1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "simple_auth_context.h"
16
17 #include <set>
18 #include <vector>
19
20 #include "auth_common.h"
21 #include "iam_check.h"
22 #include "iam_logger.h"
23 #include "iam_para2str.h"
24 #include "resource_node.h"
25 #include "resource_node_utils.h"
26 #include "schedule_node.h"
27 #include "schedule_node_callback.h"
28 #include "user_idm_database.h"
29
30 #define LOG_TAG "USER_AUTH_SA"
31 namespace OHOS {
32 namespace UserIam {
33 namespace UserAuth {
GetPropertyTemplateIds(Authentication::AuthResultInfo & resultInfo)34 std::optional<std::vector<uint64_t>> SimpleAuthContext::GetPropertyTemplateIds(
35 Authentication::AuthResultInfo &resultInfo)
36 {
37 IAM_LOGI("start");
38 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, std::nullopt);
39 auto scheduleNode = scheduleList_[0];
40 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleNode != nullptr, std::nullopt);
41 if (scheduleNode->GetAuthType() != PRIVATE_PIN) {
42 return scheduleNode->GetTemplateIdList();
43 }
44
45 std::vector<uint64_t> templateIds;
46 std::vector<std::shared_ptr<CredentialInfoInterface>> credInfos;
47 int32_t ret = UserIdmDatabase::Instance().GetCredentialInfo(resultInfo.userId, scheduleNode->GetAuthType(),
48 credInfos);
49 if (ret != SUCCESS) {
50 IAM_LOGE("get credential fail, ret:%{public}d, userId:%{public}d, authType:%{public}d", ret,
51 resultInfo.userId, scheduleNode->GetAuthType());
52 return std::nullopt;
53 }
54
55 for (auto &iter : credInfos) {
56 if (scheduleNode->GetAuthIntent() == QUESTION_AUTH) {
57 if (iter->GetAuthSubType() == PIN_QUESTION) {
58 templateIds.push_back(iter->GetTemplateId());
59 break;
60 }
61 } else {
62 if (iter->GetAuthSubType() != PIN_QUESTION) {
63 templateIds.push_back(iter->GetTemplateId());
64 break;
65 }
66 }
67 }
68
69 return templateIds;
70 }
71
GetPropertyForAuthResult(Authentication::AuthResultInfo & resultInfo)72 ResultCode SimpleAuthContext::GetPropertyForAuthResult(Authentication::AuthResultInfo &resultInfo)
73 {
74 IAM_LOGI("start");
75 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, GENERAL_ERROR);
76 auto scheduleNode = scheduleList_[0];
77 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleNode != nullptr, GENERAL_ERROR);
78 if (scheduleNode->GetAuthType() == PIN) {
79 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_OF_PIN;
80 } else {
81 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_EXCEPT_PIN;
82 }
83 if (resultInfo.result != FAIL && resultInfo.result != LOCKED) {
84 IAM_LOGI("no need GetPropertyFromExecutor, nextLockDuration:%{public}d", resultInfo.nextFailLockoutDuration);
85 return SUCCESS;
86 }
87
88 auto resourceNode = scheduleNode->GetVerifyExecutor().lock();
89 IF_FALSE_LOGE_AND_RETURN_VAL(resourceNode != nullptr, GENERAL_ERROR);
90 auto optionalTemplateIdList = GetPropertyTemplateIds(resultInfo);
91 IF_FALSE_LOGE_AND_RETURN_VAL(optionalTemplateIdList.has_value(), GENERAL_ERROR);
92 std::vector<uint64_t> templateIdList = optionalTemplateIdList.value();
93 std::vector<uint32_t> keys = { Attributes::ATTR_FREEZING_TIME, Attributes::ATTR_REMAIN_TIMES};
94 if (scheduleNode->GetAuthType() == PIN) {
95 keys.push_back(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION);
96 }
97 Attributes attr;
98 attr.SetUint32ArrayValue(Attributes::ATTR_KEY_LIST, keys);
99 attr.SetUint32Value(Attributes::ATTR_PROPERTY_MODE, PROPERTY_MODE_GET);
100 attr.SetUint64ArrayValue(Attributes::ATTR_TEMPLATE_ID_LIST, templateIdList);
101
102 Attributes values;
103 int32_t ret = resourceNode->GetProperty(attr, values);
104 IF_FALSE_LOGE_AND_RETURN_VAL(ret == SUCCESS, GENERAL_ERROR);
105
106 if (scheduleNode->GetAuthType() == PIN) {
107 bool getNextDurationRet = values.GetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
108 resultInfo.nextFailLockoutDuration);
109 IF_FALSE_LOGE_AND_RETURN_VAL(getNextDurationRet == true, GENERAL_ERROR);
110 }
111 bool getFreezingTimeRet = values.GetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
112 IF_FALSE_LOGE_AND_RETURN_VAL(getFreezingTimeRet == true, GENERAL_ERROR);
113 bool getRemainTimesRet = values.GetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
114 IF_FALSE_LOGE_AND_RETURN_VAL(getRemainTimesRet == true, GENERAL_ERROR);
115
116 IAM_LOGI("success, nextFailLockoutDuration:%{public}d, freezingTime:%{public}d, remainTime:%{public}d",
117 resultInfo.nextFailLockoutDuration, resultInfo.freezingTime, resultInfo.remainTimes);
118 return SUCCESS;
119 }
120
SimpleAuthContext(uint64_t contextId,std::shared_ptr<Authentication> auth,std::shared_ptr<ContextCallback> callback)121 SimpleAuthContext::SimpleAuthContext(uint64_t contextId, std::shared_ptr<Authentication> auth,
122 std::shared_ptr<ContextCallback> callback)
123 : BaseContext("SimpleAuth", contextId, callback),
124 auth_(auth)
125 {
126 }
127
SimpleAuthContext(const std::string & type,uint64_t contextId,std::shared_ptr<Authentication> auth,std::shared_ptr<ContextCallback> callback)128 SimpleAuthContext::SimpleAuthContext(const std::string &type, uint64_t contextId, std::shared_ptr<Authentication> auth,
129 std::shared_ptr<ContextCallback> callback)
130 : BaseContext(type, contextId, callback),
131 auth_(auth)
132 {
133 }
134
GetContextType() const135 ContextType SimpleAuthContext::GetContextType() const
136 {
137 return CONTEXT_SIMPLE_AUTH;
138 }
139
GetTokenId() const140 uint32_t SimpleAuthContext::GetTokenId() const
141 {
142 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, 0);
143 return auth_->GetAccessTokenId();
144 }
145
GetUserId() const146 int32_t SimpleAuthContext::GetUserId() const
147 {
148 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, INVALID_USER_ID);
149 return auth_->GetUserId();
150 }
151
GetAuthType() const152 int32_t SimpleAuthContext::GetAuthType() const
153 {
154 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, INVALID_AUTH_TYPE);
155 return auth_->GetAuthType();
156 }
157
GetCallerName() const158 std::string SimpleAuthContext::GetCallerName() const
159 {
160 IF_FALSE_LOGE_AND_RETURN_VAL(callback_ != nullptr, "");
161 return callback_->GetCallerName();
162 }
163
OnStart()164 bool SimpleAuthContext::OnStart()
165 {
166 IAM_LOGI("%{public}s start", GetDescription());
167 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
168 bool startRet = auth_->Start(scheduleList_, shared_from_this());
169 if (!startRet) {
170 IAM_LOGE("%{public}s auth start fail", GetDescription());
171 SetLatestError(auth_->GetLatestError());
172 return startRet;
173 }
174 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, false);
175 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_[0] != nullptr, false);
176 bool startScheduleRet = scheduleList_[0]->StartSchedule();
177 IF_FALSE_LOGE_AND_RETURN_VAL(startScheduleRet, false);
178 IAM_LOGI("%{public}s Schedule:%{public}s Type:%{public}d success", GetDescription(),
179 GET_MASKED_STRING(scheduleList_[0]->GetScheduleId()).c_str(), scheduleList_[0]->GetAuthType());
180 return true;
181 }
182
OnResult(int32_t resultCode,const std::shared_ptr<Attributes> & scheduleResultAttr)183 void SimpleAuthContext::OnResult(int32_t resultCode, const std::shared_ptr<Attributes> &scheduleResultAttr)
184 {
185 IAM_LOGI("%{public}s receive result code %{public}d", GetDescription(), resultCode);
186 Authentication::AuthResultInfo resultInfo = {};
187 bool updateRet = UpdateScheduleResult(scheduleResultAttr, resultInfo);
188 if (!updateRet) {
189 IAM_LOGE("%{public}s UpdateScheduleResult fail", GetDescription());
190 if (resultCode == SUCCESS) {
191 resultCode = GetLatestError();
192 }
193 resultInfo.result = resultCode;
194 }
195 if (GetPropertyForAuthResult(resultInfo) != SUCCESS) {
196 IAM_LOGE("GetPropertyForAuthResult failed");
197 }
198 InvokeResultCallback(resultInfo);
199 SendAuthExecutorMsg();
200 IAM_LOGI("%{public}s on result %{public}d finish", GetDescription(), resultCode);
201 }
202
OnStop()203 bool SimpleAuthContext::OnStop()
204 {
205 IAM_LOGI("%{public}s start", GetDescription());
206 if (scheduleList_.size() == 1 && scheduleList_[0] != nullptr) {
207 scheduleList_[0]->StopSchedule();
208 }
209
210 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
211 bool cancelRet = auth_->Cancel();
212 if (!cancelRet) {
213 IAM_LOGE("%{public}s auth stop fail", GetDescription());
214 SetLatestError(auth_->GetLatestError());
215 return cancelRet;
216 }
217 return true;
218 }
219
SendAuthExecutorMsg()220 void SimpleAuthContext::SendAuthExecutorMsg()
221 {
222 IF_FALSE_LOGE_AND_RETURN(auth_ != nullptr);
223 auto authExecutorMsgs = auth_->GetAuthExecutorMsgs();
224 for (auto &authExecutorMsg : authExecutorMsgs) {
225 ResourceNodeUtils::SendMsgToExecutor(
226 authExecutorMsg.executorIndex, authExecutorMsg.commandId, authExecutorMsg.msg);
227 }
228 }
229
UpdateScheduleResult(const std::shared_ptr<Attributes> & scheduleResultAttr,Authentication::AuthResultInfo & resultInfo)230 bool SimpleAuthContext::UpdateScheduleResult(const std::shared_ptr<Attributes> &scheduleResultAttr,
231 Authentication::AuthResultInfo &resultInfo)
232 {
233 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
234 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleResultAttr != nullptr, false);
235 std::vector<uint8_t> scheduleResult;
236 bool getResultCodeRet = scheduleResultAttr->GetUint8ArrayValue(Attributes::ATTR_RESULT, scheduleResult);
237 IF_FALSE_LOGE_AND_RETURN_VAL(getResultCodeRet == true, false);
238 bool updateRet = auth_->Update(scheduleResult, resultInfo);
239 if (!updateRet) {
240 IAM_LOGE("%{public}s auth update fail", GetDescription());
241 SetLatestError(auth_->GetLatestError());
242 return updateRet;
243 }
244 return true;
245 }
246
SetCredentialDigest(const Authentication::AuthResultInfo & resultInfo,Attributes & finalResult) const247 bool SimpleAuthContext::SetCredentialDigest(const Authentication::AuthResultInfo &resultInfo,
248 Attributes &finalResult) const
249 {
250 uint64_t credentialDigest = resultInfo.credentialDigest;
251 if (resultInfo.sdkVersion < INNER_API_VERSION_10000) {
252 credentialDigest = resultInfo.credentialDigest & UINT16_MAX;
253 }
254 bool setCredentialDigestRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_DIGEST,
255 credentialDigest);
256 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialDigestRet == true, false);
257 bool setCredentialCountRet = finalResult.SetUint16Value(Attributes::ATTR_CREDENTIAL_COUNT,
258 resultInfo.credentialCount);
259 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialCountRet == true, false);
260
261 return true;
262 }
263
InvokeResultCallback(const Authentication::AuthResultInfo & resultInfo) const264 void SimpleAuthContext::InvokeResultCallback(const Authentication::AuthResultInfo &resultInfo) const
265 {
266 IAM_LOGI("%{public}s start", GetDescription());
267 IF_FALSE_LOGE_AND_RETURN(callback_ != nullptr);
268 Attributes finalResult;
269 bool setResultCodeRet = finalResult.SetInt32Value(Attributes::ATTR_RESULT_CODE, resultInfo.result);
270 IF_FALSE_LOGE_AND_RETURN(setResultCodeRet == true);
271 bool setNextDurationRet = finalResult.SetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
272 resultInfo.nextFailLockoutDuration);
273 IF_FALSE_LOGE_AND_RETURN(setNextDurationRet == true);
274 if (resultInfo.result == FAIL || resultInfo.result == LOCKED || resultInfo.result == SUCCESS) {
275 bool setFreezingTimeRet = finalResult.SetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
276 IF_FALSE_LOGE_AND_RETURN(setFreezingTimeRet == true);
277 bool setRemainTimesRet = finalResult.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
278 IF_FALSE_LOGE_AND_RETURN(setRemainTimesRet == true);
279 }
280 if (resultInfo.result == SUCCESS && resultInfo.sdkVersion > API_VERSION_9) {
281 bool credentialDigest = SetCredentialDigest(resultInfo, finalResult);
282 IF_FALSE_LOGE_AND_RETURN(credentialDigest == true);
283 }
284 if (resultInfo.result == SUCCESS) {
285 bool setUserIdRet = finalResult.SetInt32Value(Attributes::ATTR_USER_ID, resultInfo.userId);
286 IF_FALSE_LOGE_AND_RETURN(setUserIdRet == true);
287 IAM_LOGI("matched userId: %{public}d.", resultInfo.userId);
288 bool setCredentialIdRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_ID, resultInfo.credentialId);
289 IF_FALSE_LOGE_AND_RETURN(setCredentialIdRet == true);
290 IAM_LOGI("matched credentialId: %{public}s.", GET_MASKED_STRING(resultInfo.credentialId).c_str());
291 bool setExpiredRet = finalResult.SetInt64Value(Attributes::ATTR_PIN_EXPIRED_INFO, resultInfo.pinExpiredInfo);
292 IF_FALSE_LOGE_AND_RETURN(setExpiredRet == true);
293 }
294 if (resultInfo.token.size() != 0) {
295 bool setSignatureResult = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNATURE, resultInfo.token);
296 IF_FALSE_LOGE_AND_RETURN(setSignatureResult == true);
297 }
298 if (resultInfo.rootSecret.size() != 0) {
299 bool setRootSecret = finalResult.SetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, resultInfo.rootSecret);
300 IF_FALSE_LOGE_AND_RETURN(setRootSecret == true);
301 }
302 if (resultInfo.remoteAuthResultMsg.size() != 0) {
303 bool setRemoteAuthResultMsg = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNED_AUTH_RESULT,
304 resultInfo.remoteAuthResultMsg);
305 IF_FALSE_LOGE_AND_RETURN(setRemoteAuthResultMsg == true);
306 }
307 callback_->OnResult(resultInfo.result, finalResult);
308 IAM_LOGI("%{public}s invoke result callback success, result %{public}d", GetDescription(), resultInfo.result);
309 }
310 } // namespace UserAuth
311 } // namespace UserIam
312 } // namespace OHOS
313