1 /*
2  * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3  * Licensed under the Apache License, Version 2.0 (the "License");
4  * you may not use this file except in compliance with the License.
5  * You may obtain a copy of the License at
6  *
7  *     http://www.apache.org/licenses/LICENSE-2.0
8  *
9  * Unless required by applicable law or agreed to in writing, software
10  * distributed under the License is distributed on an "AS IS" BASIS,
11  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12  * See the License for the specific language governing permissions and
13  * limitations under the License.
14  */
15 
16 #include "account_iam_service.h"
17 
18 #include "account_log_wrapper.h"
19 #include "iaccount_iam_callback.h"
20 #include "iinner_os_account_manager.h"
21 #include "inner_account_iam_manager.h"
22 #include "ipc_skeleton.h"
23 
24 namespace OHOS {
25 namespace AccountSA {
AccountIAMService()26 AccountIAMService::AccountIAMService()
27 {}
28 
~AccountIAMService()29 AccountIAMService::~AccountIAMService()
30 {}
31 
GetCurrentUserId(int32_t & userId)32 static bool GetCurrentUserId(int32_t &userId)
33 {
34     std::vector<int32_t> userIds;
35     (void)IInnerOsAccountManager::GetInstance().QueryActiveOsAccountIds(userIds);
36     if (userIds.empty()) {
37         ACCOUNT_LOGE("Fail to get activated os account ids");
38         return false;
39     }
40     userId = userIds[0];
41     return true;
42 }
43 
IsRestrictedAccountId(int32_t accountId)44 static bool IsRestrictedAccountId(int32_t accountId)
45 {
46     return (accountId == 0);
47 }
48 
NormalizeAccountId(int32_t & accountId)49 static int32_t NormalizeAccountId(int32_t &accountId)
50 {
51     if (accountId < -1) {
52         ACCOUNT_LOGE("The id = %{public}d is invalid", accountId);
53         return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
54     } else if (accountId == -1) {
55         if (!GetCurrentUserId(accountId)) {
56             return ERR_ACCOUNT_ZIDL_ACCOUNT_SERVICE_ERROR;
57         }
58     } else {
59         bool isOsAccountExits = false;
60         IInnerOsAccountManager::GetInstance().IsOsAccountExists(accountId, isOsAccountExits);
61         if (!isOsAccountExits) {
62             ACCOUNT_LOGE("Account does not exist");
63             return ERR_ACCOUNT_COMMON_ACCOUNT_NOT_EXIST_ERROR;
64         }
65     }
66     return ERR_OK;
67 }
68 
OpenSession(int32_t userId,std::vector<uint8_t> & challenge)69 int32_t AccountIAMService::OpenSession(int32_t userId, std::vector<uint8_t> &challenge)
70 {
71     int32_t ret = NormalizeAccountId(userId);
72     if (ret != ERR_OK) {
73         return ret;
74     }
75     if (IsRestrictedAccountId(userId)) {
76         ACCOUNT_LOGE("The id = %{public}d is restricted", userId);
77         return ERR_ACCOUNT_COMMON_ACCOUNT_IS_RESTRICTED;
78     }
79     InnerAccountIAMManager::GetInstance().OpenSession(userId, challenge);
80     return ERR_OK;
81 }
82 
CloseSession(int32_t userId)83 int32_t AccountIAMService::CloseSession(int32_t userId)
84 {
85     int32_t ret = NormalizeAccountId(userId);
86     if (ret != ERR_OK) {
87         return ret;
88     }
89     if (IsRestrictedAccountId(userId)) {
90         ACCOUNT_LOGE("The id = %{public}d is restricted", userId);
91         return ERR_ACCOUNT_COMMON_ACCOUNT_IS_RESTRICTED;
92     }
93     InnerAccountIAMManager::GetInstance().CloseSession(userId);
94     return ERR_OK;
95 }
96 
AddCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)97 void AccountIAMService::AddCredential(
98     int32_t userId, const CredentialParameters &credInfo, const sptr<IIDMCallback> &callback)
99 {
100     Attributes emptyResult;
101     int32_t ret = NormalizeAccountId(userId);
102     if (ret != ERR_OK) {
103         callback->OnResult(ret, emptyResult);
104         return;
105     }
106     if (IsRestrictedAccountId(userId)) {
107         ACCOUNT_LOGE("The id = %{public}d is restricted", userId);
108         callback->OnResult(ERR_ACCOUNT_COMMON_ACCOUNT_IS_RESTRICTED, emptyResult);
109         return;
110     }
111     InnerAccountIAMManager::GetInstance().AddCredential(userId, credInfo, callback);
112 }
113 
UpdateCredential(int32_t userId,const CredentialParameters & credInfo,const sptr<IIDMCallback> & callback)114 void AccountIAMService::UpdateCredential(int32_t userId, const CredentialParameters &credInfo,
115     const sptr<IIDMCallback> &callback)
116 {
117     int32_t ret = NormalizeAccountId(userId);
118     if (ret != ERR_OK) {
119         Attributes emptyResult;
120         callback->OnResult(ret, emptyResult);
121         return;
122     }
123     InnerAccountIAMManager::GetInstance().UpdateCredential(userId, credInfo, callback);
124 }
125 
Cancel(int32_t userId)126 int32_t AccountIAMService::Cancel(int32_t userId)
127 {
128     int32_t ret = NormalizeAccountId(userId);
129     if (ret != ERR_OK) {
130         return ret;
131     }
132     return InnerAccountIAMManager::GetInstance().Cancel(userId);
133 }
134 
DelCred(int32_t userId,uint64_t credentialId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)135 void AccountIAMService::DelCred(
136     int32_t userId, uint64_t credentialId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
137 {
138     int32_t ret = NormalizeAccountId(userId);
139     if (ret != ERR_OK) {
140         Attributes emptyResult;
141         callback->OnResult(ret, emptyResult);
142         return;
143     }
144     InnerAccountIAMManager::GetInstance().DelCred(userId, credentialId, authToken, callback);
145 }
146 
DelUser(int32_t userId,const std::vector<uint8_t> & authToken,const sptr<IIDMCallback> & callback)147 void AccountIAMService::DelUser(
148     int32_t userId, const std::vector<uint8_t> &authToken, const sptr<IIDMCallback> &callback)
149 {
150     int32_t ret = NormalizeAccountId(userId);
151     if (ret != ERR_OK) {
152         Attributes emptyResult;
153         callback->OnResult(ret, emptyResult);
154         return;
155     }
156     InnerAccountIAMManager::GetInstance().DelUser(userId, authToken, callback);
157 }
158 
GetCredentialInfo(int32_t userId,AuthType authType,const sptr<IGetCredInfoCallback> & callback)159 int32_t AccountIAMService::GetCredentialInfo(
160     int32_t userId, AuthType authType, const sptr<IGetCredInfoCallback> &callback)
161 {
162     int32_t ret = NormalizeAccountId(userId);
163     if (ret != ERR_OK) {
164         return ret;
165     }
166     if ((authType < UserIam::UserAuth::ALL) ||
167         (static_cast<int32_t>(authType) >= static_cast<int32_t>(IAMAuthType::TYPE_END))) {
168         ACCOUNT_LOGE("authType is not in correct range");
169         return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
170     }
171     InnerAccountIAMManager::GetInstance().GetCredentialInfo(userId, authType, callback);
172     return ERR_OK;
173 }
174 
PrepareRemoteAuth(const std::string & remoteNetworkId,const sptr<IPreRemoteAuthCallback> & callback)175 int32_t AccountIAMService::PrepareRemoteAuth(
176     const std::string &remoteNetworkId, const sptr<IPreRemoteAuthCallback> &callback)
177 {
178     return InnerAccountIAMManager::GetInstance().PrepareRemoteAuth(remoteNetworkId, callback);
179 }
180 
AuthUser(AuthParam & authParam,const sptr<IIDMCallback> & callback,uint64_t & contextId)181 int32_t AccountIAMService::AuthUser(
182     AuthParam &authParam, const sptr<IIDMCallback> &callback, uint64_t &contextId)
183 {
184     if ((authParam.remoteAuthParam == std::nullopt) && (authParam.userId == -1) &&
185         (!GetCurrentUserId(authParam.userId))) {
186         return ERR_ACCOUNT_ZIDL_ACCOUNT_SERVICE_ERROR;
187     }
188     return InnerAccountIAMManager::GetInstance().AuthUser(authParam, callback, contextId);
189 }
190 
CancelAuth(uint64_t contextId)191 int32_t AccountIAMService::CancelAuth(uint64_t contextId)
192 {
193     return InnerAccountIAMManager::GetInstance().CancelAuth(contextId);
194 }
195 
GetAvailableStatus(AuthType authType,AuthTrustLevel authTrustLevel,int32_t & status)196 int32_t AccountIAMService::GetAvailableStatus(AuthType authType, AuthTrustLevel authTrustLevel, int32_t &status)
197 {
198     if (authTrustLevel < UserIam::UserAuth::ATL1 || authTrustLevel > UserIam::UserAuth::ATL4) {
199         ACCOUNT_LOGE("authTrustLevel is not in correct range");
200         return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
201     }
202     if (authType < UserIam::UserAuth::ALL) {
203         ACCOUNT_LOGE("authType is not in correct range");
204         return ERR_ACCOUNT_COMMON_INVALID_PARAMETER;
205     }
206     return InnerAccountIAMManager::GetInstance().GetAvailableStatus(authType, authTrustLevel, status);
207 }
208 
GetProperty(int32_t userId,const GetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)209 void AccountIAMService::GetProperty(
210     int32_t userId, const GetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
211 {
212     int32_t ret = NormalizeAccountId(userId);
213     if (ret != ERR_OK) {
214         Attributes emptyResult;
215         callback->OnResult(ret, emptyResult);
216         return;
217     }
218     InnerAccountIAMManager::GetInstance().GetProperty(userId, request, callback);
219 }
220 
GetPropertyByCredentialId(uint64_t credentialId,std::vector<Attributes::AttributeKey> & keys,const sptr<IGetSetPropCallback> & callback)221 void AccountIAMService::GetPropertyByCredentialId(uint64_t credentialId,
222     std::vector<Attributes::AttributeKey> &keys, const sptr<IGetSetPropCallback> &callback)
223 {
224     InnerAccountIAMManager::GetInstance().GetPropertyByCredentialId(credentialId, keys, callback);
225 }
226 
SetProperty(int32_t userId,const SetPropertyRequest & request,const sptr<IGetSetPropCallback> & callback)227 void AccountIAMService::SetProperty(
228     int32_t userId, const SetPropertyRequest &request, const sptr<IGetSetPropCallback> &callback)
229 {
230     int32_t ret = NormalizeAccountId(userId);
231     if (ret != ERR_OK) {
232         Attributes emptyResult;
233         callback->OnResult(ret, emptyResult);
234         return;
235     }
236     InnerAccountIAMManager::GetInstance().SetProperty(userId, request, callback);
237 }
238 
GetAccountState(int32_t userId)239 IAMState AccountIAMService::GetAccountState(int32_t userId)
240 {
241     return InnerAccountIAMManager::GetInstance().GetState(userId);
242 }
243 
GetEnrolledId(int32_t accountId,AuthType authType,const sptr<IGetEnrolledIdCallback> & callback)244 void AccountIAMService::GetEnrolledId(
245     int32_t accountId, AuthType authType, const sptr<IGetEnrolledIdCallback> &callback)
246 {
247     uint64_t emptyId = 0;
248     int32_t ret = NormalizeAccountId(accountId);
249     if (ret != ERR_OK) {
250         callback->OnEnrolledId(ret, emptyId);
251         return;
252     }
253     if ((authType < UserIam::UserAuth::ALL) ||
254         (static_cast<int32_t>(authType) >= static_cast<int32_t>(IAMAuthType::TYPE_END))) {
255         ACCOUNT_LOGE("AuthType is not in correct range");
256         callback->OnEnrolledId(ERR_ACCOUNT_COMMON_INVALID_PARAMETER, emptyId);
257         return;
258     }
259     InnerAccountIAMManager::GetInstance().GetEnrolledId(accountId, authType, callback);
260 }
261 }  // namespace AccountSA
262 }  // namespace OHOS
263