diff --git a/frameworks/cj/user_auth/inc/user_auth_ffi.h b/frameworks/cj/user_auth/inc/user_auth_ffi.h index 00081ef685a7bed8d56a1a1a4c449a29d2d1ff17..32a25ef74d9ca201eb2aebb34d1cd5ffc7fe9186 100644 --- a/frameworks/cj/user_auth/inc/user_auth_ffi.h +++ b/frameworks/cj/user_auth/inc/user_auth_ffi.h @@ -25,6 +25,7 @@ using OHOS::UserIam::UserAuth::CjUserAuthCallback; using OHOS::UserIam::UserAuth::CjUserAuthResult; using OHOS::UserIam::UserAuth::CjWidgetParam; using OHOS::UserIam::UserAuth::EnrolledState; +using OHOS::UserIam::UserAuth::CjReuseAuthResult; #define FFI_EXPORT __attribute__((visibility("default"))) @@ -41,6 +42,9 @@ FFI_EXPORT uint64_t FfiUserAuthStart(const CjAuthParam &authParam, const CjWidge CjUserAuthCallback *callbackPtr); FFI_EXPORT int32_t FfiUserAuthCancel(uint64_t contextId); + +FFI_EXPORT int32_t FfiUserAuthQueryReusableAuthResult(int32_t userId, const CjAuthParam &authParam, + CjReuseAuthResult *reuseAuthResult); } diff --git a/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h b/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h index 412745f4ded2c005d1918845f955a8c60fe4e06e..0b359b3ec79e12cc2efceec8f47a819870b84e67 100644 --- a/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h +++ b/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h @@ -48,6 +48,11 @@ struct CjUserAuthResult { uint16_t credentialCount; }; +struct CjReuseAuthResult { + uint8_t *token; + int64_t tokenLen; +}; + class CjUserAuthCallback final : public AuthenticationCallback { public: CjUserAuthCallback() = default; diff --git a/frameworks/cj/user_auth/src/user_auth_ffi.cpp b/frameworks/cj/user_auth/src/user_auth_ffi.cpp index c72dd2e929683a31bc6f331f801c88812e75b9f2..035b0e8384701ef9cae02fca0520a4fc9fa46e5d 100644 --- a/frameworks/cj/user_auth/src/user_auth_ffi.cpp +++ b/frameworks/cj/user_auth/src/user_auth_ffi.cpp @@ -84,3 +84,37 @@ int32_t FfiUserAuthCancel(const uint64_t contextId) { return UserAuthClientImpl::GetInstance().CancelAuthentication(contextId); } + +int32_t FfiUserAuthQueryReusableAuthResult(int32_t userId, const CjAuthParam &authParam, + CjReuseAuthResult *reuseAuthResult) +{ + std::vector authTypes; + for (int i = 0; i < authParam.authTypesLen; ++i) { + authTypes.push_back(AuthType(authParam.authTypes[i])); + } + WidgetAuthParam authParamInner{ + .userId = userId, + .challenge = std::vector(authParam.challenge, authParam.challenge + authParam.challengeLen), + .authTypes = authTypes, + .authTrustLevel = AuthTrustLevel(authParam.authTrustLevel), + }; + if (authParam.isReuse) { + authParamInner.reuseUnlockResult = { + .isReuse = true, + .reuseMode = ReuseMode(authParam.reuseMode), + .reuseDuration = authParam.reuseDuration, + }; + } + + std::vector extraInfo; + int32_t ret = UserAuthClientImpl::Instance().QueryReusableAuthResult(authParamInner, extraInfo); + if (ret == SUCCESS) { + Attributes attributes(extraInfo); + std::vector token; + attributes.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token); + reuseAuthResult->token = token.data(); + reuseAuthResult->tokenLen = static_cast(token.size()); + } + + return ret; +} \ No newline at end of file diff --git a/frameworks/js/napi/user_auth/inc/auth_common.h b/frameworks/js/napi/user_auth/inc/auth_common.h index 90da12d4898bce4a8ba2e123dabe67b2ca656f6c..601053613513d5160c4fb0a1737e8e162bdf5fde 100644 --- a/frameworks/js/napi/user_auth/inc/auth_common.h +++ b/frameworks/js/napi/user_auth/inc/auth_common.h @@ -81,6 +81,7 @@ enum class UserAuthResultCode : int32_t { TYPE_NOT_SUPPORT = 12500005, TRUST_LEVEL_NOT_SUPPORT = 12500006, BUSY = 12500007, + PARAM_VERIFIED_FAILED = 12500008, LOCKED = 12500009, NOT_ENROLLED = 12500010, RESULT_CODE_V9_MAX = 12500010, diff --git a/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h b/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h index 59c22965b13f5222248bc7e8f1d8c42d2ab3c869..931caad69afbf245c6388d9ec47a51c169ef1043 100644 --- a/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h +++ b/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h @@ -43,6 +43,7 @@ public: UserAuthResultCode Start(napi_env env, napi_callback_info info); UserAuthResultCode Cancel(napi_env env, napi_callback_info info); static napi_value GetEnrolledState(napi_env env, napi_callback_info info); + napi_value QueryReusableAuthResult(napi_env env, napi_callback_info info); private: UserAuthResultCode InitChallenge(napi_env env, napi_value value); @@ -60,7 +61,8 @@ private: UserAuthApiEventReporter &reporter); UserAuthResultCode ProcessContext(napi_env env, napi_value value); bool CheckUIContext(const std::shared_ptr context); - + UserAuthResultCode ParamReusableAuthResult(napi_env env, napi_callback_info info, + WidgetAuthParam &authParam); AuthParamInner authParam_ = {}; UserAuthNapiClientImpl::WidgetParamNapi widgetParam_ = {}; diff --git a/frameworks/js/napi/user_auth/src/user_auth_entry.cpp b/frameworks/js/napi/user_auth/src/user_auth_entry.cpp index 70bb8e5031a363e6da905f6389de09568f85f920..d00cc0f1a949927d0a3de5379108bd850eed33fe 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_entry.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_entry.cpp @@ -649,6 +649,35 @@ napi_value CancelAuth(napi_env env, napi_callback_info info) return UserAuthImpl::CancelAuth(env, info); } +napi_value QueryReusableAuthResult(napi_env env, napi_callback_info info) +{ + IAM_LOGI("start"); + UserAuthApiEventReporter reporter("QueryReusableAuthResult"); + napi_value userAuthInstanceV10; + napi_status ret = napi_new_instance(env, UserAuthInstanceV10Class(env), 0, nullptr, &userAuthInstanceV10); + if (ret != napi_ok) { + IAM_LOGE("napi_new_instance fail:%{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + UserAuthInstanceV10 *userAuthInstance = nullptr; + ret = napi_unwrap(env, userAuthInstanceV10, reinterpret_cast(&userAuthInstance)); + if (ret != napi_ok) { + IAM_LOGE("napi_unwrap fail"); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + if (userAuthInstance == nullptr) { + IAM_LOGE("userAuthInstanceV10 is null"); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + return userAuthInstance->QueryReusableAuthResult(env, info); +} + napi_value AuthTrustLevelConstructor(napi_env env) { napi_value authTrustLevel = nullptr; @@ -1008,6 +1037,7 @@ napi_value UserAuthInit(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("getUserAuthWidgetMgr", UserAuth::GetUserAuthWidgetMgrV10), DECLARE_NAPI_FUNCTION("getEnrolledState", UserAuth::GetEnrolledState), DECLARE_NAPI_FUNCTION("sendNotice", UserAuth::SendNotice), + DECLARE_NAPI_FUNCTION("queryReusableAuthResult", UserAuth::QueryReusableAuthResult), }; status = napi_define_properties(env, exports, sizeof(exportFuncs) / sizeof(napi_property_descriptor), exportFuncs); diff --git a/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp b/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp index 91cafb17728f3bff62ccfea9888985813e7fb2b5..72d79d7525599be818413872497b7d50be8839c5 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp @@ -719,6 +719,76 @@ UserAuthResultCode UserAuthInstanceV10::Cancel(napi_env env, napi_callback_info isAuthStarted_ = false; return UserAuthResultCode::SUCCESS; } + +UserAuthResultCode UserAuthInstanceV10::ParamReusableAuthResult(napi_env env, napi_callback_info info, + WidgetAuthParam &authParam) +{ + napi_value argv[ARGS_ONE]; + size_t argc = ARGS_ONE; + napi_status ret = napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr); + if (ret != napi_ok) { + IAM_LOGE("napi_get_cb_info fail:%{public}d", ret); + return UserAuthResultCode::GENERAL_ERROR; + } + if (argc != ARGS_ONE) { + IAM_LOGE("parms error"); + std::string msgStr = "Parameter vefification failed. The number of parameters should be 1."; + napi_throw(env, UserAuthNapiHelper::GenerateErrorMsg(env, UserAuthResultCode::PARAM_VERIFIED_FAILED, msgStr)); + return UserAuthResultCode::PARAM_VERIFIED_FAILED; + } + UserAuthResultCode errCode = InitAuthParam(env, argv[PARAM0]); + if (errCode != UserAuthResultCode::SUCCESS) { + IAM_LOGE("AuthParamInner type error, errorCode: %{public}d", errCode); + return errCode; + } + authParam.userId = authParam_.userId; + authParam.challenge = authParam_.challenge; + authParam.authTypes = authParam_.authTypes; + authParam.authTrustLevel = authParam_.authTrustLevel; + authParam.reuseUnlockResult.isReuse = authParam_.reuseUnlockResult.isReuse; + authParam.reuseUnlockResult.reuseMode = authParam_.reuseUnlockResult.reuseMode; + authParam.reuseUnlockResult.reuseDuration = authParam_.reuseUnlockResult.reuseDuration; + return UserAuthResultCode::SUCCESS; +} + +napi_value UserAuthInstanceV10::QueryReusableAuthResult(napi_env env, napi_callback_info info) +{ + UserAuthApiEventReporter reporter("QueryReusableAuthResult"); + WidgetAuthParam authParam = {0}; + UserAuthResultCode errCode = ParamReusableAuthResult(env, info, authParam); + if (errCode != UserAuthResultCode::SUCCESS) { + IAM_LOGE("AuthParamInner type error, errorCode: %{public}d", errCode); + reporter.ReportFailed(errCode); + return nullptr; + } + + std::vector extraInfo; + int32_t code = UserAuthClientImpl::Instance().QueryReusableAuthResult(authParam, extraInfo); + if (code != SUCCESS) { + IAM_LOGE("failed to query reuse result %{public}d", code); + int32_t resultCode = UserAuthNapiHelper::GetResultCodeV10(code); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode(resultCode))); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + napi_value eventInfo; + napi_status ret = napi_create_object(env, &eventInfo); + if (ret != napi_ok) { + IAM_LOGE("napi_create_object failed %{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + ret = UserAuthNapiHelper::SetUint8ArrayProperty(env, eventInfo, "extraInfo", extraInfo); + if (ret != napi_ok) { + IAM_LOGE("napi_create_object failed %{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + reporter.ReportSuccess(); + return eventInfo; +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS diff --git a/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp b/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp index e20742303e99df69ba7fe6dc0228c61dfa115bba..7c8dfa574f901b3e02d01d70788c65d93abeb2c8 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp @@ -172,6 +172,15 @@ int32_t UserAuthNapiHelper::GetResultCodeV10(int32_t result) if (result == HARDWARE_NOT_SUPPORTED) { return static_cast(UserAuthResultCode::GENERAL_ERROR); } + if (result == AUTH_TOKEN_CHECK_FAILED) { + return static_cast(UserAuthResultCode::AUTH_TOKEN_CHECK_FAILED); + } + if (result == AUTH_TOKEN_EXPIRED) { + return static_cast(UserAuthResultCode::AUTH_TOKEN_EXPIRED); + } + if (result == PARAM_VERIFIED_FAILED) { + return static_cast(UserAuthResultCode::PARAM_VERIFIED_FAILED); + } if (result > (INT32_MAX - static_cast(UserAuthResultCode::RESULT_CODE_V10_MIN))) { return static_cast(UserAuthResultCode::GENERAL_ERROR); } diff --git a/frameworks/native/client/inc/user_auth_client_impl.h b/frameworks/native/client/inc/user_auth_client_impl.h index 4f5ec6d701173fcebc9fc4012ba62257e6829c30..48b46a3c5fadb6400f57824ed9e25738ad5b62b1 100644 --- a/frameworks/native/client/inc/user_auth_client_impl.h +++ b/frameworks/native/client/inc/user_auth_client_impl.h @@ -66,6 +66,7 @@ public: int32_t SetGlobalConfigParam(const GlobalConfigParam ¶m) override; int32_t PrepareRemoteAuth(const std::string &networkId, const std::shared_ptr &callback) override; + int32_t QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) override; private: ResultCode SetPropertyInner(int32_t userId, const SetPropertyRequest &request, diff --git a/frameworks/native/client/src/user_auth_client_impl.cpp b/frameworks/native/client/src/user_auth_client_impl.cpp index 82ed9a422af2d070efca237712ddb75dd72b7feb..b8134dbc1a3ecda6113be7dbfae8c3769f90d56d 100644 --- a/frameworks/native/client/src/user_auth_client_impl.cpp +++ b/frameworks/native/client/src/user_auth_client_impl.cpp @@ -722,6 +722,30 @@ int32_t UserAuthClientImpl::PrepareRemoteAuth(const std::string &networkId, return proxy->PrepareRemoteAuth(networkId, wrapper); } +int32_t UserAuthClientImpl::QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) +{ + IAM_LOGI("start"); + auto proxy = GetProxy(); + if (!proxy) { + IAM_LOGE("proxy is nullptr"); + return GENERAL_ERROR; + } + + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = authParam.userId; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = authParam.challenge; + for (auto &authType : authParam.authTypes) { + ipcAuthParamInner.authTypes.push_back(static_cast(authType)); + } + ipcAuthParamInner.authTrustLevel = authParam.authTrustLevel, + ipcAuthParamInner.reuseUnlockResult.isReuse = authParam.reuseUnlockResult.isReuse; + ipcAuthParamInner.reuseUnlockResult.reuseMode = authParam.reuseUnlockResult.reuseMode; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = authParam.reuseUnlockResult.reuseDuration; + + return proxy->QueryReusableAuthResult(ipcAuthParamInner, extraInfo); +} + void UserAuthClientImpl::InitIpcRemoteAuthParam(const std::optional &remoteAuthParam, IpcRemoteAuthParam &ipcRemoteAuthParam) { @@ -778,6 +802,7 @@ void UserAuthClientImpl::InitIpcAuthParam(const AuthParamInner &authParam, ipcAuthParamInner.authTrustLevel = static_cast(authParam.authTrustLevel); ipcAuthParamInner.authIntent = static_cast(authParam.authIntent); ipcAuthParamInner.reuseUnlockResult.isReuse = authParam.reuseUnlockResult.isReuse; + ipcAuthParamInner.reuseUnlockResult.reuseMode = authParam.reuseUnlockResult.reuseMode; ipcAuthParamInner.reuseUnlockResult.reuseDuration = authParam.reuseUnlockResult.reuseDuration; } diff --git a/frameworks/native/client/user_auth_client_map b/frameworks/native/client/user_auth_client_map index c2c807fbaced2873047f0dfb2dc063012ba931af..3bfacb9faaf459c03793d0e1aff03d571ce7fc96 100644 --- a/frameworks/native/client/user_auth_client_map +++ b/frameworks/native/client/user_auth_client_map @@ -32,6 +32,7 @@ OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::Instance*; OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::BeginWidgetAuth*; OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::CancelAuthentication*; + OHOS::UserIam::UserAuth::UserAuthClientImpl::QueryReusableAuthResult*; }; local: *; diff --git a/frameworks/native/ipc/idl/IUserAuth.idl b/frameworks/native/ipc/idl/IUserAuth.idl index 969e2bf3c52df63963723e83fd510fbbf363ccda..e337ff803f7a3e166310278d2e003195796cb817 100644 --- a/frameworks/native/ipc/idl/IUserAuth.idl +++ b/frameworks/native/ipc/idl/IUserAuth.idl @@ -72,4 +72,6 @@ interface OHOS.UserIam.UserAuth.IUserAuth { void VerifyAuthToken([in] unsigned char[] tokenIn, [in] unsigned long allowableDuration, [in] IVerifyTokenCallback verifyTokenCallback); + + void QueryReusableAuthResult([in] IpcAuthParamInner ipcAuthParamInner, [out] unsigned char[] extraInfo); } \ No newline at end of file diff --git a/interfaces/inner_api/iam_common_defines.h b/interfaces/inner_api/iam_common_defines.h index 22023c0934a6010bd5293d4a667f223f78fdd0c9..36428e530825e254fccaab570bb0e403dc572866 100644 --- a/interfaces/inner_api/iam_common_defines.h +++ b/interfaces/inner_api/iam_common_defines.h @@ -201,6 +201,8 @@ enum ResultCode : int32_t { AUTH_TOKEN_CHECK_FAILED = 15, /** The result is fail, because the token is expired. */ AUTH_TOKEN_EXPIRED = 16, + /** The result is fail, because parameters verified failed. */ + PARAM_VERIFIED_FAILED = 17, /** The result is fail, because something wrong from system. */ SYSTEM_ERROR_CODE_BEGIN = 1000, /** The result is fail, because something wrong from ipc. */ diff --git a/interfaces/inner_api/user_auth_client.h b/interfaces/inner_api/user_auth_client.h index 42ca06dfcfbb5dc17d43a927b4dc870d80513287..75a8900909416492805b2912e6c8a889c38267bb 100644 --- a/interfaces/inner_api/user_auth_client.h +++ b/interfaces/inner_api/user_auth_client.h @@ -174,6 +174,15 @@ public: * @return Return get result(0:success; other:failed). */ virtual int32_t GetAvailableStatus(int32_t userId, AuthType authType, AuthTrustLevel authTrustLevel) = 0; + + /** + * @brief Query reusable authentication result. + * @param authParam, authentication paramater for widgetAuth. + * @param extraInfo reuse authentication result. + * + * @return Return prepare remote authentication result(0:success; other:failed). + */ + virtual int32_t QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) = 0; }; } // namespace UserAuth } // namespace UserIam diff --git a/services/ipc/inc/user_auth_service.h b/services/ipc/inc/user_auth_service.h index 295400d46bfb6abd8050b6bece20502986e45258..c086569a22680cc9ae85a8a6d37a0045e27a2066 100644 --- a/services/ipc/inc/user_auth_service.h +++ b/services/ipc/inc/user_auth_service.h @@ -69,6 +69,8 @@ public: const sptr &userAuthCallback) override; int32_t VerifyAuthToken(const std::vector &tokenIn, uint64_t allowableDuration, const sptr &verifyTokenCallback) override; + int32_t QueryReusableAuthResult(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo) override; int32_t CallbackEnter([[maybe_unused]] uint32_t code) override; int32_t CallbackExit([[maybe_unused]] uint32_t code, [[maybe_unused]] int32_t result) override; diff --git a/services/ipc/src/user_auth_service.cpp b/services/ipc/src/user_auth_service.cpp index 28bb51c1ac6211c86e3f9898fd437e7d9ecd839b..cb96b4a1bcb44ccb00f140158c1327627122aaad 100644 --- a/services/ipc/src/user_auth_service.cpp +++ b/services/ipc/src/user_auth_service.cpp @@ -1658,6 +1658,60 @@ int32_t UserAuthService::VerifyAuthToken(const std::vector &tokenIn, ui return SUCCESS; } +int32_t UserAuthService::QueryReusableAuthResult(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo) +{ + if (!IpcCommon::CheckPermission(*this, ACCESS_USER_AUTH_INTERNAL_PERMISSION)) { + IAM_LOGE("failed to check permission"); + return CHECK_PERMISSION_FAILED; + } + if (IpcCommon::GetDirectCallerType(*this) != Security::AccessToken::TOKEN_HAP && + !IpcCommon::CheckPermission(*this, IS_SYSTEM_APP)) { + IAM_LOGE("caller is not systemApp."); + return CHECK_SYSTEM_APP_FAILED; + } + + if (!ipcAuthParamInner.reuseUnlockResult.isReuse || ipcAuthParamInner.reuseUnlockResult.reuseDuration == 0 || + ipcAuthParamInner.reuseUnlockResult.reuseDuration > MAX_ALLOWABLE_REUSE_DURATION || + (ipcAuthParamInner.reuseUnlockResult.reuseMode != AUTH_TYPE_RELEVANT && + ipcAuthParamInner.reuseUnlockResult.reuseMode != AUTH_TYPE_IRRELEVANT && + ipcAuthParamInner.reuseUnlockResult.reuseMode != CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT && + ipcAuthParamInner.reuseUnlockResult.reuseMode != CALLER_IRRELEVANT_AUTH_TYPE_IRRELEVANT)) { + IAM_LOGE("invalid param"); + return PARAM_VERIFIED_FAILED; + } + + auto hdi = HdiWrapper::GetHdiInstance(); + if (hdi == nullptr) { + IAM_LOGE("hdi interface is nullptr"); + return GENERAL_ERROR; + } + + HdiReuseUnlockParam unlockParam = {}; + unlockParam.baseParam.userId = ipcAuthParamInner.userId; + unlockParam.baseParam.authTrustLevel = ipcAuthParamInner.authTrustLevel; + for (auto &type : ipcAuthParamInner.authTypes) { + unlockParam.authTypes.emplace_back(static_cast(type)); + } + unlockParam.baseParam.challenge = ipcAuthParamInner.challenge; + unlockParam.reuseUnlockResultMode = ipcAuthParamInner.reuseUnlockResult.reuseMode; + unlockParam.reuseUnlockResultDuration = ipcAuthParamInner.reuseUnlockResult.reuseDuration; + + HdiReuseUnlockInfo reuseResultInfo = {}; + int32_t result = hdi->CheckReuseUnlockResult(unlockParam, reuseResultInfo); + if (result != SUCCESS) { + IAM_LOGE("CheckReuseUnlockResult failed result:%{public}d userId:%{public}d", result, + ipcAuthParamInner.userId); + return result; + } + + Attributes attributes; + bool setSignatureResult = attributes.SetUint8ArrayValue(Attributes::ATTR_SIGNATURE, reuseResultInfo.token); + IF_FALSE_LOGE_AND_RETURN_VAL(setSignatureResult == true, GENERAL_ERROR); + extraInfo = attributes.Serialize(); + return SUCCESS; +} + void UserAuthService::InitAuthParam(const IpcAuthParamInner &ipcAuthParam, AuthParamInner &authParam) { authParam.userId = ipcAuthParam.userId; diff --git a/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp b/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp index e1a794ceea8bafc3c27708d88bffc5d5927212c1..3fa6f84edece5069b26eb39af7130c344813647b 100644 --- a/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp +++ b/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp @@ -405,6 +405,22 @@ void FuzzSetGlobalConfigParam(Parcel &parcel) IAM_LOGI("end"); } +void FuzzQueryReusableAuthResult(Parcel &parcel) +{ + IAM_LOGI("start"); + std::vector extraInfo; + WidgetAuthParam authParam = {}; + authParam.userId = parcel.ReadInt32(); + Common::FillFuzzUint8Vector(parcel, authParam.challenge); + authParam.authTypes.push_back(static_cast(parcel.ReadInt32())); + authParam.authTrustLevel = static_cast(parcel.ReadUint32()); + authParam.reuseUnlockResult.isReuse = parcel.ReadBool(); + authParam.reuseUnlockResult.reuseMode = static_cast(parcel.ReadInt32()); + authParam.reuseUnlockResult.reuseDuration = parcel.ReadUint64(); + UserAuthClientImpl::Instance().QueryReusableAuthResult(authParam, extraInfo); + IAM_LOGI("end"); +} + using FuzzFunc = decltype(FuzzClientGetAvailableStatus); FuzzFunc *g_fuzzFuncs[] = { FuzzClientGetEnrolledState, @@ -430,6 +446,7 @@ FuzzFunc *g_fuzzFuncs[] = { FuzzSetPropCallbackServiceOnPropResult, FuzzSetGlobalConfigParam, FuzzNapiBeginWidgetAuth, + FuzzQueryReusableAuthResult, }; void UserAuthClientFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp b/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp index 96135e92d2b0a90b5fb41621fbfc62c8355e5d4c..e48ae7e8673eb71d34d326f7c0199b1c57c6b30a 100644 --- a/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp +++ b/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp @@ -698,6 +698,25 @@ void FuzzVerifyAuthToken(Parcel &parcel) IAM_LOGI("end"); } +void FuzzQueryReusableAuthResult(Parcel &parcel) +{ + IAM_LOGI("begin"); + std::vector extraInfo; + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = parcel.ReadInt32(); + Common::FillFuzzUint8Vector(parcel, ipcAuthParamInner.challenge); + ipcAuthParamInner.authTypes.push_back(parcel.ReadInt32()); + ipcAuthParamInner.authTrustLevel = parcel.ReadUint32(); + ipcAuthParamInner.reuseUnlockResult.isReuse = parcel.ReadBool(); + ipcAuthParamInner.reuseUnlockResult.reuseMode = parcel.ReadInt32(); + ipcAuthParamInner.reuseUnlockResult.reuseDuration = parcel.ReadUint64(); + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + g_userAuthService.QueryReusableAuthResult(ipcAuthParamInner, extraInfo); + IpcCommon::DeleteAllPermission(); + IAM_LOGI("end"); +} + void FuzzGetAuthTokenAttr(Parcel &parcel) { IAM_LOGI("begin"); @@ -757,6 +776,7 @@ FuzzFunc *g_fuzzFuncs[] = { FuzzGetPropertyById, FuzzVerifyAuthToken, FuzzGetAuthTokenAttr, + FuzzQueryReusableAuthResult, }; void UserAuthFuzzTest(const uint8_t *data, size_t size) diff --git a/test/unittest/inner_api/src/user_auth_client_test.cpp b/test/unittest/inner_api/src/user_auth_client_test.cpp index 3301ac9fc5182cddd1b3c56ce53e32027352dc24..fb52d695899fbee8701d00510e9970d71782e878 100644 --- a/test/unittest/inner_api/src/user_auth_client_test.cpp +++ b/test/unittest/inner_api/src/user_auth_client_test.cpp @@ -857,7 +857,6 @@ HWTEST_F(UserAuthClientTest, UserAuthClientGetNorthAvailableStatus, TestSize.Lev EXPECT_EQ(ret, GENERAL_ERROR); } - HWTEST_F(UserAuthClientTest, UserAuthClientGetPropertyById001, TestSize.Level0) { uint64_t testCredentialId = 1; @@ -912,6 +911,41 @@ HWTEST_F(UserAuthClientTest, UserAuthClientGetPropertyById002, TestSize.Level0) dr->OnRemoteDied(obj); IpcClientUtils::ResetObj(); } + +HWTEST_F(UserAuthClientTest, QueryReusableAuthResult001, TestSize.Level0) +{ + WidgetAuthParam authParam = {}; + std::vector extraInfo; + + int32_t ret = UserAuthClient::GetInstance().QueryReusableAuthResult(authParam, extraInfo); + EXPECT_EQ(ret, GENERAL_ERROR); +} + +HWTEST_F(UserAuthClientTest, QueryReusableAuthResult002, TestSize.Level0) +{ + WidgetAuthParam authParam = {}; + std::vector extraInfo; + + auto service = Common::MakeShared(); + EXPECT_NE(service, nullptr); + EXPECT_CALL(*service, QueryReusableAuthResult(_, _)).Times(1); + ON_CALL(*service, QueryReusableAuthResult) + .WillByDefault( + [](const IpcAuthParamInner &ipcAuthParamInner, std::vector &extraInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + extraInfo.resize(USER_AUTH_TOKEN_LEN); + return SUCCESS; + } + ); + sptr obj(new (std::nothrow) MockRemoteObject()); + sptr dr(nullptr); + CallRemoteObject(service, obj, dr); + int32_t ret = UserAuthClient::GetInstance().QueryReusableAuthResult(authParam, extraInfo); + EXPECT_EQ(ret, SUCCESS); + EXPECT_NE(dr, nullptr); + dr->OnRemoteDied(obj); + IpcClientUtils::ResetObj(); +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS \ No newline at end of file diff --git a/test/unittest/services/mocks/mock_user_auth_service.h b/test/unittest/services/mocks/mock_user_auth_service.h index 6c6c5c7d8c8adf92acf59e89ad3836dc6ec810eb..46ddc267891d500ed8dc5e91d6efa26a5a856943 100644 --- a/test/unittest/services/mocks/mock_user_auth_service.h +++ b/test/unittest/services/mocks/mock_user_auth_service.h @@ -69,6 +69,8 @@ public: const sptr &userAuthCallback)); MOCK_METHOD3(VerifyAuthToken, int32_t(const std::vector &tokenIn, uint64_t allowableDuration, const sptr &verifyTokenCallback)); + MOCK_METHOD2(QueryReusableAuthResult, int32_t(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo)); MOCK_METHOD1(CallbackEnter, int32_t(uint32_t code)); MOCK_METHOD2(CallbackExit, int32_t(uint32_t code, int32_t result)); }; diff --git a/test/unittest/services/src/user_auth_service_test_part02.cpp b/test/unittest/services/src/user_auth_service_test_part02.cpp index 6c8dba9bd34347c9ecbe63c778510cf700534d82..35b249bd6805afb8be8e2bf3598682f15d70d398 100644 --- a/test/unittest/services/src/user_auth_service_test_part02.cpp +++ b/test/unittest/services/src/user_auth_service_test_part02.cpp @@ -1698,6 +1698,177 @@ HWTEST_F(UserAuthServiceTest, UserAuthServiceVerifyAuthToken005, TestSize.Level0 EXPECT_EQ(service.VerifyAuthToken(testTokenIn, allowableDuration, callbackInterface), SUCCESS); IpcCommon::DeleteAllPermission(); } + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult001, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), SUCCESS); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult002, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), CHECK_PERMISSION_FAILED); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult003, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), CHECK_SYSTEM_APP_FAILED); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult004, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + return HDF_FAILURE; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), HDF_FAILURE); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult005, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), GENERAL_ERROR); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult006, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), GENERAL_ERROR); + IpcCommon::DeleteAllPermission(); +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS \ No newline at end of file