1 /*
2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "dlp_permission_serializer.h"
17 #include <cinttypes>
18 #include "dlp_permission.h"
19 #include "dlp_permission_log.h"
20 #include "hex_string.h"
21 #include "permission_policy.h"
22 #include "securec.h"
23
24 namespace OHOS {
25 namespace Security {
26 namespace DlpPermission {
27 namespace {
28 const std::string KIA_INDEX = "KIA";
29 const std::string OWNER_ACCOUNT_NAME = "ownerAccountName";
30 const std::string OWNER_ACCOUNT_ID = "ownerAccountId";
31 const std::string VERSION_INDEX = "version";
32 const std::string PERM_EXPIRY_TIME = "expireTime";
33 const std::string ACCOUNT_INDEX = "account";
34 const std::string AESKEY = "filekey";
35 const std::string AESKEY_LEN = "filekeyLen";
36 const std::string IV = "iv";
37 const std::string IV_LEN = "ivLen";
38 const std::string HMACKEY = "hmacKey";
39 const std::string HMACKEY_LEN = "hmacKeyLen";
40 const std::string DLP_VERSION_LOW_CAMEL_CASE = "dlpVersion";
41 const std::string DLP_FILE_DEBUG_FLAG = "debug";
42 const std::string ENC_DATA_LEN = "encDataLen";
43 const std::string ENC_DATA = "encData";
44 const std::string EXTRA_INFO_LEN = "extraInfoLen";
45 const std::string EXTRA_INFO = "extraInfo";
46 const std::string ENC_ACCOUNT_TYPE = "accountType";
47 const std::string ONLINE_POLICY_CONTENT = "plaintextPolicy";
48 const std::string NEED_ONLINE = "needOnline";
49 const std::string FILE_INDEX = "file";
50 const std::string POLICY_INDEX = "policy";
51 const std::string READ_INDEX = "read";
52 const std::string EDIT_INDEX = "edit";
53 const std::string FC_INDEX = "fullCtrl";
54 const std::string RIGHT_INDEX = "right";
55 const std::string EVERYONE_INDEX = "everyone";
56 const std::string ENC_POLICY_INDEX = "encPolicy";
57 const std::string POLICY_CERT_VERSION = "policyCertVersion";
58 const std::string ONLINE_CERT = "onlineCert";
59 const std::string ENC_POLICY = "encPolicy";
60 const std::string OFFLINE_CERT = "offlineCert";
61 const std::string ACCOUNT_TYPE = "accountType";
62 const std::string RECEIVER_ACCOUNT_INFO = "receiverAccountInfo";
63 constexpr uint64_t VALID_TIME_STAMP = 2147483647;
64
65 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {
66 LOG_CORE, SECURITY_DOMAIN_DLP_PERMISSION, "DlpPermissionSerializer"};
67 } // namespace
68
GetInstance()69 DlpPermissionSerializer& DlpPermissionSerializer::GetInstance()
70 {
71 static DlpPermissionSerializer instance;
72 return instance;
73 }
74
ReadUint8ArrayFromJson(const unordered_json & permJson,uint8_t ** buff,uint32_t & buffLen,const std::string & keyName,const std::string & lenName)75 static int32_t ReadUint8ArrayFromJson(const unordered_json& permJson, uint8_t** buff, uint32_t& buffLen,
76 const std::string& keyName, const std::string& lenName)
77 {
78 if (!lenName.empty() && permJson.find(lenName) != permJson.end() && permJson.at(lenName).is_number()) {
79 permJson.at(lenName).get_to(buffLen);
80 }
81
82 if (permJson.find(keyName) != permJson.end() && permJson.at(keyName).is_string()) {
83 std::string tmp = permJson.at(keyName).get<std::string>();
84
85 uint32_t length = tmp.size() / BYTE_TO_HEX_OPER_LENGTH;
86 if (length != buffLen) {
87 buffLen = length;
88 }
89 if (length == 0) {
90 DLP_LOG_ERROR(LABEL, "%{public}s length is 0", keyName.c_str());
91 return DLP_SERVICE_ERROR_VALUE_INVALID;
92 }
93 *buff = new (std::nothrow) uint8_t[length];
94 if (*buff == nullptr) {
95 DLP_LOG_ERROR(LABEL, "New memory fail");
96 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
97 }
98 int32_t res = HexStringToByte(tmp.c_str(), tmp.length(), *buff, length);
99 if (res != DLP_OK) {
100 DLP_LOG_ERROR(LABEL, "Hexstring to byte fail");
101 memset_s(*buff, length, 0, length);
102 delete[] *buff;
103 *buff = nullptr;
104 }
105
106 return res;
107 }
108 return DLP_OK;
109 }
110
TransHexStringToByte(std::string & outer,const std::string & input)111 static void TransHexStringToByte(std::string& outer, const std::string& input)
112 {
113 uint32_t len = input.size() / BYTE_TO_HEX_OPER_LENGTH;
114 uint8_t* buff = new (std::nothrow) uint8_t[len + 1];
115 if (buff == nullptr) {
116 DLP_LOG_ERROR(LABEL, "New memory fail");
117 return;
118 }
119
120 int32_t res = HexStringToByte(input.c_str(), input.length(), buff, len);
121 if (res != DLP_OK) {
122 DLP_LOG_ERROR(LABEL, "Hexstring to byte fail");
123 (void)memset_s(buff, len, 0, len);
124 delete[] buff;
125 buff = nullptr;
126 return;
127 }
128 buff[len] = '\0';
129 outer = reinterpret_cast<char *>(buff);
130 (void)memset_s(buff, len, 0, len);
131 delete[] buff;
132 }
133
SerializeAuthUserInfo(unordered_json & authUsersJson,const AuthUserInfo & userInfo)134 static void SerializeAuthUserInfo(unordered_json& authUsersJson,
135 const AuthUserInfo& userInfo)
136 {
137 bool read = false;
138 bool edit = false;
139 bool fullCtrl = false;
140
141 switch (userInfo.authPerm) {
142 case READ_ONLY: {
143 read = true;
144 break;
145 }
146 case CONTENT_EDIT: {
147 edit = true;
148 break;
149 }
150 case FULL_CONTROL: {
151 read = true;
152 edit = true;
153 fullCtrl = true;
154 break;
155 }
156 default:
157 break;
158 }
159
160 unordered_json rightInfoJson;
161 rightInfoJson[READ_INDEX] = read;
162 rightInfoJson[EDIT_INDEX] = edit;
163 rightInfoJson[FC_INDEX] = fullCtrl;
164 unordered_json accountRight;
165 accountRight[RIGHT_INDEX] = rightInfoJson;
166 authUsersJson[userInfo.authAccount.c_str()] = accountRight;
167 return;
168 }
169
DeserializeAuthUserInfo(const unordered_json & accountInfoJson,AuthUserInfo & userInfo)170 int32_t DlpPermissionSerializer::DeserializeAuthUserInfo(const unordered_json& accountInfoJson,
171 AuthUserInfo& userInfo)
172 {
173 unordered_json rightInfoJson;
174 if (accountInfoJson.find(RIGHT_INDEX) != accountInfoJson.end() && accountInfoJson.at(RIGHT_INDEX).is_object()) {
175 accountInfoJson.at(RIGHT_INDEX).get_to(rightInfoJson);
176 }
177
178 bool edit = false;
179 bool fullCtrl = false;
180
181 if (rightInfoJson.find(EDIT_INDEX) != rightInfoJson.end() && rightInfoJson.at(EDIT_INDEX).is_boolean()) {
182 rightInfoJson.at(EDIT_INDEX).get_to(edit);
183 }
184
185 if (rightInfoJson.find(FC_INDEX) != rightInfoJson.end() && rightInfoJson.at(FC_INDEX).is_boolean()) {
186 rightInfoJson.at(FC_INDEX).get_to(fullCtrl);
187 }
188
189 if (fullCtrl) {
190 userInfo.authPerm = FULL_CONTROL;
191 } else if (edit) {
192 userInfo.authPerm = CONTENT_EDIT;
193 } else {
194 userInfo.authPerm = READ_ONLY;
195 }
196
197 userInfo.permExpiryTime = VALID_TIME_STAMP;
198 userInfo.authAccountType = CLOUD_ACCOUNT;
199
200 return DLP_OK;
201 }
202
SerializeAuthUserList(const std::vector<AuthUserInfo> & authUsers)203 static unordered_json SerializeAuthUserList(const std::vector<AuthUserInfo>& authUsers)
204 {
205 unordered_json authUsersJson;
206 for (auto it = authUsers.begin(); it != authUsers.end(); ++it) {
207 SerializeAuthUserInfo(authUsersJson, *it);
208 }
209 return authUsersJson;
210 }
211
DeserializeAuthUserList(const unordered_json & authUsersJson,std::vector<AuthUserInfo> & userList)212 int32_t DlpPermissionSerializer::DeserializeAuthUserList(
213 const unordered_json& authUsersJson, std::vector<AuthUserInfo>& userList)
214 {
215 for (auto iter = authUsersJson.begin(); iter != authUsersJson.end(); ++iter) {
216 AuthUserInfo authInfo;
217 std::string name = iter.key();
218 authInfo.authAccount = name;
219 unordered_json accountInfo = iter.value();
220 int32_t res = DeserializeAuthUserInfo(accountInfo, authInfo);
221 if (res == DLP_OK) {
222 userList.emplace_back(authInfo);
223 } else {
224 userList.clear();
225 return res;
226 }
227 }
228 return DLP_OK;
229 }
230
SerializeEveryoneInfo(const PermissionPolicy & policy,unordered_json & permInfoJson)231 static void SerializeEveryoneInfo(const PermissionPolicy& policy, unordered_json& permInfoJson)
232 {
233 if (policy.supportEveryone_) {
234 bool read = false;
235 bool edit = false;
236 bool fullCtrl = false;
237
238 switch (policy.everyonePerm_) {
239 case READ_ONLY: {
240 read = true;
241 break;
242 }
243 case CONTENT_EDIT: {
244 edit = true;
245 break;
246 }
247 case FULL_CONTROL: {
248 read = true;
249 edit = true;
250 fullCtrl = true;
251 break;
252 }
253 default:
254 break;
255 }
256
257 unordered_json rightInfoJson;
258 rightInfoJson[READ_INDEX] = read;
259 rightInfoJson[EDIT_INDEX] = edit;
260 rightInfoJson[FC_INDEX] = fullCtrl;
261 unordered_json everyoneJson;
262 everyoneJson[RIGHT_INDEX] = rightInfoJson;
263 permInfoJson[EVERYONE_INDEX] = everyoneJson;
264 return;
265 }
266 }
267
SerializeDlpPermission(const PermissionPolicy & policy,unordered_json & permInfoJson)268 int32_t DlpPermissionSerializer::SerializeDlpPermission(const PermissionPolicy& policy, unordered_json& permInfoJson)
269 {
270 uint32_t keyHexLen = policy.GetAeskeyLen() * BYTE_TO_HEX_OPER_LENGTH + 1;
271 auto keyHex = std::make_unique<char[]>(keyHexLen);
272 int32_t res = ByteToHexString(policy.GetAeskey(), policy.GetAeskeyLen(), keyHex.get(), keyHexLen);
273 if (res != DLP_OK) {
274 DLP_LOG_ERROR(LABEL, "Byte to hexstring fail");
275 return res;
276 }
277
278 uint32_t ivHexLen = policy.GetIvLen() * BYTE_TO_HEX_OPER_LENGTH + 1;
279 auto ivHex = std::make_unique<char[]>(ivHexLen);
280 res = ByteToHexString(policy.GetIv(), policy.GetIvLen(), ivHex.get(), ivHexLen);
281 if (res != DLP_OK) {
282 DLP_LOG_ERROR(LABEL, "Byte to hexstring fail");
283 return res;
284 }
285
286 uint32_t hmacKeyHexLen = policy.GetHmacKeyLen() * BYTE_TO_HEX_OPER_LENGTH + 1;
287 auto hmacKeyHex = std::make_unique<char[]>(hmacKeyHexLen);
288 res = ByteToHexString(policy.GetHmacKey(), policy.GetHmacKeyLen(), hmacKeyHex.get(), hmacKeyHexLen);
289 if (res != DLP_OK) {
290 DLP_LOG_ERROR(LABEL, "Byte to hexstring fail");
291 return res;
292 }
293
294 unordered_json authUsersJson = SerializeAuthUserList(policy.authUsers_);
295 unordered_json policyJson;
296 policyJson[KIA_INDEX] = "";
297 policyJson[OWNER_ACCOUNT_NAME] = policy.ownerAccount_;
298 policyJson[OWNER_ACCOUNT_ID] = policy.ownerAccountId_;
299 policyJson[VERSION_INDEX] = 1;
300 policyJson[PERM_EXPIRY_TIME] = policy.expireTime_;
301 policyJson[NEED_ONLINE] = policy.needOnline_;
302 policyJson[DLP_FILE_DEBUG_FLAG] = policy.debug_;
303 policyJson[ACCOUNT_INDEX] = authUsersJson;
304 SerializeEveryoneInfo(policy, policyJson);
305 permInfoJson[POLICY_INDEX] = policyJson;
306
307 unordered_json fileEnc;
308 fileEnc[AESKEY] = keyHex.get();
309 fileEnc[AESKEY_LEN] = policy.GetAeskeyLen();
310 fileEnc[IV] = ivHex.get();
311 fileEnc[IV_LEN] = policy.GetIvLen();
312 fileEnc[HMACKEY] = hmacKeyHex.get();
313 fileEnc[HMACKEY_LEN] = policy.GetHmacKeyLen();
314 fileEnc[DLP_VERSION_LOW_CAMEL_CASE] = policy.dlpVersion_;
315 permInfoJson[FILE_INDEX] = fileEnc;
316
317 DLP_LOG_INFO(LABEL, "Serialize successfully!");
318 return DLP_OK;
319 }
320
GetPolicyJson(const unordered_json & permJson,unordered_json & plainPolicyJson)321 static int32_t GetPolicyJson(const unordered_json& permJson, unordered_json& plainPolicyJson)
322 {
323 if (permJson.find(ONLINE_POLICY_CONTENT) != permJson.end() && permJson.at(ONLINE_POLICY_CONTENT).is_string()) {
324 std::string plainHexPolicy;
325 permJson.at(ONLINE_POLICY_CONTENT).get_to(plainHexPolicy);
326 std::string plainPolicy;
327 TransHexStringToByte(plainPolicy, plainHexPolicy);
328 if (!unordered_json::accept(plainPolicy)) {
329 return DLP_PARSE_ERROR_VALUE_INVALID;
330 }
331 plainPolicyJson = unordered_json::parse(plainPolicy);
332 if (plainPolicyJson.is_discarded() || (!plainPolicyJson.is_object())) {
333 DLP_LOG_ERROR(LABEL, "JsonObj is discarded");
334 return DLP_PARSE_ERROR_VALUE_INVALID;
335 }
336 } else {
337 plainPolicyJson = permJson;
338 }
339 return DLP_OK;
340 }
341
DeserializeEveryoneInfo(const unordered_json & policyJson,PermissionPolicy & policy)342 bool DlpPermissionSerializer::DeserializeEveryoneInfo(const unordered_json& policyJson, PermissionPolicy& policy)
343 {
344 if (policyJson.find(EVERYONE_INDEX) == policyJson.end() || !policyJson.at(EVERYONE_INDEX).is_object()) {
345 return false;
346 }
347
348 policy.supportEveryone_ = true;
349 unordered_json everyoneInfoJson;
350 policyJson.at(EVERYONE_INDEX).get_to(everyoneInfoJson);
351
352 unordered_json rightInfoJson;
353 if (everyoneInfoJson.find(RIGHT_INDEX) == everyoneInfoJson.end() ||
354 !everyoneInfoJson.at(RIGHT_INDEX).is_object()) {
355 return false;
356 }
357 everyoneInfoJson.at(RIGHT_INDEX).get_to(rightInfoJson);
358
359 bool edit = false;
360 bool fullCtrl = false;
361
362 if (rightInfoJson.find(EDIT_INDEX) != rightInfoJson.end() && rightInfoJson.at(EDIT_INDEX).is_boolean()) {
363 rightInfoJson.at(EDIT_INDEX).get_to(edit);
364 }
365
366 if (rightInfoJson.find(FC_INDEX) != rightInfoJson.end() && rightInfoJson.at(FC_INDEX).is_boolean()) {
367 rightInfoJson.at(FC_INDEX).get_to(fullCtrl);
368 }
369
370 if (fullCtrl) {
371 policy.everyonePerm_ = FULL_CONTROL;
372 } else if (edit) {
373 policy.everyonePerm_ = CONTENT_EDIT;
374 } else {
375 policy.everyonePerm_ = READ_ONLY;
376 }
377 return true;
378 }
379
InitPermissionPolicy(PermissionPolicy & policy,const std::vector<AuthUserInfo> & userList,unordered_json policyJson)380 static void InitPermissionPolicy(PermissionPolicy& policy, const std::vector<AuthUserInfo>& userList,
381 unordered_json policyJson)
382 {
383 policy.authUsers_ = userList;
384 if (policyJson.find(OWNER_ACCOUNT_NAME) != policyJson.end() && policyJson.at(OWNER_ACCOUNT_NAME).is_string()) {
385 policyJson.at(OWNER_ACCOUNT_NAME).get_to(policy.ownerAccount_);
386 }
387 if (policyJson.find(OWNER_ACCOUNT_ID) != policyJson.end() && policyJson.at(OWNER_ACCOUNT_ID).is_string()) {
388 policyJson.at(OWNER_ACCOUNT_ID).get_to(policy.ownerAccountId_);
389 }
390 if (policyJson.find(PERM_EXPIRY_TIME) != policyJson.end() && policyJson.at(PERM_EXPIRY_TIME).is_number()) {
391 policyJson.at(PERM_EXPIRY_TIME).get_to(policy.expireTime_);
392 }
393 if (policyJson.find(NEED_ONLINE) != policyJson.end() && policyJson.at(NEED_ONLINE).is_number()) {
394 policyJson.at(NEED_ONLINE).get_to(policy.needOnline_);
395 }
396 if (policyJson.find(DLP_FILE_DEBUG_FLAG) != policyJson.end() && policyJson.at(DLP_FILE_DEBUG_FLAG).is_boolean()) {
397 policyJson.at(DLP_FILE_DEBUG_FLAG).get_to(policy.debug_);
398 }
399 policy.ownerAccountType_ = CLOUD_ACCOUNT;
400 }
401
DeserializeFileEncJson(PermissionPolicy & policy,unordered_json & plainPolicyJson)402 static int32_t DeserializeFileEncJson(PermissionPolicy& policy, unordered_json& plainPolicyJson)
403 {
404 unordered_json fileEncJson;
405 if (plainPolicyJson.find(FILE_INDEX) != plainPolicyJson.end() && plainPolicyJson.at(FILE_INDEX).is_object()) {
406 plainPolicyJson.at(FILE_INDEX).get_to(fileEncJson);
407 }
408 uint8_t* key = nullptr;
409 uint32_t keyLen = 0;
410 int32_t res = ReadUint8ArrayFromJson(fileEncJson, &key, keyLen, AESKEY, AESKEY_LEN);
411 if (res != DLP_OK) {
412 return res;
413 }
414 policy.SetAeskey(key, keyLen);
415 (void)memset_s(key, keyLen, 0, keyLen);
416 delete[] key;
417 key = nullptr;
418
419 uint8_t* iv = nullptr;
420 uint32_t ivLen = 0;
421 res = ReadUint8ArrayFromJson(fileEncJson, &iv, ivLen, IV, IV_LEN);
422 if (res != DLP_OK) {
423 return res;
424 }
425 policy.SetIv(iv, ivLen);
426 (void)memset_s(iv, ivLen, 0, ivLen);
427 delete[] iv;
428 iv = nullptr;
429
430 uint8_t* hmacKey = nullptr;
431 uint32_t hmacKeyLen = 0;
432 res = ReadUint8ArrayFromJson(fileEncJson, &hmacKey, hmacKeyLen, HMACKEY, HMACKEY_LEN);
433 if (res != DLP_OK) {
434 return res;
435 }
436 policy.SetHmacKey(hmacKey, hmacKeyLen);
437 (void)memset_s(hmacKey, hmacKeyLen, 0, hmacKeyLen);
438 delete[] hmacKey;
439 hmacKey = nullptr;
440
441 policy.dlpVersion_ = 0;
442 if (fileEncJson.find(DLP_VERSION_LOW_CAMEL_CASE) != fileEncJson.end() &&
443 fileEncJson.at(DLP_VERSION_LOW_CAMEL_CASE).is_number()) {
444 fileEncJson.at(DLP_VERSION_LOW_CAMEL_CASE).get_to(policy.dlpVersion_);
445 DLP_LOG_DEBUG(LABEL, "set dlpVersion from DLP_CERT, dlpVersion = %{public}d", policy.dlpVersion_);
446 }
447 return DLP_OK;
448 }
449
DeserializeDlpPermission(const unordered_json & permJson,PermissionPolicy & policy)450 int32_t DlpPermissionSerializer::DeserializeDlpPermission(const unordered_json& permJson, PermissionPolicy& policy)
451 {
452 unordered_json plainPolicyJson;
453 int32_t res = GetPolicyJson(permJson, plainPolicyJson);
454 if (res != DLP_OK) {
455 return res;
456 }
457 unordered_json policyJson;
458 if (plainPolicyJson.find(POLICY_INDEX) != plainPolicyJson.end() && plainPolicyJson.at(POLICY_INDEX).is_object()) {
459 plainPolicyJson.at(POLICY_INDEX).get_to(policyJson);
460 }
461
462 unordered_json accountListJson;
463 if (policyJson.find(ACCOUNT_INDEX) != policyJson.end() && policyJson.at(ACCOUNT_INDEX).is_object()) {
464 policyJson.at(ACCOUNT_INDEX).get_to(accountListJson);
465 }
466 DeserializeEveryoneInfo(policyJson, policy);
467
468 std::vector<AuthUserInfo> userList;
469 res = DeserializeAuthUserList(accountListJson, userList);
470 if (res != DLP_OK) {
471 return res;
472 }
473 InitPermissionPolicy(policy, userList, policyJson);
474
475 res = DeserializeFileEncJson(policy, plainPolicyJson);
476 if (res != DLP_OK) {
477 return res;
478 }
479 return DLP_OK;
480 }
481
SerializeEncPolicyData(const DLP_EncPolicyData & encData,unordered_json & encDataJson)482 int32_t DlpPermissionSerializer::SerializeEncPolicyData(const DLP_EncPolicyData& encData, unordered_json& encDataJson)
483 {
484 if (encData.dataLen == 0 || encData.dataLen > DLP_MAX_CERT_SIZE) {
485 DLP_LOG_ERROR(LABEL, "Cert lenth %{public}d is invalid", encData.dataLen);
486 return DLP_SERVICE_ERROR_VALUE_INVALID;
487 }
488
489 uint32_t encDataHexLen = encData.dataLen * BYTE_TO_HEX_OPER_LENGTH + 1;
490 char* encDataHex = new (std::nothrow) char[encDataHexLen];
491 if (encDataHex == nullptr) {
492 DLP_LOG_ERROR(LABEL, "New memory fail");
493 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
494 }
495 int32_t res = ByteToHexString(encData.data, encData.dataLen, encDataHex, encDataHexLen);
496 if (res != DLP_OK) {
497 DLP_LOG_ERROR(LABEL, "Byte to hexstring fail");
498 FreeCharBuffer(encDataHex, encDataHexLen);
499 return res;
500 }
501
502 encDataJson = {
503 {ENC_DATA_LEN, encData.dataLen},
504 {ENC_DATA, encDataHex},
505 {ENC_ACCOUNT_TYPE, encData.accountType},
506 };
507 DLP_LOG_INFO(LABEL, "Serialize successfully!");
508 FreeCharBuffer(encDataHex, encDataHexLen);
509 return DLP_OK;
510 }
511
DeserializeEncPolicyData(const unordered_json & encDataJson,DLP_EncPolicyData & encData,bool isNeedAdapter)512 int32_t DlpPermissionSerializer::DeserializeEncPolicyData(const unordered_json& encDataJson, DLP_EncPolicyData& encData,
513 bool isNeedAdapter)
514 {
515 if (encDataJson.find(ENC_ACCOUNT_TYPE) != encDataJson.end() && encDataJson.at(ENC_ACCOUNT_TYPE).is_number()) {
516 encDataJson.at(ENC_ACCOUNT_TYPE).get_to(encData.accountType);
517 }
518
519 if (isNeedAdapter) {
520 DLP_LOG_INFO(LABEL, "open 4.0 Dlp File");
521 return DLP_OK;
522 }
523
524 int32_t res = ReadUint8ArrayFromJson(encDataJson, &encData.data, encData.dataLen, ENC_DATA, ENC_DATA_LEN);
525 if (res != DLP_OK) {
526 return res;
527 }
528 DLP_LOG_INFO(LABEL, "Deserialize successfully!");
529 return DLP_OK;
530 }
531
getEncJson(const unordered_json & encDataJson,unordered_json & certJson,std::string dataKey,std::string extraKey)532 int32_t getEncJson(const unordered_json& encDataJson, unordered_json& certJson, std::string dataKey,
533 std::string extraKey)
534 {
535 if (encDataJson.find(dataKey) == encDataJson.end() || !encDataJson.at(dataKey).is_string()) {
536 DLP_LOG_ERROR(LABEL, "key=%{public}s not found", dataKey.c_str());
537 return DLP_SERVICE_ERROR_VALUE_INVALID;
538 }
539 if (encDataJson.find(extraKey) == encDataJson.end() || !encDataJson.at(extraKey).is_string()) {
540 DLP_LOG_ERROR(LABEL, "key=%{public}s not found", extraKey.c_str());
541 return DLP_SERVICE_ERROR_VALUE_INVALID;
542 }
543 certJson[ENC_POLICY] = encDataJson.at(dataKey).get<std::string>();
544 certJson[EXTRA_INFO] = encDataJson.at(extraKey).get<std::string>();
545 return DLP_OK;
546 }
547
DeserializeEncPolicyDataByFirstVersion(const unordered_json & encDataJson,const unordered_json & offlineEncDataJson,DLP_EncPolicyData & encData,std::string ownerAccountId)548 int32_t DlpPermissionSerializer::DeserializeEncPolicyDataByFirstVersion(const unordered_json& encDataJson,
549 const unordered_json& offlineEncDataJson, DLP_EncPolicyData& encData, std::string ownerAccountId)
550 {
551 unordered_json serverJson;
552 int res = getEncJson(encDataJson, serverJson, ENC_DATA, EXTRA_INFO);
553 if (res != DLP_OK) {
554 return res;
555 }
556 unordered_json data = { { POLICY_CERT_VERSION, 1 },
557 { OWNER_ACCOUNT_ID, ownerAccountId },
558 { ONLINE_CERT, serverJson } };
559 if (offlineEncDataJson != nullptr && !offlineEncDataJson.is_null()) {
560 unordered_json offlineServerJson;
561 if (offlineEncDataJson.find(ACCOUNT_TYPE) != offlineEncDataJson.end() &&
562 offlineEncDataJson.at(ACCOUNT_TYPE).is_number()) {
563 uint32_t accountType;
564 offlineEncDataJson.at(ACCOUNT_TYPE).get_to(accountType);
565 offlineServerJson[ACCOUNT_TYPE] = accountType;
566 }
567 res = getEncJson(offlineEncDataJson, offlineServerJson, ENC_POLICY, EXTRA_INFO);
568 if (res != DLP_OK) {
569 return res;
570 }
571 data[OFFLINE_CERT] = offlineServerJson;
572 }
573 std::string encDataStr = data.dump();
574 encData.data = new (std::nothrow) uint8_t[encDataStr.length()];
575 if (encData.data == nullptr) {
576 DLP_LOG_ERROR(LABEL, "New memory fail");
577 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
578 }
579 encData.dataLen = encDataStr.length();
580 res = memcpy_s(encData.data, encDataStr.length(),
581 reinterpret_cast<const uint8_t*>(encDataStr.c_str()), encDataStr.length());
582 if (res != EOK) {
583 DLP_LOG_ERROR(LABEL, "Memcpy encData fill fail");
584 return DLP_SERVICE_ERROR_MEMORY_OPERATE_FAIL;
585 }
586 return DLP_OK;
587 }
588 } // namespace DlpPermission
589 } // namespace Security
590 } // namespace OHOS
591