1 /* 2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16 /** 17 * @addtogroup AccountIAM 18 * @{ 19 * 20 * @brief Provides account identity and access management. 21 * 22 * Provides the capability to manage the identity and access of the local account. 23 * 24 * @since 8.0 25 * @version 8.0 26 */ 27 28 /** 29 * @file account_iam_client.h 30 * 31 * @brief Declares account iam client interfaces. 32 * 33 * @since 8.0 34 * @version 8.0 35 */ 36 #ifndef OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 37 #define OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H 38 39 #include <map> 40 #include <mutex> 41 #include <vector> 42 #include <set> 43 #include "account_iam_client_callback.h" 44 #include "account_iam_info.h" 45 #include "account_error_no.h" 46 #include "account_permission_manager.h" 47 #include "iaccount_iam.h" 48 49 namespace OHOS { 50 namespace AccountSA { 51 class AccountIAMClient { 52 public: 53 /** 54 * Gets the instance of AccountIAMClient. 55 * @return the instance of AccountIAMClient. 56 */ 57 static AccountIAMClient &GetInstance(); 58 59 /** 60 * @brief Opens session. 61 * @permission ohos.permission.MANAGE_USER_IDM 62 * @param userId - Indicates the user identification. 63 * @param challenge - Indicates the challenge value. 64 * @return error code, see account_error_no.h 65 */ 66 int32_t OpenSession(int32_t userId, std::vector<uint8_t> &challenge); 67 68 /** 69 * @brief Closes session. 70 * @permission ohos.permission.MANAGE_USER_IDM 71 * @param userId - Indicates the user identification. 72 * @return error code, see account_error_no.h 73 */ 74 int32_t CloseSession(int32_t userId); 75 76 /** 77 * @brief Adds credential information. 78 * @permission ohos.permission.MANAGE_USER_IDM 79 * @param userId - Indicates the user identification. 80 * @param credentialInfo - Indicates the credential information. 81 * @param callback - Indicates the callback to get results and acquireInfo. 82 */ 83 void AddCredential( 84 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 85 86 /** 87 * @brief Updates credential. 88 * @permission ohos.permission.MANAGE_USER_IDM 89 * @param userId - Indicates the user identification. 90 * @param credentialInfo - Indicates the credential information. 91 * @param callback - Indicates the callback to get results and acquireInfo. 92 */ 93 void UpdateCredential( 94 int32_t userId, const CredentialParameters& credInfo, const std::shared_ptr<IDMCallback> &callback); 95 96 /** 97 * @brief Cancels entry with a challenge value. 98 * @permission ohos.permission.MANAGE_USER_IDM 99 * @param userId - Indicates the user identification. 100 * @return error code, see account_error_no.h 101 */ 102 int32_t Cancel(int32_t userId); 103 104 /** 105 * @brief Deletes the user credential information. 106 * @permission ohos.permission.MANAGE_USER_IDM 107 * @param userId - Indicates the user identification. 108 * @param credentialId - Indicates the credential index. 109 * @param authToken - Indicates the authentication token. 110 * @param callback - Indicates the callback to get the deletion result. 111 */ 112 void DelCred(int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, 113 const std::shared_ptr<IDMCallback>& callback); 114 115 /** 116 * @brief Deletes the user with the authentication token. 117 * @permission ohos.permission.MANAGE_USER_IDM 118 * @param userId - Indicates the user identification. 119 * @param authToken - Indicates the authentication token. 120 * @param callback - Indicates the callback to get the deletion result. 121 */ 122 void DelUser(int32_t userId, const std::vector<uint8_t> &authToken, const std::shared_ptr<IDMCallback> &callback); 123 124 /** 125 * @brief Gets authentication information. 126 * @permission ohos.permission.USE_USER_IDM 127 * @param userId - Indicates the user identification. 128 * @param authType - Indicates the authentication type. 129 * @param callback - Indicates the callback to get all registered credential information of 130 * the specified type for the current user. 131 * @return error code, see account_error_no.h 132 */ 133 int32_t GetCredentialInfo(int32_t userId, AuthType authType, const std::shared_ptr<GetCredInfoCallback> &callback); 134 135 /** 136 * @brief Prepare remote auth. 137 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 138 * @param remoteNetworkId - Indicates the remote network id. 139 * @param callback - Indicates the callback for getting result. 140 * @return error code, see account_error_no.h 141 */ 142 int32_t PrepareRemoteAuth( 143 const std::string &remoteNetworkId, const std::shared_ptr<PreRemoteAuthCallback> &callback); 144 145 /** 146 * @brief Executes user authentication. 147 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 148 * @param authOptions - Indicates the AuthOptions. 149 * @param challenge - Indicates the challenge value. 150 * @param authType - Indicates the authentication type. 151 * @param authTrustLevel - Indicates the trust level of authentication result. 152 * @param callback - Indicates the callback to get result and acquireInfo. 153 * @return a context ID for cancellation. 154 */ 155 uint64_t Auth(AuthOptions& authOptions, const std::vector<uint8_t> &challenge, AuthType authType, 156 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 157 158 /** 159 * @brief Executes user authentication. 160 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 161 * @param authOptions - Indicates the AuthOptions. 162 * @param challenge - Indicates the challenge value. 163 * @param authType - Indicates the authentication type. 164 * @param authTrustLevel - Indicates the trust level of authentication result. 165 * @param callback - Indicates the callback to get result and acquireInfo. 166 * @return a context ID for cancellation. 167 */ 168 uint64_t AuthUser(AuthOptions &authOptions, const std::vector<uint8_t> &challenge, AuthType authType, 169 AuthTrustLevel authTrustLevel, const std::shared_ptr<IDMCallback> &callback); 170 171 /** 172 * @brief Cancels authentication with context ID. 173 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 174 * @param contextID - Indicates the authentication context ID. 175 * @return error code, see account_error_no.h 176 */ 177 int32_t CancelAuth(uint64_t contextId); 178 179 /** 180 * @brief Checks whether the authentication capability is available. 181 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 182 * @param authType - Indicates the credential type for authentication. 183 * @param authTrustLevel - Indicates the trust level of authentication result. 184 * @param status - Indicates a status result. 185 * @return error code, see account_error_no.h 186 */ 187 int32_t GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status); 188 189 /** 190 * @brief Gets the property based on the specified request information. 191 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 192 * @param userId - Indicates the user identification. 193 * @param request - Indicates the request information, including authentication type, and property type list. 194 * @param callback - Indicates the callback for getting an executor property. 195 * @return error code, see account_error_no.h 196 */ 197 void GetProperty( 198 int32_t userId, const GetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 199 200 /** 201 * @brief Gets the property based on the specified credential id. 202 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 203 * @param credentialId - Indicates the credential index. 204 * @param keys - Indicates the property type list for getting corresponding information. 205 * @param callback - Indicates the callback for getting an executor property. 206 * @return void. callback result error code, see account_error_no.h 207 */ 208 void GetPropertyByCredentialId(uint64_t credentialId, 209 std::vector<Attributes::AttributeKey> &keys, const std::shared_ptr<GetSetPropCallback> &callback); 210 211 /** 212 * @brief Sets property that can be used to initialize algorithms. 213 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL 214 * @param userId - Indicates the user identification. 215 * @param request - Indicates the request information, including authentication type and the key-value to be set. 216 * @param callback - Indicates the callback for getting result. 217 * @return error code, see account_error_no.h 218 */ 219 void SetProperty( 220 int32_t userId, const SetPropertyRequest &request, const std::shared_ptr<GetSetPropCallback> &callback); 221 222 /** 223 * @brief Get the enrolled id based on the specified information. 224 * @permission ohos.permission.USE_USER_IDM 225 * @param accountId - Indicates the user identification. 226 * @param authType - Indicates the credential type. 227 * @param callback - Indicates the callback for getting result. 228 * @return error code, see account_error_no.h 229 */ 230 void GetEnrolledId(int32_t accountId, AuthType authType, const std::shared_ptr<GetEnrolledIdCallback> &callback); 231 232 #ifdef HAS_PIN_AUTH_PART 233 /** 234 * @brief Registers inputer. 235 * @permission ohos.permission.ACCESS_PIN_AUTH 236 * @param inputer - Indicates the password input box callback 237 * @return error code, see account_error_no.h 238 */ 239 ErrCode RegisterPINInputer(const std::shared_ptr<IInputer> &inputer); 240 241 /** 242 * @brief Unregisters inputer. 243 * @permission ohos.permission.ACCESS_PIN_AUTH 244 * @return error code, see account_error_no.h 245 */ 246 ErrCode UnregisterPINInputer(); 247 248 /** 249 * @brief Registers credential inputer by authentication type. 250 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 251 * @param authType - Indicates the authentication type. 252 * @param inputer - Indicates the credential input box callback. 253 * @return error code, see account_error_no.h 254 */ 255 ErrCode RegisterInputer(int32_t authType, const std::shared_ptr<IInputer> &inputer); 256 257 /** 258 * @brief Unregisters credential inputer by authentication type. 259 * @permission ohos.permission.ACCESS_USER_AUTH_INTERNAL or ohos.permission.MANAGE_USER_IDM 260 * @param authType - Indicates the authentication type. 261 * @return error code, see account_error_no.h 262 */ 263 ErrCode UnregisterInputer(int32_t authType); 264 #endif 265 266 /** 267 * @brief Gets the state of the specified account. 268 * @param userId - Indicates the user identification. 269 * @return the state of the specified account 270 */ 271 IAMState GetAccountState(int32_t userId); 272 273 /** 274 * @brief Sets the authentication subtype of the specified account. 275 * @param userId - Indicates the user identification. 276 * @param authSubType - Indicates the authentication subtype. 277 */ 278 void SetAuthSubType(int32_t userId, int32_t authSubType); 279 280 /** 281 * @brief Gets the authentication subtype of the specified account. 282 * @param userId - Indicates the user identification. 283 * @return the authentication subtype. 284 */ 285 int32_t GetAuthSubType(int32_t userId); 286 287 private: 288 AccountIAMClient() = default; 289 ~AccountIAMClient() = default; 290 DISALLOW_COPY_AND_MOVE(AccountIAMClient); 291 class AccountIAMDeathRecipient : public IRemoteObject::DeathRecipient { 292 public: 293 AccountIAMDeathRecipient() = default; 294 ~AccountIAMDeathRecipient() override = default; 295 void OnRemoteDied(const wptr<IRemoteObject>& remote) override; 296 297 private: 298 DISALLOW_COPY_AND_MOVE(AccountIAMDeathRecipient); 299 }; 300 sptr<IAccountIAM> GetAccountIAMProxy(); 301 void ResetAccountIAMProxy(const wptr<IRemoteObject>& remote); 302 bool GetCurrentUserId(int32_t &userId); 303 uint64_t StartDomainAuth(int32_t userId, const std::shared_ptr<IDMCallback> &callback); 304 #ifdef HAS_PIN_AUTH_PART 305 ErrCode RegisterDomainInputer(const std::shared_ptr<IInputer> &inputer); 306 ErrCode UnregisterDomainInputer(); 307 #endif 308 bool CheckSelfPermission(const std::string &permissionName); 309 310 private: 311 std::mutex mutex_; 312 std::mutex pinMutex_; 313 std::mutex domainMutex_; 314 std::map<int32_t, CredentialItem> credentialMap_; 315 sptr<IAccountIAM> proxy_ = nullptr; 316 sptr<AccountIAMDeathRecipient> deathRecipient_ = nullptr; 317 #ifdef HAS_PIN_AUTH_PART 318 std::shared_ptr<IInputer> pinInputer_ = nullptr; 319 std::shared_ptr<IInputer> domainInputer_ = nullptr; 320 #endif 321 }; 322 } // namespace AccountSA 323 } // namespace OHOS 324 #endif // OS_ACCOUNT_INTERFACES_INNERKITS_ACCOUNT_IAM_NATIVE_INCLUDE_ACCOUNT_IAM_CLIENT_H