1 /*
2 * Copyright (c) 2022-2024 Huawei Device Co., Ltd.
3 * Licensed under the Apache License, Version 2.0 (the "License");
4 * you may not use this file except in compliance with the License.
5 * You may obtain a copy of the License at
6 *
7 * http://www.apache.org/licenses/LICENSE-2.0
8 *
9 * Unless required by applicable law or agreed to in writing, software
10 * distributed under the License is distributed on an "AS IS" BASIS,
11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 * See the License for the specific language governing permissions and
13 * limitations under the License.
14 */
15 #include "simple_auth_context.h"
16
17 #include <set>
18 #include <vector>
19
20 #include "auth_common.h"
21 #include "iam_check.h"
22 #include "iam_logger.h"
23 #include "iam_para2str.h"
24 #include "resource_node.h"
25 #include "resource_node_utils.h"
26 #include "schedule_node.h"
27 #include "schedule_node_callback.h"
28
29 #define LOG_TAG "USER_AUTH_SA"
30 namespace OHOS {
31 namespace UserIam {
32 namespace UserAuth {
GetPropertyForAuthResult(Authentication::AuthResultInfo &resultInfo)33 ResultCode SimpleAuthContext::GetPropertyForAuthResult(Authentication::AuthResultInfo &resultInfo)
34 {
35 IAM_LOGI("start");
36 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, GENERAL_ERROR);
37 auto scheduleNode = scheduleList_[0];
38 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleNode != nullptr, GENERAL_ERROR);
39 if (scheduleNode->GetAuthType() == PIN) {
40 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_OF_PIN;
41 } else {
42 resultInfo.nextFailLockoutDuration = FIRST_LOCKOUT_DURATION_EXCEPT_PIN;
43 }
44 if (resultInfo.result != FAIL && resultInfo.result != LOCKED) {
45 IAM_LOGI("no need GetPropertyFromExecutor, nextLockDuration:%{public}d", resultInfo.nextFailLockoutDuration);
46 return SUCCESS;
47 }
48
49 auto resourceNode = scheduleNode->GetVerifyExecutor().lock();
50 IF_FALSE_LOGE_AND_RETURN_VAL(resourceNode != nullptr, GENERAL_ERROR);
51 auto optionalTemplateIdList = scheduleNode->GetTemplateIdList();
52 IF_FALSE_LOGE_AND_RETURN_VAL(optionalTemplateIdList.has_value(), GENERAL_ERROR);
53 std::vector<uint64_t> templateIdList = optionalTemplateIdList.value();
54 std::vector<uint32_t> keys = { Attributes::ATTR_FREEZING_TIME, Attributes::ATTR_REMAIN_TIMES};
55 if (scheduleNode->GetAuthType() == PIN) {
56 keys.push_back(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION);
57 }
58 Attributes attr;
59 attr.SetUint32ArrayValue(Attributes::ATTR_KEY_LIST, keys);
60 attr.SetUint32Value(Attributes::ATTR_PROPERTY_MODE, PROPERTY_MODE_GET);
61 attr.SetUint64ArrayValue(Attributes::ATTR_TEMPLATE_ID_LIST, templateIdList);
62
63 Attributes values;
64 int32_t ret = resourceNode->GetProperty(attr, values);
65 IF_FALSE_LOGE_AND_RETURN_VAL(ret == SUCCESS, GENERAL_ERROR);
66
67 if (scheduleNode->GetAuthType() == PIN) {
68 bool getNextDurationRet = values.GetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
69 resultInfo.nextFailLockoutDuration);
70 IF_FALSE_LOGE_AND_RETURN_VAL(getNextDurationRet == true, GENERAL_ERROR);
71 }
72 bool getFreezingTimeRet = values.GetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
73 IF_FALSE_LOGE_AND_RETURN_VAL(getFreezingTimeRet == true, GENERAL_ERROR);
74 bool getRemainTimesRet = values.GetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
75 IF_FALSE_LOGE_AND_RETURN_VAL(getRemainTimesRet == true, GENERAL_ERROR);
76
77 IAM_LOGI("success, nextFailLockoutDuration:%{public}d, freezingTime:%{public}d, remainTime:%{public}d",
78 resultInfo.nextFailLockoutDuration, resultInfo.freezingTime, resultInfo.remainTimes);
79 return SUCCESS;
80 }
81
SimpleAuthContext(uint64_t contextId, std::shared_ptr<Authentication> auth, std::shared_ptr<ContextCallback> callback)82 SimpleAuthContext::SimpleAuthContext(uint64_t contextId, std::shared_ptr<Authentication> auth,
83 std::shared_ptr<ContextCallback> callback)
84 : BaseContext("SimpleAuth", contextId, callback),
85 auth_(auth)
86 {
87 }
88
SimpleAuthContext(const std::string &type, uint64_t contextId, std::shared_ptr<Authentication> auth, std::shared_ptr<ContextCallback> callback)89 SimpleAuthContext::SimpleAuthContext(const std::string &type, uint64_t contextId, std::shared_ptr<Authentication> auth,
90 std::shared_ptr<ContextCallback> callback)
91 : BaseContext(type, contextId, callback),
92 auth_(auth)
93 {
94 }
95
GetContextType() const96 ContextType SimpleAuthContext::GetContextType() const
97 {
98 return CONTEXT_SIMPLE_AUTH;
99 }
100
GetTokenId() const101 uint32_t SimpleAuthContext::GetTokenId() const
102 {
103 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, 0);
104 return auth_->GetAccessTokenId();
105 }
106
GetUserId() const107 int32_t SimpleAuthContext::GetUserId() const
108 {
109 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, INVALID_USER_ID);
110 return auth_->GetUserId();
111 }
112
OnStart()113 bool SimpleAuthContext::OnStart()
114 {
115 IAM_LOGI("%{public}s start", GetDescription());
116 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
117 bool startRet = auth_->Start(scheduleList_, shared_from_this());
118 if (!startRet) {
119 IAM_LOGE("%{public}s auth start fail", GetDescription());
120 SetLatestError(auth_->GetLatestError());
121 return startRet;
122 }
123 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_.size() == 1, false);
124 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleList_[0] != nullptr, false);
125 bool startScheduleRet = scheduleList_[0]->StartSchedule();
126 IF_FALSE_LOGE_AND_RETURN_VAL(startScheduleRet, false);
127 IAM_LOGI("%{public}s Schedule:%{public}s Type:%{public}d success", GetDescription(),
128 GET_MASKED_STRING(scheduleList_[0]->GetScheduleId()).c_str(), scheduleList_[0]->GetAuthType());
129 return true;
130 }
131
OnResult(int32_t resultCode, const std::shared_ptr<Attributes> &scheduleResultAttr)132 void SimpleAuthContext::OnResult(int32_t resultCode, const std::shared_ptr<Attributes> &scheduleResultAttr)
133 {
134 IAM_LOGI("%{public}s receive result code %{public}d", GetDescription(), resultCode);
135 Authentication::AuthResultInfo resultInfo = {};
136 bool updateRet = UpdateScheduleResult(scheduleResultAttr, resultInfo);
137 if (!updateRet) {
138 IAM_LOGE("%{public}s UpdateScheduleResult fail", GetDescription());
139 if (resultCode == SUCCESS) {
140 resultCode = GetLatestError();
141 }
142 resultInfo.result = resultCode;
143 }
144 if (GetPropertyForAuthResult(resultInfo) != SUCCESS) {
145 IAM_LOGE("GetPropertyForAuthResult failed");
146 }
147 InvokeResultCallback(resultInfo);
148 SendAuthExecutorMsg();
149 IAM_LOGI("%{public}s on result %{public}d finish", GetDescription(), resultInfo.result);
150 }
151
OnStop()152 bool SimpleAuthContext::OnStop()
153 {
154 IAM_LOGI("%{public}s start", GetDescription());
155 if (scheduleList_.size() == 1 && scheduleList_[0] != nullptr) {
156 scheduleList_[0]->StopSchedule();
157 }
158
159 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
160 bool cancelRet = auth_->Cancel();
161 if (!cancelRet) {
162 IAM_LOGE("%{public}s auth stop fail", GetDescription());
163 SetLatestError(auth_->GetLatestError());
164 return cancelRet;
165 }
166 return true;
167 }
168
SendAuthExecutorMsg()169 void SimpleAuthContext::SendAuthExecutorMsg()
170 {
171 IF_FALSE_LOGE_AND_RETURN(auth_ != nullptr);
172 auto authExecutorMsgs = auth_->GetAuthExecutorMsgs();
173 for (auto &authExecutorMsg : authExecutorMsgs) {
174 ResourceNodeUtils::SendMsgToExecutor(
175 authExecutorMsg.executorIndex, authExecutorMsg.commandId, authExecutorMsg.msg);
176 }
177 }
178
UpdateScheduleResult(const std::shared_ptr<Attributes> &scheduleResultAttr, Authentication::AuthResultInfo &resultInfo)179 bool SimpleAuthContext::UpdateScheduleResult(const std::shared_ptr<Attributes> &scheduleResultAttr,
180 Authentication::AuthResultInfo &resultInfo)
181 {
182 IF_FALSE_LOGE_AND_RETURN_VAL(auth_ != nullptr, false);
183 IF_FALSE_LOGE_AND_RETURN_VAL(scheduleResultAttr != nullptr, false);
184 std::vector<uint8_t> scheduleResult;
185 bool getResultCodeRet = scheduleResultAttr->GetUint8ArrayValue(Attributes::ATTR_RESULT, scheduleResult);
186 IF_FALSE_LOGE_AND_RETURN_VAL(getResultCodeRet == true, false);
187 bool updateRet = auth_->Update(scheduleResult, resultInfo);
188 if (!updateRet) {
189 IAM_LOGE("%{public}s auth update fail", GetDescription());
190 SetLatestError(auth_->GetLatestError());
191 return updateRet;
192 }
193 return true;
194 }
195
SetCredentialDigest(const Authentication::AuthResultInfo &resultInfo, Attributes &finalResult) const196 bool SimpleAuthContext::SetCredentialDigest(const Authentication::AuthResultInfo &resultInfo,
197 Attributes &finalResult) const
198 {
199 uint64_t credentialDigest = resultInfo.credentialDigest;
200 if (resultInfo.sdkVersion < INNER_API_VERSION_10000) {
201 credentialDigest = resultInfo.credentialDigest & UINT16_MAX;
202 }
203 bool setCredentialDigestRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_DIGEST,
204 credentialDigest);
205 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialDigestRet == true, false);
206 bool setCredentialCountRet = finalResult.SetUint16Value(Attributes::ATTR_CREDENTIAL_COUNT,
207 resultInfo.credentialCount);
208 IF_FALSE_LOGE_AND_RETURN_VAL(setCredentialCountRet == true, false);
209
210 return true;
211 }
212
InvokeResultCallback(const Authentication::AuthResultInfo &resultInfo) const213 void SimpleAuthContext::InvokeResultCallback(const Authentication::AuthResultInfo &resultInfo) const
214 {
215 IAM_LOGI("%{public}s start", GetDescription());
216 IF_FALSE_LOGE_AND_RETURN(callback_ != nullptr);
217 Attributes finalResult;
218 bool setResultCodeRet = finalResult.SetInt32Value(Attributes::ATTR_RESULT_CODE, resultInfo.result);
219 IF_FALSE_LOGE_AND_RETURN(setResultCodeRet == true);
220 bool setNextDurationRet = finalResult.SetInt32Value(Attributes::ATTR_NEXT_FAIL_LOCKOUT_DURATION,
221 resultInfo.nextFailLockoutDuration);
222 IF_FALSE_LOGE_AND_RETURN(setNextDurationRet == true);
223 if (resultInfo.result == FAIL || resultInfo.result == LOCKED || resultInfo.result == SUCCESS) {
224 bool setFreezingTimeRet = finalResult.SetInt32Value(Attributes::ATTR_FREEZING_TIME, resultInfo.freezingTime);
225 IF_FALSE_LOGE_AND_RETURN(setFreezingTimeRet == true);
226 bool setRemainTimesRet = finalResult.SetInt32Value(Attributes::ATTR_REMAIN_TIMES, resultInfo.remainTimes);
227 IF_FALSE_LOGE_AND_RETURN(setRemainTimesRet == true);
228 }
229 if (resultInfo.result == SUCCESS && resultInfo.sdkVersion > API_VERSION_9) {
230 bool credentialDigest = SetCredentialDigest(resultInfo, finalResult);
231 IF_FALSE_LOGE_AND_RETURN(credentialDigest == true);
232 }
233 if (resultInfo.result == SUCCESS) {
234 bool setUserIdRet = finalResult.SetInt32Value(Attributes::ATTR_USER_ID, resultInfo.userId);
235 IF_FALSE_LOGE_AND_RETURN(setUserIdRet == true);
236 IAM_LOGI("matched userId: %{public}d.", resultInfo.userId);
237 bool setCredentialIdRet = finalResult.SetUint64Value(Attributes::ATTR_CREDENTIAL_ID, resultInfo.credentialId);
238 IF_FALSE_LOGE_AND_RETURN(setCredentialIdRet == true);
239 IAM_LOGI("matched credentialId: %{public}s.", GET_MASKED_STRING(resultInfo.credentialId).c_str());
240 bool setExpiredRet = finalResult.SetInt64Value(Attributes::ATTR_PIN_EXPIRED_INFO, resultInfo.pinExpiredInfo);
241 IF_FALSE_LOGE_AND_RETURN(setExpiredRet == true);
242 }
243 if (resultInfo.token.size() != 0) {
244 bool setSignatureResult = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNATURE, resultInfo.token);
245 IF_FALSE_LOGE_AND_RETURN(setSignatureResult == true);
246 }
247 if (resultInfo.rootSecret.size() != 0) {
248 bool setRootSecret = finalResult.SetUint8ArrayValue(Attributes::ATTR_ROOT_SECRET, resultInfo.rootSecret);
249 IF_FALSE_LOGE_AND_RETURN(setRootSecret == true);
250 }
251 if (resultInfo.remoteAuthResultMsg.size() != 0) {
252 bool setRemoteAuthResultMsg = finalResult.SetUint8ArrayValue(Attributes::ATTR_SIGNED_AUTH_RESULT,
253 resultInfo.remoteAuthResultMsg);
254 IF_FALSE_LOGE_AND_RETURN(setRemoteAuthResultMsg == true);
255 }
256 callback_->SetTraceAuthFinishReason("SimpleAuthContext InvokeResultCallback");
257 callback_->OnResult(resultInfo.result, finalResult);
258 IAM_LOGI("%{public}s invoke result callback success, result %{public}d", GetDescription(), resultInfo.result);
259 }
260 } // namespace UserAuth
261 } // namespace UserIam
262 } // namespace OHOS
263