1 /* 2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 #ifndef USER_AUTH_SERVICE_H 17 #define USER_AUTH_SERVICE_H 18 19 #include "user_auth_stub.h" 20 21 #include <string> 22 #include <system_ability.h> 23 #include <system_ability_definition.h> 24 25 #include "context_callback.h" 26 #include "context_factory.h" 27 #include "context_pool.h" 28 #include "resource_node_pool.h" 29 #include "user_idm_database.h" 30 #include "attributes.h" 31 32 namespace OHOS { 33 namespace UserIam { 34 namespace UserAuth { 35 class UserAuthService : public SystemAbility, public UserAuthStub, public NoCopyable { 36 public: 37 DECLARE_SYSTEM_ABILITY(UserAuthService); 38 static std::shared_ptr<UserAuthService> GetInstance(); 39 40 UserAuthService(); 41 ~UserAuthService() override = default; 42 int32_t GetAvailableStatus(int32_t apiVersion, int32_t userId, int32_t authType, 43 uint32_t authTrustLevel, int32_t &funcResult) override; 44 int32_t GetAvailableStatus(int32_t apiVersion, int32_t authType, uint32_t authTrustLevel, 45 int32_t &funcResult) override; 46 int32_t GetProperty(int32_t userId, int32_t authType, const std::vector<uint32_t> &keys, 47 const sptr<IGetExecutorPropertyCallback> &getExecutorPropertyCallback) override; 48 int32_t GetPropertyById(uint64_t credentialId, const std::vector<uint32_t> &keys, 49 const sptr<IGetExecutorPropertyCallback> &getExecutorPropertyCallback) override; 50 int32_t SetProperty(int32_t userId, int32_t authType, const std::vector<uint8_t> &attributes, 51 const sptr<ISetExecutorPropertyCallback> &setExecutorPropertyCallback) override; 52 int32_t AuthUser(const IpcAuthParamInner &ipcAuthParamInner, const IpcRemoteAuthParam &ipcRemoteAuthParam, 53 const sptr<IIamCallback> &userAuthCallback, uint64_t &contextId) override; 54 int32_t Auth(int32_t apiVersion, const IpcAuthParamInner &ipcAuthParamInner, 55 const sptr<IIamCallback> &userAuthCallback, uint64_t &contextI) override; 56 int32_t AuthWidget(int32_t apiVersion, const IpcAuthParamInner &ipcAuthParamInner, 57 const IpcWidgetParamInner &ipcWidgetParamInner, const sptr<IIamCallback> &userAuthCallback, 58 const sptr<IModalCallback> &modalCallback, uint64_t &contextId) override; 59 int32_t Identify(const std::vector<uint8_t> &challenge, int32_t authType, 60 const sptr<IIamCallback> &userAuthCallback, uint64_t &contextId) override; 61 int32_t CancelAuthOrIdentify(uint64_t contextId, int32_t cancelReason) override; 62 int32_t GetVersion(int32_t &version) override; 63 int32_t Notice(int32_t noticeType, const std::string &eventData) override; 64 int32_t RegisterWidgetCallback(int32_t version, const sptr<IWidgetCallback> &widgetCallback) override; 65 int32_t GetEnrolledState(int32_t apiVersion, int32_t authType, IpcEnrolledState &ipcEnrolledState, 66 int32_t &funcResult) override; 67 int32_t RegistUserAuthSuccessEventListener(const sptr<IEventListenerCallback> &listener) override; 68 int32_t UnRegistUserAuthSuccessEventListener(const sptr<IEventListenerCallback> &listener) override; 69 int32_t SetGlobalConfigParam(const IpcGlobalConfigParam &ipcGlobalConfigParam) override; 70 int32_t PrepareRemoteAuth(const std::string &networkId, 71 const sptr<IIamCallback> &userAuthCallback) override; 72 int32_t VerifyAuthToken(const std::vector<uint8_t> &tokenIn, uint64_t allowableDuration, 73 const sptr<IVerifyTokenCallback> &verifyTokenCallback) override; 74 int32_t QueryReusableAuthResult(const IpcAuthParamInner &ipcAuthParamInner, 75 std::vector<uint8_t> &token) override; 76 int32_t CallbackEnter([[maybe_unused]] uint32_t code) override; 77 int32_t CallbackExit([[maybe_unused]] uint32_t code, [[maybe_unused]] int32_t result) override; 78 79 protected: 80 void OnStart() override; 81 void OnStop() override; 82 83 private: 84 int32_t GetAvailableStatusImpl(int32_t apiVersion, int32_t userId, int32_t authType, 85 uint32_t authTrustLevel); 86 int32_t GetAvailableStatusImpl(int32_t apiVersion, int32_t authType, uint32_t authTrustLevel); 87 int32_t GetEnrolledStateImpl(int32_t apiVersion, int32_t authType, IpcEnrolledState &ipcEnrolledState); 88 89 private: 90 std::shared_ptr<ContextCallback> GetAuthContextCallback(int32_t apiVersion, 91 const std::vector<uint8_t> &challenge, AuthType authType, AuthTrustLevel authTrustLevel, 92 const sptr<IIamCallback> &callback); 93 std::shared_ptr<ContextCallback> GetAuthContextCallback(int32_t apiVersion, const AuthParamInner &authParam, 94 const WidgetParamInner &widgetParam, const sptr<IIamCallback> &callback); 95 bool CheckAuthTrustLevel(AuthTrustLevel authTrustLevel); 96 bool CheckSingeFaceOrFinger(const std::vector<AuthType> &authType); 97 bool CheckPrivatePinEnroll(const std::vector<AuthType> &authType, std::vector<AuthType> &validType); 98 int32_t CheckAuthWidgetType(const std::vector<AuthType> &authType); 99 int32_t CheckCallerPermissionForUserId(const AuthParamInner &authParam); 100 int32_t CheckAuthPermissionAndParam(const AuthParamInner &authParam, const WidgetParamInner &widgetParam, 101 bool isBackgroundApplication); 102 uint64_t StartWidgetContext(const std::shared_ptr<ContextCallback> &contextCallback, 103 const AuthParamInner &authParam, const WidgetParamInner &widgetParam, std::vector<AuthType> &validType, 104 ContextFactory::AuthWidgetContextPara ¶, const sptr<IModalCallback> &modalCallback); 105 uint64_t StartAuthContext(int32_t apiVersion, Authentication::AuthenticationPara para, 106 const std::shared_ptr<ContextCallback> &contextCallback, bool needSubscribeAppState); 107 uint64_t AuthRemoteUser(AuthParamInner &authParam, Authentication::AuthenticationPara ¶, 108 RemoteAuthParam &remoteAuthParam, const std::shared_ptr<ContextCallback> &contextCallback, 109 ResultCode &failReason); 110 bool ProcessAuthParamForRemoteAuth(AuthParamInner &authParam, Authentication::AuthenticationPara ¶, 111 RemoteAuthParam &remoteAuthParam, std::string &localNetworkId); 112 uint64_t StartRemoteAuthInvokerContext(AuthParamInner authParam, 113 RemoteAuthInvokerContextParam ¶m, const std::shared_ptr<ContextCallback> &contextCallback); 114 uint64_t StartLocalRemoteAuthContext(Authentication::AuthenticationPara para, 115 LocalRemoteAuthContextParam &localRemoteAuthContextParam, 116 const std::shared_ptr<ContextCallback> &contextCallback); 117 bool Insert2ContextPool(const std::shared_ptr<Context> &context); 118 bool CheckCallerIsSystemApp(); 119 int32_t CheckAuthPermissionAndParam(int32_t authType, const int32_t &callerType, const std::string &callerName, 120 AuthTrustLevel authTrustLevel); 121 bool CheckAuthPermissionAndParam(AuthType authType, AuthTrustLevel authTrustLevel, 122 const std::shared_ptr<ContextCallback> &contextCallback, Attributes &extraInfo); 123 int32_t CheckWindowMode(const WidgetParamInner &widgetParam); 124 int32_t CheckValidSolution(int32_t userId, const AuthParamInner &authParam, const WidgetParamInner &widgetParam, 125 std::vector<AuthType> &validType); 126 int32_t GetCallerInfo(bool isUserIdSpecified, int32_t userId, ContextFactory::AuthWidgetContextPara ¶, 127 std::shared_ptr<ContextCallback> &contextCallback); 128 int32_t CheckCallerPermissionForPrivatePin(const AuthParamInner &authParam); 129 void FillGetPropertyKeys(AuthType authType, const std::vector<Attributes::AttributeKey> &keys, 130 std::vector<uint32_t> &uint32Keys); 131 void FillGetPropertyValue(AuthType authType, const std::vector<Attributes::AttributeKey> &keys, Attributes &values); 132 bool CompleteRemoteAuthParam(RemoteAuthParam &remoteAuthParam, const std::string &localNetworkId); 133 int32_t PrepareRemoteAuthInner(const std::string &networkId, const sptr<IIamCallback> &callback); 134 int32_t DoPrepareRemoteAuth(const std::string &networkId); 135 int32_t GetAvailableStatusInner(int32_t apiVersion, int32_t userId, AuthType authType, 136 AuthTrustLevel authTrustLevel); 137 bool GetAuthTokenAttr(const HdiUserAuthTokenPlain &tokenPlain, const std::vector<uint8_t> &rootSecret, 138 Attributes &extraInfo); 139 std::shared_ptr<ResourceNode> GetResourseNode(AuthType authType); 140 void ProcessPinExpired(int32_t ret, const AuthParamInner &authParam, std::vector<AuthType> &validType, 141 ContextFactory::AuthWidgetContextPara ¶); 142 void ProcessWidgetSessionExclusive(); 143 int32_t GetPropertyInner(AuthType authType, const std::vector<Attributes::AttributeKey> &keys, 144 const sptr<IGetExecutorPropertyCallback> &callback, std::vector<uint64_t> &templateIds); 145 int32_t StartAuth(int32_t apiVersion, Authentication::AuthenticationPara ¶, 146 std::shared_ptr<ContextCallback> &contextCallback, uint64_t &contextId); 147 int32_t StartAuthUser(AuthParamInner &authParam, std::optional<RemoteAuthParam> &remoteAuthParam, 148 Authentication::AuthenticationPara ¶, std::shared_ptr<ContextCallback> &contextCallback, 149 uint64_t &contextId); 150 int32_t StartAuthWidget(AuthParamInner &authParam, WidgetParamInner &widgetParam, 151 ContextFactory::AuthWidgetContextPara ¶, std::shared_ptr<ContextCallback> &contextCallback, 152 const sptr<IModalCallback> &modalCallback, uint64_t &contextId); 153 void InitAuthParam(const IpcAuthParamInner &ipcAuthParam, AuthParamInner &authParam); 154 void InitRemoteAuthParam(const IpcRemoteAuthParam &ipcRemoteAuthParam, 155 std::optional<RemoteAuthParam> &remoteAuthParam); 156 void InitWidgetParam(const IpcWidgetParamInner &ipcWidgetParam, WidgetParamInner &widgetParam); 157 int32_t CheckSkipLockedBiometricAuth(int32_t userId, const AuthParamInner &authParam, 158 const WidgetParamInner &widgetParam, std::vector<AuthType> &validType); 159 static std::mutex mutex_; 160 static std::shared_ptr<UserAuthService> instance_; 161 }; 162 } // namespace UserAuth 163 } // namespace UserIam 164 } // namespace OHOS 165 #endif // USER_AUTH_SERVICE_H