diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6ec0ef91d0f1c56ebf4d29bb121078a02c13585c..630476310a35a6fb71c544016c6d9169a198cb4a 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -394,18 +394,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index d21279a34ad47be10783315c8473819e23a254e9..5227d2891c97b83a1a5327ce457df9743b459079 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -77,6 +77,7 @@ constexpr const char* TAG_EDITION = "edition"; constexpr const char* TAG_BUNDLE_NAME = "bundleName"; constexpr const char* TAG_CRYPTIC_MSG = "encryptMsg"; constexpr const char* TAG_PEER_BUNDLE_NAME = "PEER_BUNDLE_NAME"; +constexpr const char* TAG_PROFILES_SIZE = "PROFILES_SIZE"; class DmAuthManager; struct DmAuthRequestContext; @@ -91,8 +92,10 @@ public: int32_t ParseMessage(const std::string &message); void SetRequestContext(std::shared_ptr authRequestContext); void SetResponseContext(std::shared_ptr authResponseContext); + void SetRequestProfiles(std::vector profiles); std::shared_ptr GetResponseContext(); std::shared_ptr GetRequestContext(); + std::vector GetRequestProfiles(); std::string CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen); void CreateResponseAuthMessageExt(nlohmann::json &json); void ParseAuthResponseMessageExt(nlohmann::json &json); @@ -113,11 +116,17 @@ private: void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); void ParsePkgNegotiateMessage(const nlohmann::json &json); + void ParseRemoteAcl(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); void GetJsonObj(nlohmann::json &jsonObj); void CreateReqReCheckMessage(nlohmann::json &jsonObj); void ParseReqReCheckMessage(nlohmann::json &json); + void SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json); + void CreateLocalAclParcel(nlohmann::json &json); + void ParseAclFromJson(const nlohmann::json &json, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); private: std::weak_ptr authMgr_; @@ -128,6 +137,7 @@ private: std::mutex encryptFlagMutex_; bool encryptFlag_ = false; std::shared_ptr cryptoMgr_ = nullptr; + std::vector requestProfiles_; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b67246a0b4afb00059c8509d13377ccd84db51e2..b23a28f8728dc6f7cd0ddced8b23f55ed287af6e 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -219,6 +219,28 @@ void AuthMessageProcessor::CreateNegotiateMessage(nlohmann::json &json) json[TAG_EDITION] = authResponseContext_->edition; } +void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) +{ + for (uint32_t item = 0; item < requestProfiles_.size(); item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(item).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(item).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + } +} + void AuthMessageProcessor::CreateRespNegotiateMessage(nlohmann::json &json) { if (cryptoAdapter_ == nullptr) { @@ -602,6 +624,71 @@ void AuthMessageProcessor::ParseNegotiateMessage(const nlohmann::json &json) ParsePkgNegotiateMessage(json); } +void AuthMessageProcessor::ParseRemoteAcl(const nlohmann::json &json) +{ + int32_t profilesSize = 0; + if (IsInt32(json, TAG_PROFILES_SIZE)) { + profilesSize = json[TAG_PROFILES_SIZE].get(); + } + for (uint32_t reqItem = 0; reqItem < requestProfiles_.size(); reqItem++) { + LOGI("ParseRemoteAcl SyncAclByRemote Start."); + SyncAclByRemote(requestProfiles_.at(reqItem), profilesSize, json); + } +} + +void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) +{ + for (int32_t item = 0; item < size; item++) { + bool needDelete = false; + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { + LOGE("ParseAclFromJson format error."); + isSame = true; + return; + } + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + needDelete = true; + isSame = false; + } + if (!needDelete) { + isSame = true; + return; + } + } +} + +void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json) +{ + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(json, size, profile, isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profile.GetAccessControlId()); + } +} + void AuthMessageProcessor::ParseRespNegotiateMessage(const nlohmann::json &json) { if (IsBool(json, TAG_IDENTICAL_ACCOUNT)) { @@ -644,6 +731,11 @@ void AuthMessageProcessor::SetResponseContext(std::shared_ptr profiles) +{ + requestProfiles_ = profiles; +} + std::shared_ptr AuthMessageProcessor::GetResponseContext() { return authResponseContext_; @@ -654,6 +746,11 @@ std::shared_ptr AuthMessageProcessor::GetRequestContext() return authRequestContext_; } +std::vector AuthMessageProcessor::GetRequestProfiles() +{ + return requestProfiles_; +} + std::string AuthMessageProcessor::CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen) { LOGI("CreateDeviceAuthMessage start, msgType %{public}d.", msgType); @@ -675,6 +772,8 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_PROFILES_SIZE] = requestProfiles_.size(); + CreateLocalAclParcel(jsonTemp); std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -730,6 +829,7 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 1d284dab319c86f50b0c62a9c70aea1ca5dca597..9de888780f8566760e716210444da71811d31cf8 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -863,6 +863,9 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authResponseContext_->isIdenticalAccount = false; authResponseContext_->edition = DM_VERSION_5_0_3; authMessageProcessor_->SetResponseContext(authResponseContext_); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { @@ -914,6 +917,9 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) return; } LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName();