1 /*
2 * Copyright (C) 2025 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "identity_service.h"
17
18 #include "common_defs.h"
19 #include "credential_data_manager.h"
20 #include "hc_log.h"
21 #include "identity_service_impl.h"
22 #include "os_account_adapter.h"
23 #include "permission_adapter.h"
24 #include "hisysevent_adapter.h"
25
AddCredential(int32_t osAccountId,const char * requestParams,char ** returnData)26 int32_t AddCredential(int32_t osAccountId, const char *requestParams, char **returnData)
27 {
28 SET_LOG_MODE(TRACE_MODE);
29
30 if (requestParams == NULL || returnData == NULL) {
31 LOGE("Failed to add credential, NULL params!");
32 return IS_ERR_INVALID_PARAMS;
33 }
34
35 if (!IsOsAccountUnlocked(osAccountId)) {
36 LOGE("Os account is not unlocked!");
37 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
38 }
39
40 int32_t ret = AddCredentialImpl(osAccountId, requestParams, returnData);
41 if (ret != IS_SUCCESS) {
42 LOGE("Add credential failed, ret: %" LOG_PUB "d.", ret);
43 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(ADD_CREDENTIAL_EVENT, PROCESS_ADD_CREDENTIAL, ret);
44 }
45 return ret;
46 }
47
ExportCredential(int32_t osAccountId,const char * credId,char ** returnData)48 int32_t ExportCredential(int32_t osAccountId, const char *credId, char **returnData)
49 {
50 SET_LOG_MODE(TRACE_MODE);
51
52 if (credId == NULL || returnData == NULL) {
53 LOGE("Failed to export credential, NULL params!");
54 return IS_ERR_INVALID_PARAMS;
55 }
56
57 if (!IsOsAccountUnlocked(osAccountId)) {
58 LOGE("Os account is not unlocked!");
59 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
60 }
61
62 int32_t ret = ExportCredentialImpl(osAccountId, credId, returnData);
63 if (ret != IS_SUCCESS) {
64 LOGE("Export credential failed, ret: %" LOG_PUB "d.", ret);
65 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(EXPORT_CREDENTIAL_EVENT, PROCESS_EXPORT_CREDENTIAL, ret);
66 }
67 return ret;
68 }
69
QueryCredentialByParams(int32_t osAccountId,const char * requestParams,char ** returnData)70 int32_t QueryCredentialByParams(int32_t osAccountId, const char *requestParams, char **returnData)
71 {
72 SET_LOG_MODE(TRACE_MODE);
73
74 if (requestParams == NULL || returnData == NULL) {
75 LOGE("Failed to query credential by params, NULL params!");
76 return IS_ERR_INVALID_PARAMS;
77 }
78
79 if (!IsOsAccountUnlocked(osAccountId)) {
80 LOGE("Os account is not unlocked!");
81 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
82 }
83
84 int32_t ret = QueryCredentialByParamsImpl(osAccountId, requestParams, returnData);
85 if (ret != IS_SUCCESS) {
86 LOGE("Query credential by params failed, ret: %" LOG_PUB "d.", ret);
87 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(QUERY_CREDENTIAL_BY_PARAMS_EVENT,
88 PROCESS_QUERY_CREDENTIAL_BY_PARAMS, ret);
89 }
90 return ret;
91 }
92
QueryCredInfoByCredIdAndUid(int32_t osAccountId,int32_t uid,const char * credId,char ** returnData)93 int32_t QueryCredInfoByCredIdAndUid(int32_t osAccountId, int32_t uid, const char *credId,
94 char **returnData)
95 {
96 return QueryCredInfoByCredIdImpl(osAccountId, uid, credId, returnData);
97 }
98
QueryCredInfoByCredId(int32_t osAccountId,const char * credId,char ** returnData)99 int32_t QueryCredInfoByCredId(int32_t osAccountId, const char *credId, char **returnData)
100 {
101 SET_LOG_MODE(TRACE_MODE);
102
103 if (credId == NULL || returnData == NULL) {
104 LOGE("Failed to query credential info by credId, NULL params!");
105 return IS_ERR_INVALID_PARAMS;
106 }
107
108 if (!IsOsAccountUnlocked(osAccountId)) {
109 LOGE("Os account is not unlocked!");
110 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
111 }
112
113 int32_t ret = QueryCredInfoByCredIdAndUid(osAccountId, GetCallingUid(), credId, returnData);
114 if (ret != IS_SUCCESS) {
115 LOGE("Query credential by credId failed, ret: %" LOG_PUB "d.", ret);
116 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(QUERY_CRED_INFO_BY_CRED_ID_EVENT,
117 PROCESS_QUERY_CRED_INFO_BY_CRED_ID, ret);
118 }
119 return ret;
120 }
121
DeleteCredential(int32_t osAccountId,const char * credId)122 int32_t DeleteCredential(int32_t osAccountId, const char *credId)
123 {
124 SET_LOG_MODE(TRACE_MODE);
125
126 if (credId == NULL) {
127 LOGE("Failed to delete credential, NULL credId!");
128 return IS_ERR_INVALID_PARAMS;
129 }
130
131 if (!IsOsAccountUnlocked(osAccountId)) {
132 LOGE("Os account is not unlocked!");
133 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
134 }
135
136 int32_t ret = DeleteCredentialImpl(osAccountId, credId);
137 if (ret != IS_SUCCESS) {
138 LOGE("Delete credential failed, ret: %" LOG_PUB "d.", ret);
139 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(DELETE_CREDENTIAL_EVENT,
140 PROCESS_DELETE_CREDENTIAL, ret);
141 }
142 return ret;
143 }
144
DeleteCredByParams(int32_t osAccountId,const char * requestParams,char ** returnData)145 int32_t DeleteCredByParams(int32_t osAccountId, const char *requestParams, char **returnData)
146 {
147 SET_LOG_MODE(TRACE_MODE);
148
149 if (requestParams == NULL || returnData == NULL) {
150 LOGE("Failed to batch delete credential, NULL params!");
151 return IS_ERR_INVALID_PARAMS;
152 }
153
154 if (!IsOsAccountUnlocked(osAccountId)) {
155 LOGE("Os account is not unlocked!");
156 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
157 }
158 int32_t ret = DeleteCredByParamsImpl(osAccountId, requestParams, returnData);
159 if (ret != IS_SUCCESS) {
160 LOGE("Delete cred by params failed, ret: %" LOG_PUB "d.", ret);
161 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(DELETE_CREDENTIAL_BY_PARAMS_EVENT,
162 PROCESS_DELETE_CREDENTIAL_BY_PARAMS, ret);
163 }
164 return ret;
165 }
166
UpdateCredInfo(int32_t osAccountId,const char * credId,const char * requestParams)167 int32_t UpdateCredInfo(int32_t osAccountId, const char *credId, const char *requestParams)
168 {
169 SET_LOG_MODE(TRACE_MODE);
170
171 if (credId == NULL || requestParams == NULL) {
172 LOGE("Failed to update credential, NULL params!");
173 return IS_ERR_INVALID_PARAMS;
174 }
175
176 if (!IsOsAccountUnlocked(osAccountId)) {
177 LOGE("Os account is not unlocked!");
178 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
179 }
180
181 int32_t ret = UpdateCredInfoImpl(osAccountId, credId, requestParams);
182 if (ret != IS_SUCCESS) {
183 LOGE("Update credInfo failed, ret: %" LOG_PUB "d.", ret);
184 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(UPDATE_CREDENTIAL_INFO_EVENT,
185 PROCESS_UPDATE_CREDENTIAL_INFO, ret);
186 }
187 return ret;
188 }
189
BatchUpdateCredentials(int32_t osAccountId,const char * requestParams,char ** returnData)190 int32_t BatchUpdateCredentials(int32_t osAccountId, const char *requestParams, char **returnData)
191 {
192 SET_LOG_MODE(TRACE_MODE);
193
194 if (requestParams == NULL || returnData == NULL) {
195 LOGE("Failed to batch update credential, NULL params!");
196 return IS_ERR_INVALID_PARAMS;
197 }
198
199 if (!IsOsAccountUnlocked(osAccountId)) {
200 LOGE("Os account is not unlocked!");
201 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
202 }
203 int32_t ret = BatchUpdateCredsImpl(osAccountId, requestParams, returnData);
204 if (ret != IS_SUCCESS) {
205 LOGE("Batch update creds failed, ret: %" LOG_PUB "d.", ret);
206 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(BATCH_UPDATE_CREDENTIALS_EVENT,
207 PROCESS_BATCH_UPDATE_CREDENTIALS, ret);
208 }
209 return ret;
210 }
211
AgreeCredential(int32_t osAccountId,const char * selfCredId,const char * requestParams,char ** returnData)212 int32_t AgreeCredential(int32_t osAccountId, const char *selfCredId, const char *requestParams, char **returnData)
213 {
214 SET_LOG_MODE(TRACE_MODE);
215
216 if (selfCredId == NULL || requestParams == NULL || returnData == NULL) {
217 LOGE("Failed to agree credential, NULL params!");
218 return IS_ERR_INVALID_PARAMS;
219 }
220
221 if (!IsOsAccountUnlocked(osAccountId)) {
222 LOGE("Os account is not unlocked!");
223 return IS_ERR_OS_ACCOUNT_NOT_UNLOCKED;
224 }
225
226 int32_t ret = AgreeCredentialImpl(osAccountId, selfCredId, requestParams, returnData);
227 if (ret != IS_SUCCESS) {
228 LOGE("Agree credential failed, ret: %" LOG_PUB "d.", ret);
229 DEV_AUTH_REPORT_FAULT_EVENT_WITH_ERR_CODE(AGREE_CREDENTIAL_EVENT,
230 PROCESS_AGREE_CREDENTIAL, ret);
231 }
232 return ret;
233 }
234
RegisterChangeListener(const char * appId,CredChangeListener * listener)235 int32_t RegisterChangeListener(const char *appId, CredChangeListener *listener)
236 {
237 SET_LOG_MODE(TRACE_MODE);
238
239 return IsCredListenerSupported() ? RegCredListener(appId, listener) : HC_ERR_NOT_SUPPORT;
240 }
241
UnregisterChangeListener(const char * appId)242 int32_t UnregisterChangeListener(const char *appId)
243 {
244 SET_LOG_MODE(TRACE_MODE);
245
246 return IsCredListenerSupported() ? UnRegCredListener(appId) : HC_ERR_NOT_SUPPORT;
247 }
248
IsJsonString(const char * str)249 static bool IsJsonString(const char *str)
250 {
251 CJson *json = CreateJsonFromString(str);
252 if (json == NULL) {
253 LOGE("Create json from string error.");
254 return false;
255 }
256 FreeJson(json);
257 return true;
258 }
259
DestroyInfo(char ** returnData)260 void DestroyInfo(char **returnData)
261 {
262 if (returnData == NULL || *returnData == NULL) {
263 LOGE("Invalid params!");
264 return;
265 }
266 if (IsJsonString(*returnData)) {
267 FreeJsonString(*returnData);
268 } else {
269 HcFree(*returnData);
270 }
271 *returnData = NULL;
272 }
273
InitIdentityService(void)274 int32_t InitIdentityService(void)
275 {
276 if (InitCredDatabase() != HC_SUCCESS) {
277 return IS_ERR_SERVICE_NEED_RESTART;
278 }
279 return IsCredListenerSupported() ? InitCredListener() : HC_SUCCESS;
280 }
281
DestroyIdentityService(void)282 void DestroyIdentityService(void)
283 {
284 if (IsCredListenerSupported()) {
285 DestroyCredListener();
286 }
287 DestroyCredDatabase();
288 }