• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 /**
17  * @addtogroup AccountIAM
18  * @{
19  *
20  * @brief Provides account identity and access management.
21  *
22  * Provides the capability to manage the identity and access of the local account.
23  *
24  * @since 8.0
25  * @version 8.0
26  */
27 
28 /**
29  * @file account_iam_client.h
30  *
31  * @brief Declares account iam client interfaces.
32  *
33  * @since 8.0
34  * @version 8.0
35  */
36 #ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H
37 #define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H
38 
39 #include <map>
40 #include <mutex>
41 #include <vector>
42 #include <set>
43 #include "account_iam_client_callback.h"
44 #include "account_iam_info.h"
45 #include "account_error_no.h"
46 #include "account_permission_manager.h"
47 #include "iaccount_iam.h"
48 
49 namespace OHOS {
50 namespace AccountSA {
51 class AccountIAMClient {
52 public:
53     /**
54      * Gets the instance of AccountIAMClient.
55      * @return the instance of AccountIAMClient.
56      */
57     static AccountIAMClient &GetInstance();
58 
59     /**
60      * @brief Opens session.
61      * @permission ohos.permission.MANAGE_USER_IDM
62      * @param userId - Indicates the user identification.
63      * @param challenge - Indicates the challenge value.
64      * @return error code, see account_error_no.h
65      */
66     int32_t OpenSession(int32_t userId, std::vector<uint8_t> &challenge);
67 
68     /**
69      * @brief Closes session.
70      * @permission ohos.permission.MANAGE_USER_IDM
71      * @param userId - Indicates the user identification.
72      * @return error code, see account_error_no.h
73      */
74     int32_t CloseSession(int32_t userId);
75 
76     /**
77      * @brief Adds credential information.
78      * @permission ohos.permission.MANAGE_USER_IDM
79      * @param userId - Indicates the user identification.
80      * @param credentialInfo - Indicates the credential information.
81      * @param callback - Indicates the callback to get results and acquireInfo.
82      */
83     void AddCredential(
84         int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback);
85 
86     /**
87      * @brief Updates credential.
88      * @permission ohos.permission.MANAGE_USER_IDM
89      * @param userId - Indicates the user identification.
90      * @param credentialInfo - Indicates the credential information.
91      * @param callback - Indicates the callback to get results and acquireInfo.
92      */
93     void UpdateCredential(
94         int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback);
95 
96     /**
97      * @brief Cancels entry with a challenge value.
98      * @permission ohos.permission.MANAGE_USER_IDM
99      * @param userId - Indicates the user identification.
100      * @return error code, see account_error_no.h
101      */
102     int32_t Cancel(int32_t userId);
103 
104     /**
105      * @brief Deletes the user credential information.
106      * @permission ohos.permission.MANAGE_USER_IDM
107      * @param userId - Indicates the user identification.
108      * @param credentialId - Indicates the credential index.
109      * @param authToken - Indicates the authentication token.
110      * @param callback - Indicates the callback to get the deletion result.
111      */
112     void DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken,
113         const std::shared_ptr<IDMCallback>& callback);
114 
115     /**
116      * @brief Deletes the user with the authentication token.
117      * @permission ohos.permission.MANAGE_USER_IDM
118      * @param userId - Indicates the user identification.
119      * @param authToken - Indicates the authentication token.
120      * @param callback - Indicates the callback to get the deletion result.
121      */
122     void DelUser(int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback);
123 
124     /**
125      * @brief Gets authentication information.
126      * @permission ohos.permission.USE_USER_IDM
127      * @param userId - Indicates the user identification.
128      * @param authType - Indicates the authentication type.
129      * @param callback - Indicates the callback to get all registered credential information of
130      * the specified type for the current user.
131      * @return error code, see account_error_no.h
132      */
133     int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback);
134 
135     /**
136      * @brief Prepare remote auth.
137      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
138      * @param remoteNetworkId - Indicates the remote network id.
139      * @param callback - Indicates the callback for getting result.
140      * @return error code, see account_error_no.h
141      */
142     int32_t PrepareRemoteAuth(
143         const std::string &remoteNetworkId, const std::shared_ptr<PreRemoteAuthCallback> &callback);
144 
145     /**
146      * @brief Executes user authentication.
147      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
148      * @param authOptions - Indicates the AuthOptions.
149      * @param challenge - Indicates the challenge value.
150      * @param authType - Indicates the authentication type.
151      * @param authTrustLevel - Indicates the trust level of authentication result.
152      * @param callback - Indicates the callback to get result and acquireInfo.
153      * @return a context ID for cancellation.
154      */
155     uint64_t Auth(AuthOptions& authOptions, const std::vector<uint8_t> &challenge, AuthType authType,
156         AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback);
157 
158     /**
159      * @brief Executes user authentication.
160      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
161      * @param authOptions - Indicates the AuthOptions.
162      * @param challenge - Indicates the challenge value.
163      * @param authType - Indicates the authentication type.
164      * @param authTrustLevel - Indicates the trust level of authentication result.
165      * @param callback - Indicates the callback to get result and acquireInfo.
166      * @return a context ID for cancellation.
167      */
168     uint64_t AuthUser(AuthOptions &authOptions, const std::vector<uint8_t> &challenge, AuthType authType,
169         AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback);
170 
171     /**
172      * @brief Cancels authentication with context ID.
173      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
174      * @param contextID - Indicates the authentication context ID.
175      * @return error code, see account_error_no.h
176      */
177     int32_t CancelAuth(uint64_t contextId);
178 
179     /**
180      * @brief Checks whether the authentication capability is available.
181      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
182      * @param authType - Indicates the credential type for authentication.
183      * @param authTrustLevel - Indicates the trust level of authentication result.
184      * @param status - Indicates a status result.
185      * @return error code, see account_error_no.h
186      */
187     int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status);
188 
189     /**
190      * @brief Gets the property based on the specified request information.
191      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
192      * @param userId - Indicates the user identification.
193      * @param request - Indicates the request information, including authentication type, and property type list.
194      * @param callback - Indicates the callback for getting an executor property.
195      * @return error code, see account_error_no.h
196      */
197     void GetProperty(
198         int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback);
199 
200     /**
201      * @brief Sets property that can be used to initialize algorithms.
202      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL
203      * @param userId - Indicates the user identification.
204      * @param request - Indicates the request information, including authentication type and the key-value to be set.
205      * @param callback - Indicates the callback for getting result.
206      * @return error code, see account_error_no.h
207      */
208     void SetProperty(
209         int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback);
210 
211     /**
212      * @brief Get the enrolled id based on the specified information.
213      * @permission ohos.permission.USE_USER_IDM
214      * @param accountId - Indicates the user identification.
215      * @param authType - Indicates the credential type.
216      * @param callback - Indicates the callback for getting result.
217      * @return error code, see account_error_no.h
218      */
219     void GetEnrolledId(int32_t accountId, AuthType authType, const std::shared_ptr<GetEnrolledIdCallback> &callback);
220 
221 #ifdef HAS_PIN_AUTH_PART
222     /**
223      * @brief Registers inputer.
224      * @permission ohos.permission.ACCESS_PIN_AUTH
225      * @param inputer - Indicates the password input box callback
226      * @return error code, see account_error_no.h
227      */
228     ErrCode RegisterPINInputer(const std::shared_ptr<IInputer> &inputer);
229 
230     /**
231      * @brief Unregisters inputer.
232      * @permission ohos.permission.ACCESS_PIN_AUTH
233      * @return error code, see account_error_no.h
234      */
235     ErrCode UnregisterPINInputer();
236 
237     /**
238      * @brief Registers credential inputer by authentication type.
239      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM
240      * @param authType - Indicates the authentication type.
241      * @param inputer - Indicates the credential input box callback.
242      * @return error code, see account_error_no.h
243      */
244     ErrCode RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer);
245 
246     /**
247      * @brief Unregisters credential inputer by authentication type.
248      * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM
249      * @param authType - Indicates the authentication type.
250      * @return error code, see account_error_no.h
251      */
252     ErrCode UnregisterInputer(int32_t authType);
253 #endif
254 
255     /**
256      * @brief Gets the state of the specified account.
257      * @param userId - Indicates the user identification.
258      * @return the state of the specified account
259      */
260     IAMState GetAccountState(int32_t userId);
261 
262     /**
263      * @brief Sets the authentication subtype of the specified account.
264      * @param userId - Indicates the user identification.
265      * @param authSubType - Indicates the authentication subtype.
266      */
267     void SetAuthSubType(int32_t userId, int32_t authSubType);
268 
269     /**
270      * @brief Gets the authentication subtype of the specified account.
271      * @param userId - Indicates the user identification.
272      * @return the authentication subtype.
273      */
274     int32_t GetAuthSubType(int32_t userId);
275 
276 private:
277     AccountIAMClient() = default;
278     ~AccountIAMClient() = default;
279     DISALLOW_COPY_AND_MOVE(AccountIAMClient);
280     class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient {
281     public:
282         AccountIAMDeathRecipient() = default;
283         ~AccountIAMDeathRecipient() override = default;
284         void OnRemoteDied(const wptr<IRemoteObject>& remote) override;
285 
286     private:
287         DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient);
288     };
289     sptr<IAccountIAM> GetAccountIAMProxy();
290     void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote);
291     bool GetCurrentUserId(int32_t &userId);
292     uint64_t StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback);
293 #ifdef HAS_PIN_AUTH_PART
294     ErrCode RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer);
295     ErrCode UnregisterDomainInputer();
296 #endif
297     bool CheckSelfPermission(const std::string &permissionName);
298 
299 private:
300     std::mutex mutex_;
301     std::mutex pinMutex_;
302     std::mutex domainMutex_;
303     std::map<int32_t, CredentialItem> credentialMap_;
304     sptr<IAccountIAM> proxy_ = nullptr;
305     sptr<AccountIAMDeathRecipient> deathRecipient_ = nullptr;
306 #ifdef HAS_PIN_AUTH_PART
307     std::shared_ptr<IInputer> pinInputer_ = nullptr;
308     std::shared_ptr<IInputer> domainInputer_ = nullptr;
309 #endif
310 };
311 }  // namespace AccountSA
312 }  // namespace OHOS
313 #endif  // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H