1 /*
2 * Copyright (C) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15
16 #include "enroll_specification_check.h"
17
18 #include "adaptor_log.h"
19 #include "idm_database.h"
20 #include "idm_session.h"
21
22 #ifdef IAM_TEST_ENABLE
23 #define IAM_STATIC
24 #else
25 #define IAM_STATIC static
26 #endif
27
28 typedef struct {
29 AuthType authType;
30 uint32_t maxErollNumber;
31 } SpecificationMap;
32
33 IAM_STATIC SpecificationMap g_specificationMap[] = {
34 {PIN_AUTH, MAX_NUMBER_OF_PIN_PER_USER},
35 {FACE_AUTH, MAX_NUMBER_OF_FACE_PER_USER},
36 {FINGER_AUTH, MAX_NUMBER_OF_FINGERS_PER_USER},
37 };
38
GetMaxNumber(uint32_t authType)39 IAM_STATIC uint32_t GetMaxNumber(uint32_t authType)
40 {
41 for (uint32_t i = 0; i < sizeof(g_specificationMap) / sizeof(SpecificationMap); ++i) {
42 if (g_specificationMap[i].authType == authType) {
43 return g_specificationMap[i].maxErollNumber;
44 }
45 }
46 return INVALID_AUTH_TYPE_EROLL_NUMBER;
47 }
48
CheckIdmOperationToken(int32_t userId,UserAuthTokenHal * authToken)49 ResultCode CheckIdmOperationToken(int32_t userId, UserAuthTokenHal *authToken)
50 {
51 if (authToken == NULL) {
52 LOG_ERROR("auth token is null");
53 return RESULT_BAD_PARAM;
54 }
55 UserAuthTokenPlain tokenPlain = {0};
56 ResultCode ret = UserAuthTokenVerify(authToken, &tokenPlain);
57 if (ret != RESULT_SUCCESS) {
58 LOG_ERROR("UserAuthTokenVerify fail");
59 return RESULT_BAD_MATCH;
60 }
61 if (tokenPlain.tokenDataPlain.authType != PIN_AUTH) {
62 LOG_ERROR("need pin token");
63 return RESULT_VERIFY_TOKEN_FAIL;
64 }
65 if ((tokenPlain.tokenDataPlain.authMode != SCHEDULE_MODE_AUTH &&
66 tokenPlain.tokenDataPlain.authMode != SCHEDULE_MODE_ENROLL)
67 || (tokenPlain.tokenDataPlain.tokenType != TOKEN_TYPE_LOCAL_AUTH)) {
68 LOG_ERROR("need local auth");
69 return RESULT_VERIFY_TOKEN_FAIL;
70 }
71 ret = CheckChallenge(tokenPlain.tokenDataPlain.challenge, CHALLENGE_LEN);
72 if (ret != RESULT_SUCCESS) {
73 LOG_ERROR("check challenge failed, token is invalid");
74 return RESULT_BAD_MATCH;
75 }
76 int32_t userIdGet;
77 ret = GetUserId(&userIdGet);
78 if (ret != RESULT_SUCCESS || userIdGet != userId || userIdGet != tokenPlain.tokenDataToEncrypt.userId) {
79 LOG_ERROR("check userId failed");
80 return RESULT_BAD_MATCH;
81 }
82 uint64_t secureUid;
83 ret = GetSecureUid(userId, &secureUid);
84 if (ret != RESULT_SUCCESS || secureUid != tokenPlain.tokenDataToEncrypt.secureUid) {
85 LOG_ERROR("check secureUid failed, token is invalid");
86 return RESULT_BAD_MATCH;
87 }
88 if (!IsValidTokenTime(tokenPlain.tokenDataPlain.time)) {
89 LOG_ERROR("check token time failed, token is invalid");
90 return RESULT_VERIFY_TOKEN_FAIL;
91 }
92 return RESULT_SUCCESS;
93 }
94
CheckSpecification(int32_t userId,uint32_t authType)95 ResultCode CheckSpecification(int32_t userId, uint32_t authType)
96 {
97 CredentialCondition condition = {};
98 SetCredentialConditionAuthType(&condition, authType);
99 SetCredentialConditionUserId(&condition, userId);
100 LinkedList *credList = QueryCredentialLimit(&condition);
101 if (credList == NULL) {
102 LOG_ERROR("query credential failed");
103 return RESULT_UNKNOWN;
104 }
105 uint32_t maxNumber = GetMaxNumber(authType);
106 if (credList->getSize(credList) >= maxNumber) {
107 LOG_ERROR("the enrolled quantity has reached the upper limit, authType is %{public}u", authType);
108 DestroyLinkedList(credList);
109 return RESULT_EXCEED_LIMIT;
110 }
111 DestroyLinkedList(credList);
112 return RESULT_SUCCESS;
113 }