1 /* 2 * Copyright (c) 2022-2023 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup AccountIAM 18 * @{ 19 * 20 * @brief Provides account identity and access management. 21 * 22 * Provides the capability to manage the identity and access of the local account. 23 * 24 * @since 8.0 25 * @version 8.0 26 */ 27 28 /** 29 * @file account_iam_client.h 30 * 31 * @brief Declares account iam client interfaces. 32 * 33 * @since 8.0 34 * @version 8.0 35 */ 36 #ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 37 #define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 38 39 #include <map> 40 #include <mutex> 41 #include <vector> 42 #include <set> 43 #include "account_iam_client_callback.h" 44 #include "account_iam_info.h" 45 #include "account_error_no.h" 46 #include "account_permission_manager.h" 47 #include "iaccount_iam.h" 48 49 namespace OHOS { 50 namespace AccountSA { 51 class AccountIAMClient { 52 public: 53 /** 54 * Gets the instance of AccountIAMClient. 55 * @return the instance of AccountIAMClient. 56 */ 57 static AccountIAMClient &GetInstance(); 58 59 /** 60 * @brief Opens session. 61 * @permission ohos.permission.MANAGE_USER_IDM 62 * @param userId - Indicates the user identification. 63 * @param challenge - Indicates the challenge value. 64 * @return error code, see account_error_no.h 65 */ 66 int32_t OpenSession(int32_t userId, std::vector<uint8_t> &challenge); 67 68 /** 69 * @brief Closes session. 70 * @permission ohos.permission.MANAGE_USER_IDM 71 * @param userId - Indicates the user identification. 72 * @return error code, see account_error_no.h 73 */ 74 int32_t CloseSession(int32_t userId); 75 76 /** 77 * @brief Adds credential information. 78 * @permission ohos.permission.MANAGE_USER_IDM 79 * @param userId - Indicates the user identification. 80 * @param credentialInfo - Indicates the credential information. 81 * @param callback - Indicates the callback to get results and acquireInfo. 82 */ 83 void AddCredential( 84 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 85 86 /** 87 * @brief Updates credential. 88 * @permission ohos.permission.MANAGE_USER_IDM 89 * @param userId - Indicates the user identification. 90 * @param credentialInfo - Indicates the credential information. 91 * @param callback - Indicates the callback to get results and acquireInfo. 92 */ 93 void UpdateCredential( 94 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 95 96 /** 97 * @brief Cancels entry with a challenge value. 98 * @permission ohos.permission.MANAGE_USER_IDM 99 * @param userId - Indicates the user identification. 100 * @return error code, see account_error_no.h 101 */ 102 int32_t Cancel(int32_t userId); 103 104 /** 105 * @brief Deletes the user credential information. 106 * @permission ohos.permission.MANAGE_USER_IDM 107 * @param userId - Indicates the user identification. 108 * @param credentialId - Indicates the credential index. 109 * @param authToken - Indicates the authentication token. 110 * @param callback - Indicates the callback to get the deletion result. 111 */ 112 void DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, 113 const std::shared_ptr<IDMCallback>& callback); 114 115 /** 116 * @brief Deletes the user with the authentication token. 117 * @permission ohos.permission.MANAGE_USER_IDM 118 * @param userId - Indicates the user identification. 119 * @param authToken - Indicates the authentication token. 120 * @param callback - Indicates the callback to get the deletion result. 121 */ 122 void DelUser(int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback); 123 124 /** 125 * @brief Gets authentication information. 126 * @permission ohos.permission.USE_USER_IDM 127 * @param userId - Indicates the user identification. 128 * @param authType - Indicates the authentication type. 129 * @param callback - Indicates the callback to get all registered credential information of 130 * the specified type for the current user. 131 * @return error code, see account_error_no.h 132 */ 133 int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback); 134 135 /** 136 * @brief Executes user authentication. 137 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 138 * @param challenge - Indicates the challenge value. 139 * @param authType - Indicates the authentication type. 140 * @param authTrustLevel - Indicates the trust level of authentication result. 141 * @param callback - Indicates the callback to get result and acquireInfo. 142 * @return a context ID for cancellation. 143 */ 144 uint64_t Auth(const std::vector<uint8_t> &challenge, AuthType authType, AuthTrustLevel authTrustLevel, 145 const std::shared_ptr<IDMCallback> &callback); 146 147 /** 148 * @brief Executes user authentication. 149 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 150 * @param userId - Indicates the user identification. 151 * @param challenge - Indicates the challenge value. 152 * @param authType - Indicates the authentication type. 153 * @param authTrustLevel - Indicates the trust level of authentication result. 154 * @param callback - Indicates the callback to get result and acquireInfo. 155 * @return a context ID for cancellation. 156 */ 157 uint64_t AuthUser(int32_t userId, const std::vector<uint8_t> &challenge, AuthType authType, 158 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 159 160 /** 161 * @brief Cancels authentication with context ID. 162 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 163 * @param contextID - Indicates the authentication context ID. 164 * @return error code, see account_error_no.h 165 */ 166 int32_t CancelAuth(uint64_t contextId); 167 168 /** 169 * @brief Checks whether the authentication capability is available. 170 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 171 * @param authType - Indicates the credential type for authentication. 172 * @param authTrustLevel - Indicates the trust level of authentication result. 173 * @param status - Indicates a status result. 174 * @return error code, see account_error_no.h 175 */ 176 int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status); 177 178 /** 179 * @brief Gets the property based on the specified request information. 180 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 181 * @param userId - Indicates the user identification. 182 * @param request - Indicates the request information, including authentication type, and property type list. 183 * @param callback - Indicates the callback for getting an executor property. 184 * @return error code, see account_error_no.h 185 */ 186 void GetProperty( 187 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 188 189 /** 190 * @brief Sets property that can be used to initialize algorithms. 191 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 192 * @param userId - Indicates the user identification. 193 * @param request - Indicates the request information, including authentication type and the key-value to be set. 194 * @param callback - Indicates the callback for getting result. 195 * @return error code, see account_error_no.h 196 */ 197 void SetProperty( 198 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 199 200 #ifdef HAS_PIN_AUTH_PART 201 /** 202 * @brief Registers inputer. 203 * @permission ohos.permission.ACCESS_PIN_AUTH 204 * @param inputer - Indicates the password input box callback 205 * @return error code, see account_error_no.h 206 */ 207 ErrCode RegisterPINInputer(const std::shared_ptr<IInputer> &inputer); 208 209 /** 210 * @brief Unregisters inputer. 211 * @permission ohos.permission.ACCESS_PIN_AUTH 212 * @return error code, see account_error_no.h 213 */ 214 ErrCode UnregisterPINInputer(); 215 216 /** 217 * @brief Registers credential inputer by authentication type. 218 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 219 * @param authType - Indicates the authentication type. 220 * @param inputer - Indicates the credential input box callback. 221 * @return error code, see account_error_no.h 222 */ 223 ErrCode RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer); 224 225 /** 226 * @brief Unregisters credential inputer by authentication type. 227 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 228 * @param authType - Indicates the authentication type. 229 * @return error code, see account_error_no.h 230 */ 231 ErrCode UnregisterInputer(int32_t authType); 232 #endif 233 234 /** 235 * @brief Gets the state of the specified account. 236 * @param userId - Indicates the user identification. 237 * @return the state of the specified account 238 */ 239 IAMState GetAccountState(int32_t userId); 240 241 /** 242 * @brief Sets the authentication subtype of the specified account. 243 * @param userId - Indicates the user identification. 244 * @param authSubType - Indicates the authentication subtype. 245 */ 246 void SetAuthSubType(int32_t userId, int32_t authSubType); 247 248 /** 249 * @brief Gets the authentication subtype of the specified account. 250 * @param userId - Indicates the user identification. 251 * @return the authentication subtype. 252 */ 253 int32_t GetAuthSubType(int32_t userId); 254 255 /** 256 * @brief Sets the credential of the specified account. 257 * @param userId - Indicates the user identification. 258 * @param credential - Indicates the credential. 259 */ 260 void SetCredential(int32_t userId, const std::vector<uint8_t> &credential); 261 262 /** 263 * @brief Gets the credential information of the specified account. 264 * @param userId - Indicates the user identification. 265 * @param credItem - Indicates the credential information. 266 */ 267 void GetCredential(int32_t userId, CredentialItem &credItem); 268 269 /** 270 * @brief Clears the credential of the specified account. 271 * @param userId - Indicates the user identification. 272 */ 273 void ClearCredential(int32_t userId); 274 275 private: 276 AccountIAMClient() = default; 277 ~AccountIAMClient() = default; 278 DISALLOW_COPY_AND_MOVE(AccountIAMClient); 279 class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient { 280 public: 281 AccountIAMDeathRecipient() = default; 282 ~AccountIAMDeathRecipient() override = default; 283 void OnRemoteDied(const wptr<IRemoteObject>& remote) override; 284 285 private: 286 DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient); 287 }; 288 sptr<IAccountIAM> GetAccountIAMProxy(); 289 void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote); 290 bool GetCurrentUserId(int32_t &userId); 291 uint64_t StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback); 292 #ifdef HAS_PIN_AUTH_PART 293 ErrCode RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer); 294 ErrCode UnregisterDomainInputer(); 295 #endif 296 bool CheckSelfPermission(const std::string &permissionName); 297 298 private: 299 std::mutex mutex_; 300 std::mutex pinMutex_; 301 std::mutex domainMutex_; 302 std::map<int32_t, CredentialItem> credentialMap_; 303 sptr<IAccountIAM> proxy_ = nullptr; 304 sptr<AccountIAMDeathRecipient> deathRecipient_ = nullptr; 305 #ifdef HAS_PIN_AUTH_PART 306 std::shared_ptr<IInputer> pinInputer_ = nullptr; 307 std::shared_ptr<IInputer> domainInputer_ = nullptr; 308 #endif 309 }; 310 } // namespace AccountSA 311 } // namespace OHOS 312 #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H