From 1f61c67ed46205016cb798dddb4027b931d9c015 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 11:59:37 +0800 Subject: [PATCH 1/3] =?UTF-8?q?=E8=AE=BE=E5=A4=87=E7=BB=91=E5=AE=9A?= =?UTF-8?q?=E5=92=8C=E8=A7=A3=E7=BB=91=E8=83=BD=E5=8A=9B=E5=A2=9E=E5=BC=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: BrainL --- .../src/deviceprofile_connector.cpp | 7 -- .../authentication/auth_message_processor.h | 10 ++ .../authentication/auth_message_processor.cpp | 94 +++++++++++++++++++ .../src/authentication/dm_auth_manager.cpp | 6 ++ 4 files changed, 110 insertions(+), 7 deletions(-) diff --git a/commondependency/src/deviceprofile_connector.cpp b/commondependency/src/deviceprofile_connector.cpp index 6ec0ef91d..630476310 100644 --- a/commondependency/src/deviceprofile_connector.cpp +++ b/commondependency/src/deviceprofile_connector.cpp @@ -394,18 +394,11 @@ std::vector DeviceProfileConnector::SyncAclByBindType(std::string pkgNa CompareBindType(profiles, pkgName, sinkBindType, localDeviceId, targetDeviceId); LOGI("SyncAclByBindType sinkBindType size is %{public}zu", sinkBindType.size()); for (uint32_t sinkIndex = 0; sinkIndex < sinkBindType.size(); sinkIndex++) { - bool deleteAclFlag = true; for (uint32_t srcIndex = 0; srcIndex < bindTypeVec.size(); srcIndex++) { if (sinkBindType[sinkIndex] == bindTypeVec[srcIndex]) { - deleteAclFlag = false; bindType.push_back(bindTypeVec[sinkIndex]); } } - if (deleteAclFlag) { - int32_t deleteIndex = profiles[bindTypeIndex[sinkIndex]].GetAccessControlId(); - DistributedDeviceProfileClient::GetInstance().DeleteAccessControlProfile(deleteIndex); - LOGI("SyncAclByBindType deleteAcl index is %{public}d", deleteIndex); - } } return bindType; } diff --git a/services/implementation/include/authentication/auth_message_processor.h b/services/implementation/include/authentication/auth_message_processor.h index d21279a34..5227d2891 100644 --- a/services/implementation/include/authentication/auth_message_processor.h +++ b/services/implementation/include/authentication/auth_message_processor.h @@ -77,6 +77,7 @@ constexpr const char* TAG_EDITION = "edition"; constexpr const char* TAG_BUNDLE_NAME = "bundleName"; constexpr const char* TAG_CRYPTIC_MSG = "encryptMsg"; constexpr const char* TAG_PEER_BUNDLE_NAME = "PEER_BUNDLE_NAME"; +constexpr const char* TAG_PROFILES_SIZE = "PROFILES_SIZE"; class DmAuthManager; struct DmAuthRequestContext; @@ -91,8 +92,10 @@ public: int32_t ParseMessage(const std::string &message); void SetRequestContext(std::shared_ptr authRequestContext); void SetResponseContext(std::shared_ptr authResponseContext); + void SetRequestProfiles(std::vector profiles); std::shared_ptr GetResponseContext(); std::shared_ptr GetRequestContext(); + std::vector GetRequestProfiles(); std::string CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen); void CreateResponseAuthMessageExt(nlohmann::json &json); void ParseAuthResponseMessageExt(nlohmann::json &json); @@ -113,11 +116,17 @@ private: void ParseResponseFinishMessage(nlohmann::json &json); void GetAuthReqMessage(nlohmann::json &json); void ParsePkgNegotiateMessage(const nlohmann::json &json); + void ParseRemoteAcl(const nlohmann::json &json); void CreatePublicKeyMessageExt(nlohmann::json &json); void ParsePublicKeyMessageExt(nlohmann::json &json); void GetJsonObj(nlohmann::json &jsonObj); void CreateReqReCheckMessage(nlohmann::json &jsonObj); void ParseReqReCheckMessage(nlohmann::json &json); + void SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json); + void CreateLocalAclParcel(nlohmann::json &json); + void ParseAclFromJson(const nlohmann::json &json, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame); private: std::weak_ptr authMgr_; @@ -128,6 +137,7 @@ private: std::mutex encryptFlagMutex_; bool encryptFlag_ = false; std::shared_ptr cryptoMgr_ = nullptr; + std::vector requestProfiles_; }; } // namespace DistributedHardware } // namespace OHOS diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index b67246a0b..e02f6c31d 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -219,6 +219,28 @@ void AuthMessageProcessor::CreateNegotiateMessage(nlohmann::json &json) json[TAG_EDITION] = authResponseContext_->edition; } +void AuthMessageProcessor::CreateLocalAclParcel(nlohmann::json &json) +{ + for (uint32_t item = 0; item < requestProfiles_.size(); item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + json[accesserDeviceId] = requestProfiles_.at(item).GetAccesser().GetAccesserDeviceId(); + json[accesserUserId] = requestProfiles_.at(item).GetAccesser().GetAccesserUserId(); + json[accesserAccountId] = requestProfiles_.at(item).GetAccesser().GetAccesserAccountId(); + json[accesserTokenId] = requestProfiles_.at(item).GetAccesser().GetAccesserTokenId(); + json[accesseeDeviceId] = requestProfiles_.at(item).GetAccessee().GetAccesseeDeviceId(); + json[accesseeUserId] = requestProfiles_.at(item).GetAccessee().GetAccesseeUserId(); + json[accesseeAccountId] = requestProfiles_.at(item).GetAccessee().GetAccesseeAccountId(); + json[accesseeTokenId] = requestProfiles_.at(item).GetAccessee().GetAccesseeTokenId(); + } +} + void AuthMessageProcessor::CreateRespNegotiateMessage(nlohmann::json &json) { if (cryptoAdapter_ == nullptr) { @@ -602,6 +624,65 @@ void AuthMessageProcessor::ParseNegotiateMessage(const nlohmann::json &json) ParsePkgNegotiateMessage(json); } +void AuthMessageProcessor::ParseRemoteAcl(const nlohmann::json &json) +{ + int32_t profilesSize = 0; + if (IsInt32(json, TAG_PROFILES_SIZE)) { + profilesSize = json[TAG_PROFILES_SIZE].get(); + } + for (uint32_t reqItem = 0; reqItem < requestProfiles_.size(); reqItem++) { + LOGI("ParseRemoteAcl SyncAclByRemote Start."); + SyncAclByRemote(requestProfiles_.at(reqItem), profilesSize, json); + } +} + +void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, int32_t size, + DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) +{ + for (int32_t item = 0; item < size; item++) { + std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); + std::string accesserUserId = "accesserUserId" + std::to_string(item); + std::string accesserAccountId = "accesserAccountId" + std::to_string(item); + std::string accesserTokenId = "accesserTokenId" + std::to_string(item); + std::string accesseeDeviceId = "accesseeDeviceId" + std::to_string(item); + std::string accesseeUserId = "accesseeUserId" + std::to_string(item); + std::string accesseeAccountId = "accesseeAccountId" + std::to_string(item); + std::string accesseeTokenId = "accesseeTokenId" + std::to_string(item); + if (!IsString(jsonObject, accesserDeviceId) || !IsInt32(jsonObject, accesserUserId) || + !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || + !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || + !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { + isSame = false; + return; + } + if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || + profile.GetAccesser().GetAccesserUserId() != jsonObject[accesserUserId].get() || + profile.GetAccesser().GetAccesserAccountId() != jsonObject[accesserAccountId].get() || + profile.GetAccesser().GetAccesserTokenId() != jsonObject[accesserTokenId].get() || + profile.GetAccessee().GetAccesseeDeviceId() != jsonObject[accesseeDeviceId].get() || + profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || + profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || + profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + isSame = false; + return; + } + } +} + +void AuthMessageProcessor::SyncAclByRemote(DistributedDeviceProfile::AccessControlProfile profile, + int32_t size, const nlohmann::json &json) +{ + bool isSame = true; + if (size == 0) { + isSame = false; + } else { + ParseAclFromJson(json, size, profile, isSame); + } + if (!isSame) { + DeviceProfileConnector::GetInstance().DeleteAccessControlById(profile.GetAccessControlId()); + } +} + void AuthMessageProcessor::ParseRespNegotiateMessage(const nlohmann::json &json) { if (IsBool(json, TAG_IDENTICAL_ACCOUNT)) { @@ -644,6 +725,11 @@ void AuthMessageProcessor::SetResponseContext(std::shared_ptr profiles) +{ + requestProfiles_ = profiles; +} + std::shared_ptr AuthMessageProcessor::GetResponseContext() { return authResponseContext_; @@ -654,6 +740,11 @@ std::shared_ptr AuthMessageProcessor::GetRequestContext() return authRequestContext_; } +std::vector AuthMessageProcessor::GetRequestProfiles() +{ + return requestProfiles_; +} + std::string AuthMessageProcessor::CreateDeviceAuthMessage(int32_t msgType, const uint8_t *data, uint32_t dataLen) { LOGI("CreateDeviceAuthMessage start, msgType %{public}d.", msgType); @@ -675,6 +766,8 @@ void AuthMessageProcessor::CreateReqReCheckMessage(nlohmann::json &jsonObj) jsonTemp[TAG_TOKENID] = authResponseContext_->tokenId; jsonTemp[TAG_BUNDLE_NAME] = authResponseContext_->bundleName; jsonTemp[TAG_BIND_LEVEL] = authResponseContext_->bindLevel; + jsonTemp[TAG_PROFILES_SIZE] = requestProfiles_.size(); + CreateLocalAclParcel(jsonTemp); std::string strTemp = SafetyDump(jsonTemp); std::string encryptStr = ""; CHECK_NULL_VOID(cryptoMgr_); @@ -730,6 +823,7 @@ void AuthMessageProcessor::ParseReqReCheckMessage(nlohmann::json &json) if (IsInt32(jsonObject, TAG_BIND_LEVEL)) { authResponseContext_->localBindLevel = jsonObject[TAG_BIND_LEVEL].get(); } + ParseRemoteAcl(jsonObject); } int32_t AuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) diff --git a/services/implementation/src/authentication/dm_auth_manager.cpp b/services/implementation/src/authentication/dm_auth_manager.cpp index 1d284dab3..9de888780 100644 --- a/services/implementation/src/authentication/dm_auth_manager.cpp +++ b/services/implementation/src/authentication/dm_auth_manager.cpp @@ -863,6 +863,9 @@ void DmAuthManager::StartNegotiate(const int32_t &sessionId) authResponseContext_->isIdenticalAccount = false; authResponseContext_->edition = DM_VERSION_5_0_3; authMessageProcessor_->SetResponseContext(authResponseContext_); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); std::string message = authMessageProcessor_->CreateSimpleMessage(MSG_TYPE_NEGOTIATE); softbusConnector_->GetSoftbusSession()->SendData(sessionId, message); if (timer_ != nullptr) { @@ -914,6 +917,9 @@ void DmAuthManager::RespNegotiate(const int32_t &sessionId) return; } LOGI("DmAuthManager::RespNegotiate sessionid %{public}d", sessionId); + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + authMessageProcessor_->SetRequestProfiles(profiles); remoteDeviceId_ = authResponseContext_->localDeviceId; authResponseContext_->networkId = softbusConnector_->GetLocalDeviceNetworkId(); authResponseContext_->targetDeviceName = softbusConnector_->GetLocalDeviceName(); -- Gitee From 70e80d2638551296c6d194c23b580b7c70a286e7 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 16:52:00 +0800 Subject: [PATCH 2/3] format the code Signed-off-by: BrainL --- .../src/authentication/auth_message_processor.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index e02f6c31d..9e443bcbc 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -640,6 +640,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in DistributedDeviceProfile::AccessControlProfile profile, bool &isSame) { for (int32_t item = 0; item < size; item++) { + bool needDelete = false; std::string accesserDeviceId = "accesserDeviceId" + std::to_string(item); std::string accesserUserId = "accesserUserId" + std::to_string(item); std::string accesserAccountId = "accesserAccountId" + std::to_string(item); @@ -652,7 +653,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in !IsString(jsonObject, accesserAccountId) || !IsInt32(jsonObject, accesserTokenId) || !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { - isSame = false; + LOGE("ParseAclFromJson format error."); return; } if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || @@ -663,7 +664,11 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in profile.GetAccessee().GetAccesseeUserId() != jsonObject[accesseeUserId].get() || profile.GetAccessee().GetAccesseeAccountId() != jsonObject[accesseeAccountId].get() || profile.GetAccessee().GetAccesseeTokenId() != jsonObject[accesseeTokenId].get()) { + needDelete = true; isSame = false; + } + if (!needDelete) { + isSame = true; return; } } -- Gitee From 5916b998b077d15e33843c0d4ef42bf9b719ed82 Mon Sep 17 00:00:00 2001 From: BrainL Date: Mon, 17 Feb 2025 17:29:11 +0800 Subject: [PATCH 3/3] update isSame logic. Signed-off-by: BrainL --- .../implementation/src/authentication/auth_message_processor.cpp | 1 + 1 file changed, 1 insertion(+) diff --git a/services/implementation/src/authentication/auth_message_processor.cpp b/services/implementation/src/authentication/auth_message_processor.cpp index 9e443bcbc..b23a28f87 100644 --- a/services/implementation/src/authentication/auth_message_processor.cpp +++ b/services/implementation/src/authentication/auth_message_processor.cpp @@ -654,6 +654,7 @@ void AuthMessageProcessor::ParseAclFromJson(const nlohmann::json &jsonObject, in !IsString(jsonObject, accesseeDeviceId) || !IsInt32(jsonObject, accesseeUserId) || !IsString(jsonObject, accesseeAccountId) || !IsInt32(jsonObject, accesseeTokenId)) { LOGE("ParseAclFromJson format error."); + isSame = true; return; } if (profile.GetAccesser().GetAccesserDeviceId() != jsonObject[accesserDeviceId].get() || -- Gitee