From 07e0ec5251f9f9a8ad92e03ba9abbcc6c4e1f5c4 Mon Sep 17 00:00:00 2001 From: yuanzichun Date: Tue, 25 Mar 2025 21:15:32 +0800 Subject: [PATCH 1/2] =?UTF-8?q?dm=205.1=20state&&context=E6=8F=90=E4=BA=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yuanzichun --- .../src/authentication_v2/dm_auth_context.cpp | 182 ++++++++++++++++++ .../src/authentication_v2/dm_auth_state.cpp | 140 ++++++++++++++ 2 files changed, 322 insertions(+) create mode 100644 services/implementation/src/authentication_v2/dm_auth_context.cpp create mode 100644 services/implementation/src/authentication_v2/dm_auth_state.cpp diff --git a/services/implementation/src/authentication_v2/dm_auth_context.cpp b/services/implementation/src/authentication_v2/dm_auth_context.cpp new file mode 100644 index 000000000..fe0b1f182 --- /dev/null +++ b/services/implementation/src/authentication_v2/dm_auth_context.cpp @@ -0,0 +1,182 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_auth_context.h" +#undef LOG_TAG +#define LOG_TAG "DHDM_V2" + +namespace OHOS { +namespace DistributedHardware { + +// 获取设备ID +std::string DmAuthContext::GetDeviceId(DmAuthSide side) +{ + if (side == DM_AUTH_LOCAL_SIDE) { + return (direction == DM_AUTH_SOURCE) ? accesser.deviceId : accessee.deviceId; + } else if (side == DM_AUTH_REMOTE_SIDE) { + return (direction == DM_AUTH_SOURCE) ? accessee.deviceId : accesser.deviceId; + } else { + return std::string(""); + } +} + +// 获取用户ID +int32_t DmAuthContext::GetUserId(DmAuthSide side) +{ + if (side == DM_AUTH_LOCAL_SIDE) { + return (direction == DM_AUTH_SOURCE) ? accesser.userId : accessee.userId; + } else { + return (direction == DM_AUTH_SOURCE) ? accessee.userId : accesser.userId; + } +} + +// 获取凭据ID +std::string DmAuthContext::GetCredentialId(DmAuthSide side, DmAuthScope authorizedScope) +{ + if ((side != DM_AUTH_LOCAL_SIDE && side != DM_AUTH_REMOTE_SIDE) || + (authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP)) { + return std::string(""); + } + + if (side == DM_AUTH_LOCAL_SIDE) { + if (direction == DM_AUTH_SOURCE) { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accesser.lnnCredentialId : accesser.transmitCredentialId; + } else { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accessee.lnnCredentialId : accessee.transmitCredentialId; + } + } else { + if (direction == DM_AUTH_SOURCE) { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accessee.lnnCredentialId : accessee.transmitCredentialId; + } else { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accesser.lnnCredentialId : accesser.transmitCredentialId; + } + } +} + +// 获取公钥 +std::string DmAuthContext::GetPublicKey(DmAuthSide side, DmAuthScope authorizedScope) +{ + if ((side != DM_AUTH_LOCAL_SIDE && side != DM_AUTH_REMOTE_SIDE) || + (authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP)) { + return std::string(""); + } + + if (side == DM_AUTH_LOCAL_SIDE) { + if (direction == DM_AUTH_SOURCE) { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accesser.lnnPublicKey : accesser.ephemeralPublicKey; + } else { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accessee.lnnPublicKey : accessee.ephemeralPublicKey; + } + } else { + if (direction == DM_AUTH_SOURCE) { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accessee.lnnPublicKey : accessee.ephemeralPublicKey; + } else { + return (authorizedScope == DM_AUTH_SCOPE_USER) ? accesser.lnnPublicKey : accesser.ephemeralPublicKey; + } + } +} + +// 设置凭据ID +int32_t DmAuthContext::SetCredentialId(DmAuthSide side, DmAuthScope authorizedScope, const std::string &credentialId) +{ + if ((side != DM_AUTH_LOCAL_SIDE && side != DM_AUTH_REMOTE_SIDE) || + (authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP)) { + LOGE("DmAuthContext::SetCredentialId() error, invalid input parameters"); + return ERR_DM_INPUT_PARA_INVALID; + } + if (side == DM_AUTH_LOCAL_SIDE) { + if (direction == DM_AUTH_SOURCE) { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accesser.lnnCredentialId = credentialId; + } else { + accesser.transmitCredentialId = credentialId; + } + } else { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accessee.lnnCredentialId = credentialId; + } else { + accessee.transmitCredentialId = credentialId; + } + } + } else { + if (direction == DM_AUTH_SOURCE) { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accessee.lnnCredentialId = credentialId; + } else { + accessee.transmitCredentialId = credentialId; + } + } else { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accesser.lnnCredentialId = credentialId; + } else { + accesser.transmitCredentialId = credentialId; + } + } + } + return DM_OK; +} + +// 设置公钥 +int32_t DmAuthContext::SetPublicKey(DmAuthSide side, DmAuthScope authorizedScope, const std::string &publicKey) +{ + if ((side != DM_AUTH_LOCAL_SIDE && side != DM_AUTH_REMOTE_SIDE) || + (authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP)) { + LOGE("DmAuthContext::SetPublicKey() error, invalid input parameters"); + return ERR_DM_INPUT_PARA_INVALID; + } + + if (side == DM_AUTH_LOCAL_SIDE) { + if (direction == DM_AUTH_SOURCE) { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accesser.lnnPublicKey = publicKey; + } else { + accesser.ephemeralPublicKey = publicKey; + } + } else { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accessee.lnnPublicKey = publicKey; + } else { + accessee.ephemeralPublicKey = publicKey; + } + } + } else { + if (direction == DM_AUTH_SOURCE) { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accessee.lnnPublicKey = publicKey; + } else { + accessee.ephemeralPublicKey = publicKey; + } + } else { + if (authorizedScope == DM_AUTH_SCOPE_USER) { + accesser.lnnPublicKey = publicKey; + } else { + accesser.ephemeralPublicKey = publicKey; + } + } + } + + return DM_OK; +} + +std::string DmAuthContext::GetAccountId(DmAuthSide side) +{ + if (side == DM_AUTH_LOCAL_SIDE) { + return (direction == DM_AUTH_SOURCE) ? accesser.accountId : accessee.accountId; + } else { + return (direction == DM_AUTH_SOURCE) ? accessee.accountId : accesser.accountId; + } +} +} // namespace DistributedHardware +} // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/authentication_v2/dm_auth_state.cpp b/services/implementation/src/authentication_v2/dm_auth_state.cpp new file mode 100644 index 000000000..4aa71c958 --- /dev/null +++ b/services/implementation/src/authentication_v2/dm_auth_state.cpp @@ -0,0 +1,140 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "dm_auth_state.h" +#include "dm_auth_context.h" +#include "dm_auth_manager_base.h" +#include "dm_auth_state_machine.h" +#include "multiple_user_connector.h" +#if defined(SUPPORT_SCREENLOCK) +#include "screenlock_manager.h" +#endif +#include "dm_log.h" + +#undef LOG_TAG +#define LOG_TAG "DHDM_V2" + +namespace OHOS { +namespace DistributedHardware { + +// clone task timeout map +const std::map TASK_TIME_OUT_MAP = { + { std::string(AUTHENTICATE_TIMEOUT_TASK), CLONE_AUTHENTICATE_TIMEOUT }, + { std::string(NEGOTIATE_TIMEOUT_TASK), CLONE_NEGOTIATE_TIMEOUT }, + { std::string(CONFIRM_TIMEOUT_TASK), CLONE_CONFIRM_TIMEOUT }, + { std::string(ADD_TIMEOUT_TASK), CLONE_ADD_TIMEOUT }, + { std::string(WAIT_NEGOTIATE_TIMEOUT_TASK), CLONE_WAIT_NEGOTIATE_TIMEOUT }, + { std::string(WAIT_REQUEST_TIMEOUT_TASK), CLONE_WAIT_REQUEST_TIMEOUT }, + { std::string(WAIT_PIN_AUTH_TIMEOUT_TASK), CLONE_PIN_AUTH_TIMEOUT }, + { std::string(SESSION_HEARTBEAT_TIMEOUT_TASK), CLONE_SESSION_HEARTBEAT_TIMEOUT } +}; + +int32_t DmAuthState::GetTaskTimeout(std::shared_ptr context, const char* taskName, int32_t taskTimeOut) +{ + LOGI("GetTaskTimeout, taskName: %{public}s, authType_: %{public}d", taskName, context->authType); + if (context->authType == AUTH_TYPE_IMPORT_AUTH_CODE) { + auto timeout = TASK_TIME_OUT_MAP.find(std::string(taskName)); + if (timeout != TASK_TIME_OUT_MAP.end()) { + return timeout->second; + } + } + return taskTimeOut; +} + +void DmAuthState::HandleAuthenticateTimeout(std::shared_ptr context, std::string name) +{ + LOGI("DmAuthContext::HandleAuthenticateTimeout start timer name %{public}s", name.c_str()); + context->timer->DeleteTimer(name); + context->reason = ERR_DM_TIME_OUT; + context->authStateMachine->NotifyEventFinish(DmEventType::ON_FAIL); + LOGI("DmAuthContext::HandleAuthenticateTimeout complete"); +} + +bool DmAuthState::IsScreenLocked() +{ + bool isLocked = false; +#if defined(SUPPORT_SCREENLOCK) + isLocked = OHOS::ScreenLock::ScreenLockManager::GetInstance()->IsScreenLocked(); +#endif + LOGI("IsScreenLocked isLocked: %{public}d.", isLocked); + return isLocked; +} + +void DmAuthState::SyncAclList(std::shared_ptr context, + std::string credId, int32_t sessionKeyId, int32_t aclId) +{ + int32_t accountId = MultipleUserConnector::GetCurrentAccountUserID(); + LOGI("SyncAclList accountId:%{public}d, credId:%{public}s, sessionKeyId:%{public}d, aclId:%{public}d", + accountId, credId.c_str(), sessionKeyId, aclId); + // 根据凭据id 删除sink端多余的凭据 + int32_t ret = context->hiChainAuthConnector->DeleteCredential(accountId, credId); + if (ret != DM_OK) { + LOGE("SyncAclList DeleteCredential failed."); + } + // 根据skid删除sk,删除skid + ret = DeviceProfileConnector::GetInstance().DeleteSessionKey(sessionKeyId); + if (ret != DM_OK) { + LOGE("SyncAclList DeleteSessionKey failed."); + } + // 删除本条acl + DeviceProfileConnector::GetInstance().DeleteAccessControlById(aclId); +} + +void DmAuthState::SourceFinish(std::shared_ptr context) +{ + context->isFinished = true; + if (context->reason != DM_OK) { + int32_t accountId = MultipleUserConnector::GetCurrentAccountUserID(); + // 根据凭据id 删除sink端多余的凭据 + int32_t ret = context->hiChainAuthConnector->DeleteCredential(accountId, context->accesser.transmitCredentialId); // 这里只删除1个应该是bug? + if (ret != DM_OK) { + LOGE("SourceFinish DeleteCredential failed."); + } + // 根据skid删除sk,删除skid + ret = DeviceProfileConnector::GetInstance().DeleteSessionKey(context->accesser.transmitSessionKeyId); + if (ret != DM_OK) { + LOGE("SourceFinish DeleteSessionKey failed."); + } + } + context->authUiStateMgr->UpdateUiState(DmUiStateMsg::MSG_CANCEL_PIN_CODE_INPUT); + context->authStateMachine->Stop(); + context->timer->DeleteAll(); +} + +void DmAuthState::SinkFinish(std::shared_ptr context) +{ + context->isFinished = true; + if (context->reason != DM_OK) { + int32_t accountId = MultipleUserConnector::GetCurrentAccountUserID(); + // 根据凭据id 删除sink端多余的凭据 + int32_t ret = context->hiChainAuthConnector->DeleteCredential(accountId, context->accessee.transmitCredentialId); + if (ret != DM_OK) { + LOGE("SinkFinish DeleteCredential failed."); + } + // 根据skid删除sk,删除skid + ret = DeviceProfileConnector::GetInstance().DeleteSessionKey(context->accessee.transmitSessionKeyId); + if (ret != DM_OK) { + LOGE("SinkFinish DeleteSessionKey failed."); + } + } else { + context->authMessageProcessor->PutAccessControlList(context, context->accessee, context->accesser.deviceId); + } + context->authUiStateMgr->UpdateUiState(DmUiStateMsg::MSG_CANCEL_PIN_CODE_SHOW); + context->authStateMachine->Stop(); + context->timer->DeleteAll(); + context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_AUTH_RESP_FINISH, context); // 发送201给source侧 +} +} // namespace DistributedHardware +} // namespace OHOS -- Gitee From d11302e80bbf91860ac68035805e666c5f80f2af Mon Sep 17 00:00:00 2001 From: yuanzichun Date: Tue, 25 Mar 2025 22:05:04 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E4=BF=AE=E5=A4=8Dcodecheck?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: yuanzichun --- .../implementation/src/authentication_v2/dm_auth_state.cpp | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/services/implementation/src/authentication_v2/dm_auth_state.cpp b/services/implementation/src/authentication_v2/dm_auth_state.cpp index 4aa71c958..c33998fe5 100644 --- a/services/implementation/src/authentication_v2/dm_auth_state.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_state.cpp @@ -98,7 +98,8 @@ void DmAuthState::SourceFinish(std::shared_ptr context) if (context->reason != DM_OK) { int32_t accountId = MultipleUserConnector::GetCurrentAccountUserID(); // 根据凭据id 删除sink端多余的凭据 - int32_t ret = context->hiChainAuthConnector->DeleteCredential(accountId, context->accesser.transmitCredentialId); // 这里只删除1个应该是bug? + int32_t ret = + context->hiChainAuthConnector->DeleteCredential(accountId, context->accesser.transmitCredentialId); if (ret != DM_OK) { LOGE("SourceFinish DeleteCredential failed."); } @@ -119,7 +120,8 @@ void DmAuthState::SinkFinish(std::shared_ptr context) if (context->reason != DM_OK) { int32_t accountId = MultipleUserConnector::GetCurrentAccountUserID(); // 根据凭据id 删除sink端多余的凭据 - int32_t ret = context->hiChainAuthConnector->DeleteCredential(accountId, context->accessee.transmitCredentialId); + int32_t ret = + context->hiChainAuthConnector->DeleteCredential(accountId, context->accessee.transmitCredentialId); if (ret != DM_OK) { LOGE("SinkFinish DeleteCredential failed."); } -- Gitee