1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "account_iam_callback.h"
17
18 #include <securec.h>
19 #include <string>
20 #include "access_token.h"
21 #include "account_iam_info.h"
22 #include "account_info_report.h"
23 #include "account_log_wrapper.h"
24 #include "account_hisysevent_adapter.h"
25 #include "iinner_os_account_manager.h"
26 #include "inner_account_iam_manager.h"
27 #include "inner_domain_account_manager.h"
28 #include "ipc_skeleton.h"
29 #include "os_account_delete_user_idm_callback.h"
30 #include "token_setproc.h"
31 #include "user_auth_client.h"
32 #include "user_idm_client.h"
33 #include "os_account_constants.h"
34
35 namespace OHOS {
36 namespace AccountSA {
37 using UserIDMClient = UserIam::UserAuth::UserIdmClient;
38 using UserAuthClient = UserIam::UserAuth::UserAuthClient;
39
40 const std::vector<uint8_t> TEMP_PIN = {50, 48, 50, 52, 48, 56};
41
SetContextId(uint16_t contextId)42 void AuthCallbackDeathRecipient::SetContextId(uint16_t contextId)
43 {
44 contextId_ = contextId;
45 }
46
OnRemoteDied(const wptr<IRemoteObject> & remote)47 void AuthCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
48 {
49 ACCOUNT_LOGI("remote callback died, cancel authentication");
50 if (contextId_ > 0) {
51 UserAuthClient::GetInstance().CancelAuthentication(contextId_);
52 }
53 }
54
AuthCallback(uint32_t userId,uint64_t credentialId,AuthType authType,const sptr<IIDMCallback> & callback)55 AuthCallback::AuthCallback(
56 uint32_t userId, uint64_t credentialId, AuthType authType, const sptr<IIDMCallback> &callback)
57 : userId_(userId), credentialId_(credentialId), authType_(authType), innerCallback_(callback)
58 {}
59
AuthCallback(uint32_t userId,uint64_t credentialId,AuthType authType,bool isRemoteAuth,const sptr<IIDMCallback> & callback)60 AuthCallback::AuthCallback(uint32_t userId, uint64_t credentialId, AuthType authType,
61 bool isRemoteAuth, const sptr<IIDMCallback> &callback)
62 : userId_(userId), credentialId_(credentialId), authType_(authType),
63 isRemoteAuth_(isRemoteAuth), innerCallback_(callback)
64 {}
65
HandleAuthResult(const Attributes & extraInfo,int32_t accountId,bool & isUpdateVerifiedStatus)66 ErrCode AuthCallback::HandleAuthResult(const Attributes &extraInfo, int32_t accountId, bool &isUpdateVerifiedStatus)
67 {
68 std::vector<uint8_t> token;
69 extraInfo.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token);
70 std::vector<uint8_t> secret;
71 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, secret);
72 ErrCode ret = ERR_OK;
73 if (authType_ == AuthType::PIN) {
74 (void)InnerAccountIAMManager::GetInstance().HandleFileKeyException(accountId, secret, token);
75 bool isVerified = false;
76 (void)IInnerOsAccountManager::GetInstance().IsOsAccountVerified(accountId, isVerified);
77 if (!isVerified) {
78 // el2 file decryption
79 ret = InnerAccountIAMManager::GetInstance().ActivateUserKey(accountId, token, secret);
80 if (ret != 0) {
81 ACCOUNT_LOGE("Failed to activate user key");
82 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to activate user key");
83 return ret;
84 }
85 isUpdateVerifiedStatus = true;
86 }
87 }
88 if (!isUpdateVerifiedStatus) {
89 bool lockScreenStatus = false;
90 ret = InnerAccountIAMManager::GetInstance().GetLockScreenStatus(accountId, lockScreenStatus);
91 if (ret != 0) {
92 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to get lock status");
93 }
94 if (!lockScreenStatus) {
95 ACCOUNT_LOGI("start unlock user screen");
96 // el3\4 file decryption
97 ret = InnerAccountIAMManager::GetInstance().UnlockUserScreen(accountId, token, secret);
98 if (ret != 0) {
99 ReportOsAccountOperationFail(accountId, "auth", ret, "Failed to unlock user");
100 return ret;
101 }
102 }
103 }
104 // domain account authentication
105 if (authType_ == static_cast<AuthType>(IAMAuthType::DOMAIN)) {
106 return ERR_OK;
107 }
108 InnerDomainAccountManager::GetInstance().AuthWithToken(accountId, token);
109 return ret;
110 }
111
SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> & deathRecipient)112 void AuthCallback::SetDeathRecipient(const sptr<AuthCallbackDeathRecipient> &deathRecipient)
113 {
114 deathRecipient_ = deathRecipient;
115 }
116
GenerateAttributesInfo(const Attributes & extraInfo,Attributes & extraAuthInfo)117 static void GenerateAttributesInfo(const Attributes &extraInfo, Attributes &extraAuthInfo)
118 {
119 std::vector<uint8_t> token;
120 if (extraInfo.GetUint8ArrayValue(Attributes::AttributeKey::ATTR_SIGNATURE, token)) {
121 extraAuthInfo.SetUint8ArrayValue(Attributes::AttributeKey::ATTR_SIGNATURE, token);
122 }
123 int32_t remainTimes = 0;
124 if (extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes)) {
125 extraAuthInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
126 }
127 int32_t freezingTime = 0;
128 if (extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime)) {
129 extraAuthInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
130 }
131 int32_t nextPhaseFreezingTime = 0;
132 if (extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_NEXT_FAIL_LOCKOUT_DURATION, nextPhaseFreezingTime)) {
133 extraAuthInfo.SetInt32Value(Attributes::AttributeKey::ATTR_NEXT_FAIL_LOCKOUT_DURATION, nextPhaseFreezingTime);
134 }
135 int32_t accountId = 0;
136 if (extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, accountId)) {
137 extraAuthInfo.SetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, accountId);
138 }
139 // pinValidityPeriod
140 int64_t pinValidityPeriod = 0;
141 if (extraInfo.GetInt64Value(Attributes::AttributeKey::ATTR_PIN_EXPIRED_INFO, pinValidityPeriod)) {
142 extraAuthInfo.SetInt64Value(Attributes::AttributeKey::ATTR_PIN_EXPIRED_INFO, pinValidityPeriod);
143 }
144 }
145
OnResult(int32_t result,const Attributes & extraInfo)146 void AuthCallback::OnResult(int32_t result, const Attributes &extraInfo)
147 {
148 int32_t authedAccountId = 0;
149 if (!extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_USER_ID, authedAccountId)) {
150 ACCOUNT_LOGE("Get account id from auth result failed");
151 authedAccountId = static_cast<int32_t>(userId_);
152 }
153 ACCOUNT_LOGI("Auth ret: authType=%{public}d, result=%{public}d, id=%{public}d", authType_, result, authedAccountId);
154 InnerAccountIAMManager::GetInstance().SetState(authedAccountId, AFTER_OPEN_SESSION);
155 if (innerCallback_ == nullptr) {
156 ACCOUNT_LOGE("innerCallback_ is nullptr");
157 return;
158 }
159 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
160 if (result != 0) {
161 innerCallback_->OnResult(result, extraInfo);
162 ReportOsAccountOperationFail(authedAccountId, "auth", result, "Failed to auth");
163 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
164 }
165 if (isRemoteAuth_) {
166 ACCOUNT_LOGI("Remote auth");
167 innerCallback_->OnResult(result, extraInfo);
168 return;
169 }
170 bool isUpdateVerifiedStatus = false;
171 if (HandleAuthResult(extraInfo, authedAccountId, isUpdateVerifiedStatus) != ERR_OK) {
172 int32_t remainTimes = 0;
173 int32_t freezingTime = 0;
174 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
175 extraInfo.GetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
176 Attributes errInfo;
177 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_REMAIN_TIMES, remainTimes);
178 errInfo.SetInt32Value(Attributes::AttributeKey::ATTR_FREEZING_TIME, freezingTime);
179 innerCallback_->OnResult(ResultCode::FAIL, errInfo);
180 return AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, ResultCode::FAIL);
181 }
182 uint64_t credentialId = 0;
183 if (!extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId) && (credentialId_ != 0)) {
184 Attributes extraAuthInfo;
185 GenerateAttributesInfo(extraInfo, extraAuthInfo);
186 extraAuthInfo.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId_);
187 innerCallback_->OnResult(result, extraAuthInfo);
188 } else {
189 innerCallback_->OnResult(result, extraInfo);
190 }
191 if (isUpdateVerifiedStatus) {
192 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsVerified(authedAccountId, true);
193 }
194 (void)IInnerOsAccountManager::GetInstance().SetOsAccountIsLoggedIn(authedAccountId, true);
195 AccountInfoReport::ReportSecurityInfo("", authedAccountId, ReportEvent::EVENT_LOGIN, result);
196 }
197
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)198 void AuthCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
199 {
200 if (innerCallback_ == nullptr) {
201 ACCOUNT_LOGE("innerCallback_ is nullptr");
202 return;
203 }
204 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
205 }
206
OnRemoteDied(const wptr<IRemoteObject> & remote)207 void IDMCallbackDeathRecipient::OnRemoteDied(const wptr<IRemoteObject> &remote)
208 {
209 ACCOUNT_LOGI("Remote callback died, cancel cred");
210 if (userId_ > 0) {
211 UserIDMClient::GetInstance().Cancel(userId_);
212 }
213 }
214
IDMCallbackDeathRecipient(uint32_t userId)215 IDMCallbackDeathRecipient::IDMCallbackDeathRecipient(uint32_t userId) : userId_(userId)
216 {}
217
AddCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)218 AddCredCallback::AddCredCallback(uint32_t userId, const CredentialParameters &credInfo,
219 const sptr<IIDMCallback> &callback)
220 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
221 {}
222
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)223 void AddCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
224 {
225 deathRecipient_ = deathRecipient;
226 }
227
AddUserKey(int32_t userId,uint64_t secureUid,const std::vector<uint8_t> & token,const std::vector<uint8_t> & oldSecret,const std::vector<uint8_t> & newSecret)228 static ErrCode AddUserKey(int32_t userId, uint64_t secureUid, const std::vector<uint8_t> &token,
229 const std::vector<uint8_t> &oldSecret, const std::vector<uint8_t> &newSecret)
230 {
231 ErrCode errCode = InnerAccountIAMManager::GetInstance().UpdateStorageUserAuth(
232 userId, secureUid, token, oldSecret, newSecret);
233 if (errCode != ERR_OK) {
234 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update user auth");
235 return errCode;
236 }
237 errCode = InnerAccountIAMManager::GetInstance().UpdateStorageKeyContext(userId);
238 if (errCode != ERR_OK) {
239 ReportOsAccountOperationFail(userId, "addCredential", errCode, "Failed to update key context");
240 }
241 return errCode;
242 }
243
OnResult(int32_t result,const Attributes & extraInfo)244 void AddCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
245 {
246 ACCOUNT_LOGI("AddCredCallback, result=%{public}d.", result);
247 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
248 ACCOUNT_LOGE("innerCallback_ is nullptr");
249 return;
250 }
251 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
252 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
253 if ((result == 0) && (credInfo_.authType == AuthType::PIN)) {
254 InnerAccountIAMManager::GetInstance().SetState(userId_, AFTER_ADD_CRED);
255 uint64_t credentialId = 0;
256 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
257 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, credentialId);
258
259 uint64_t secureUid = 0;
260 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
261 std::vector<uint8_t> newSecret;
262 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, newSecret);
263 std::vector<uint8_t> token;
264 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
265 std::vector<uint8_t> oldSecret;
266 ErrCode code = AddUserKey(userId_, secureUid, token, oldSecret, newSecret);
267 if (code == ERR_OK) {
268 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
269 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
270 auto accountFileOperator = std::make_shared<AccountFileOperator>();
271 code = accountFileOperator->DeleteDirOrFile(path);
272 if (code != ERR_OK) {
273 ReportOsAccountOperationFail(userId_, "addCredential", code, "Failed to delete add_secret_flag file");
274 ACCOUNT_LOGE("Delete file fail, path=%{public}s", path.c_str());
275 }
276 }
277 }
278 if (result != 0) {
279 ReportOsAccountOperationFail(userId_, "addCredential", result,
280 "Failed to add credential, type: " + std::to_string(credInfo_.authType));
281 if (credInfo_.authType == AuthType::PIN) {
282 std::string path = Constants::USER_INFO_BASE + Constants::PATH_SEPARATOR + std::to_string(userId_) +
283 Constants::PATH_SEPARATOR + Constants::USER_ADD_SECRET_FLAG_FILE_NAME;
284 auto accountFileOperator = std::make_shared<AccountFileOperator>();
285 accountFileOperator->DeleteDirOrFile(path);
286 }
287 }
288 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
289 innerCallback_->OnResult(result, extraInfo);
290 }
291
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)292 void AddCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
293 {
294 if (innerCallback_ == nullptr) {
295 ACCOUNT_LOGE("innerCallback_ is nullptr");
296 return;
297 }
298 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
299 }
300
UpdateCredCallback(uint32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)301 UpdateCredCallback::UpdateCredCallback(
302 uint32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
303 : userId_(userId), credInfo_(credInfo), innerCallback_(callback)
304 {}
305
SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> & deathRecipient)306 void UpdateCredCallback::SetDeathRecipient(const sptr<IDMCallbackDeathRecipient> &deathRecipient)
307 {
308 deathRecipient_ = deathRecipient;
309 }
310
DeleteCredential(uint32_t userId,uint64_t credentialId,const std::vector<uint8_t> & token)311 static void DeleteCredential(uint32_t userId, uint64_t credentialId, const std::vector<uint8_t> &token)
312 {
313 auto idmCallback = std::make_shared<DelCredCallback>(userId, true, token, nullptr);
314 UserIDMClient::GetInstance().DeleteCredential(userId, credentialId, token, idmCallback);
315 }
316
OnResult(int32_t result,const Attributes & extraInfo)317 void UpdateCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
318 {
319 ACCOUNT_LOGI("UpdateCredCallback, userId=%{public}d, result=%{public}d.", userId_, result);
320 if (innerCallback_ == nullptr || innerCallback_->AsObject() == nullptr) {
321 ACCOUNT_LOGE("inner callback is nullptr");
322 return;
323 }
324 innerCallback_->AsObject()->RemoveDeathRecipient(deathRecipient_);
325 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
326 if (result != 0) {
327 ReportOsAccountOperationFail(userId_, "updateCredential", result,
328 "Failed to update credential, type: " + std::to_string(credInfo_.authType));
329 }
330 if ((result != 0) || (credInfo_.authType != AuthType::PIN)) {
331 ACCOUNT_LOGE("UpdateCredCallback fail code=%{public}d, authType=%{public}d", result, credInfo_.authType);
332 return innerCallback_->OnResult(result, extraInfo);
333 }
334 UpdateCredInfo updateCredInfo;
335 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, updateCredInfo.credentialId);
336 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, updateCredInfo.secureUid);
337 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, updateCredInfo.token);
338 extraInfo.GetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, updateCredInfo.newSecret);
339 std::vector<uint8_t> oldSecret;
340 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
341 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(userId_, updateCredInfo.secureUid,
342 updateCredInfo.token, oldSecret, {});
343 if (code != ERR_OK) {
344 DeleteCredential(userId_, updateCredInfo.credentialId, credInfo_.token);
345 ReportOsAccountOperationFail(userId_, "updateCredential", code, "Failed to update user auth");
346 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
347 return innerCallback_->OnResult(code, extraInfo);
348 }
349 uint64_t oldCredentialId = 0;
350 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_OLD_CREDENTIAL_ID, oldCredentialId);
351 auto idmCallback = std::make_shared<CommitCredUpdateCallback>(userId_, updateCredInfo, innerCallback_);
352 Security::AccessToken::AccessTokenID selfToken = IPCSkeleton::GetSelfTokenID();
353 result = SetFirstCallerTokenID(selfToken);
354 ACCOUNT_LOGI("Set first caller info result: %{public}d", result);
355 UserIDMClient::GetInstance().DeleteCredential(userId_, oldCredentialId, credInfo_.token, idmCallback);
356 }
357
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)358 void UpdateCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
359 {
360 if (innerCallback_ == nullptr) {
361 ACCOUNT_LOGE("innerCallback_ is nullptr");
362 return;
363 }
364 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
365 }
366
367 #ifdef HAS_PIN_AUTH_PART
OnGetData(int32_t authSubType,std::vector<uint8_t> challenge,std::shared_ptr<IInputerData> inputerData)368 void DelUserInputer::OnGetData(int32_t authSubType, std::vector<uint8_t> challenge,
369 std::shared_ptr<IInputerData> inputerData)
370 {
371 ACCOUNT_LOGI("Get temporary data, authSubType: %{public}d", authSubType);
372 if (inputerData == nullptr) {
373 ACCOUNT_LOGE("InputerData is nullptr");
374 return;
375 }
376 inputerData->OnSetData(authSubType, TEMP_PIN);
377 }
378
DelUserCallback(uint32_t userId,const sptr<IIDMCallback> & callback)379 DelUserCallback::DelUserCallback(uint32_t userId, const sptr<IIDMCallback> &callback)
380 : userId_(userId), innerCallback_(callback)
381 {}
382
~DelUserCallback()383 DelUserCallback::~DelUserCallback()
384 {
385 InnerAccountIAMManager::GetInstance().OnDelUserDone(userId_);
386 }
387
ConvertDelUserErrCode(int32_t result)388 static int32_t ConvertDelUserErrCode(int32_t result)
389 {
390 switch (result) {
391 case ResultCode::NOT_ENROLLED:
392 case ResultCode::INVALID_PARAMETERS:
393 return ERR_IAM_TOKEN_AUTH_FAILED;
394 case ResultCode::CANCELED:
395 case ResultCode::TIMEOUT:
396 return ERR_IAM_GENERAL_ERROR;
397 default:
398 return result;
399 }
400 }
401
OnResult(int32_t result,const Attributes & extraInfo)402 void DelUserCallback::OnResult(int32_t result, const Attributes &extraInfo)
403 {
404 ACCOUNT_LOGI("DelUserCallback, userId: %{public}d, result: %{public}d", userId_, result);
405 if (innerCallback_ == nullptr) {
406 ACCOUNT_LOGE("Inner callback is nullptr");
407 return;
408 }
409 result = ConvertDelUserErrCode(result);
410 if (result != ERR_OK) {
411 ACCOUNT_LOGE("DelUserCallback fail code = %{public}d", result);
412 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete user");
413 return innerCallback_->OnResult(result, extraInfo);
414 }
415 uint64_t secureUid = 0;
416 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
417 std::vector<uint8_t> oldSecret;
418 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
419 std::vector<uint8_t> token;
420 extraInfo.GetUint8ArrayValue(Attributes::ATTR_AUTH_TOKEN, token);
421 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
422 ErrCode errCode = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token, oldSecret, {});
423 if (errCode != ERR_OK) {
424 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update user auth");
425 uint64_t credentialId = 0;
426 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, credentialId);
427 DeleteCredential(userId_, credentialId, token);
428 ACCOUNT_LOGE("Fail to delete root secret, userId=%{public}d, errcode=%{public}d", userId_, errCode);
429 return innerCallback_->OnResult(errCode, extraInfo);
430 }
431
432 auto eraseCallback = std::make_shared<OsAccountDeleteUserIdmCallback>();
433 errCode = UserIam::UserAuth::UserIdmClient::GetInstance().EraseUser(userId_, eraseCallback);
434 if (errCode != ERR_OK) {
435 ACCOUNT_LOGE("Failed to erase user, userId=%{public}d, errcode=%{public}d", userId_, errCode);
436 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to erase user");
437 return innerCallback_->OnResult(errCode, extraInfo);
438 }
439 std::unique_lock<std::mutex> lock(eraseCallback->mutex_);
440 eraseCallback->onResultCondition_.wait(lock, [eraseCallback] { return eraseCallback->isIdmOnResultCallBack_; });
441 if (eraseCallback->resultCode_ != ERR_OK) {
442 ACCOUNT_LOGE("Failed to erase user in callback, userId=%{public}d, errcode=%{public}d",
443 userId_, eraseCallback->resultCode_);
444 ReportOsAccountOperationFail(userId_, "deleteCredential", eraseCallback->resultCode_, "Failed to erase user");
445 return innerCallback_->OnResult(eraseCallback->resultCode_, extraInfo);
446 }
447 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0);
448 errCode = innerIamMgr_.UpdateStorageKeyContext(userId_);
449 if (errCode != ERR_OK) {
450 ReportOsAccountOperationFail(userId_, "deleteCredential", errCode, "Failed to update key context");
451 }
452 innerCallback_->OnResult(errCode, extraInfo);
453 }
454 #endif // HAS_PIN_AUTH_PART
455
CommitCredUpdateCallback(int32_t userId,const UpdateCredInfo & extraUpdateInfo,const sptr<IIDMCallback> & callback)456 CommitCredUpdateCallback::CommitCredUpdateCallback(int32_t userId,
457 const UpdateCredInfo &extraUpdateInfo, const sptr<IIDMCallback> &callback)
458 : userId_(userId), extraUpdateInfo_(extraUpdateInfo), innerCallback_(callback)
459 {}
460
OnResult(int32_t result,const Attributes & extraInfo)461 void CommitCredUpdateCallback::OnResult(int32_t result, const Attributes &extraInfo)
462 {
463 ACCOUNT_LOGI("CommitCredUpdateCallback, result=%{public}d.", result);
464 if (innerCallback_ == nullptr) {
465 ACCOUNT_LOGE("innerCallback_ is nullptr");
466 return;
467 }
468
469 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
470 if (result != 0) {
471 ACCOUNT_LOGE("CommitCredUpdateCallback fail code=%{public}d", result);
472 ReportOsAccountOperationFail(userId_, "commitCredUpdate", result, "Failed to commit credential update");
473 innerCallback_->OnResult(result, extraInfo);
474 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
475 return;
476 }
477 ErrCode code = innerIamMgr_.UpdateStorageUserAuth(
478 userId_, extraUpdateInfo_.secureUid, extraUpdateInfo_.token, {}, extraUpdateInfo_.newSecret);
479 if (code != ERR_OK) {
480 ACCOUNT_LOGE("Fail to update user auth, userId=%{public}d, code=%{public}d", userId_, code);
481 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
482 ReportOsAccountOperationFail(userId_, "commitCredUpdate", code, "Failed to update user auth");
483 innerCallback_->OnResult(code, extraInfo);
484 return;
485 }
486 ErrCode updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
487 if (updateRet != ERR_OK) {
488 ReportOsAccountOperationFail(userId_, "commitCredUpdate", updateRet, "Failed to update key context");
489 }
490 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
491 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, extraUpdateInfo_.credentialId);
492 Attributes extraInfoResult;
493 extraInfoResult.SetUint64Value(Attributes::AttributeKey::ATTR_CREDENTIAL_ID, extraUpdateInfo_.credentialId);
494 innerCallback_->OnResult(result, extraInfoResult);
495 }
496
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)497 void CommitCredUpdateCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
498 {
499 ACCOUNT_LOGE("CommitCredUpdateCallback OnAcquireInfo");
500 }
501
DelCredCallback(int32_t userId,bool isPIN,std::vector<uint8_t> token,const sptr<IIDMCallback> & callback)502 DelCredCallback::DelCredCallback(int32_t userId, bool isPIN, std::vector<uint8_t> token,
503 const sptr<IIDMCallback> &callback)
504 : userId_(userId), isPIN_(isPIN), token_(token), innerCallback_(callback)
505 {}
506
OnResult(int32_t result,const Attributes & extraInfo)507 void DelCredCallback::OnResult(int32_t result, const Attributes &extraInfo)
508 {
509 ACCOUNT_LOGI("DelCredCallback, result=%{public}d, userId=%{public}d", result, userId_);
510 if (innerCallback_ == nullptr) {
511 ACCOUNT_LOGE("innerCallback_ is nullptr");
512 return;
513 }
514 auto &innerIamMgr_ = InnerAccountIAMManager::GetInstance();
515 if ((result == 0) && isPIN_) {
516 (void)IInnerOsAccountManager::GetInstance().SetOsAccountCredentialId(userId_, 0); // 0-invalid credentialId
517 std::vector<uint8_t> newSecret;
518 std::vector<uint8_t> oldSecret;
519 extraInfo.GetUint8ArrayValue(Attributes::ATTR_OLD_ROOT_SECRET, oldSecret);
520 uint64_t secureUid = 0;
521 extraInfo.GetUint64Value(Attributes::AttributeKey::ATTR_SEC_USER_ID, secureUid);
522 ErrCode updateRet = innerIamMgr_.UpdateStorageUserAuth(userId_, secureUid, token_, oldSecret, newSecret);
523 if (updateRet != ERR_OK) {
524 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update user auth");
525 }
526 updateRet = innerIamMgr_.UpdateStorageKeyContext(userId_);
527 if (updateRet != ERR_OK) {
528 ReportOsAccountOperationFail(userId_, "deleteCredential", updateRet, "Failed to update key context");
529 }
530 }
531 if (result != 0) {
532 ACCOUNT_LOGE("DelCredCallback fail code=%{public}d, userId=%{public}d", result, userId_);
533 ReportOsAccountOperationFail(userId_, "deleteCredential", result, "Failed to delete credential");
534 }
535
536 innerIamMgr_.SetState(userId_, AFTER_OPEN_SESSION);
537 innerCallback_->OnResult(result, extraInfo);
538 }
539
OnAcquireInfo(int32_t module,uint32_t acquireInfo,const Attributes & extraInfo)540 void DelCredCallback::OnAcquireInfo(int32_t module, uint32_t acquireInfo, const Attributes &extraInfo)
541 {
542 if (innerCallback_ == nullptr) {
543 ACCOUNT_LOGE("innerCallback_ is nullptr");
544 return;
545 }
546 innerCallback_->OnAcquireInfo(module, acquireInfo, extraInfo);
547 }
548
GetCredInfoCallbackWrapper(int32_t userId,int32_t authType,const sptr<IGetCredInfoCallback> & callback)549 GetCredInfoCallbackWrapper::GetCredInfoCallbackWrapper(
550 int32_t userId, int32_t authType, const sptr<IGetCredInfoCallback> &callback)
551 : userId_(userId), authType_(authType), innerCallback_(callback)
552 {}
553
OnCredentialInfo(const std::vector<CredentialInfo> & infoList)554 void GetCredInfoCallbackWrapper::OnCredentialInfo(const std::vector<CredentialInfo> &infoList)
555 {
556 if (innerCallback_ == nullptr) {
557 return;
558 }
559 if (authType_ == 0) {
560 bool isAvailable = InnerAccountIAMManager::GetInstance().CheckDomainAuthAvailable(userId_);
561 if (isAvailable) {
562 std::vector<CredentialInfo> newInfoList = infoList;
563 CredentialInfo info;
564 info.authType = static_cast<AuthType>(IAMAuthType::DOMAIN);
565 info.pinType = static_cast<PinSubType>(IAMAuthSubType::DOMAIN_MIXED);
566 newInfoList.emplace_back(info);
567 return innerCallback_->OnCredentialInfo(newInfoList);
568 }
569 }
570 return innerCallback_->OnCredentialInfo(infoList);
571 }
572
GetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)573 GetPropCallbackWrapper::GetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
574 : userId_(userId), innerCallback_(callback)
575 {}
576
OnResult(int32_t result,const Attributes & extraInfo)577 void GetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
578 {
579 if (innerCallback_ == nullptr) {
580 ACCOUNT_LOGE("inner callback is nullptr");
581 return;
582 }
583 if (result != 0) {
584 ReportOsAccountOperationFail(userId_, "getProperty", result, "Failed to get property");
585 }
586 innerCallback_->OnResult(result, extraInfo);
587 }
588
SetPropCallbackWrapper(int32_t userId,const sptr<IGetSetPropCallback> & callback)589 SetPropCallbackWrapper::SetPropCallbackWrapper(int32_t userId, const sptr<IGetSetPropCallback> &callback)
590 : userId_(userId), innerCallback_(callback)
591 {}
592
OnResult(int32_t result,const Attributes & extraInfo)593 void SetPropCallbackWrapper::OnResult(int32_t result, const Attributes &extraInfo)
594 {
595 if (innerCallback_ == nullptr) {
596 ACCOUNT_LOGE("inner callback is nullptr");
597 return;
598 }
599 if (result != 0) {
600 ReportOsAccountOperationFail(userId_, "setProperty", result, "Failed to set property");
601 }
602 innerCallback_->OnResult(result, extraInfo);
603 }
604
GetSecUserInfoCallbackWrapper(AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)605 GetSecUserInfoCallbackWrapper::GetSecUserInfoCallbackWrapper(
606 AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
607 : authType_(authType), innerCallback_(callback)
608 {}
609
OnSecUserInfo(const SecUserInfo & info)610 void GetSecUserInfoCallbackWrapper::OnSecUserInfo(const SecUserInfo &info)
611 {
612 if (innerCallback_ == nullptr) {
613 return;
614 }
615
616 auto it = std::find_if(info.enrolledInfo.begin(), info.enrolledInfo.end(), [this](const auto& item) {
617 return item.authType == authType_;
618 });
619 if (it != info.enrolledInfo.end()) {
620 return innerCallback_->OnEnrolledId(ERR_OK, it->enrolledId);
621 } else {
622 return innerCallback_->OnEnrolledId(ERR_IAM_NOT_ENROLLED, 0);
623 }
624 }
625
GetSecureUidCallback(int32_t userId)626 GetSecureUidCallback::GetSecureUidCallback(int32_t userId): userId_(userId)
627 {}
628
OnSecUserInfo(const SecUserInfo & info)629 void GetSecureUidCallback::OnSecUserInfo(const SecUserInfo &info)
630 {
631 ACCOUNT_LOGI("SecUserInfo call back userId=%{public}d", userId_);
632 std::unique_lock<std::mutex> lck(secureMtx_);
633 this->secureUid_ = info.secureUid;
634 secureCv_.notify_all();
635 }
636
PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> & callback)637 PrepareRemoteAuthCallbackWrapper::PrepareRemoteAuthCallbackWrapper(const sptr<IPreRemoteAuthCallback> &callback)
638 : innerCallback_(callback)
639 {}
640
OnResult(int32_t result)641 void PrepareRemoteAuthCallbackWrapper::OnResult(int32_t result)
642 {
643 if (innerCallback_ == nullptr) {
644 ACCOUNT_LOGE("Inner callback is nullptr.");
645 return;
646 }
647 if (result != 0) {
648 ACCOUNT_LOGE("PrepareRemoteAuth, result=%{public}d fail to prepare remote auth.", result);
649 }
650 innerCallback_->OnResult(result);
651 }
652
GetDomainAuthStatusInfoCallback(const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)653 GetDomainAuthStatusInfoCallback::GetDomainAuthStatusInfoCallback(
654 const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
655 : request_(request), innerCallback_(callback)
656 {}
657
OnResult(int32_t result,Parcel & parcel)658 void GetDomainAuthStatusInfoCallback::OnResult(int32_t result, Parcel &parcel)
659 {
660 if (innerCallback_ == nullptr) {
661 ACCOUNT_LOGE("inner callback is nullptr");
662 return;
663 }
664 Attributes attributes;
665 std::shared_ptr<AuthStatusInfo> infoPtr(AuthStatusInfo::Unmarshalling(parcel));
666 if (infoPtr == nullptr) {
667 innerCallback_->OnResult(result, attributes);
668 return;
669 }
670 attributes.SetInt32Value(Attributes::ATTR_PIN_SUB_TYPE, static_cast<int32_t>(IAMAuthSubType::DOMAIN_MIXED));
671 attributes.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, infoPtr->remainingTimes);
672 attributes.SetInt32Value(Attributes::ATTR_FREEZING_TIME, infoPtr->freezingTime);
673 innerCallback_->OnResult(result, attributes);
674 }
675 } // namespace AccountSA
676 } // namespace OHOS
677