG_SYNC].IsString()) {
1323 LOGE("ParseMessageSyncResp json error");
1324 return ERR_DM_FAILED;
1325 }
1326 std::string enSyncMsg = jsonObject[TAG_SYNC].Get<std::string>();
1327 // Decrypt data and parse data into context
1328 int32_t ret = DecryptSyncMessage(context, context->accessee, enSyncMsg);
1329 if (ret != DM_OK) {
1330 LOGE("DecryptSyncMessage enSyncMsg error");
1331 return ret;
1332 }
1333 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcDataSyncState>());
1334 return DM_OK;
1335 }
1336
1337 // Parse 200 message
ParseMessageSinkFinish(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1338 int32_t DmAuthMessageProcessor::ParseMessageSinkFinish(const JsonObject &jsonObject,
1339 std::shared_ptr<DmAuthContext> context)
1340 {
1341 if (jsonObject[TAG_REPLY].IsNumberInteger()) {
1342 context->reply = jsonObject[TAG_REPLY].Get<int32_t>();
1343 }
1344 if (jsonObject[TAG_REASON].IsNumberInteger()) {
1345 context->reason = jsonObject[TAG_REASON].Get<int32_t>();
1346 }
1347
1348 /* In case of an exception, there may be a state waiting for an event.
1349 In the normal process, no state is waiting for events. */
1350 if (context->reason != DM_OK) {
1351 context->authStateMachine->NotifyEventFinish(DmEventType::ON_FAIL);
1352 }
1353 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkFinishState>());
1354 return DM_OK;
1355 }
1356
1357 // Parse 201 message
ParseMessageSrcFinish(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1358 int32_t DmAuthMessageProcessor::ParseMessageSrcFinish(const JsonObject &jsonObject,
1359 std::shared_ptr<DmAuthContext> context)
1360 {
1361 if (IsInt32(jsonObject, TAG_REPLY)) {
1362 context->reply = jsonObject[TAG_REPLY].Get<int32_t>();
1363 }
1364 if (IsInt32(jsonObject, TAG_REASON)) {
1365 context->reason = jsonObject[TAG_REASON].Get<int32_t>();
1366 }
1367 if (IsInt64(jsonObject, TAG_REMAINING_FROZEN_TIME)) {
1368 context->remainingFrozenTime = jsonObject[TAG_REMAINING_FROZEN_TIME].Get<int64_t>();
1369 }
1370
1371 /* In case of an exception, there may be a state waiting for an event.
1372 In the normal process, no state is waiting for events. */
1373 if (context->reason != DM_OK) {
1374 context->authStateMachine->NotifyEventFinish(DmEventType::ON_FAIL);
1375 }
1376 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcFinishState>());
1377 return DM_OK;
1378 }
1379
CheckLogicalSessionId(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1380 int32_t DmAuthMessageProcessor::CheckLogicalSessionId(const JsonObject &jsonObject,
1381 std::shared_ptr<DmAuthContext> context)
1382 {
1383 if (jsonObject[DM_TAG_LOGICAL_SESSION_ID].IsNumberInteger()) {
1384 if (context->logicalSessionId != 0 &&
1385 jsonObject[DM_TAG_LOGICAL_SESSION_ID].Get<uint64_t>() != context->logicalSessionId) {
1386 return ERR_DM_PARSE_MESSAGE_FAILED;
1387 }
1388 }
1389 return DM_OK;
1390 }
1391
ParseNegotiateMessage(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1392 int32_t DmAuthMessageProcessor::ParseNegotiateMessage(
1393 const JsonObject &jsonObject, std::shared_ptr<DmAuthContext> context)
1394 {
1395 if (jsonObject[DM_TAG_LOGICAL_SESSION_ID].IsNumberInteger()) {
1396 context->logicalSessionId = jsonObject[DM_TAG_LOGICAL_SESSION_ID].Get<uint64_t>();
1397 context->requestId = static_cast<int64_t>(context->logicalSessionId);
1398 }
1399 if (IsString(jsonObject, TAG_PEER_BUNDLE_NAME_V2)) {
1400 context->accessee.bundleName = jsonObject[TAG_PEER_BUNDLE_NAME_V2].Get<std::string>();
1401 }
1402 if (IsInt32(jsonObject, TAG_PEER_DISPLAY_ID)) {
1403 context->accessee.displayId = jsonObject[TAG_PEER_DISPLAY_ID].Get<int32_t>();
1404 }
1405 if (IsString(jsonObject, TAG_HOST_PKGLABEL)) {
1406 context->pkgLabel = jsonObject[TAG_HOST_PKGLABEL].Get<std::string>();
1407 }
1408 if (IsString(jsonObject, DM_BUSINESS_ID)) {
1409 context->businessId = jsonObject[DM_BUSINESS_ID].Get<std::string>();
1410 }
1411 ParseAccesserInfo(jsonObject, context);
1412 ParseUltrasonicSide(jsonObject, context);
1413 ParseProxyNegotiateMessage(jsonObject, context);
1414 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkNegotiateStateMachine>());
1415 return DM_OK;
1416 }
1417
ParseAccesserInfo(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1418 void DmAuthMessageProcessor::ParseAccesserInfo(const JsonObject &jsonObject,
1419 std::shared_ptr<DmAuthContext> context)
1420 {
1421 if (jsonObject[TAG_PKG_NAME].IsString()) {
1422 context->pkgName = jsonObject[TAG_PKG_NAME].Get<std::string>();
1423 context->accesser.pkgName = context->pkgName;
1424 context->accessee.pkgName = context->accesser.pkgName;
1425 }
1426 if (jsonObject[TAG_PEER_PKG_NAME].IsString()) {
1427 context->accessee.pkgName = jsonObject[TAG_PEER_PKG_NAME].Get<std::string>();
1428 }
1429 if (jsonObject[TAG_DM_VERSION_V2].IsString()) {
1430 context->accesser.dmVersion = jsonObject[TAG_DM_VERSION_V2].Get<std::string>();
1431 }
1432 if (jsonObject[TAG_USER_ID].IsNumberInteger()) {
1433 context->accesser.userId = jsonObject[TAG_USER_ID].Get<int32_t>();
1434 }
1435 if (jsonObject[TAG_DEVICE_ID_HASH].IsString()) {
1436 context->accesser.deviceIdHash = jsonObject[TAG_DEVICE_ID_HASH].Get<std::string>();
1437 }
1438 if (jsonObject[TAG_ACCOUNT_ID_HASH].IsString()) {
1439 context->accesser.accountIdHash = jsonObject[TAG_ACCOUNT_ID_HASH].Get<std::string>();
1440 }
1441 if (jsonObject[TAG_TOKEN_ID_HASH].IsString()) {
1442 context->accesser.tokenIdHash = jsonObject[TAG_TOKEN_ID_HASH].Get<std::string>();
1443 }
1444 if (jsonObject[TAG_BUNDLE_NAME_V2].IsString()) {
1445 context->accesser.bundleName = jsonObject[TAG_BUNDLE_NAME_V2].Get<std::string>();
1446 }
1447 if (jsonObject[TAG_EXTRA_INFO].IsString()) {
1448 context->accesser.extraInfo = jsonObject[TAG_EXTRA_INFO].Get<std::string>();
1449 }
1450 }
1451
ParseCert(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1452 void DmAuthMessageProcessor::ParseCert(const JsonObject &jsonObject,
1453 std::shared_ptr<DmAuthContext> context)
1454 {
1455 if (jsonObject[TAG_DM_CERT_CHAIN].IsString()) {
1456 context->accesser.cert = jsonObject[TAG_DM_CERT_CHAIN].Get<std::string>();
1457 }
1458 if (jsonObject[TAG_IS_COMMON_FLAG].IsBoolean()) {
1459 context->accesser.isCommonFlag = jsonObject[TAG_IS_COMMON_FLAG].Get<bool>();
1460 }
1461 }
1462
ParseProxyNegotiateMessage(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1463 int32_t DmAuthMessageProcessor::ParseProxyNegotiateMessage(
1464 const JsonObject &jsonObject, std::shared_ptr<DmAuthContext> context)
1465 {
1466 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1467 context->IsProxyBind = false;
1468 //accesser dmVersion greater than DM_VERSION_5_1_1
1469 if (CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_1) && IsBool(jsonObject, PARAM_KEY_IS_PROXY_BIND)) {
1470 context->IsProxyBind = jsonObject[PARAM_KEY_IS_PROXY_BIND].Get<bool>();
1471 }
1472 if (!context->IsProxyBind) {
1473 return DM_OK;
1474 }
1475 if (IsInt32(jsonObject, TAG_AUTH_TYPE)) {
1476 context->authType = static_cast<DmAuthType>(jsonObject[TAG_AUTH_TYPE].Get<int32_t>());
1477 }
1478 if (IsBool(jsonObject, PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT)) {
1479 context->IsCallingProxyAsSubject = jsonObject[PARAM_KEY_IS_CALLING_PROXY_AS_SUBJECT].Get<bool>();
1480 }
1481
1482 if (!IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
1483 return ERR_DM_INPUT_PARA_INVALID;
1484 }
1485 std::string subjectProxyOnesStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
1486 JsonObject allProxyObj;
1487 allProxyObj.Parse(subjectProxyOnesStr);
1488 for (auto const &item : allProxyObj.Items()) {
1489 if (!IsString(item, TAG_PROXY_CONTEXT_ID) || !IsString(item, TAG_BUNDLE_NAME) ||
1490 !IsString(item, TAG_PEER_BUNDLE_NAME) || !IsString(item, TAG_TOKEN_ID_HASH)) {
1491 continue;
1492 }
1493 DmProxyAuthContext proxyAuthContext;
1494 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
1495 proxyAuthContext.proxyAccesser.bundleName = item[TAG_BUNDLE_NAME].Get<std::string>();
1496 proxyAuthContext.proxyAccessee.bundleName = item[TAG_PEER_BUNDLE_NAME].Get<std::string>();
1497 proxyAuthContext.proxyAccesser.tokenIdHash = item[TAG_TOKEN_ID_HASH].Get<std::string>();
1498 if (IsString(item, TAG_HOST_PKGLABEL)) {
1499 proxyAuthContext.pkgLabel = item[TAG_HOST_PKGLABEL].Get<std::string>();
1500 }
1501 context->subjectProxyOnes.push_back(proxyAuthContext);
1502 }
1503 return DM_OK;
1504 }
1505
ParseUltrasonicSide(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1506 void DmAuthMessageProcessor::ParseUltrasonicSide(
1507 const JsonObject &jsonObject, std::shared_ptr<DmAuthContext> context)
1508 {
1509 if (!jsonObject[TAG_ULTRASONIC_SIDE].IsNumberInteger()) {
1510 context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Invalid;
1511 return;
1512 }
1513 int32_t tempInfo = jsonObject[TAG_ULTRASONIC_SIDE].Get<int32_t>();
1514 if (tempInfo == DM_ULTRASONIC_REVERSE) {
1515 context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Reverse;
1516 } else if (tempInfo == DM_ULTRASONIC_FORWARD) {
1517 context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Forward;
1518 } else {
1519 context->ultrasonicInfo = DmUltrasonicInfo::DM_Ultrasonic_Invalid;
1520 return;
1521 }
1522 bool isSupport = true;
1523 if (context->ultrasonicInfo == DM_Ultrasonic_Forward) {
1524 #ifdef SUPPORT_MSDP
1525 isSupport = Msdp::SpatialAwarenessMgrClient::GetInstance().IsPinCodeAbilitySupport(
1526 Msdp::PinCodeMode::MODE_PIN_SEND_CODE);
1527 #endif
1528 }
1529 if (context->ultrasonicInfo == DM_Ultrasonic_Reverse) {
1530 #ifdef SUPPORT_MSDP
1531 isSupport = Msdp::SpatialAwarenessMgrClient::GetInstance().IsPinCodeAbilitySupport(
1532 Msdp::PinCodeMode::MODE_PIN_RECEIVE_CODE);
1533 #endif
1534 }
1535 JsonObject json;
1536 json[TAG_IS_SUPPORT_ULTRASONIC] = isSupport;
1537 context->accessee.extraInfo = json.Dump();
1538 }
1539
ParseMessageRespAclNegotiate(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1540 int32_t DmAuthMessageProcessor::ParseMessageRespAclNegotiate(const JsonObject &jsonObject,
1541 std::shared_ptr<DmAuthContext> context)
1542 {
1543 if (jsonObject[TAG_DEVICE_VERSION].IsString()) {
1544 context->accessee.dmVersion = jsonObject[TAG_DEVICE_VERSION].Get<std::string>();
1545 }
1546 if (jsonObject[TAG_DEVICE_NAME].IsString()) {
1547 context->accessee.deviceName = jsonObject[TAG_DEVICE_NAME].Get<std::string>();
1548 }
1549 if (jsonObject[TAG_DEVICE_ID_HASH].IsString()) {
1550 context->accessee.deviceIdHash = jsonObject[TAG_DEVICE_ID_HASH].Get<std::string>();
1551 }
1552 if (jsonObject[TAG_USER_ID].IsNumberInteger()) {
1553 context->accessee.userId = jsonObject[TAG_USER_ID].Get<int32_t>();
1554 }
1555 if (jsonObject[TAG_ACCOUNT_ID_HASH].IsString()) {
1556 context->accessee.accountIdHash = jsonObject[TAG_ACCOUNT_ID_HASH].Get<std::string>();
1557 }
1558 if (jsonObject[TAG_TOKEN_ID_HASH].IsString()) {
1559 context->accessee.tokenIdHash = jsonObject[TAG_TOKEN_ID_HASH].Get<std::string>();
1560 }
1561 if (jsonObject[TAG_NETWORKID_ID].IsString()) {
1562 context->accessee.networkId = jsonObject[TAG_NETWORKID_ID].Get<std::string>();
1563 }
1564 if (jsonObject[TAG_IS_ONLINE].IsBoolean()) {
1565 context->isOnline = jsonObject[TAG_IS_ONLINE].Get<bool>();
1566 }
1567 if (jsonObject[TAG_ACL_TYPE_LIST].IsString()) {
1568 context->accessee.aclTypeList = jsonObject[TAG_ACL_TYPE_LIST].Get<std::string>();
1569 }
1570 if (jsonObject[TAG_CERT_TYPE_LIST].IsString()) {
1571 context->accessee.credTypeList = jsonObject[TAG_CERT_TYPE_LIST].Get<std::string>();
1572 }
1573 if (jsonObject[TAG_LANGUAGE].IsString()) {
1574 context->accessee.language = jsonObject[TAG_LANGUAGE].Get<std::string>();
1575 }
1576 if (jsonObject[TAG_EXTRA_INFO].IsString()) {
1577 context->accessee.extraInfo = jsonObject[TAG_EXTRA_INFO].Get<std::string>();
1578 }
1579 if (jsonObject[TAG_CERT_RANDOM].IsNumberInteger()) {
1580 context->accessee.certRandom = jsonObject[TAG_CERT_RANDOM].Get<uint64_t>();
1581 }
1582 ParseMessageProxyRespAclNegotiate(jsonObject, context);
1583 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcConfirmState>());
1584 return DM_OK;
1585 }
1586
ParseMessageProxyRespAclNegotiate(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)1587 int32_t DmAuthMessageProcessor::ParseMessageProxyRespAclNegotiate(const JsonObject &jsonObject,
1588 std::shared_ptr<DmAuthContext> context)
1589 {
1590 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1591 //sink not support proxy
1592 if (!CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_1)) {
1593 context->IsProxyBind = false;
1594 LOGE("sink does not support proxy");
1595 return DM_OK;
1596 } else if (IsBool(jsonObject, PARAM_KEY_IS_PROXY_BIND)) {
1597 context->IsProxyBind = jsonObject[PARAM_KEY_IS_PROXY_BIND].Get<bool>();
1598 }
1599 if (!context->IsProxyBind) {
1600 return DM_OK;
1601 }
1602 if (!IsString(jsonObject, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
1603 return ERR_DM_INPUT_PARA_INVALID;
1604 }
1605 std::string subjectProxyOnesStr = jsonObject[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
1606 JsonObject allProxyObj;
1607 allProxyObj.Parse(subjectProxyOnesStr);
1608 for (auto const &item : allProxyObj.Items()) {
1609 if (!IsString(item, TAG_PROXY_CONTEXT_ID) || !IsString(item, TAG_TOKEN_ID_HASH) ||
1610 !IsString(item, TAG_ACL_TYPE_LIST) || !IsString(item, TAG_CERT_TYPE_LIST)) {
1611 continue;
1612 }
1613 DmProxyAuthContext proxyAuthContext;
1614 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
1615 auto it = std::find(context->subjectProxyOnes.begin(), context->subjectProxyOnes.end(), proxyAuthContext);
1616 if (it != context->subjectProxyOnes.end()) {
1617 it->proxyAccessee.tokenIdHash = item[TAG_TOKEN_ID_HASH].Get<std::string>();
1618 it->proxyAccessee.aclTypeList = item[TAG_ACL_TYPE_LIST].Get<std::string>();
1619 it->proxyAccessee.credTypeList = item[TAG_CERT_TYPE_LIST].Get<std::string>();
1620 }
1621 }
1622 return DM_OK;
1623 }
1624
ParseMessageReqUserConfirm(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1625 int32_t DmAuthMessageProcessor::ParseMessageReqUserConfirm(const JsonObject &json,
1626 std::shared_ptr<DmAuthContext> context)
1627 {
1628 if (json[TAG_DEVICE_TYPE].IsNumberInteger()) {
1629 context->accesser.deviceType = json[TAG_DEVICE_TYPE].Get<int32_t>();
1630 }
1631 if (json[TAG_DEVICE_NAME].IsString()) {
1632 context->accesser.deviceName = json[TAG_DEVICE_NAME].Get<std::string>();
1633 }
1634 if (json[TAG_AUTH_TYPE].IsNumberInteger()) {
1635 context->authType = static_cast<DmAuthType>(json[TAG_AUTH_TYPE].Get<int32_t>());
1636 }
1637 if (json[TAG_ACL_TYPE_LIST].IsString()) {
1638 context->accesser.aclTypeList = json[TAG_ACL_TYPE_LIST].Get<std::string>();
1639 }
1640 if (json[TAG_CERT_TYPE_LIST].IsString()) {
1641 context->accesser.credTypeList = json[TAG_CERT_TYPE_LIST].Get<std::string>();
1642 }
1643 if (json[TAG_EXTRA_INFO].IsString()) {
1644 context->accesser.extraInfo = json[TAG_EXTRA_INFO].Get<std::string>();
1645 }
1646 if (IsString(json, TAG_CUSTOM_DESCRIPTION)) {
1647 context->customData = json[TAG_CUSTOM_DESCRIPTION].Get<std::string>();
1648 }
1649 ParseMessageProxyReqUserConfirm(json, context);
1650 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkConfirmState>());
1651 return DM_OK;
1652 }
1653
ParseMessageProxyReqUserConfirm(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1654 int32_t DmAuthMessageProcessor::ParseMessageProxyReqUserConfirm(const JsonObject &json,
1655 std::shared_ptr<DmAuthContext> context)
1656 {
1657 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1658 if (!context->IsProxyBind) {
1659 return DM_OK;
1660 }
1661 if (!IsString(json, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
1662 return ERR_DM_INPUT_PARA_INVALID;
1663 }
1664 std::string subjectProxyOnesStr = json[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
1665 JsonObject allProxyObj;
1666 allProxyObj.Parse(subjectProxyOnesStr);
1667 for (auto const &item : allProxyObj.Items()) {
1668 if (!IsString(item, TAG_PROXY_CONTEXT_ID) || !IsString(item, TAG_ACL_TYPE_LIST) ||
1669 !IsString(item, TAG_CERT_TYPE_LIST)) {
1670 continue;
1671 }
1672 DmProxyAuthContext proxyAuthContext;
1673 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
1674 auto it = std::find(context->subjectProxyOnes.begin(), context->subjectProxyOnes.end(), proxyAuthContext);
1675 if (it != context->subjectProxyOnes.end()) {
1676 it->proxyAccesser.aclTypeList = item[TAG_ACL_TYPE_LIST].Get<std::string>();
1677 it->proxyAccesser.credTypeList = item[TAG_CERT_TYPE_LIST].Get<std::string>();
1678 }
1679 }
1680 return DM_OK;
1681 }
1682
ParseMessageRespUserConfirm(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1683 int32_t DmAuthMessageProcessor::ParseMessageRespUserConfirm(const JsonObject &json,
1684 std::shared_ptr<DmAuthContext> context)
1685 {
1686 if (json[TAG_AUTH_TYPE_LIST].IsString()) {
1687 auto strList = json[TAG_AUTH_TYPE_LIST].Get<std::string>();
1688 context->authTypeList = stringToVectorAuthType(strList);
1689 }
1690 if (json[TAG_EXTRA_INFO].IsString()) {
1691 context->accessee.extraInfo = json[TAG_EXTRA_INFO].Get<std::string>();
1692 }
1693 ParseMessageProxyRespUserConfirm(json, context);
1694 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcPinNegotiateStartState>());
1695 return DM_OK;
1696 }
1697
ParseMessageProxyRespUserConfirm(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1698 int32_t DmAuthMessageProcessor::ParseMessageProxyRespUserConfirm(const JsonObject &json,
1699 std::shared_ptr<DmAuthContext> context)
1700 {
1701 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
1702 if (!context->IsProxyBind) {
1703 return DM_OK;
1704 }
1705 if (!IsString(json, PARAM_KEY_SUBJECT_PROXYED_SUBJECTS)) {
1706 context->subjectProxyOnes.clear();
1707 return ERR_DM_INPUT_PARA_INVALID;
1708 }
1709 std::string subjectProxyOnesStr = json[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS].Get<std::string>();
1710 JsonObject allProxyObj;
1711 allProxyObj.Parse(subjectProxyOnesStr);
1712 if (allProxyObj.IsDiscarded()) {
1713 context->subjectProxyOnes.clear();
1714 return ERR_DM_INPUT_PARA_INVALID;
1715 }
1716 std::vector<DmProxyAuthContext> sinksubjectProxyOnes;
1717 for (auto const &item : allProxyObj.Items()) {
1718 if (!IsString(item, TAG_PROXY_CONTEXT_ID)) {
1719 continue;
1720 }
1721 DmProxyAuthContext proxyAuthContext;
1722 proxyAuthContext.proxyContextId = item[TAG_PROXY_CONTEXT_ID].Get<std::string>();
1723 sinksubjectProxyOnes.push_back(proxyAuthContext);
1724 }
1725 for (auto item = context->subjectProxyOnes.begin(); item != context->subjectProxyOnes.end();) {
1726 if (std::find(sinksubjectProxyOnes.begin(), sinksubjectProxyOnes.end(), *item) != sinksubjectProxyOnes.end()) {
1727 item++;
1728 } else {
1729 item = context->subjectProxyOnes.erase(item);
1730 }
1731 }
1732 return DM_OK;
1733 }
1734
ParseMessageReqPinAuthStart(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1735 int32_t DmAuthMessageProcessor::ParseMessageReqPinAuthStart(const JsonObject &json,
1736 std::shared_ptr<DmAuthContext> context)
1737 {
1738 if (json[TAG_DATA].IsString()) {
1739 context->transmitData = json[TAG_DATA].Get<std::string>();
1740 }
1741 if (context->authType == AUTH_TYPE_PIN_ULTRASONIC && context->ultrasonicInfo == DM_Ultrasonic_Reverse) {
1742 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkReverseUltrasonicDoneState>());
1743 } else if (context->authType == AUTH_TYPE_PIN_ULTRASONIC && context->ultrasonicInfo == DM_Ultrasonic_Forward) {
1744 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkForwardUltrasonicDoneState>());
1745 } else {
1746 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkPinAuthStartState>());
1747 }
1748 return DM_OK;
1749 }
1750
ParseMessageRespPinAuthStart(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1751 int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthStart(const JsonObject &json,
1752 std::shared_ptr<DmAuthContext> context)
1753 {
1754 if (json[TAG_DATA].IsString()) {
1755 context->transmitData = json[TAG_DATA].Get<std::string>();
1756 }
1757 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcPinAuthMsgNegotiateState>());
1758 return DM_OK;
1759 }
1760
ParseMessageReqPinAuthNegotiate(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1761 int32_t DmAuthMessageProcessor::ParseMessageReqPinAuthNegotiate(const JsonObject &json,
1762 std::shared_ptr<DmAuthContext> context)
1763 {
1764 if (json[TAG_DATA].IsString()) {
1765 context->transmitData = json[TAG_DATA].Get<std::string>();
1766 }
1767 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkPinAuthMsgNegotiateState>());
1768 return DM_OK;
1769 }
1770
ParseMessageReverseUltrasonicStart(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1771 int32_t DmAuthMessageProcessor::ParseMessageReverseUltrasonicStart(const JsonObject &json,
1772 std::shared_ptr<DmAuthContext> context)
1773 {
1774 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkReverseUltrasonicStartState>());
1775 return DM_OK;
1776 }
1777
ParseMessageReverseUltrasonicDone(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1778 int32_t DmAuthMessageProcessor::ParseMessageReverseUltrasonicDone(const JsonObject &json,
1779 std::shared_ptr<DmAuthContext> context)
1780 {
1781 if (json[TAG_REPLY].IsNumberInteger()) {
1782 context->reply = json[TAG_REPLY].Get<int32_t>();
1783 }
1784 if (context->reply == DM_OK) {
1785 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcReverseUltrasonicDoneState>());
1786 }
1787 return DM_OK;
1788 }
1789
ParseMessageForwardUltrasonicStart(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1790 int32_t DmAuthMessageProcessor::ParseMessageForwardUltrasonicStart(const JsonObject &json,
1791 std::shared_ptr<DmAuthContext> context)
1792 {
1793 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkForwardUltrasonicStartState>());
1794 return DM_OK;
1795 }
1796
ParseMessageForwardUltrasonicNegotiate(const JsonObject & json,std::shared_ptr<DmAuthContext> context)1797 int32_t DmAuthMessageProcessor::ParseMessageForwardUltrasonicNegotiate(const JsonObject &json,
1798 std::shared_ptr<DmAuthContext> context)
1799 {
1800 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcForwardUltrasonicDoneState>());
1801 return DM_OK;
1802 }
1803
CreateMessageReqUserConfirm(std::shared_ptr<DmAuthContext> context,JsonObject & json)1804 int32_t DmAuthMessageProcessor::CreateMessageReqUserConfirm(std::shared_ptr<DmAuthContext> context, JsonObject &json)
1805 {
1806 json[TAG_AUTH_TYPE] = context->authType;
1807 json[TAG_ACL_TYPE_LIST] = context->accesser.aclTypeList;
1808 json[TAG_CERT_TYPE_LIST] = context->accesser.credTypeList;
1809 json[TAG_DEVICE_TYPE] = context->accesser.deviceType;
1810 json[TAG_DEVICE_NAME] = context->accesser.deviceName;
1811 json[TAG_EXTRA_INFO] = context->accesser.extraInfo;
1812 json[TAG_CUSTOM_DESCRIPTION] = context->customData;
1813 CreateMessageProxyReqUserConfirm(context, json);
1814 return DM_OK;
1815 }
1816
CreateMessageProxyReqUserConfirm(std::shared_ptr<DmAuthContext> context,JsonObject & json)1817 int32_t DmAuthMessageProcessor::CreateMessageProxyReqUserConfirm(std::shared_ptr<DmAuthContext> context,
1818 JsonObject &json)
1819 {
1820 if (context != nullptr && context->IsProxyBind && !context->subjectProxyOnes.empty()) {
1821 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
1822 for (const auto &app : context->subjectProxyOnes) {
1823 JsonObject object;
1824 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
1825 object[TAG_ACL_TYPE_LIST] = app.proxyAccesser.aclTypeList;
1826 object[TAG_CERT_TYPE_LIST] = app.proxyAccesser.credTypeList;
1827 allProxyObj.PushBack(object);
1828 }
1829 json[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
1830 }
1831 return DM_OK;
1832 }
1833
CreateMessageRespUserConfirm(std::shared_ptr<DmAuthContext> context,JsonObject & json)1834 int32_t DmAuthMessageProcessor::CreateMessageRespUserConfirm(std::shared_ptr<DmAuthContext> context, JsonObject &json)
1835 {
1836 json[TAG_AUTH_TYPE_LIST] = vectorAuthTypeToString(context->authTypeList);
1837 json[TAG_EXTRA_INFO] = context->accessee.extraInfo;
1838 if (context != nullptr && context->IsProxyBind && !context->subjectProxyOnes.empty()) {
1839 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
1840 for (const auto &app : context->subjectProxyOnes) {
1841 JsonObject object;
1842 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
1843 allProxyObj.PushBack(object);
1844 }
1845 json[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
1846 }
1847 return DM_OK;
1848 }
1849
CreateMessageReqPinAuthStart(std::shared_ptr<DmAuthContext> context,JsonObject & json)1850 int32_t DmAuthMessageProcessor::CreateMessageReqPinAuthStart(std::shared_ptr<DmAuthContext> context, JsonObject &json)
1851 {
1852 json[TAG_DATA] = context->transmitData;
1853 return DM_OK;
1854 }
1855
CreateMessageRespPinAuthStart(std::shared_ptr<DmAuthContext> context,JsonObject & json)1856 int32_t DmAuthMessageProcessor::CreateMessageRespPinAuthStart(std::shared_ptr<DmAuthContext> context, JsonObject &json)
1857 {
1858 json[TAG_DATA] = context->transmitData;
1859 return DM_OK;
1860 }
1861
CreateMessageReqPinAuthNegotiate(std::shared_ptr<DmAuthContext> context,JsonObject & json)1862 int32_t DmAuthMessageProcessor::CreateMessageReqPinAuthNegotiate(std::shared_ptr<DmAuthContext> context,
1863 JsonObject &json)
1864 {
1865 json[TAG_DATA] = context->transmitData;
1866 return DM_OK;
1867 }
1868
CreateMessageRespPinAuthNegotiate(std::shared_ptr<DmAuthContext> context,JsonObject & json)1869 int32_t DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate(std::shared_ptr<DmAuthContext> context,
1870 JsonObject &json)
1871 {
1872 json[TAG_DATA] = context->transmitData;
1873 return DM_OK;
1874 }
1875
CreateMessageReverseUltrasonicStart(std::shared_ptr<DmAuthContext> context,JsonObject & json)1876 int32_t DmAuthMessageProcessor::CreateMessageReverseUltrasonicStart(std::shared_ptr<DmAuthContext> context,
1877 JsonObject &json)
1878 {
1879 json[TAG_REPLY] = context->reply;
1880 return DM_OK;
1881 }
1882
CreateMessageReverseUltrasonicDone(std::shared_ptr<DmAuthContext> context,JsonObject & json)1883 int32_t DmAuthMessageProcessor::CreateMessageReverseUltrasonicDone(std::shared_ptr<DmAuthContext> context,
1884 JsonObject &json)
1885 {
1886 json[TAG_REPLY] = context->reply;
1887 return DM_OK;
1888 }
1889
CreateMessageForwardUltrasonicStart(std::shared_ptr<DmAuthContext> context,JsonObject & json)1890 int32_t DmAuthMessageProcessor::CreateMessageForwardUltrasonicStart(std::shared_ptr<DmAuthContext> context,
1891 JsonObject &json)
1892 {
1893 json[TAG_REPLY] = context->reply;
1894 return DM_OK;
1895 }
1896
CreateMessageForwardUltrasonicNegotiate(std::shared_ptr<DmAuthContext> context,JsonObject & json)1897 int32_t DmAuthMessageProcessor::CreateMessageForwardUltrasonicNegotiate(std::shared_ptr<DmAuthContext> context,
1898 JsonObject &json)
1899 {
1900 json[TAG_REPLY] = context->reply;
1901 return DM_OK;
1902 }
1903
CreateAndSendMsg(DmMessageType msgType,std::shared_ptr<DmAuthContext> context)1904 void DmAuthMessageProcessor::CreateAndSendMsg(DmMessageType msgType, std::shared_ptr<DmAuthContext> context)
1905 {
1906 auto message = CreateMessage(msgType, context);
1907 int32_t ret = context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message);
1908 if (ret != DM_OK) {
1909 if (context->direction == DM_AUTH_SOURCE) {
1910 context->authStateMachine->TransitionTo(std::make_shared<AuthSrcFinishState>());
1911 } else {
1912 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkFinishState>());
1913 }
1914 }
1915 }
1916
CompressSyncMsg(std::string & inputStr)1917 std::string DmAuthMessageProcessor::CompressSyncMsg(std::string &inputStr)
1918 {
1919 uint32_t srcLen = inputStr.size();
1920 uint32_t boundSize = compressBound(srcLen); // Maximum compression length
1921 if (boundSize <= 0) {
1922 LOGE("DmAuthMessageProcessor::CompressSyncMsg zlib compressBound failed");
1923 return "";
1924 }
1925 std::string compressed(boundSize, '\0');
1926
1927 // Compress to reserved space
1928 unsigned long destSize = boundSize; // Actual usable length
1929 int32_t ret = compress(reinterpret_cast<Bytef *>(&compressed[0]), &destSize,
1930 reinterpret_cast<const Bytef *>(inputStr.data()), srcLen);
1931 if (ret != Z_OK) {
1932 LOGE("DmAuthMessageProcessor::CompressSyncMsg zlib compress failed");
1933 return "";
1934 }
1935 compressed.resize(destSize); // Actual usage length
1936 return compressed;
1937 }
1938
DecompressSyncMsg(std::string & compressed,uint32_t oriLen)1939 std::string DmAuthMessageProcessor::DecompressSyncMsg(std::string& compressed, uint32_t oriLen)
1940 {
1941 if (oriLen <= 0) {
1942 LOGE("DmAuthMessageProcessor::DecompressSyncMsg decompress oriLen param error");
1943 return "";
1944 }
1945 std::string decompressed;
1946 decompressed.resize(oriLen);
1947 unsigned long destLen = oriLen; // Actual usage length
1948 int32_t ret = uncompress(reinterpret_cast<Bytef *>(&decompressed[0]), &destLen,
1949 reinterpret_cast<const Bytef *>(compressed.data()), // Skip header when decompressing
1950 compressed.size());
1951 if (ret != Z_OK || destLen != oriLen) {
1952 LOGE("DmAuthMessageProcessor::DecompressSyncMsg decompress failed");
1953 return "";
1954 }
1955 return decompressed;
1956 }
1957
Base64Encode(std::string & inputStr)1958 std::string DmAuthMessageProcessor::Base64Encode(std::string &inputStr)
1959 {
1960 // Convert input string to binary
1961 const unsigned char* src = reinterpret_cast<const unsigned char*>(inputStr.data());
1962 size_t srcLen = inputStr.size();
1963 if (srcLen >= MAX_MESSAGE_LENGTH) {
1964 LOGE("inputStr too long");
1965 return "";
1966 }
1967 // Calculate the maximum length after base64 encoding
1968 size_t maxEncodeLen = ((srcLen + 2) / 3) * 4 + 1;
1969 std::vector<unsigned char> buffer(maxEncodeLen);
1970
1971 // Actual encoding length
1972 size_t encodedLen = 0;
1973 int32_t ret = mbedtls_base64_encode(buffer.data(), buffer.size(), &encodedLen, src, srcLen);
1974 if (ret != 0) {
1975 LOGE("DmAuthMessageProcessor::Base64Encode mbedtls_base64_encode failed");
1976 return "";
1977 }
1978 return std::string(reinterpret_cast<const char*>(buffer.data()), encodedLen); // No terminator needed
1979 }
1980
Base64Decode(std::string & inputStr)1981 std::string DmAuthMessageProcessor::Base64Decode(std::string &inputStr)
1982 {
1983 // Convert input string to binary
1984 const unsigned char* src = reinterpret_cast<const unsigned char*>(inputStr.data());
1985 size_t srcLen = inputStr.size();
1986 if (srcLen >= MAX_MESSAGE_LENGTH) {
1987 LOGE("inputStr too long");
1988 return "";
1989 }
1990 // Calculate the maximum length after base64 encoding
1991 size_t maxEncodeLen = (srcLen / 4) * 3 + 1;
1992 std::vector<unsigned char> buffer(maxEncodeLen);
1993
1994 // Actual encoding length
1995 size_t decodedLen = 0;
1996 int32_t ret = mbedtls_base64_decode(buffer.data(), buffer.size(), &decodedLen, src, srcLen);
1997 if (ret != 0) {
1998 LOGE("DmAuthMessageProcessor::Base64Decode mbedtls_base64_decode failed");
1999 return "";
2000 }
2001 return std::string(reinterpret_cast<const char*>(buffer.data()), decodedLen); // 无需终止符
2002 }
2003
EncryptSyncMessage(std::shared_ptr<DmAuthContext> & context,DmAccess & accessSide,std::string & encSyncMsg)2004 int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptr<DmAuthContext> &context, DmAccess &accessSide,
2005 std::string &encSyncMsg)
2006 {
2007 JsonObject syncMsgJson;
2008 DmAccessToSync accessToSync;
2009 SaveToDmAccessSync(accessToSync, context, accessSide);
2010
2011 syncMsgJson[TAG_TRANSMIT_SK_ID] = std::to_string(accessSide.transmitSessionKeyId);
2012 syncMsgJson[TAG_TRANSMIT_SK_TIMESTAMP] = accessSide.transmitSkTimeStamp;
2013 syncMsgJson[TAG_TRANSMIT_CREDENTIAL_ID] = accessSide.transmitCredentialId;
2014 // First certification
2015 if (accessSide.isGenerateLnnCredential && accessSide.bindLevel != static_cast<int32_t>(USER)) {
2016 syncMsgJson[TAG_LNN_SK_ID] = std::to_string(accessSide.lnnSessionKeyId);
2017 syncMsgJson[TAG_LNN_SK_TIMESTAMP] = accessSide.lnnSkTimeStamp;
2018 syncMsgJson[TAG_LNN_CREDENTIAL_ID] = accessSide.lnnCredentialId;
2019 }
2020 JsonObject accessJsonObj{};
2021 accessJsonObj = accessToSync;
2022 syncMsgJson[TAG_DMVERSION] = accessSide.dmVersion;
2023 syncMsgJson[TAG_ACCESS] = accessJsonObj.Dump();
2024 syncMsgJson[TAG_PROXY] = ""; // Reserved field, leave blank
2025 char localDeviceId[DEVICE_UUID_LENGTH] = {0};
2026 GetDevUdid(localDeviceId, DEVICE_UUID_LENGTH);
2027 std::string localUdid = static_cast<std::string>(localDeviceId);
2028 DmAccess &access = (context->accesser.deviceId == localUdid) ? context->accesser : context->accessee;
2029 DmAccess &remoteAccess = (context->accesser.deviceId == localUdid) ? context->accessee : context->accesser;
2030 std::string aclHashList;
2031 int32_t ret = DeviceProfileConnector::GetInstance().GetAclListHashStr({localUdid, access.userId},
2032 {remoteAccess.deviceId, remoteAccess.userId}, aclHashList, DM_ACL_AGING_VERSION);
2033 if (ret != DM_OK) {
2034 LOGE("DmAuthMessageProcessor::EncryptSyncMessage GetAclListHashStr failed");
2035 return ERR_DM_FAILED;
2036 }
2037
2038 syncMsgJson[TAG_ACL_CHECKSUM] = aclHashList;
2039 if (context->direction == DmAuthDirection::DM_AUTH_SINK) {
2040 LOGI("Sink Send user confirm opt");
2041 syncMsgJson[TAG_USER_CONFIRM_OPT] = context->confirmOperation;
2042 }
2043 syncMsgJson[TAG_IS_COMMON_FLAG] = context->accesser.isCommonFlag;
2044 syncMsgJson[TAG_DM_CERT_CHAIN] = context->accesser.cert;
2045 CreateProxyAccessMessage(context, syncMsgJson);
2046 std::string syncMsg = syncMsgJson.Dump();
2047 std::string compressMsg = CompressSyncMsg(syncMsg);
2048 if (compressMsg.empty()) {
2049 LOGE("DmAuthMessageProcessor::EncryptSyncMessage compress failed");
2050 return ERR_DM_FAILED;
2051 }
2052 JsonObject plainJson;
2053 plainJson[TAG_COMPRESS_ORI_LEN] = syncMsg.size();
2054 plainJson[TAG_COMPRESS] = Base64Encode(compressMsg);
2055 return cryptoMgr_->EncryptMessage(plainJson.Dump(), encSyncMsg);
2056 }
2057
CreateProxyAccessMessage(std::shared_ptr<DmAuthContext> & context,JsonObject & syncMsgJson)2058 int32_t DmAuthMessageProcessor::CreateProxyAccessMessage(std::shared_ptr<DmAuthContext> &context,
2059 JsonObject &syncMsgJson)
2060 {
2061 CHECK_NULL_RETURN(context, ERR_DM_POINT_NULL);
2062 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
2063 return DM_OK;
2064 }
2065 JsonObject allProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
2066 for (const auto &app : context->subjectProxyOnes) {
2067 DmProxyAccess access;
2068 if (context->direction == DM_AUTH_SOURCE) {
2069 access = app.proxyAccesser;
2070 } else {
2071 access = app.proxyAccessee;
2072 }
2073 if (access.isAuthed) {
2074 continue;
2075 }
2076 JsonObject object;
2077 object[TAG_PROXY_CONTEXT_ID] = app.proxyContextId;
2078 object[TAG_TOKEN_ID] = access.tokenId;
2079 object[TAG_BUNDLE_NAME] = access.bundleName;
2080 object[TAG_BIND_LEVEL] = access.bindLevel;
2081 object[TAG_PKG_NAME] = access.pkgName;
2082 object[TAG_TRANSMIT_SK_ID] = std::to_string(access.transmitSessionKeyId);
2083 object[TAG_TRANSMIT_SK_TIMESTAMP] = access.skTimeStamp;
2084 object[TAG_TRANSMIT_CREDENTIAL_ID] = access.transmitCredentialId;
2085 allProxyObj.PushBack(object);
2086 }
2087 syncMsgJson[PARAM_KEY_SUBJECT_PROXYED_SUBJECTS] = allProxyObj.Dump();
2088 return DM_OK;
2089 }
2090
ACLToStr(DistributedDeviceProfile::AccessControlProfile acl,std::string aclStr)2091 int32_t DmAuthMessageProcessor::ACLToStr(DistributedDeviceProfile::AccessControlProfile acl, std::string aclStr)
2092 {
2093 DmAccessControlTable dmAcl;
2094 dmAcl.accessControlId = acl.GetAccessControlId();
2095 dmAcl.accesserId = acl.GetAccesserId();
2096 dmAcl.accesseeId = acl.GetAccesseeId();
2097 dmAcl.deviceId = acl.GetTrustDeviceId();
2098 dmAcl.sessionKey = acl.GetSessionKey();
2099 dmAcl.bindType = static_cast<int32_t>(acl.GetBindType());
2100 dmAcl.authType = acl.GetAuthenticationType();
2101 dmAcl.deviceType = acl.GetDeviceIdType();
2102 dmAcl.deviceIdHash = acl.GetDeviceIdHash();
2103 dmAcl.status = acl.GetStatus();
2104 dmAcl.validPeriod = acl.GetValidPeriod();
2105 dmAcl.lastAuthTime = acl.GetLastAuthTime();
2106 dmAcl.bindLevel = acl.GetBindType();
2107 JsonObject aclJsonObj{};
2108 aclJsonObj = dmAcl;
2109 aclStr = aclJsonObj.Dump();
2110 if (aclStr.empty()) {
2111 LOGE("DmAuthMessageProcessor::ACLToStr normalized acl failed");
2112 return ERR_DM_FAILED;
2113 }
2114 return DM_OK;
2115 }
2116
CreateSyncMessage(std::shared_ptr<DmAuthContext> context,JsonObject & jsonObject)2117 int32_t DmAuthMessageProcessor::CreateSyncMessage(std::shared_ptr<DmAuthContext> context, JsonObject &jsonObject)
2118 {
2119 DmAccess accessSide;
2120 if (context->direction == DM_AUTH_SOURCE) {
2121 accessSide = context->accesser;
2122 } else {
2123 accessSide = context->accessee;
2124 }
2125 std::string encSyncMsg;
2126 int32_t ret = EncryptSyncMessage(context, accessSide, encSyncMsg);
2127 if (ret != DM_OK) {
2128 LOGE("DmAuthMessageProcessor::CreateSyncMessage encrypt failed");
2129 return ret;
2130 }
2131 jsonObject[TAG_SYNC] = encSyncMsg;
2132 return DM_OK;
2133 }
2134
ParseAuthStartMessage(const JsonObject & jsonObject,std::shared_ptr<DmAuthContext> context)2135 int32_t DmAuthMessageProcessor::ParseAuthStartMessage(const JsonObject &jsonObject,
2136 std::shared_ptr<DmAuthContext> context)
2137 {
2138 if (jsonObject.IsDiscarded() || !jsonObject.Contains(TAG_DATA) ||
2139 !jsonObject[TAG_DATA].IsString()) {
2140 LOGE("DmAuthMessageProcessor::ParseAuthStartMessage Unlegal json string failed");
2141 return ERR_DM_FAILED;
2142 }
2143 context->transmitData = jsonObject[TAG_DATA].Get<std::string>();
2144
2145 context->authStateMachine->TransitionTo(std::make_shared<AuthSinkCredentialAuthStartState>());
2146 return DM_OK;
2147 }
2148
IsExistTheToken(JsonObject & proxyObj,int64_t tokenId)2149 bool DmAuthMessageProcessor::IsExistTheToken(JsonObject &proxyObj, int64_t tokenId)
2150 {
2151 if (proxyObj.IsDiscarded()) {
2152 return false;
2153 }
2154 for (auto const &item : proxyObj.Items()) {
2155 if (tokenId == item.Get<int64_t>()) {
2156 return true;
2157 }
2158 }
2159 return false;
2160 }
2161
SetAclProxyRelate(std::shared_ptr<DmAuthContext> context)2162 void DmAuthMessageProcessor::SetAclProxyRelate(std::shared_ptr<DmAuthContext> context)
2163 {
2164 CHECK_NULL_VOID(context);
2165 if (!context->IsProxyBind || context->subjectProxyOnes.empty()) {
2166 return;
2167 }
2168 DmAccess &access = (context->direction == DM_AUTH_SOURCE) ? context->accesser : context->accessee;
2169 DmAccess &remoteAccess = (context->direction == DM_AUTH_SOURCE) ? context->accessee : context->accesser;
2170 for (auto &app : context->subjectProxyOnes) {
2171 DmProxyAccess &proxyAccess = (context->direction == DM_AUTH_SOURCE) ? app.proxyAccesser : app.proxyAccessee;
2172 if (!proxyAccess.isAuthed || proxyAccess.aclProfiles.find(DM_POINT_TO_POINT) ==
2173 proxyAccess.aclProfiles.end()) {
2174 continue;
2175 }
2176 SetAclProxyRelate(context, proxyAccess.aclProfiles[DM_POINT_TO_POINT]);
2177 }
2178 }
2179
SetAclProxyRelate(std::shared_ptr<DmAuthContext> context,DistributedDeviceProfile::AccessControlProfile & profile)2180 void DmAuthMessageProcessor::SetAclProxyRelate(std::shared_ptr<DmAuthContext> context,
2181 DistributedDeviceProfile::AccessControlProfile &profile)
2182 {
2183 DmAccess &access = (context->direction == DM_AUTH_SOURCE) ? context->accesser : context->accessee;
2184 DmAccess &remoteAccess = (context->direction == DM_AUTH_SOURCE) ? context->accessee : context->accesser;
2185 bool isNeedUpdateProxy = false;
2186 JsonObject accesserExtObj;
2187 if (!profile.GetAccesser().GetAccesserExtraData().empty()) {
2188 accesserExtObj.Parse(profile.GetAccesser().GetAccesserExtraData());
2189 }
2190 JsonObject accesserProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
2191 if (IsString(accesserExtObj, TAG_PROXY)) {
2192 std::string proxyStr = accesserExtObj[TAG_PROXY].Get<std::string>();
2193 accesserProxyObj.Parse(proxyStr);
2194 }
2195 int64_t tokenId = access.deviceId == profile.GetAccesser().GetAccesserDeviceId() ? access.tokenId :
2196 remoteAccess.tokenId;
2197 if (!IsExistTheToken(accesserProxyObj, tokenId)) {
2198 isNeedUpdateProxy = true;
2199 accesserProxyObj.PushBack(tokenId);
2200 accesserExtObj[TAG_PROXY] = accesserProxyObj.Dump();
2201 DistributedDeviceProfile::Accesser accesser = profile.GetAccesser();
2202 accesser.SetAccesserExtraData(accesserExtObj.Dump());
2203 profile.SetAccesser(accesser);
2204 }
2205
2206 JsonObject accesseeExtObj;
2207 if (!profile.GetAccessee().GetAccesseeExtraData().empty()) {
2208 accesseeExtObj.Parse(profile.GetAccessee().GetAccesseeExtraData());
2209 }
2210 JsonObject accesseeProxyObj(JsonCreateType::JSON_CREATE_TYPE_ARRAY);
2211 if (IsString(accesseeExtObj, TAG_PROXY)) {
2212 std::string proxyStr = accesseeExtObj[TAG_PROXY].Get<std::string>();
2213 accesseeProxyObj.Parse(proxyStr);
2214 }
2215 tokenId = access.deviceId == profile.GetAccesser().GetAccesserDeviceId() ? remoteAccess.tokenId : access.tokenId;
2216 if (!IsExistTheToken(accesseeProxyObj, tokenId)) {
2217 isNeedUpdateProxy = true;
2218 accesseeProxyObj.PushBack(tokenId);
2219 accesseeExtObj[TAG_PROXY] = accesseeProxyObj.Dump();
2220 DistributedDeviceProfile::Accessee accessee = profile.GetAccessee();
2221 accessee.SetAccesseeExtraData(accesseeExtObj.Dump());
2222 profile.SetAccessee(accessee);
2223 }
2224 if (isNeedUpdateProxy) {
2225 DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().UpdateAccessControlProfile(profile);
2226 }
2227 }
2228
ToJson(JsonItemObject & itemObject,const DmAccessControlTable & table)2229 void ToJson(JsonItemObject &itemObject, const DmAccessControlTable &table)
2230 {
2231 itemObject["accessControlId"] = table.accessControlId;
2232 itemObject["accesserId"] = table.accesserId;
2233 itemObject["accesseeId"] = table.accesseeId;
2234 itemObject["deviceId"] = table.deviceId;
2235 itemObject["sessionKey"] = table.sessionKey;
2236 itemObject["bindType"] = table.bindType;
2237 itemObject["authType"] = table.authType;
2238 itemObject["deviceType"] = table.deviceType;
2239 itemObject["deviceIdHash"] = table.deviceIdHash;
2240 itemObject["status"] = table.status;
2241 itemObject["validPeriod"] = table.validPeriod;
2242 itemObject["lastAuthTime"] = table.lastAuthTime;
2243 itemObject["bindLevel"] = table.bindLevel;
2244 }
2245
FromJson(const JsonItemObject & itemObject,DmAccessControlTable & table)2246 void FromJson(const JsonItemObject &itemObject, DmAccessControlTable &table)
2247 {
2248 SetValueFromJson(itemObject, "accessControlId", &JsonItemObject::IsNumberInteger, table.accessControlId);
2249 SetValueFromJson(itemObject, "accesserId", &JsonItemObject::IsNumberInteger, table.accesserId);
2250 SetValueFromJson(itemObject, "accesseeId", &JsonItemObject::IsNumberInteger, table.accesseeId);
2251 SetValueFromJson(itemObject, "deviceId", &JsonItemObject::IsNumberInteger, table.deviceId);
2252 SetValueFromJson(itemObject, "sessionKey", &JsonItemObject::IsString, table.sessionKey);
2253 SetValueFromJson(itemObject, "bindType", &JsonItemObject::IsNumberInteger, table.bindType);
2254 SetValueFromJson(itemObject, "authType", &JsonItemObject::IsNumberInteger, table.authType);
2255 SetValueFromJson(itemObject, "deviceType", &JsonItemObject::IsNumberInteger, table.deviceType);
2256 SetValueFromJson(itemObject, "deviceIdHash", &JsonItemObject::IsString, table.deviceIdHash);
2257 SetValueFromJson(itemObject, "status", &JsonItemObject::IsNumberInteger, table.status);
2258 SetValueFromJson(itemObject, "validPeriod", &JsonItemObject::IsNumberInteger, table.validPeriod);
2259 SetValueFromJson(itemObject, "lastAuthTime", &JsonItemObject::IsNumberInteger, table.lastAuthTime);
2260 SetValueFromJson(itemObject, "bindLevel", &JsonItemObject::IsNumberInteger, table.bindLevel);
2261 }
2262
ToJson(JsonItemObject & itemObject,const DmAccessToSync & table)2263 void ToJson(JsonItemObject &itemObject, const DmAccessToSync &table)
2264 {
2265 itemObject["deviceName"] = table.deviceName;
2266 itemObject["deviceNameFull"] = table.deviceNameFull;
2267 itemObject["deviceId"] = table.deviceId;
2268 itemObject["userId"] = table.userId;
2269 itemObject["accountId"] = table.accountId;
2270 itemObject["tokenId"] = table.tokenId;
2271 itemObject["bundleName"] = table.bundleName;
2272 itemObject["pkgName"] = table.pkgName;
2273 itemObject["bindLevel"] = table.bindLevel;
2274 itemObject["sessionKeyId"] = table.sessionKeyId;
2275 itemObject["skTimeStamp"] = table.skTimeStamp;
2276 }
2277
FromJson(const JsonItemObject & itemObject,DmAccessToSync & table)2278 void FromJson(const JsonItemObject &itemObject, DmAccessToSync &table)
2279 {
2280 SetValueFromJson(itemObject, "deviceName", &JsonItemObject::IsString, table.deviceName);
2281 SetValueFromJson(itemObject, "deviceNameFull", &JsonItemObject::IsString, table.deviceNameFull);
2282 SetValueFromJson(itemObject, "deviceId", &JsonItemObject::IsString, table.deviceId);
2283 SetValueFromJson(itemObject, "userId", &JsonItemObject::IsNumberInteger, table.userId);
2284 SetValueFromJson(itemObject, "accountId", &JsonItemObject::IsString, table.accountId);
2285 SetValueFromJson(itemObject, "tokenId", &JsonItemObject::IsNumberInteger, table.tokenId);
2286 SetValueFromJson(itemObject, "bundleName", &JsonItemObject::IsString, table.bundleName);
2287 SetValueFromJson(itemObject, "pkgName", &JsonItemObject::IsString, table.pkgName);
2288 SetValueFromJson(itemObject, "bindLevel", &JsonItemObject::IsNumberInteger, table.bindLevel);
2289 SetValueFromJson(itemObject, "sessionKeyId", &JsonItemObject::IsNumberInteger, table.sessionKeyId);
2290 SetValueFromJson(itemObject, "skTimeStamp", &JsonItemObject::IsNumberInteger, table.skTimeStamp);
2291 }
2292 } // namespace DistributedHardware
2293 } // namespace OHOS
2294