From 3c52e624d387775b15e5c42b150665f717e3c963 Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 15 Feb 2025 19:57:39 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E8=AE=BE=E5=A4=87=E7=BB=91=E5=AE=9A?= =?UTF-8?q?=E5=92=8C=E8=A7=A3=E7=BB=91=E8=83=BD=E5=8A=9B=E5=A2=9E=E5=BC=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../src/deviceprofile_connector.cpp | 7 -- .../authentication/auth_message_processor.h | 10 ++ .../authentication/auth_message_processor.cpp | 94 +++++++++++++++++++ .../src/authentication/dm_auth_manager.cpp | 6 ++ 4 files changed, 110 insertions(+), 7 deletions(-) diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6d57f99bc..f97c574e0 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -394,18 +394,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index d21279a34..5227d2891 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -77,6 +77,7 @@ constexpr const char* TAG_EDITION = "edition"; constexpr const char* TAG_BUNDLE_NAME = "bundleName"; constexpr const char* TAG_CRYPTIC_MSG = "encryptMsg"; constexpr const char* TAG_PEER_BUNDLE_NAME = "PEER_BUNDLE_NAME"; +constexpr const char* TAG_PROFILES_SIZE = "PROFILES_SIZE"; class DmAuthManager; struct DmAuthRequestContext; @@ -91,8 +92,10 @@ public: int32_t ParseMessage(const std::string &message); void SetRequestContext(std::shared_ptr authRequestContext); void SetResponseContext(std::shared_ptr authResponseContext); + void SetRequestProfiles(std::vector profiles); std::shared_ptr GetResponseContext(); std::shared_ptr GetRequestContext(); + std::vector GetRequestProfiles(); std::string CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen); void CreateResponseAuthMessageExt(nlohmann::json &json); void ParseAuthResponseMessageExt(nlohmann::json &json); @@ -113,11 +116,17 @@ private: void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); void ParsePkgNegotiateMessage(const nlohmann::json &json); + void ParseRemoteAcl(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); void GetJsonObj(nlohmann::json &jsonObj); void CreateReqReCheckMessage(nlohmann::json &jsonObj); void ParseReqReCheckMessage(nlohmann::json &json); + void SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json); + void CreateLocalAclParcel(nlohmann::json &json); + void ParseAclFromJson(const nlohmann::json &json, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); private: std::weak_ptr authMgr_; @@ -128,6 +137,7 @@ private: std::mutex encryptFlagMutex_; bool encryptFlag_ = false; std::shared_ptr cryptoMgr_ = nullptr; + std::vector requestProfiles_; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b67246a0b..e02f6c31d 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -219,6 +219,28 @@ void AuthMessageProcessor::CreateNegotiateMessage(nlohmann::json &json) json[TAG_EDITION] = authResponseContext_->edition; } +void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) +{ + for (uint32_t item = 0; item < requestProfiles_.size(); item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(item).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(item).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + } +} + void AuthMessageProcessor::CreateRespNegotiateMessage(nlohmann::json &json) { if (cryptoAdapter_ == nullptr) { @@ -602,6 +624,65 @@ void AuthMessageProcessor::ParseNegotiateMessage(const nlohmann::json &json) ParsePkgNegotiateMessage(json); } +void AuthMessageProcessor::ParseRemoteAcl(const nlohmann::json &json) +{ + int32_t profilesSize = 0; + if (IsInt32(json, TAG_PROFILES_SIZE)) { + profilesSize = json[TAG_PROFILES_SIZE].get(); + } + for (uint32_t reqItem = 0; reqItem < requestProfiles_.size(); reqItem++) { + LOGI("ParseRemoteAcl SyncAclByRemote Start."); + SyncAclByRemote(requestProfiles_.at(reqItem), profilesSize, json); + } +} + +void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) +{ + for (int32_t item = 0; item < size; item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { + isSame = false; + return; + } + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isSame = false; + return; + } + } +} + +void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json) +{ + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(json, size, profile, isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profile.GetAccessControlId()); + } +} + void AuthMessageProcessor::ParseRespNegotiateMessage(const nlohmann::json &json) { if (IsBool(json, TAG_IDENTICAL_ACCOUNT)) { @@ -644,6 +725,11 @@ void AuthMessageProcessor::SetResponseContext(std::shared_ptr profiles) +{ + requestProfiles_ = profiles; +} + std::shared_ptr AuthMessageProcessor::GetResponseContext() { return authResponseContext_; @@ -654,6 +740,11 @@ std::shared_ptr AuthMessageProcessor::GetRequestContext() return authRequestContext_; } +std::vector AuthMessageProcessor::GetRequestProfiles() +{ + return requestProfiles_; +} + std::string AuthMessageProcessor::CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen) { LOGI("CreateDeviceAuthMessage start, msgType %{public}d.", msgType); @@ -675,6 +766,8 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_PROFILES_SIZE] = requestProfiles_.size(); + CreateLocalAclParcel(jsonTemp); std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -730,6 +823,7 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 1d284dab3..27f2cd655 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -496,6 +496,9 @@ void DmAuthManager::OnSessionOpened(int32_t sessionId, int32_t sessionSide, int3 if (sessionSide == AUTH_SESSION_SIDE_SERVER) { if (authResponseState_ == nullptr && authRequestState_ == nullptr) { authMessageProcessor_ = std::make_shared(shared_from_this()); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); authResponseState_ = std::make_shared(); authResponseState_->SetAuthManager(shared_from_this()); authResponseState_->Enter(); @@ -863,6 +866,9 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authResponseContext_->isIdenticalAccount = false; authResponseContext_->edition = DM_VERSION_5_0_3; authMessageProcessor_->SetResponseContext(authResponseContext_); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { -- Gitee From ff9b7bfe6e42edca5ca50321f36af665e47799b6 Mon Sep 17 00:00:00 2001 From: BrainL Date: Sat, 15 Feb 2025 20:55:02 +0800 Subject: [PATCH 2/2] format code. Signed-off-by: BrainL --- .../implementation/src/authentication/dm_auth_manager.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 27f2cd655..9de888780 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -496,9 +496,6 @@ void DmAuthManager::OnSessionOpened(int32_t sessionId, int32_t sessionSide, int3 if (sessionSide == AUTH_SESSION_SIDE_SERVER) { if (authResponseState_ == nullptr && authRequestState_ == nullptr) { authMessageProcessor_ = std::make_shared(shared_from_this()); - std::vector profiles = - DeviceProfileConnector::GetInstance().GetAccessControlProfile(); - authMessageProcessor_->SetRequestProfiles(profiles); authResponseState_ = std::make_shared(); authResponseState_->SetAuthManager(shared_from_this()); authResponseState_->Enter(); @@ -868,7 +865,7 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authMessageProcessor_->SetResponseContext(authResponseContext_); std::vector profiles = DeviceProfileConnector::GetInstance().GetAccessControlProfile(); - authMessageProcessor->SetRequestProfiles(profiles); + authMessageProcessor_->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { @@ -920,6 +917,9 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) return; } LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName(); -- Gitee