From 68f0b07355f8f0c71e6a4938a8577c9ca6ba0aca Mon Sep 17 00:00:00 2001 From: hejiaogirl Date: Mon, 9 Jun 2025 14:16:28 +0800 Subject: [PATCH] fix : query reuse auth result Signed-off-by: hejiaogirl Change-Id: Ic49627e2a4a9465ef4f5b56991752006670e330a --- frameworks/cj/user_auth/inc/user_auth_ffi.h | 4 + .../cj/user_auth/inc/user_auth_ffi_struct.h | 5 + frameworks/cj/user_auth/src/user_auth_ffi.cpp | 34 ++++ .../js/napi/user_auth/inc/auth_common.h | 1 + .../user_auth/inc/user_auth_instance_v10.h | 4 +- .../js/napi/user_auth/src/user_auth_entry.cpp | 30 +++ .../user_auth/src/user_auth_instance_v10.cpp | 70 +++++++ .../user_auth/src/user_auth_napi_helper.cpp | 9 + .../native/client/inc/user_auth_client_impl.h | 1 + .../client/src/user_auth_client_impl.cpp | 25 +++ frameworks/native/client/user_auth_client_map | 1 + frameworks/native/ipc/idl/IUserAuth.idl | 2 + interfaces/inner_api/user_auth_client.h | 9 + services/context/src/auth_widget_helper.cpp | 2 +- services/ipc/inc/user_auth_service.h | 2 + services/ipc/src/user_auth_service.cpp | 44 +++++ .../user_auth_client_fuzzer.cpp | 17 ++ .../user_auth_service_fuzzer.cpp | 20 ++ .../inner_api/src/user_auth_client_test.cpp | 36 +++- .../services/mocks/mock_user_auth_service.h | 2 + .../src/user_auth_service_test_part02.cpp | 171 ++++++++++++++++++ 21 files changed, 486 insertions(+), 3 deletions(-) diff --git a/frameworks/cj/user_auth/inc/user_auth_ffi.h b/frameworks/cj/user_auth/inc/user_auth_ffi.h index 00081ef68..32a25ef74 100644 --- a/frameworks/cj/user_auth/inc/user_auth_ffi.h +++ b/frameworks/cj/user_auth/inc/user_auth_ffi.h @@ -25,6 +25,7 @@ using OHOS::UserIam::UserAuth::CjUserAuthCallback; using OHOS::UserIam::UserAuth::CjUserAuthResult; using OHOS::UserIam::UserAuth::CjWidgetParam; using OHOS::UserIam::UserAuth::EnrolledState; +using OHOS::UserIam::UserAuth::CjReuseAuthResult; #define FFI_EXPORT __attribute__((visibility("default"))) @@ -41,6 +42,9 @@ FFI_EXPORT uint64_t FfiUserAuthStart(const CjAuthParam &authParam, const CjWidge CjUserAuthCallback *callbackPtr); FFI_EXPORT int32_t FfiUserAuthCancel(uint64_t contextId); + +FFI_EXPORT int32_t FfiUserAuthQueryReusableAuthResult(int32_t userId, const CjAuthParam &authParam, + CjReuseAuthResult *reuseAuthResult); } diff --git a/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h b/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h index 412745f4d..0b359b3ec 100644 --- a/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h +++ b/frameworks/cj/user_auth/inc/user_auth_ffi_struct.h @@ -48,6 +48,11 @@ struct CjUserAuthResult { uint16_t credentialCount; }; +struct CjReuseAuthResult { + uint8_t *token; + int64_t tokenLen; +}; + class CjUserAuthCallback final : public AuthenticationCallback { public: CjUserAuthCallback() = default; diff --git a/frameworks/cj/user_auth/src/user_auth_ffi.cpp b/frameworks/cj/user_auth/src/user_auth_ffi.cpp index c72dd2e92..035b0e838 100644 --- a/frameworks/cj/user_auth/src/user_auth_ffi.cpp +++ b/frameworks/cj/user_auth/src/user_auth_ffi.cpp @@ -84,3 +84,37 @@ int32_t FfiUserAuthCancel(const uint64_t contextId) { return UserAuthClientImpl::GetInstance().CancelAuthentication(contextId); } + +int32_t FfiUserAuthQueryReusableAuthResult(int32_t userId, const CjAuthParam &authParam, + CjReuseAuthResult *reuseAuthResult) +{ + std::vector authTypes; + for (int i = 0; i < authParam.authTypesLen; ++i) { + authTypes.push_back(AuthType(authParam.authTypes[i])); + } + WidgetAuthParam authParamInner{ + .userId = userId, + .challenge = std::vector(authParam.challenge, authParam.challenge + authParam.challengeLen), + .authTypes = authTypes, + .authTrustLevel = AuthTrustLevel(authParam.authTrustLevel), + }; + if (authParam.isReuse) { + authParamInner.reuseUnlockResult = { + .isReuse = true, + .reuseMode = ReuseMode(authParam.reuseMode), + .reuseDuration = authParam.reuseDuration, + }; + } + + std::vector extraInfo; + int32_t ret = UserAuthClientImpl::Instance().QueryReusableAuthResult(authParamInner, extraInfo); + if (ret == SUCCESS) { + Attributes attributes(extraInfo); + std::vector token; + attributes.GetUint8ArrayValue(Attributes::ATTR_SIGNATURE, token); + reuseAuthResult->token = token.data(); + reuseAuthResult->tokenLen = static_cast(token.size()); + } + + return ret; +} \ No newline at end of file diff --git a/frameworks/js/napi/user_auth/inc/auth_common.h b/frameworks/js/napi/user_auth/inc/auth_common.h index 90da12d48..601053613 100644 --- a/frameworks/js/napi/user_auth/inc/auth_common.h +++ b/frameworks/js/napi/user_auth/inc/auth_common.h @@ -81,6 +81,7 @@ enum class UserAuthResultCode : int32_t { TYPE_NOT_SUPPORT = 12500005, TRUST_LEVEL_NOT_SUPPORT = 12500006, BUSY = 12500007, + PARAM_VERIFIED_FAILED = 12500008, LOCKED = 12500009, NOT_ENROLLED = 12500010, RESULT_CODE_V9_MAX = 12500010, diff --git a/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h b/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h index 59c22965b..931caad69 100644 --- a/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h +++ b/frameworks/js/napi/user_auth/inc/user_auth_instance_v10.h @@ -43,6 +43,7 @@ public: UserAuthResultCode Start(napi_env env, napi_callback_info info); UserAuthResultCode Cancel(napi_env env, napi_callback_info info); static napi_value GetEnrolledState(napi_env env, napi_callback_info info); + napi_value QueryReusableAuthResult(napi_env env, napi_callback_info info); private: UserAuthResultCode InitChallenge(napi_env env, napi_value value); @@ -60,7 +61,8 @@ private: UserAuthApiEventReporter &reporter); UserAuthResultCode ProcessContext(napi_env env, napi_value value); bool CheckUIContext(const std::shared_ptr context); - + UserAuthResultCode ParamReusableAuthResult(napi_env env, napi_callback_info info, + WidgetAuthParam &authParam); AuthParamInner authParam_ = {}; UserAuthNapiClientImpl::WidgetParamNapi widgetParam_ = {}; diff --git a/frameworks/js/napi/user_auth/src/user_auth_entry.cpp b/frameworks/js/napi/user_auth/src/user_auth_entry.cpp index 70bb8e503..d00cc0f1a 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_entry.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_entry.cpp @@ -649,6 +649,35 @@ napi_value CancelAuth(napi_env env, napi_callback_info info) return UserAuthImpl::CancelAuth(env, info); } +napi_value QueryReusableAuthResult(napi_env env, napi_callback_info info) +{ + IAM_LOGI("start"); + UserAuthApiEventReporter reporter("QueryReusableAuthResult"); + napi_value userAuthInstanceV10; + napi_status ret = napi_new_instance(env, UserAuthInstanceV10Class(env), 0, nullptr, &userAuthInstanceV10); + if (ret != napi_ok) { + IAM_LOGE("napi_new_instance fail:%{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + UserAuthInstanceV10 *userAuthInstance = nullptr; + ret = napi_unwrap(env, userAuthInstanceV10, reinterpret_cast(&userAuthInstance)); + if (ret != napi_ok) { + IAM_LOGE("napi_unwrap fail"); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + if (userAuthInstance == nullptr) { + IAM_LOGE("userAuthInstanceV10 is null"); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + return userAuthInstance->QueryReusableAuthResult(env, info); +} + napi_value AuthTrustLevelConstructor(napi_env env) { napi_value authTrustLevel = nullptr; @@ -1008,6 +1037,7 @@ napi_value UserAuthInit(napi_env env, napi_value exports) DECLARE_NAPI_FUNCTION("getUserAuthWidgetMgr", UserAuth::GetUserAuthWidgetMgrV10), DECLARE_NAPI_FUNCTION("getEnrolledState", UserAuth::GetEnrolledState), DECLARE_NAPI_FUNCTION("sendNotice", UserAuth::SendNotice), + DECLARE_NAPI_FUNCTION("queryReusableAuthResult", UserAuth::QueryReusableAuthResult), }; status = napi_define_properties(env, exports, sizeof(exportFuncs) / sizeof(napi_property_descriptor), exportFuncs); diff --git a/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp b/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp index 91cafb177..6eb5b2819 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_instance_v10.cpp @@ -719,6 +719,76 @@ UserAuthResultCode UserAuthInstanceV10::Cancel(napi_env env, napi_callback_info isAuthStarted_ = false; return UserAuthResultCode::SUCCESS; } + +UserAuthResultCode UserAuthInstanceV10::ParamReusableAuthResult(napi_env env, napi_callback_info info, + WidgetAuthParam &authParam) +{ + napi_value argv[ARGS_ONE]; + size_t argc = ARGS_ONE; + napi_status ret = napi_get_cb_info(env, info, &argc, argv, nullptr, nullptr); + if (ret != napi_ok) { + IAM_LOGE("napi_get_cb_info fail:%{public}d", ret); + return UserAuthResultCode::GENERAL_ERROR; + } + if (argc != ARGS_ONE) { + IAM_LOGE("parms error"); + std::string msgStr = "Parameter vefification failed. The number of parameters should be 1."; + napi_throw(env, UserAuthNapiHelper::GenerateErrorMsg(env, UserAuthResultCode::PARAM_VERIFY_FAILED, msgStr)); + return UserAuthResultCode::PARAM_VERIFY_FAILED; + } + UserAuthResultCode errCode = InitAuthParam(env, argv[PARAM0]); + if (errCode != UserAuthResultCode::SUCCESS) { + IAM_LOGE("AuthParamInner type error, errorCode: %{public}d", errCode); + return errCode; + } + authParam.userId = authParam_.userId; + authParam.challenge = authParam_.challenge; + authParam.authTypes = authParam_.authTypes; + authParam.authTrustLevel = authParam_.authTrustLevel; + authParam.reuseUnlockResult.isReuse = authParam_.reuseUnlockResult.isReuse; + authParam.reuseUnlockResult.reuseMode = authParam_.reuseUnlockResult.reuseMode; + authParam.reuseUnlockResult.reuseDuration = authParam_.reuseUnlockResult.reuseDuration; + return UserAuthResultCode::SUCCESS; +} + +napi_value UserAuthInstanceV10::QueryReusableAuthResult(napi_env env, napi_callback_info info) +{ + UserAuthApiEventReporter reporter("QueryReusableAuthResult"); + WidgetAuthParam authParam = {0}; + UserAuthResultCode errCode = ParamReusableAuthResult(env, info, authParam); + if (errCode != UserAuthResultCode::SUCCESS) { + IAM_LOGE("AuthParamInner type error, errorCode: %{public}d", errCode); + reporter.ReportFailed(errCode); + return nullptr; + } + + std::vector extraInfo; + int32_t code = UserAuthClientImpl::Instance().QueryReusableAuthResult(authParam, extraInfo); + if (code != SUCCESS) { + IAM_LOGE("failed to query reuse result %{public}d", code); + int32_t resultCode = UserAuthNapiHelper::GetResultCodeV10(code); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode(resultCode))); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + napi_value eventInfo; + napi_status ret = napi_create_object(env, &eventInfo); + if (ret != napi_ok) { + IAM_LOGE("napi_create_object failed %{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + ret = UserAuthNapiHelper::SetUint8ArrayProperty(env, eventInfo, "extraInfo", extraInfo); + if (ret != napi_ok) { + IAM_LOGE("napi_create_object failed %{public}d", ret); + napi_throw(env, UserAuthNapiHelper::GenerateBusinessErrorV9(env, UserAuthResultCode::GENERAL_ERROR)); + reporter.ReportFailed(UserAuthResultCode::GENERAL_ERROR); + return nullptr; + } + reporter.ReportSuccess(); + return eventInfo; +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS diff --git a/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp b/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp index e20742303..695cf45bf 100644 --- a/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp +++ b/frameworks/js/napi/user_auth/src/user_auth_napi_helper.cpp @@ -172,6 +172,15 @@ int32_t UserAuthNapiHelper::GetResultCodeV10(int32_t result) if (result == HARDWARE_NOT_SUPPORTED) { return static_cast(UserAuthResultCode::GENERAL_ERROR); } + if (result == AUTH_TOKEN_CHECK_FAILED) { + return static_cast(UserAuthResultCode::AUTH_TOKEN_CHECK_FAILED); + } + if (result == AUTH_TOKEN_EXPIRED) { + return static_cast(UserAuthResultCode::AUTH_TOKEN_EXPIRED); + } + if (result == PARAMETERS_VERIFIED_FAILED) { + return static_cast(UserAuthResultCode::PARAM_VERIFIED_FAILED); + } if (result > (INT32_MAX - static_cast(UserAuthResultCode::RESULT_CODE_V10_MIN))) { return static_cast(UserAuthResultCode::GENERAL_ERROR); } diff --git a/frameworks/native/client/inc/user_auth_client_impl.h b/frameworks/native/client/inc/user_auth_client_impl.h index 4f5ec6d70..48b46a3c5 100644 --- a/frameworks/native/client/inc/user_auth_client_impl.h +++ b/frameworks/native/client/inc/user_auth_client_impl.h @@ -66,6 +66,7 @@ public: int32_t SetGlobalConfigParam(const GlobalConfigParam ¶m) override; int32_t PrepareRemoteAuth(const std::string &networkId, const std::shared_ptr &callback) override; + int32_t QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) override; private: ResultCode SetPropertyInner(int32_t userId, const SetPropertyRequest &request, diff --git a/frameworks/native/client/src/user_auth_client_impl.cpp b/frameworks/native/client/src/user_auth_client_impl.cpp index 82ed9a422..b8134dbc1 100644 --- a/frameworks/native/client/src/user_auth_client_impl.cpp +++ b/frameworks/native/client/src/user_auth_client_impl.cpp @@ -722,6 +722,30 @@ int32_t UserAuthClientImpl::PrepareRemoteAuth(const std::string &networkId, return proxy->PrepareRemoteAuth(networkId, wrapper); } +int32_t UserAuthClientImpl::QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) +{ + IAM_LOGI("start"); + auto proxy = GetProxy(); + if (!proxy) { + IAM_LOGE("proxy is nullptr"); + return GENERAL_ERROR; + } + + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = authParam.userId; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = authParam.challenge; + for (auto &authType : authParam.authTypes) { + ipcAuthParamInner.authTypes.push_back(static_cast(authType)); + } + ipcAuthParamInner.authTrustLevel = authParam.authTrustLevel, + ipcAuthParamInner.reuseUnlockResult.isReuse = authParam.reuseUnlockResult.isReuse; + ipcAuthParamInner.reuseUnlockResult.reuseMode = authParam.reuseUnlockResult.reuseMode; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = authParam.reuseUnlockResult.reuseDuration; + + return proxy->QueryReusableAuthResult(ipcAuthParamInner, extraInfo); +} + void UserAuthClientImpl::InitIpcRemoteAuthParam(const std::optional &remoteAuthParam, IpcRemoteAuthParam &ipcRemoteAuthParam) { @@ -778,6 +802,7 @@ void UserAuthClientImpl::InitIpcAuthParam(const AuthParamInner &authParam, ipcAuthParamInner.authTrustLevel = static_cast(authParam.authTrustLevel); ipcAuthParamInner.authIntent = static_cast(authParam.authIntent); ipcAuthParamInner.reuseUnlockResult.isReuse = authParam.reuseUnlockResult.isReuse; + ipcAuthParamInner.reuseUnlockResult.reuseMode = authParam.reuseUnlockResult.reuseMode; ipcAuthParamInner.reuseUnlockResult.reuseDuration = authParam.reuseUnlockResult.reuseDuration; } diff --git a/frameworks/native/client/user_auth_client_map b/frameworks/native/client/user_auth_client_map index c2c807fba..3bfacb9fa 100644 --- a/frameworks/native/client/user_auth_client_map +++ b/frameworks/native/client/user_auth_client_map @@ -32,6 +32,7 @@ OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::Instance*; OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::BeginWidgetAuth*; OHOS::UserIam::UserAuth::UserAuthNapiClientImpl::CancelAuthentication*; + OHOS::UserIam::UserAuth::UserAuthClientImpl::QueryReusableAuthResult*; }; local: *; diff --git a/frameworks/native/ipc/idl/IUserAuth.idl b/frameworks/native/ipc/idl/IUserAuth.idl index 969e2bf3c..e337ff803 100644 --- a/frameworks/native/ipc/idl/IUserAuth.idl +++ b/frameworks/native/ipc/idl/IUserAuth.idl @@ -72,4 +72,6 @@ interface OHOS.UserIam.UserAuth.IUserAuth { void VerifyAuthToken([in] unsigned char[] tokenIn, [in] unsigned long allowableDuration, [in] IVerifyTokenCallback verifyTokenCallback); + + void QueryReusableAuthResult([in] IpcAuthParamInner ipcAuthParamInner, [out] unsigned char[] extraInfo); } \ No newline at end of file diff --git a/interfaces/inner_api/user_auth_client.h b/interfaces/inner_api/user_auth_client.h index 42ca06dfc..75a890090 100644 --- a/interfaces/inner_api/user_auth_client.h +++ b/interfaces/inner_api/user_auth_client.h @@ -174,6 +174,15 @@ public: * @return Return get result(0:success; other:failed). */ virtual int32_t GetAvailableStatus(int32_t userId, AuthType authType, AuthTrustLevel authTrustLevel) = 0; + + /** + * @brief Query reusable authentication result. + * @param authParam, authentication paramater for widgetAuth. + * @param extraInfo reuse authentication result. + * + * @return Return prepare remote authentication result(0:success; other:failed). + */ + virtual int32_t QueryReusableAuthResult(const WidgetAuthParam &authParam, std::vector &extraInfo) = 0; }; } // namespace UserAuth } // namespace UserIam diff --git a/services/context/src/auth_widget_helper.cpp b/services/context/src/auth_widget_helper.cpp index 2db454c6c..658b07251 100644 --- a/services/context/src/auth_widget_helper.cpp +++ b/services/context/src/auth_widget_helper.cpp @@ -196,7 +196,7 @@ int32_t AuthWidgetHelper::CheckReuseUnlockResult(const ContextFactory::AuthWidge authParam.reuseUnlockResult.reuseMode != CALLER_IRRELEVANT_AUTH_TYPE_RELEVANT && authParam.reuseUnlockResult.reuseMode != CALLER_IRRELEVANT_AUTH_TYPE_IRRELEVANT)) { IAM_LOGE("CheckReuseUnlockResult invalid param"); - return INVALID_PARAMETERS; + return PARAMETERS_VERIFIED_FAILED; } auto hdi = HdiWrapper::GetHdiInstance(); if (hdi == nullptr) { diff --git a/services/ipc/inc/user_auth_service.h b/services/ipc/inc/user_auth_service.h index 295400d46..c086569a2 100644 --- a/services/ipc/inc/user_auth_service.h +++ b/services/ipc/inc/user_auth_service.h @@ -69,6 +69,8 @@ public: const sptr &userAuthCallback) override; int32_t VerifyAuthToken(const std::vector &tokenIn, uint64_t allowableDuration, const sptr &verifyTokenCallback) override; + int32_t QueryReusableAuthResult(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo) override; int32_t CallbackEnter([[maybe_unused]] uint32_t code) override; int32_t CallbackExit([[maybe_unused]] uint32_t code, [[maybe_unused]] int32_t result) override; diff --git a/services/ipc/src/user_auth_service.cpp b/services/ipc/src/user_auth_service.cpp index 28bb51c1a..84f28f429 100644 --- a/services/ipc/src/user_auth_service.cpp +++ b/services/ipc/src/user_auth_service.cpp @@ -1658,6 +1658,50 @@ int32_t UserAuthService::VerifyAuthToken(const std::vector &tokenIn, ui return SUCCESS; } +int32_t UserAuthService::QueryReusableAuthResult(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo) +{ + if (!IpcCommon::CheckPermission(*this, ACCESS_USER_AUTH_INTERNAL_PERMISSION)) { + IAM_LOGE("failed to check permission"); + return CHECK_PERMISSION_FAILED; + } + if (IpcCommon::GetDirectCallerType(*this) != Security::AccessToken::TOKEN_HAP && + !IpcCommon::CheckPermission(*this, IS_SYSTEM_APP)) { + IAM_LOGE("caller is not systemApp."); + return CHECK_SYSTEM_APP_FAILED; + } + + auto hdi = HdiWrapper::GetHdiInstance(); + if (hdi == nullptr) { + IAM_LOGE("hdi interface is nullptr"); + return GENERAL_ERROR; + } + + HdiReuseUnlockParam unlockParam = {}; + unlockParam.baseParam.userId = ipcAuthParamInner.userId; + unlockParam.baseParam.authTrustLevel = ipcAuthParamInner.authTrustLevel; + for (auto &type : ipcAuthParamInner.authTypes) { + unlockParam.authTypes.emplace_back(static_cast(type)); + } + unlockParam.baseParam.challenge = ipcAuthParamInner.challenge; + unlockParam.reuseUnlockResultMode = ipcAuthParamInner.reuseUnlockResult.reuseMode; + unlockParam.reuseUnlockResultDuration = ipcAuthParamInner.reuseUnlockResult.reuseDuration; + + HdiReuseUnlockInfo reuseResultInfo = {}; + int32_t result = hdi->CheckReuseUnlockResult(unlockParam, reuseResultInfo); + if (result != SUCCESS) { + IAM_LOGE("CheckReuseUnlockResult failed result:%{public}d userId:%{public}d", result, + ipcAuthParamInner.userId); + return result; + } + + Attributes attributes; + bool setSignatureResult = attributes.SetUint8ArrayValue(Attributes::ATTR_SIGNATURE, reuseResultInfo.token); + IF_FALSE_LOGE_AND_RETURN_VAL(setSignatureResult == true, GENERAL_ERROR); + extraInfo = attributes.Serialize(); + return SUCCESS; +} + void UserAuthService::InitAuthParam(const IpcAuthParamInner &ipcAuthParam, AuthParamInner &authParam) { authParam.userId = ipcAuthParam.userId; diff --git a/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp b/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp index e1a794cee..3fa6f84ed 100644 --- a/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp +++ b/test/fuzztest/clients/userauthclient_fuzzer/user_auth_client_fuzzer.cpp @@ -405,6 +405,22 @@ void FuzzSetGlobalConfigParam(Parcel &parcel) IAM_LOGI("end"); } +void FuzzQueryReusableAuthResult(Parcel &parcel) +{ + IAM_LOGI("start"); + std::vector extraInfo; + WidgetAuthParam authParam = {}; + authParam.userId = parcel.ReadInt32(); + Common::FillFuzzUint8Vector(parcel, authParam.challenge); + authParam.authTypes.push_back(static_cast(parcel.ReadInt32())); + authParam.authTrustLevel = static_cast(parcel.ReadUint32()); + authParam.reuseUnlockResult.isReuse = parcel.ReadBool(); + authParam.reuseUnlockResult.reuseMode = static_cast(parcel.ReadInt32()); + authParam.reuseUnlockResult.reuseDuration = parcel.ReadUint64(); + UserAuthClientImpl::Instance().QueryReusableAuthResult(authParam, extraInfo); + IAM_LOGI("end"); +} + using FuzzFunc = decltype(FuzzClientGetAvailableStatus); FuzzFunc *g_fuzzFuncs[] = { FuzzClientGetEnrolledState, @@ -430,6 +446,7 @@ FuzzFunc *g_fuzzFuncs[] = { FuzzSetPropCallbackServiceOnPropResult, FuzzSetGlobalConfigParam, FuzzNapiBeginWidgetAuth, + FuzzQueryReusableAuthResult, }; void UserAuthClientFuzzTest(const uint8_t *data, size_t size) diff --git a/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp b/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp index fc4d6f2cf..20cf6e456 100644 --- a/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp +++ b/test/fuzztest/services/userauthservice_fuzzer/user_auth_service_fuzzer.cpp @@ -700,6 +700,25 @@ void FuzzVerifyAuthToken(Parcel &parcel) IAM_LOGI("end"); } +void FuzzQueryReusableAuthResult(Parcel &parcel) +{ + IAM_LOGI("begin"); + std::vector extraInfo; + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = parcel.ReadInt32(); + Common::FillFuzzUint8Vector(parcel, ipcAuthParamInner.challenge); + ipcAuthParamInner.authTypes.push_back(parcel.ReadInt32()); + ipcAuthParamInner.authTrustLevel = parcel.ReadUint32(); + ipcAuthParamInner.reuseUnlockResult.isReuse = parcel.ReadBool(); + ipcAuthParamInner.reuseUnlockResult.reuseMode = parcel.ReadInt32(); + ipcAuthParamInner.reuseUnlockResult.reuseDuration = parcel.ReadUint64(); + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + g_userAuthService.QueryReusableAuthResult(ipcAuthParamInner, extraInfo); + IpcCommon::DeleteAllPermission(); + IAM_LOGI("end"); +} + void FuzzGetAuthTokenAttr(Parcel &parcel) { IAM_LOGI("begin"); @@ -759,6 +778,7 @@ FuzzFunc *g_fuzzFuncs[] = { FuzzGetPropertyById, FuzzVerifyAuthToken, FuzzGetAuthTokenAttr, + FuzzQueryReusableAuthResult, }; void UserAuthFuzzTest(const uint8_t *data, size_t size) diff --git a/test/unittest/inner_api/src/user_auth_client_test.cpp b/test/unittest/inner_api/src/user_auth_client_test.cpp index 3301ac9fc..fb52d6958 100644 --- a/test/unittest/inner_api/src/user_auth_client_test.cpp +++ b/test/unittest/inner_api/src/user_auth_client_test.cpp @@ -857,7 +857,6 @@ HWTEST_F(UserAuthClientTest, UserAuthClientGetNorthAvailableStatus, TestSize.Lev EXPECT_EQ(ret, GENERAL_ERROR); } - HWTEST_F(UserAuthClientTest, UserAuthClientGetPropertyById001, TestSize.Level0) { uint64_t testCredentialId = 1; @@ -912,6 +911,41 @@ HWTEST_F(UserAuthClientTest, UserAuthClientGetPropertyById002, TestSize.Level0) dr->OnRemoteDied(obj); IpcClientUtils::ResetObj(); } + +HWTEST_F(UserAuthClientTest, QueryReusableAuthResult001, TestSize.Level0) +{ + WidgetAuthParam authParam = {}; + std::vector extraInfo; + + int32_t ret = UserAuthClient::GetInstance().QueryReusableAuthResult(authParam, extraInfo); + EXPECT_EQ(ret, GENERAL_ERROR); +} + +HWTEST_F(UserAuthClientTest, QueryReusableAuthResult002, TestSize.Level0) +{ + WidgetAuthParam authParam = {}; + std::vector extraInfo; + + auto service = Common::MakeShared(); + EXPECT_NE(service, nullptr); + EXPECT_CALL(*service, QueryReusableAuthResult(_, _)).Times(1); + ON_CALL(*service, QueryReusableAuthResult) + .WillByDefault( + [](const IpcAuthParamInner &ipcAuthParamInner, std::vector &extraInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + extraInfo.resize(USER_AUTH_TOKEN_LEN); + return SUCCESS; + } + ); + sptr obj(new (std::nothrow) MockRemoteObject()); + sptr dr(nullptr); + CallRemoteObject(service, obj, dr); + int32_t ret = UserAuthClient::GetInstance().QueryReusableAuthResult(authParam, extraInfo); + EXPECT_EQ(ret, SUCCESS); + EXPECT_NE(dr, nullptr); + dr->OnRemoteDied(obj); + IpcClientUtils::ResetObj(); +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS \ No newline at end of file diff --git a/test/unittest/services/mocks/mock_user_auth_service.h b/test/unittest/services/mocks/mock_user_auth_service.h index 6c6c5c7d8..46ddc2678 100644 --- a/test/unittest/services/mocks/mock_user_auth_service.h +++ b/test/unittest/services/mocks/mock_user_auth_service.h @@ -69,6 +69,8 @@ public: const sptr &userAuthCallback)); MOCK_METHOD3(VerifyAuthToken, int32_t(const std::vector &tokenIn, uint64_t allowableDuration, const sptr &verifyTokenCallback)); + MOCK_METHOD2(QueryReusableAuthResult, int32_t(const IpcAuthParamInner &ipcAuthParamInner, + std::vector &extraInfo)); MOCK_METHOD1(CallbackEnter, int32_t(uint32_t code)); MOCK_METHOD2(CallbackExit, int32_t(uint32_t code, int32_t result)); }; diff --git a/test/unittest/services/src/user_auth_service_test_part02.cpp b/test/unittest/services/src/user_auth_service_test_part02.cpp index 6c8dba9bd..35b249bd6 100644 --- a/test/unittest/services/src/user_auth_service_test_part02.cpp +++ b/test/unittest/services/src/user_auth_service_test_part02.cpp @@ -1698,6 +1698,177 @@ HWTEST_F(UserAuthServiceTest, UserAuthServiceVerifyAuthToken005, TestSize.Level0 EXPECT_EQ(service.VerifyAuthToken(testTokenIn, allowableDuration, callbackInterface), SUCCESS); IpcCommon::DeleteAllPermission(); } + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult001, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), SUCCESS); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult002, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), CHECK_PERMISSION_FAILED); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult003, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + static const uint32_t USER_AUTH_TOKEN_LEN = 148; + reuseInfo.token.resize(USER_AUTH_TOKEN_LEN); + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), CHECK_SYSTEM_APP_FAILED); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult004, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + return HDF_FAILURE; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), HDF_FAILURE); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult005, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), GENERAL_ERROR); + IpcCommon::DeleteAllPermission(); +} + +HWTEST_F(UserAuthServiceTest, QueryReusableAuthResult006, TestSize.Level0) +{ + UserAuthService service; + std::vector tempChallenge = {}; + tempChallenge.resize(32); + IpcAuthParamInner ipcAuthParamInner = {}; + ipcAuthParamInner.userId = 1; + ipcAuthParamInner.isUserIdSpecified = true; + ipcAuthParamInner.challenge = tempChallenge; + ipcAuthParamInner.authTrustLevel = ATL3; + ipcAuthParamInner.authTypes.push_back(PIN); + ipcAuthParamInner.reuseUnlockResult.isReuse = true; + ipcAuthParamInner.reuseUnlockResult.reuseMode = AUTH_TYPE_RELEVANT; + ipcAuthParamInner.reuseUnlockResult.reuseDuration = 5 * 60 * 1000; + + auto mockHdi = MockIUserAuthInterface::Holder::GetInstance().Get(); + EXPECT_NE(mockHdi, nullptr); + EXPECT_CALL(*mockHdi, CheckReuseUnlockResult(_, _)) + .WillOnce([](const HdiReuseUnlockParam &info, HdiReuseUnlockInfo &reuseInfo) { + return HDF_SUCCESS; + }); + + IpcCommon::AddPermission(ACCESS_USER_AUTH_INTERNAL_PERMISSION); + IpcCommon::AddPermission(IS_SYSTEM_APP); + std::vector extraInfo; + EXPECT_EQ(service.QueryReusableAuthResult(ipcAuthParamInner, extraInfo), GENERAL_ERROR); + IpcCommon::DeleteAllPermission(); +} } // namespace UserAuth } // namespace UserIam } // namespace OHOS \ No newline at end of file -- Gitee