From 302d509ddccc79b11644f291eee8b587fcf4af57 Mon Sep 17 00:00:00 2001 From: x30061562 Date: Tue, 25 Mar 2025 21:27:03 +0800 Subject: [PATCH 1/2] =?UTF-8?q?feat=EF=BC=9A=E6=96=B0=E5=8D=8F=E8=AE=AEaut?= =?UTF-8?q?h=5Fcredential=E5=92=8Cdm=5Fauth=5Fmessage=5Fprocessor.cpp?= =?UTF-8?q?=E6=A8=A1=E5=9D=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: x30061562 --- .../auth_stages/auth_credential.cpp | 544 +++++++ .../dm_auth_message_processor.cpp | 1407 +++++++++++++++++ 2 files changed, 1951 insertions(+) create mode 100644 services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp create mode 100644 services/implementation/src/authentication_v2/dm_auth_message_processor.cpp diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp new file mode 100644 index 000000000..28bc97258 --- /dev/null +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -0,0 +1,544 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include "dm_auth_state.h" +#include "dm_auth_context.h" +#include "dm_auth_manager_base.h" +#include "dm_auth_state_machine.h" +#include "dm_auth_message_processor.h" +#include "dm_log.h" +#include "dm_constants.h" +#include "multiple_user_connector.h" +#include "deviceprofile_connector.h" +#include "hichain_auth_connector.h" + +namespace OHOS { +namespace DistributedHardware { + +namespace { + +const char * const FILED_DEVICE_ID = "deviceId"; + +// 从context中提取transmit data,使用SK解密,并透传给HICHAIN +// 如果ontransmit事件,在对应回调解析并保存在context +// 如果onsessionkeyreturned事件,在对应回调解析并保存在cryptomgr +int32_t AuthCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) +{ + if (context->transmitData.empty()) { + LOGE("DmAuthMessageProcessor::CreateMessageReqCredAuthStart failed, get onTransmitData failed."); + return ERR_DM_FAILED; + } + + // 透传给hichain + int32_t ret = context->hiChainAuthConnector->ProcessCredData(context->requestId, context->transmitData); + if (ret != DM_OK) { + LOGE("AuthCredentialTransmitDecryptProcess: ProcessCredData transmit data failed"); + return ERR_DM_FAILED; + } + // 等待hichain返回结果 + if (context->authStateMachine->WaitExpectEvent(event) != event) { + LOGE("AuthCredentialTransmitDecryptProcess: Hichain auth transmit data failed"); + return ERR_DM_FAILED; + } + return DM_OK; +} + +// 解析HICHAIN transmit data,并透传给对端 +int32_t AuthCredentialTransmitSend(std::shared_ptr context, DmMessageType msgType) +{ + // 获取transmit data + if (context->transmitData.empty()) { + LOGE("AuthCredentialTransmitSend: Get onTransmitData failed."); + return ERR_DM_FAILED; + } + + std::string message = + context->authMessageProcessor->CreateMessage(msgType, context); // 不需要额外传data,context中均有 + if (message.empty()) { + LOGE("AuthCredentialTransmitSend: CreateMessage AuthCredential transmit data failed"); + return ERR_DM_FAILED; + } + // 发送报文 + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +void SetAuthContext(int32_t skId, int64_t &appSkTimeStamp, int32_t &appSessionKeyId) +{ + appSkTimeStamp = + std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()).count(); + appSessionKeyId = skId; + return; +} + +} + +DmAuthStateType AuthSrcCredentialAuthNegotiateState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE; +} +// 收到170凭据认证报文,解析ontransmit,回复161报文 +int32_t AuthSrcCredentialAuthNegotiateState::Action(std::shared_ptr context) +{ + // 解密并透传transmitData + int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); + if (ret != DM_OK) { + return ret; + } + // 发送161报文 + return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE); +} + +DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; +} + +// 收到171凭据认证报文 +int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) +{ + // 解密并透传transmitData + // 171报文在首次认证情况下会发生两次,先进行应用凭据认证,后进行用户凭据认证;非首次认证仅进行应用凭据认证 + // 最后一次认证结束后会收到ON_FINISH + int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_SESSION_KEY_RETURNED); + if (ret != DM_OK) { + return ret; + } + + // 认证结束触发Onfinish回调事件 + if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { + LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); + return ERR_DM_FAILED; + } + DmMessageType msgType; + int32_t skId; + ret = context->authMessageProcessor->SaveSessionKeyToDP(skId); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); + return ret; + } + // 首次认证 且 应用凭据流程 + if (context->isOnline == false && context->isAppCredentialVerified == false) { + context->isAppCredentialVerified = true; + // 保存到DP 获取应用凭据ID 并保存 + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + msgType = MSG_TYPE_REQ_CREDENTIAL_AUTH_START; // 发送160 + // 认证用户凭据 + ret = context->hiChainAuthConnector->AuthCredential(context->accesser.userId, context->requestId, + context->accesser.lnnCredentialId, std::string("")); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth credentail failed"); + return ret; + } + + // 等待onTransmit事件 + if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { + LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); + return ERR_DM_FAILED; + } + } else if (context->isOnline == false) { + // 首次认证 且 用户凭据流程 + // 保存到DP 获取用户凭据ID 并保存 + SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); + msgType = MSG_TYPE_REQ_DATA_SYNC; // 发送180 + } else { + // 非首次认证 应用凭据流程 + // 保存到DP 获取应用凭据ID 并保存 + SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); + msgType = MSG_TYPE_REQ_DATA_SYNC; // 发送180 + } + std::string message = + context->authMessageProcessor->CreateMessage(msgType, context); // 不需要额外传data,context中均有 + if (message.empty()) { + LOGE("AuthSrcCredentialAuthDoneState::Action CreateMessage failed"); + return ERR_DM_FAILED; + } + + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +// SINK端凭据校验操作 +DmAuthStateType AuthSinkCredentialAuthStartState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE; +} +// 收到160凭证认证报文,发送170报文 +int32_t AuthSinkCredentialAuthStartState::Action(std::shared_ptr context) +{ + context->timer->DeleteTimer(std::string(WAIT_REQUEST_TIMEOUT_TASK)); + // 解密并透传transmitData + int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); + if (ret != DM_OK) { + return ret; + } + // 构造并发送170报文 + return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START); +} + +DmAuthStateType AuthSinkCredentialAuthNegotiateState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE; +} + +// 收到161凭据协商报文,并回复171报文 +// 通过isAppCredentialVerified关键词区分首次认证、非首次认证 +int32_t AuthSinkCredentialAuthNegotiateState::Action(std::shared_ptr context) +{ + // 解密并透传transmitData + int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); + if (ret != DM_OK) { + return ret; // 内部有日志 不重复打印 + } + // 构造并发送171报文 + ret = AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE); + if (ret != DM_OK) { + return ret; // 内部有日志 不重复打印 + } + + if (context->authStateMachine->WaitExpectEvent(ON_SESSION_KEY_RETURNED) != ON_SESSION_KEY_RETURNED) { + LOGE("AuthSinkCredentialAuthNegotiateState::Action Hichain auth SINK transmit data failed"); + return ERR_DM_FAILED; + } + + if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { + LOGE("AuthSinkCredentialAuthNegotiateState::Action Hichain auth SINK transmit data failed"); + return ERR_DM_FAILED; + } + int32_t skId; + ret = context->authMessageProcessor->SaveSessionKeyToDP(skId); + if (ret != DM_OK) { + LOGE("AuthSinkCredentialAuthNegotiateState::Action DP save user session key failed"); + return ret; + } + + if (context->isOnline == false && + context->isAppCredentialVerified == true) { // SINK首次认证场景,第二次收到161的流程 保存用户级永久SK到DP + context->accessee.lnnSkTimeStamp = + std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()) + .count(); + context->accessee.lnnSessionKeyId = skId; + } else { // 应用级凭据认证流程 首次认证的第一次161处理 和 非首次认证的161处理 + context->isAppCredentialVerified = true; // 用于指示 首次认证的应用级凭据已认证 + context->accessee.transmitSkTimeStamp = + std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()) + .count(); + context->accessee.transmitSessionKeyId = skId; + } + return DM_OK; +} + +// 生成凭据协商状态下的authParams的json格式字符串 +// authScope 设备级还是应用级 +// method 凭据生成方式 +// authContext 上下文指针 +std::string AuthCredentialAgreeState::CreateAuthParamsString(DmAuthScope authorizedScope, + DmAuthCredentialAddMethod method, const std::shared_ptr &authContext) +{ + LOGI("AuthCredentialAgreeState::CreateAuthParamsString start."); + // 参数校验 + if ((authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP) || + (method != DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE && method != DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT)) { + return std::string(""); + } + + JsonObject jsonObj; + if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) { + jsonObj[DM_TAG_METHOD] = method; // 凭据生成方式,只有导入时,需要传入method + } + + jsonObj[DM_TAG_DEVICE_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? // 设备ID 生成是本端,导入是对端 + authContext->GetDeviceId(DM_AUTH_LOCAL_SIDE) : authContext->GetDeviceId(DM_AUTH_REMOTE_SIDE); + if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) { + jsonObj[DM_TAG_PEER_USER_SPACE_ID] = std::to_string(authContext->GetUserId(DM_AUTH_REMOTE_SIDE)); + } + jsonObj[DM_TAG_USER_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? + authContext->GetAccountId(DM_AUTH_LOCAL_SIDE) : authContext->GetAccountId(DM_AUTH_REMOTE_SIDE); + jsonObj[DM_TAG_SUBJECT] = DM_AUTH_CREDENTIAL_SUBJECT_PRIMARY; // 主控设备 + jsonObj[DM_TAG_CRED_TYPE] = DM_AUTH_CREDENTIAL_ACCOUNT_UNRELATED; // 账号无关 + jsonObj[DM_TAG_KEY_FORMAT] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? + DM_AUTH_KEY_FORMAT_ASYMM_GENERATE : DM_AUTH_KEY_FORMAT_ASYMM_IMPORT; // 生成或导入非对称秘钥 + jsonObj[DM_TAG_ALGORITHM_TYPE] = DM_AUTH_ALG_TYPE_ED25519; // ED25519 + jsonObj[DM_TAG_PROOF_TYPE] = DM_AUTH_CREDENTIAL_PROOF_PSK; // PSK + if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) { // 导入公钥 16进制字符串 + jsonObj[DM_TAG_KEY_VALUE] = authContext->GetPublicKey(DM_AUTH_REMOTE_SIDE, authorizedScope); + } + jsonObj[DM_TAG_AUTHORIZED_SCOPE] = authorizedScope; // 用户级或者应用级 + if (authorizedScope == DM_AUTH_SCOPE_APP) { + std::vector tokenIds = {std::to_string(authContext->accesser.tokenId), + std::to_string(authContext->accessee.tokenId)}; + jsonObj[DM_TAG_AUTHRIZED_APP_LIST] = tokenIds; + } + jsonObj[DM_TAG_CREDENTIAL_OWNER] = DM_AUTH_CREDENTIAL_OWNER; // 调用方包名DM模块 + + LOGI("AuthCredentialAgreeState::CreateAuthParamsString leave."); + return jsonObj.Dump(); +} + +// 生成凭据Id和公钥 +// authorizedScope 用户级还是应用级 +// authContext 上下文 +int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authorizedScope, + std::shared_ptr &authContext) +{ + LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey start."); + if ((authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP) || + authContext == nullptr || authContext->hiChainAuthConnector == nullptr) { + return ERR_DM_FAILED; + } + + // 创建authParams的json格式字符串 + std::string authParamsString = CreateAuthParamsString(authorizedScope, + DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE, authContext); + if (authParamsString == "") { + LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey() error, create authParamsString failed."); + return ERR_DM_FAILED; + } + + // 生成凭据 + int32_t osAccountId = (authContext->direction == DM_AUTH_SOURCE) ? + authContext->accesser.userId : authContext->accessee.userId; + std::string credId; + int32_t ret = authContext->hiChainAuthConnector->AddCredential(osAccountId, authParamsString, credId); + if (ret != DM_OK) { + LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey() error, add credential failed."); + return ret; + } + + // 导出公钥 + std::string publicKey; + ret = authContext->hiChainAuthConnector->ExportCredential(osAccountId, credId, publicKey); + if (ret != DM_OK) { + LOGE("AuthCredentialAgreeState::GenerateCredIdAndPublicKey(), export publicKey failed."); + authContext->hiChainAuthConnector->DeleteCredential(osAccountId, credId); + return ret; + } + + // 保存凭据Id和公钥 + (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId); + (void)authContext->SetPublicKey(DM_AUTH_LOCAL_SIDE, authorizedScope, publicKey); + LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey credId=%{public}s, publicKey=%{public}s.\n", + authContext->GetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope).c_str(), + authContext->GetPublicKey(DM_AUTH_LOCAL_SIDE, authorizedScope).c_str()); + LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey leave."); + return DM_OK; +} + +// 协商凭据得到协商凭据Id +// authorizedScope 设备级还是应用级 +// authContext 上下文 +int32_t AuthCredentialAgreeState::AgreeCredential(DmAuthScope authorizedScope, + std::shared_ptr &authContext) +{ + LOGI("AuthCredentialAgreeState::AgreeCredential start."); + if ((authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP) || authContext == nullptr) { + return ERR_DM_FAILED; + } + + // 创建authParams的json格式字符串 + std::string authParamsString = CreateAuthParamsString(authorizedScope, + DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT, authContext); + if (authParamsString == "") { + LOGE("AuthCredentialAgreeState::AgreeCredential() error, create authParamsString failed."); + return ERR_DM_FAILED; + } + + // 凭据协商得到协商凭据Id + int32_t osAccountId = authContext->direction == DM_AUTH_SOURCE ? + authContext->accesser.userId : authContext->accessee.userId; + std::string selfCredId = authContext->GetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope); + std::string credId; + int32_t ret = authContext->hiChainAuthConnector->AgreeCredential(osAccountId, selfCredId, + authParamsString, credId); + if (ret != DM_OK) { + LOGE("AuthCredentialAgreeState::AgreeCredential() error, agree credential failed."); + } + + // 保存协商凭据Id到上下文 + (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId); + LOGI("AuthCredentialAgreeState::AgreeCredential leave."); + return DM_OK; +} + +DmAuthStateType AuthSrcCredentialExchangeState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_CREDENTIAL_EXCHANGE_STATE; +} + +int32_t AuthSrcCredentialExchangeState::Action(std::shared_ptr context) +{ + LOGI("AuthSrcCredentialExchangeState::Action() start."); + int32_t ret = ERR_DM_FAILED; + context->isAppCredentialVerified = false; + + // 首次认证,生成用户级凭据和公钥 + if (!context->isOnline) { + ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_USER, context); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialExchangeState::Action() error, generate user credId and publicKey failed."); + return ret; + } + } + + // 生成应用级凭据和公钥 + ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_APP, context); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialExchangeState::Action() error, generate app credId and publicKey failed."); + return ret; + } + + // 发送140报文 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, context); + LOGI("AuthSrcCredentialExchangeState::Action() leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSinkCredentialExchangeState::GetStateType() +{ + return DmAuthStateType::AUTH_SINK_CREDENTIAL_EXCHANGE_STATE; +} + +int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr context) +{ + LOGI("AuthSinkCredentialExchangeState::Action start."); + int32_t ret = ERR_DM_FAILED; + std::string tmpCredId; + int32_t osAccountId = context->accessee.userId; + context->isAppCredentialVerified = false; + + if (context == nullptr || context->hiChainAuthConnector == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + return ret; + } + + // 首次认证 + if (!context->isOnline) { + // 生成用户级凭据和公钥 + ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_USER, context); + if (ret != DM_OK) { + LOGE("AuthSinkCredentialExchangeState::Action failed, generate user cred and publicKey failed."); + return ret; + } + + // 协商用户级凭据 + tmpCredId = context->accessee.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_USER, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_USER, ""); + LOGE("AuthSinkCredentialExchangeState::Action failed, agree user cred failed."); + return ret; + } + + // 删除临时用户级凭据 + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + } + + // 生成应用级凭据和公钥 + ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_APP, context); + if (ret != DM_OK) { + LOGE("AuthSinkCredentialExchangeState::Action failed, generate app cred and publicKey failed."); + return ret; + } + + // 协商应用级公钥 + tmpCredId = context->accessee.transmitCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_APP, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_APP, ""); + LOGE("AuthSinkCredentialExchangeState::Action failed, agree app cred failed."); + return ret; + } + + // 删除临时应用级凭据 + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + + // 发送150报文 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); + LOGI("AuthSinkCredentialExchangeState::Action leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +DmAuthStateType AuthSrcCredentialAuthStartState::GetStateType() +{ + return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_START_STATE; +} + + +int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr context) +{ + LOGI(" AuthSrcCredentialAuthStartState::Action start."); + int32_t ret = ERR_DM_FAILED; + std::string tmpCredId; + int32_t osAccountId = context->accesser.userId; + + if (context == nullptr || context->hiChainAuthConnector == nullptr || + context->authMessageProcessor == nullptr || context->softbusConnector == nullptr) { + return ret; + } + + // 首次认证 + if (!context->isOnline) { + // 协商用户级凭据 + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_USER, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_USER, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree user cred failed."); + return ret; + } + + // 删除临时用户级凭据 + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + } + + // 协商应用级凭据 + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_APP, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_APP, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); + return ret; + } + + // 删除临时应用级凭据 + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + + // 凭据认证 先进行应用级 + ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, + context->accesser.transmitCredentialId, std::string("")); + if (ret != DM_OK) { + LOGE("AuthSrcCredentialAuthStartState::Action failed, auth app cred failed."); + return ret; + } + + // 阻塞等待事件ON_TRANSMIT事件到来 + if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { + LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); + return ERR_DM_FAILED; + } + + // 发送160报文 + std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); + LOGI(" AuthSrcCredentialAuthStartState::Action leave."); + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +} // namespace DistributedHardware +} // namespace OHOS diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp new file mode 100644 index 000000000..ed4410980 --- /dev/null +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -0,0 +1,1407 @@ +/* + * Copyright (c) 2025 Huawei Device Co., Ltd. + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +#include +#include +#include +#include +#include "dm_anonymous.h" +#include "dm_auth_context.h" +#include "dm_auth_message_processor.h" +#include "distributed_device_profile_client.h" +#include "deviceprofile_connector.h" +#include "service_info_profile.h" +#include "service_info_unique_key.h" +#include "dm_log.h" +#include "dm_constants.h" +#include "dm_anonymous.h" +#include "access_control_profile.h" +#include "dm_auth_manager_base.h" +#include "dm_auth_context.h" +#include "dm_auth_state_machine.h" +#include "dm_crypto.h" +#undef LOG_TAG +#define LOG_TAG "DHDM_V2" + +namespace OHOS { +namespace DistributedHardware { + +namespace { + +constexpr const char* TAG_DEVICE_TYPE = "deviceType"; + +void CreateNegotiateExtraInfoMessage(std::shared_ptr context, JsonItemObject &jsonExtraObject) +{ + if (context->accessee.displayId != 0) { + jsonExtraObject[DM_TAG_PEER_DISPLAY_ID] = context->accessee.displayId; + } + if (context->accessee.userId != 0) { + jsonExtraObject[DM_TAG_ACCESSEE_USER_ID] = context->accessee.userId; + } + + return; +} + +void ParseNegotiateExtraInfoMessage(const JsonItemObject &jsonExtraObject, std::shared_ptr context) +{ + // accesser在extra中传输对端peerUserId和peerDisplayId时,从中获取userId + if (jsonExtraObject[DM_TAG_ACCESSEE_USER_ID].IsNumberInteger()) { + context->accessee.userId = jsonExtraObject[DM_TAG_ACCESSEE_USER_ID].Get(); + } else if (jsonExtraObject[DM_TAG_PEER_DISPLAY_ID].IsNumberInteger()) { + context->accessee.displayId = jsonExtraObject[DM_TAG_PEER_DISPLAY_ID].Get(); + } + + return; +} + +void ParseDmAccessToSync(const JsonItemObject &jsonObject, DmAccess &access) +{ + DmAccessToSync srcAccessToSync = jsonObject.Get(); + access.deviceName = srcAccessToSync.deviceName; + access.deviceId = srcAccessToSync.deviceId; + access.userId = srcAccessToSync.userId; + access.accountId = srcAccessToSync.accountId; + access.tokenId = srcAccessToSync.tokenId; + access.bundleName = srcAccessToSync.bundleName; + access.bindLevel = srcAccessToSync.bindLevel; + access.sessionKeyId = srcAccessToSync.sessionKeyId; + access.skTimeStamp = srcAccessToSync.skTimeStamp; + return; +} + +int32_t ParaseAclChecksumList(const JsonItemObject &aclChecksumjson, DmAccess &access) +{ + if (aclChecksumjson.IsDiscarded()) { + LOGE("ParseSyncMessage aclChecksumjson error"); + return ERR_DM_FAILED; + } + if (!aclChecksumjson[DM_TAG_ACCESSER].IsArray()) { // 再解析一次 acl + LOGE("ParseSyncMessage DM_TAG_ACCESSER error"); + return ERR_DM_FAILED; + } + aclChecksumjson[DM_TAG_ACCESSER].Get(access.accesserStrList); + if (!aclChecksumjson[DM_TAG_ACCESSEE].IsArray()) { // 再解析一次 acl + LOGE("ParseSyncMessage DM_TAG_ACCESSEE error"); + return ERR_DM_FAILED; + } + aclChecksumjson[DM_TAG_ACCESSEE].Get(access.accesseeStrList); + + return DM_OK; +} + +bool IsMessageValid(const JsonItemObject &jsonObject) +{ + if (jsonObject.IsDiscarded()) { + LOGE("DmAuthMessageProcessor::ParseMessage failed, decodeRequestAuth jsonStr error"); + return false; + } + if (!jsonObject[TAG_MSG_TYPE].IsNumberInteger()) { + LOGE("DmAuthMessageProcessor::ParseMessage failed, message type error."); + return false; + } + return true; +} + +} + +// 保存秘钥 +int32_t DmAuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) +{ + if (cryptoMgr_ == nullptr) { + LOGE("DmAuthMessageProcessor::SaveSessionKey failed, cryptoMgr_ is nullptr."); + return ERR_DM_FAILED; + } + return cryptoMgr_->SaveSessionKey(sessionKey, keyLen); +} + +// 保存永久SK +int32_t DmAuthMessageProcessor::SaveSessionKeyToDP(int32_t &skId) +{ + if (cryptoMgr_ == nullptr) { + LOGE("DmAuthMessageProcessor::SaveSessionKey failed, cryptoMgr_ is nullptr."); + return ERR_DM_FAILED; + } + uint32_t skLen = cryptoMgr_->GetSessionKey(nullptr); + uint8_t sessionKey[skLen]; + skLen = cryptoMgr_->GetSessionKey(sessionKey); + std::vector sk(sessionKey, sessionKey + skLen); + return DeviceProfileConnector::GetInstance().PutSessionKey(sk, skId); +} + +void DmAuthMessageProcessor::SetAccessControlList(std::shared_ptr context, + DistributedDeviceProfile::AccessControlProfile &profile) +{ + uint32_t bindType = DM_ACROSS_ACCOUNT; + if (context->accesser.accountId == "ohosAnonymousUid" || context->accessee.accountId == "ohosAnonymousUid") { + bindType = DM_POINT_TO_POINT; + } + uint32_t authenticationType = ALLOW_AUTH_ONCE; + if (context->authResult == USER_OPERATION_TYPE_ALLOW_AUTH_ALWAYS) { + authenticationType = ALLOW_AUTH_ALWAYS; + } + profile.SetBindType(bindType); + profile.SetAuthenticationType(authenticationType); + profile.SetStatus(ACTIVE); + profile.SetDeviceIdType((int32_t)DistributedDeviceProfile::DeviceIdType::UDID); +} + +void DmAuthMessageProcessor::SetTransmitAccessControlList(std::shared_ptr context, + DistributedDeviceProfile::Accesser &accesser, DistributedDeviceProfile::Accessee &accessee) +{ + accesser.SetAccesserDeviceId(context->accesser.deviceId); + accesser.SetAccesserUserId(context->accesser.userId); + accesser.SetAccesserAccountId(context->accesser.accountId); + accesser.SetAccesserTokenId(context->accesser.tokenId); + accesser.SetAccesserBundleName(context->accesser.bundleName); + accesser.SetAccesserDeviceName(context->accesser.deviceName); + accesser.SetAccesserCredentialId(stoi(context->accesser.transmitCredentialId)); + accesser.SetAccesserSessionKeyId(context->accesser.transmitSessionKeyId); + accesser.SetAccesserSKTimeStamp(context->accesser.transmitSkTimeStamp); + accessee.SetAccesseeDeviceId(context->accessee.deviceId); + accessee.SetAccesseeUserId(context->accessee.userId); + accessee.SetAccesseeAccountId(context->accessee.accountId); + accessee.SetAccesseeTokenId(context->accessee.tokenId); + accessee.SetAccesseeBundleName(context->accessee.bundleName); + accessee.SetAccesseeDeviceName(context->accessee.deviceName); + accessee.SetAccesseeCredentialId(stoi(context->accessee.transmitCredentialId)); + accessee.SetAccesseeSessionKeyId(context->accessee.transmitSessionKeyId); + accessee.SetAccesseeSKTimeStamp(context->accessee.transmitSkTimeStamp); +} + +void DmAuthMessageProcessor::SetLnnAccessControlList(std::shared_ptr context, + DistributedDeviceProfile::Accesser &accesser, DistributedDeviceProfile::Accessee &accessee) +{ + accesser.SetAccesserDeviceId(context->accesser.deviceId); + accesser.SetAccesserUserId(context->accesser.userId); + accesser.SetAccesserAccountId(context->accesser.accountId); + accesser.SetAccesserTokenId(0); + accesser.SetAccesserDeviceName(context->accesser.deviceName); + accesser.SetAccesserCredentialId(stoi(context->accesser.lnnCredentialId)); + accesser.SetAccesserSessionKeyId(context->accesser.lnnSessionKeyId); + accesser.SetAccesserSKTimeStamp(context->accesser.lnnSkTimeStamp); + accessee.SetAccesseeDeviceId(context->accessee.deviceId); + accessee.SetAccesseeUserId(context->accessee.userId); + accessee.SetAccesseeAccountId(context->accessee.accountId); + accessee.SetAccesseeTokenId(0); + accessee.SetAccesseeDeviceName(context->accessee.deviceName); + accessee.SetAccesseeCredentialId(stoi(context->accessee.lnnCredentialId)); + accessee.SetAccesseeSessionKeyId(context->accessee.lnnSessionKeyId); + accessee.SetAccesseeSKTimeStamp(context->accessee.lnnSkTimeStamp); +} + +int32_t DmAuthMessageProcessor::PutAccessControlList(std::shared_ptr context, + DmAccess &access, std::string trustDeviceId) +{ + LOGI("Start."); + DistributedDeviceProfile::Accesser accesser; + DistributedDeviceProfile::Accessee accessee; + SetLnnAccessControlList(context, accesser, accessee); + DistributedDeviceProfile::AccessControlProfile profile; + SetAccessControlList(context, profile); + profile.SetBindLevel(access.bindLevel); + profile.SetTrustDeviceId(trustDeviceId); + profile.SetDeviceIdHash(access.deviceIdHash); + profile.SetAccessee(accessee); + profile.SetAccesser(accesser); + int32_t ret = + DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile); + if (ret != DM_OK) { + LOGE("PutAccessControlProfile failed."); + } + SetTransmitAccessControlList(context, accesser, accessee); + profile.SetAccessee(accessee); + profile.SetAccesser(accesser); + ret = + DistributedDeviceProfile::DistributedDeviceProfileClient::GetInstance().PutAccessControlProfile(profile); + if (ret != DM_OK) { + LOGE("PutAccessControlProfile failed."); + } + return ret; +} + +DmAuthMessageProcessor::DmAuthMessageProcessor() +{ + LOGI("DmAuthMessageProcessor constructor"); + cryptoMgr_ = std::make_shared(); + createMessageFuncMap_ = { + {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateNegotiateMessage}, + {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::CreateRespNegotiateMessage}, + {DmMessageType::MSG_TYPE_REQ_USER_CONFIRM, &DmAuthMessageProcessor::CreateMessageReqUserConfirm}, + {DmMessageType::MSG_TYPE_RESP_USER_CONFIRM, &DmAuthMessageProcessor::CreateMessageRespUserConfirm}, + {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqPinAuthStart}, + {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_MSG_NEGOTIATE, &DmAuthMessageProcessor::CreateMessageReqPinAuthNegotiate}, + {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_START, &DmAuthMessageProcessor::CreateMessageRespPinAuthStart}, + {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE, + &DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageReqCredExchange}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::CreateMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateMessageReqCredAuthStart}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, + &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE, + &DmAuthMessageProcessor::CreateCredentialNegotiateMessage}, + {DmMessageType::MSG_TYPE_REQ_DATA_SYNC, &DmAuthMessageProcessor::CreateSyncMessage}, + {DmMessageType::MSG_TYPE_RESP_DATA_SYNC, &DmAuthMessageProcessor::CreateMessageSyncResp}, + {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, + {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::CreateMessageFinish}, + }; + paraseMessageFuncMap_ = { + {DmMessageType::MSG_TYPE_REQ_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseNegotiateMessage}, + {DmMessageType::MSG_TYPE_RESP_ACL_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageRespAclNegotiate}, + {DmMessageType::MSG_TYPE_REQ_USER_CONFIRM, &DmAuthMessageProcessor::ParseMessageReqUserConfirm}, + {DmMessageType::MSG_TYPE_RESP_USER_CONFIRM, &DmAuthMessageProcessor::ParseMessageRespUserConfirm}, + {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_START, &DmAuthMessageProcessor::ParseMessageReqPinAuthStart}, + {DmMessageType::MSG_TYPE_REQ_PIN_AUTH_MSG_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageReqPinAuthNegotiate}, + {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_START, &DmAuthMessageProcessor::ParseMessageRespPinAuthStart}, + {DmMessageType::MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE, + &DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageReqCredExchange}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, &DmAuthMessageProcessor::ParseMessageRspCredExchange}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseAuthStartMessage}, + {DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START, &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, + {DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE, + &DmAuthMessageProcessor::ParseMessageNegotiateTransmit}, + {DmMessageType::MSG_TYPE_REQ_DATA_SYNC, &DmAuthMessageProcessor::ParseMessageSyncReq}, + {DmMessageType::MSG_TYPE_RESP_DATA_SYNC, &DmAuthMessageProcessor::ParseMessageSyncResp}, + {DmMessageType::MSG_TYPE_AUTH_REQ_FINISH, &DmAuthMessageProcessor::ParseMessageSinkFinish}, + {DmMessageType::MSG_TYPE_AUTH_RESP_FINISH, &DmAuthMessageProcessor::ParseMessageSrcFinish}, + }; + LOGI("DmAuthMessageProcessor constructor leave."); +} + +DmAuthMessageProcessor::~DmAuthMessageProcessor() +{ + if (cryptoMgr_ != nullptr) { + cryptoMgr_->ClearSessionKey(); + cryptoMgr_ = nullptr; + } +} + +// 解析报文,返回值为错误码,实际解析出来的信息保存到context中 +int32_t DmAuthMessageProcessor::ParseMessage(std::shared_ptr context, const std::string &message) +{ + JsonObject jsonObject(message); + if (context == nullptr || !IsMessageValid(jsonObject)) { + return ERR_DM_FAILED; + } + DmMessageType msgType = static_cast(jsonObject[TAG_MSG_TYPE].Get()); + context->msgType = msgType; + LOGI("DmAuthMessageProcessor::ParseMessage message type %{public}d", context->msgType); + auto itr = paraseMessageFuncMap_.find(msgType); + if (itr == paraseMessageFuncMap_.end()) { + LOGI("DmAuthMessageProcessor::ParseMessage message type error %{public}d", context->msgType); + return ERR_DM_FAILED; + } + return (this->*(itr->second))(jsonObject, context); +} + +static std::vector stringToVector(const std::string& str) +{ + std::vector vec; + std::istringstream iss(str); + int32_t num; + while (iss >> num) { + vec.push_back(static_cast(num)); + } + return vec; +} + +static std::string vectorToString(const std::vector& vec) +{ + std::ostringstream oss; + for (size_t i = 0; i < vec.size(); ++i) { + oss << static_cast(vec[i]); + if (i != vec.size() - 1) { + oss << " "; // 添加分隔符(例如空格) + } + } + return oss.str(); +} +int32_t DmAuthMessageProcessor::ParseMessageNegotiateTransmit(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject.Contains(DM_TAG_DATA) || !jsonObject[DM_TAG_DATA].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageNegotiateTransmit Unlegal json string failed"); + return ERR_DM_FAILED; + } + + context->transmitData = jsonObject[DM_TAG_DATA].Get(); + + switch (context->msgType) { + case MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE: // 161 + context->authStateMachine->TransitionTo(std::make_shared()); + break; + case MSG_TYPE_RESP_CREDENTIAL_AUTH_START: // 170 + context->authStateMachine->TransitionTo(std::make_shared()); + break; + case MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE: // 171 + context->authStateMachine->TransitionTo(std::make_shared()); + break; + default: + return ERR_DM_FAILED; + } + + return DM_OK; +} + +// 解析131报文信息MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE +int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[DM_TAG_DATA].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate failed, decodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + + context->transmitData = jsonObject[DM_TAG_DATA].Get(); + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 解析140报文信息MSG_TYPE_REQ_CREDENTIAL_EXCHANGE,SINK端存放对方公钥 +int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject[DM_TAG_DATA].IsString()) { + LOGE("DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + + // 解密 + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[DM_TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, decrypt data failed."); + return ERR_DM_FAILED; + } + JsonObject jsonData(plainText); + + // 首次认证,解析用户级公钥 + if (!context->isOnline) { + if (!jsonData[DM_TAG_LNN_PUBLICK_KEY].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, first auth, no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accesser.lnnPublicKey = jsonData[DM_TAG_LNN_PUBLICK_KEY].Get(); + } + + if (!jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].IsString() || + !jsonData[DM_TAG_DEVICE_ID].IsString() || + !jsonData[DM_TAG_PEER_USER_SPACE_ID].IsNumberInteger() || + !jsonData[DM_TAG_TOKEN_ID].IsNumberInteger()) { + LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); + return ERR_DM_FAILED; + } + context->accesser.ephemeralPublicKey = jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].Get(); // 解析应用级公钥 + context->accesser.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); // 解析deviceId + context->accesser.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); // 解析userId + context->accesser.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); // 解析tokenId + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 解析150报文信息MSG_TYPE_RESP_CREDENTIAL_EXCHANGE,SRC端存放对方公钥,和协商凭据Id +int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, + std::shared_ptr context) +{ + LOGI("DmAuthMessageProcessor::ParseMessageRspCredExchange start."); + if (jsonObject.IsDiscarded() || !jsonObject[DM_TAG_DATA].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange, DecodeRequestAuth jsonStr error"); + return ERR_DM_FAILED; + } + + // 解密 + std::string plainText; + if (cryptoMgr_->DecryptMessage(jsonObject[DM_TAG_DATA].Get(), plainText) != DM_OK) { + LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange error, decrypt data failed."); + return ERR_DM_FAILED; + } + + LOGI("DmAuthMessageProcessor::ParseMessageRspCredExchange plainText=%{public}s", plainText.c_str()); + + JsonObject jsonData(plainText); + + // 首次认证,解析对方用户级公钥和协商用户级凭据Id + std::string tmpString; + if (!context->isOnline) { + if (!jsonData[DM_TAG_LNN_PUBLICK_KEY].IsString()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange failed, first auth but no lnnPublicKey."); + return ERR_DM_FAILED; + } + context->accessee.lnnPublicKey = jsonData[DM_TAG_LNN_PUBLICK_KEY].Get(); + } + + // 解析对方应用级公钥和协商应用级凭据Id + if (!jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].IsString() || + !jsonData[DM_TAG_DEVICE_ID].IsString() || + !jsonData[DM_TAG_PEER_USER_SPACE_ID].IsNumberInteger() || + !jsonData[DM_TAG_TOKEN_ID].IsNumberInteger()) { + LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange failed, decode MSG_TYPE_RESP_CREDENTIAL_EXCHANGE " + "message error."); + return ERR_DM_FAILED; + } + context->accessee.ephemeralPublicKey = jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].Get(); + context->accessee.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); // 解析deviceId + context->accessee.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); // 解析userId + context->accessee.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); // 解析tokenId + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 创建报文,构造对应msgType的报文,返回值为json格式报文的字符串 +std::string DmAuthMessageProcessor::CreateMessage(DmMessageType msgType, std::shared_ptr context) +{ + LOGI("DmAuthMessageProcessor::CreateMessage start. msgType is %{public}d", msgType); + JsonObject jsonObj; + jsonObj[TAG_MSG_TYPE] = msgType; + auto itr = createMessageFuncMap_.find(msgType); + if (itr == createMessageFuncMap_.end()) { + LOGE("DmAuthMessageProcessor::CreateMessage msgType %{public}d error.", msgType); + return ""; + } + int32_t ret = (this->*(itr->second))(context, jsonObj); + return (ret == DM_OK) ? jsonObj.Dump() : ""; +} + +// 内部各类报文的实现 +// 161 170 171消息构造 +int32_t DmAuthMessageProcessor::CreateCredentialNegotiateMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + std::string encryptMsg; + jsonObject[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +// 创建80报文 +int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptr context, JsonObject &jsonObject) +{ + jsonObject[TAG_AUTH_TYPE] = context->authType; + jsonObject[TAG_SESSION_NAME] = context->sessionName; + jsonObject[DM_TAG_DMVERSION] = context->accesser.dmVersion; + + jsonObject[DM_TAG_USER_ID] = context->accesser.userId; + jsonObject[DM_TAG_TOKEN_ID] = static_cast(context->accesser.tokenId); + + jsonObject[TAG_DEVICE_ID_HASH] = context->accesser.deviceIdHash; + jsonObject[TAG_USER_ID_HASH] = context->accesser.userIdHash; + jsonObject[TAG_ACCOUNT_ID_HASH] = context->accesser.accountIdHash; + jsonObject[TAG_TOKEN_ID_HASH] = context->accesser.tokenIdHash; + + jsonObject[TAG_BUNDLE_NAME] = context->accesser.bundleName; + jsonObject[TAG_PEER_BUNDLE_NAME] = context->accessee.bundleName; + jsonObject[TAG_BIND_LEVEL] = context->accesser.bindLevel; + + JsonObject jsonExtraObject; + CreateNegotiateExtraInfoMessage(context, jsonExtraObject); + jsonObject.Insert(DM_TAG_EXTRA_INFO, jsonExtraObject); + + return DM_OK; +} + +// 创建90报文 +int32_t DmAuthMessageProcessor::CreateRespNegotiateMessage(std::shared_ptr context, + JsonObject &jsonObject) +{ + jsonObject[TAG_DEVICE_VERSION] = context->accessee.dmVersion; + jsonObject[TAG_DEVICE_NAME] = context->accessee.deviceName; + + jsonObject[TAG_DEVICE_ID_HASH] = context->accessee.deviceIdHash; + jsonObject[TAG_USER_ID_HASH] = context->accessee.userIdHash; + jsonObject[TAG_ACCOUNT_ID_HASH] = context->accessee.accountIdHash; + jsonObject[TAG_TOKEN_ID_HASH] = context->accessee.tokenIdHash; + + jsonObject[TAG_BUNDLE_NAME] = context->accessee.bundleName; + jsonObject[TAG_IS_ONLINE] = context->isOnline; + jsonObject[TAG_IS_AUTHED] = context->accessee.isAuthed; + jsonObject[TAG_CREDENTIAL_INFO] = context->accessee.credentialInfos; + + jsonObject[DM_TAG_AUTH_TYPE_LIST] = vectorToString(context->authTypeList); + if (context->authResultReady) { + jsonObject[DM_TAG_AUTH_RESULT] = context->authResult; + } + return DM_OK; +} + +// 创建140报文 +int32_t DmAuthMessageProcessor::CreateMessageReqCredExchange(std::shared_ptr context, + JsonObject &jsonObject) +{ + JsonObject jsonData; + if (!context->isOnline) { + jsonData[DM_TAG_LNN_PUBLICK_KEY] = context->accesser.lnnPublicKey; + } + jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY] = context->accesser.ephemeralPublicKey; + jsonData[DM_TAG_DEVICE_ID] = context->accesser.deviceId; + jsonData[DM_TAG_PEER_USER_SPACE_ID] = context->accesser.userId; + jsonData[DM_TAG_TOKEN_ID] = context->accesser.tokenId; + + std::string plainText = jsonData.Dump(); + std::string cipherText; + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageReqCredExchange encryptMessage failed."); + return ret; + } + jsonObject[DM_TAG_DATA] = cipherText; + return ret; +} + +// 创建150报文 +int32_t DmAuthMessageProcessor::CreateMessageRspCredExchange(std::shared_ptr context, + JsonObject &jsonObject) +{ + LOGI("DmAuthMessageProcessor::CreateMessageRspCredExchange start."); + JsonObject jsonData; + if (!context->isOnline) { + jsonData[DM_TAG_LNN_PUBLICK_KEY] = context->accessee.lnnPublicKey; + } + jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY] = context->accessee.ephemeralPublicKey; // 本端应用级公钥 + jsonData[DM_TAG_DEVICE_ID] = context->accessee.deviceId; // 本端deviceId + jsonData[DM_TAG_PEER_USER_SPACE_ID] = context->accessee.userId; // 本端userId + jsonData[DM_TAG_TOKEN_ID] = context->accessee.tokenId; // 本端tokenId + + std::string plainText = jsonData.Dump(); + std::string cipherText; + LOGI("DmAuthMessageProcessor::CreateMessageRspCredExchange plainText=%{public}s", plainText.c_str()); + int32_t ret = cryptoMgr_->EncryptMessage(plainText, cipherText); + if (ret != DM_OK) { + LOGI("DmAuthMessageProcessor::CreateMessageRspCredExchange encryptMessage failed."); + return ret; + } + jsonObject[DM_TAG_DATA] = cipherText; + return ret; +} + +// 创建160报文 +int32_t DmAuthMessageProcessor::CreateMessageReqCredAuthStart(std::shared_ptr context, + JsonObject &jsonObject) +{ + std::string onTransmitData; + + JsonObject jsonData; + jsonObject[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +bool DmAuthMessageProcessor::ChecksumAcl(DistributedDeviceProfile::AccessControlProfile &acl, + std::vector &accesserStrList, std::vector &accesseeStrList) +{ + uint8_t accesserHash[DM_HASH_LEN] = {0}; + std::string accesserStr = AccesserToStr(acl); + Crypto::DmGenerateStrHash(accesserStr.data(), accesserStr.size(), accesserHash, DM_HASH_LEN, 0); + auto accesserIter = find(accesserStrList.begin(), accesserStrList.end(), + std::string(reinterpret_cast(accesserHash))); + + uint8_t accesseeHash[DM_HASH_LEN] = {0}; + std::string accesseeStr = AccesseeToStr(acl); + Crypto::DmGenerateStrHash(accesseeStr.data(), accesseeStr.size(), accesseeHash, DM_HASH_LEN, 0); + auto accesseeIter = find(accesseeStrList.begin(), accesseeStrList.end(), + std::string(reinterpret_cast(accesseeHash))); + return (accesserIter != accesserStrList.end()) && (accesseeIter != accesseeStrList.end()); +} + +// 创建190报文 +int32_t DmAuthMessageProcessor::CreateMessageSyncResp(std::shared_ptr context, + JsonObject &jsonObject) +{ + DmAccess access; // 代表本端的access + if (context->direction == DM_AUTH_SINK) { + access = context->accessee; + } else { + access = context->accesser; + } + + std::string encSyncMsg; + int32_t ret = EncryptSyncMessage(context, access, encSyncMsg); + if (ret != DM_OK) { + LOGE("DmAuthMessageProcessor::CreateMessageSyncResp encrypt failed"); + return ret; + } + jsonObject[DM_TAG_SYNC] = encSyncMsg; + return ret; +} + +// 创建200报文 +int32_t DmAuthMessageProcessor::CreateMessageFinish(std::shared_ptr context, + JsonObject &jsonObject) +{ + jsonObject[DM_TAG_REPLY] = context->reply; + jsonObject[DM_TAG_STATE] = context->state; + jsonObject[DM_TAG_REASON] = context->reason; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseSyncMessage(std::shared_ptr &context, + DmAccess &access, JsonObject &jsonObject) +{ + // transmit session key is mandatory + if (!jsonObject[DM_TAG_TRANSMIT_SK_ID].IsString()) { + LOGE("ParseSyncMessage DM_TAG_TRANSMIT_SK_ID error"); + return ERR_DM_FAILED; + } + access.transmitSessionKeyId = std::atoi(jsonObject[DM_TAG_TRANSMIT_SK_ID].Get().c_str()); + + if (!jsonObject[DM_TAG_TRANSMIT_SK_TIMESTAMP].IsString()) { + LOGE("ParseSyncMessage DM_TAG_TRANSMIT_SK_TIMESTAMP error"); + return ERR_DM_FAILED; + } + access.transmitSkTimeStamp = std::atoi(jsonObject[DM_TAG_TRANSMIT_SK_TIMESTAMP].Get().c_str()); + + if (!jsonObject[DM_TAG_TRANSMIT_CREDENTIAL_ID].IsString()) { + LOGE("ParseSyncMessage DM_TAG_TRANSMIT_CREDENTIAL_ID error"); + return ERR_DM_FAILED; + } + access.transmitCredentialId = jsonObject[DM_TAG_TRANSMIT_CREDENTIAL_ID].Get().c_str(); + + // lnn session key is optional + if (jsonObject[DM_TAG_LNN_SK_ID].IsString()) { + access.lnnSessionKeyId = std::atoi(jsonObject[DM_TAG_LNN_SK_ID].Get().c_str()); + } + if (jsonObject[DM_TAG_LNN_SK_TIMESTAMP].IsString()) { + access.lnnSkTimeStamp = std::atoi(jsonObject[DM_TAG_LNN_SK_TIMESTAMP].Get().c_str()); + } + + if (jsonObject[DM_TAG_LNN_CREDENTIAL_ID].IsString()) { + access.lnnCredentialId = jsonObject[DM_TAG_LNN_CREDENTIAL_ID].Get().c_str(); + } + + if (!jsonObject[DM_TAG_DMVERSION].IsString()) { + LOGE("ParseSyncMessage DM_TAG_DMVERSION error"); + return ERR_DM_FAILED; + } + + access.dmVersion = jsonObject[DM_TAG_DMVERSION].Get(); + if (!jsonObject[DM_TAG_ACCESS].IsString()) { // 再解析一次 + LOGE("ParseSyncMessage DM_TAG_ACCESS error"); + return ERR_DM_FAILED; + } + std::string srcAccessStr = jsonObject[DM_TAG_ACCESS].Get(); + // 解析到 access里面 + JsonObject accessjson(srcAccessStr); + ParseDmAccessToSync(accessjson, access); + if (jsonObject[DM_TAG_PROXY].IsString()) { // 预留字段 + std::string proxyInfo = jsonObject[DM_TAG_PROXY].Get(); + } + if (jsonObject[DM_TAG_SERVICEINFO].IsString()) { // sp 暂时没有传 + std::string serviceInfo = jsonObject[DM_TAG_SERVICEINFO].Get(); + } + if (!jsonObject[DM_TAG_ACL_CHECKSUM].IsString()) { // 再解析一次 acl + LOGE("ParseSyncMessage DM_TAG_ACL_CHECKSUM error"); + return ERR_DM_FAILED; + } + std::string aclChecksumList = jsonObject[DM_TAG_ACL_CHECKSUM].Get(); + JsonObject aclChecksumjson(aclChecksumList); + return ParaseAclChecksumList(aclChecksumjson, access); +} + +int32_t DmAuthMessageProcessor::DecryptSyncMessage(std::shared_ptr &context, + DmAccess &access, std::string &enSyncMsg) +{ + // 解密整个字段 + std::string syncMsgCompress = ""; + int32_t ret = cryptoMgr_->DecryptMessage(enSyncMsg, syncMsgCompress); + if (ret != DM_OK) { + LOGE("DecryptSyncMessage syncMsg error"); + return ret; + } + JsonObject plainJson(syncMsgCompress); + if (plainJson.IsDiscarded()) { + LOGE("DecryptSyncMessage plainJson error"); + return ERR_DM_FAILED; + } + if (!plainJson[DM_TAG_COMPRESS_ORI_LEN].IsNumberInteger()) { + LOGE("DecryptSyncMessage DM_TAG_COMPRESS_ORI_LEN json error"); + return ERR_DM_FAILED; + } + int32_t dataLen = plainJson[DM_TAG_COMPRESS_ORI_LEN].Get(); + if (!plainJson[DM_TAG_COMPRESS].IsString()) { + LOGE("DecryptSyncMessage DM_TAG_COMPRESS_ORI_LEN json error"); + return ERR_DM_FAILED; + } + std::string compressMsg = plainJson[DM_TAG_COMPRESS].Get(); + // 解压缩 + std::string compressBase64 = Base64Decode(compressMsg); + std::string syncMsg = DecompressSyncMsg(compressBase64, dataLen); + // 解析字段 + JsonObject jsonObject(syncMsg); + if (jsonObject.IsDiscarded()) { + LOGE("DmAuthMessageProcessor::DecryptSyncMessage jsonStr error"); + return ERR_DM_FAILED; + } + + ret = ParseSyncMessage(context, access, jsonObject); + if (ret != DM_OK) { + LOGE("DecryptSyncMessage ParseSyncMessage jsonStr error"); + return ret; + } + return DM_OK; +} + +// 解析 180报文信息 MSG_TYPE_REQ_DATA_SYNC 存放对方密文四元组,acl,sp skid +int32_t DmAuthMessageProcessor::ParseMessageSyncReq(const JsonObject &jsonObject, + std::shared_ptr context) +{ + // 解析json中的加密数据 + if (!jsonObject[DM_TAG_SYNC].IsString()) { // 再解析一次 acl + LOGE("ParseMessageSyncReq json error"); + return ERR_DM_FAILED; + } + std::string enSyncMsg = jsonObject[DM_TAG_SYNC].Get(); + // 解密数据 + 解析数据到context中 + int32_t ret = DecryptSyncMessage(context, context->accesser, enSyncMsg); + if (ret != DM_OK) { + LOGE("DecryptSyncMessage enSyncMsg error"); + return ret; + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 解析 190报文信息 MSG_TYPE_RESP_DATA_SYNC 存放对方密文四元组,acl sp skid +int32_t DmAuthMessageProcessor::ParseMessageSyncResp(const JsonObject &jsonObject, + std::shared_ptr context) +{ + // 解析json中的加密数据 + if (!jsonObject[DM_TAG_SYNC].IsString()) { // 再解析一次 acl + LOGE("ParseMessageSyncResp json error"); + return ERR_DM_FAILED; + } + std::string enSyncMsg = jsonObject[DM_TAG_SYNC].Get(); + // 解密数据 + 解析数据到context中 + int32_t ret = DecryptSyncMessage(context, context->accessee, enSyncMsg); + if (ret != DM_OK) { + LOGE("DecryptSyncMessage enSyncMsg error"); + return ret; + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 解析200报文 +int32_t DmAuthMessageProcessor::ParseMessageSinkFinish(const JsonObject &jsonObject, + std::shared_ptr context) +{ + /* In case of an exception, there may be a state waiting for an event. + In the normal process, no state is waiting for events. */ + context->authStateMachine->NotifyEventFinish(DmEventType::ON_FAIL); + if (jsonObject[DM_TAG_REPLY].IsNumberInteger()) { + context->reply = jsonObject[DM_TAG_REPLY].Get(); + } + if (jsonObject[DM_TAG_STATE].IsNumberInteger()) { + context->state = jsonObject[DM_TAG_STATE].Get(); + } + if (jsonObject[DM_TAG_REASON].IsNumberInteger()) { + context->reason = jsonObject[DM_TAG_REASON].Get(); + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +// 解析201报文 +int32_t DmAuthMessageProcessor::ParseMessageSrcFinish(const JsonObject &jsonObject, + std::shared_ptr context) +{ + /* In case of an exception, there may be a state waiting for an event. + In the normal process, no state is waiting for events. */ + context->authStateMachine->NotifyEventFinish(DmEventType::ON_FAIL); + if (jsonObject[DM_TAG_REPLY].IsNumberInteger()) { + context->reply = jsonObject[DM_TAG_REPLY].Get(); + } + if (jsonObject[DM_TAG_STATE].IsNumberInteger()) { + context->state = jsonObject[DM_TAG_STATE].Get(); + } + if (jsonObject[DM_TAG_REASON].IsNumberInteger()) { + context->reason = jsonObject[DM_TAG_REASON].Get(); + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseNegotiateMessage(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject[DM_TAG_DMVERSION].IsString()) { + context->accesser.dmVersion = jsonObject[DM_TAG_DMVERSION].Get(); + } + if (jsonObject[DM_TAG_EDITION].IsString()) { + context->accesser.edition = jsonObject[DM_TAG_EDITION].Get(); + } + if (jsonObject[DM_TAG_USER_ID].IsNumberInteger()) { + context->accesser.userId = jsonObject[DM_TAG_USER_ID].Get(); + } + if (jsonObject[DM_TAG_TOKEN_ID].IsNumberInteger()) { + context->accesser.tokenId = static_cast(jsonObject[DM_TAG_TOKEN_ID].Get()); + context->requestId = context->accesser.tokenId; + } + + if (jsonObject[TAG_DEVICE_ID_HASH].IsString()) { + context->accesser.deviceIdHash = jsonObject[TAG_DEVICE_ID_HASH].Get(); + } + if (jsonObject[TAG_USER_ID_HASH].IsString()) { + context->accesser.userIdHash = jsonObject[TAG_USER_ID_HASH].Get(); + } + if (jsonObject[TAG_ACCOUNT_ID_HASH].IsString()) { + context->accesser.accountIdHash = jsonObject[TAG_ACCOUNT_ID_HASH].Get(); + } + if (jsonObject[TAG_TOKEN_ID_HASH].IsString()) { + context->accesser.tokenIdHash = jsonObject[TAG_TOKEN_ID_HASH].Get(); + } + + if (jsonObject[TAG_SESSION_NAME].IsString()) { + context->sessionName = jsonObject[TAG_SESSION_NAME].Get(); + } + if (jsonObject[TAG_BUNDLE_NAME].IsString()) { + context->accesser.bundleName = jsonObject[TAG_BUNDLE_NAME].Get(); + } + if (jsonObject[TAG_PEER_BUNDLE_NAME].IsString()) { + context->accessee.bundleName = jsonObject[TAG_PEER_BUNDLE_NAME].Get(); + } + if (jsonObject[TAG_BIND_LEVEL].IsNumberInteger()) { + context->accesser.bindLevel = jsonObject[TAG_BIND_LEVEL].Get(); + } + if (jsonObject[TAG_AUTH_TYPE].IsNumberInteger()) { + context->authType = static_cast(jsonObject[TAG_AUTH_TYPE].Get()); + } + + if (jsonObject.Contains(DM_TAG_EXTRA_INFO) && jsonObject[DM_TAG_EXTRA_INFO].IsObject()) { + ParseNegotiateExtraInfoMessage(jsonObject[DM_TAG_EXTRA_INFO], context); + } + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageRespAclNegotiate(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject[TAG_DEVICE_VERSION].IsString()) { + context->accessee.dmVersion = jsonObject[TAG_DEVICE_VERSION].Get(); + } + + if (jsonObject[TAG_DEVICE_NAME].IsString()) { + context->accessee.deviceName = jsonObject[TAG_DEVICE_NAME].Get(); + } + + if (jsonObject[TAG_DEVICE_ID_HASH].IsString()) { + context->accessee.deviceIdHash = jsonObject[TAG_DEVICE_ID_HASH].Get(); + } + + if (jsonObject[TAG_USER_ID_HASH].IsString()) { + context->accessee.userIdHash = jsonObject[TAG_USER_ID_HASH].Get(); + } + + if (jsonObject[TAG_ACCOUNT_ID_HASH].IsString()) { + context->accessee.accountIdHash = jsonObject[TAG_ACCOUNT_ID_HASH].Get(); + } + + if (jsonObject[TAG_TOKEN_ID_HASH].IsString()) { + context->accessee.tokenIdHash = jsonObject[TAG_TOKEN_ID_HASH].Get(); + } + + if (jsonObject[TAG_BUNDLE_NAME].IsString()) { + context->accessee.bundleName = jsonObject[TAG_BUNDLE_NAME].Get(); + } + + if (jsonObject[TAG_IS_ONLINE].IsBoolean()) { + context->isOnline = jsonObject[TAG_IS_ONLINE].Get(); + } + + if (jsonObject[TAG_IS_AUTHED].IsBoolean()) { + context->accessee.isAuthed = jsonObject[TAG_IS_AUTHED].Get(); + } + + if (jsonObject[TAG_CREDENTIAL_INFO].IsString()) { + context->accessee.credentialInfos = jsonObject[TAG_CREDENTIAL_INFO].Get(); + } + + if (jsonObject[DM_TAG_AUTH_TYPE_LIST].IsString()) { + auto strList = jsonObject[DM_TAG_AUTH_TYPE_LIST].Get(); + context->authTypeList = stringToVector(strList); + } + if (jsonObject.Contains(DM_TAG_AUTH_RESULT) && jsonObject[DM_TAG_AUTH_RESULT].IsNumberInteger()) { + context->authResult = static_cast(jsonObject[DM_TAG_AUTH_RESULT].Get()); + context->authResultReady = true; + } + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageReqUserConfirm(const JsonObject &json, + std::shared_ptr context) +{ + if (json[TAG_DEVICE_TYPE].IsNumberInteger()) { + context->accesser.deviceType = json[TAG_DEVICE_TYPE].Get(); + } + if (json[TAG_DEVICE_NAME].IsString()) { + context->accesser.deviceName = json[TAG_DEVICE_NAME].Get(); + } + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageRespUserConfirm(const JsonObject &json, + std::shared_ptr context) +{ + if (json[DM_TAG_AUTH_RESULT].IsNumberInteger()) { + context->authResult = static_cast(json[DM_TAG_AUTH_RESULT].Get()); + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageReqPinAuthStart(const JsonObject &json, + std::shared_ptr context) +{ + if (json[DM_TAG_DATA].IsString()) { + context->transmitData = json[DM_TAG_DATA].Get(); + } + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthStart(const JsonObject &json, + std::shared_ptr context) +{ + if (json[DM_TAG_DATA].IsString()) { + context->transmitData = json[DM_TAG_DATA].Get(); + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::ParseMessageReqPinAuthNegotiate(const JsonObject &json, + std::shared_ptr context) +{ + if (json[DM_TAG_DATA].IsString()) { + context->transmitData = json[DM_TAG_DATA].Get(); + } + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageReqUserConfirm(std::shared_ptr context, JsonObject &json) +{ + json[TAG_DEVICE_TYPE] = context->accesser.deviceType; + json[TAG_DEVICE_NAME] = context->accesser.deviceName; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageRespUserConfirm(std::shared_ptr context, JsonObject &json) +{ + json[DM_TAG_AUTH_RESULT] = context->authResult; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageReqPinAuthStart(std::shared_ptr context, JsonObject &json) +{ + json[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageRespPinAuthStart(std::shared_ptr context, JsonObject &json) +{ + json[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageReqPinAuthNegotiate(std::shared_ptr context, + JsonObject &json) +{ + json[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +int32_t DmAuthMessageProcessor::CreateMessageRespPinAuthNegotiate(std::shared_ptr context, + JsonObject &json) +{ + json[DM_TAG_DATA] = context->transmitData; + return DM_OK; +} + +void DmAuthMessageProcessor::CreateAndSendMsg(DmMessageType msgType, std::shared_ptr context) +{ + auto message = CreateMessage(msgType, context); + context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); +} + +std::string DmAuthMessageProcessor::CompressSyncMsg(std::string &inputStr) +{ + uint32_t srcLen = inputStr.size(); + uint32_t boundSize = compressBound(srcLen); // 最大压缩长度 + std::string compressed(boundSize, '\0'); + + // 压缩到预留空间 + unsigned long destSize = boundSize; // 实际可用长度 + int32_t ret = compress(reinterpret_cast(&compressed[0]), &destSize, + reinterpret_cast(inputStr.data()), srcLen); + if (ret != Z_OK) { + LOGE("DmAuthMessageProcessor::CompressSyncMsg zlib compress failed"); + return ""; + } + compressed.resize(destSize); // 实际使用长度 + return compressed; +} + +std::string DmAuthMessageProcessor::DecompressSyncMsg(std::string& compressed, uint32_t oriLen) +{ + std::string decompressed; + decompressed.resize(oriLen); + unsigned long destLen = oriLen; // 实际使用长度 + int32_t ret = uncompress(reinterpret_cast(&decompressed[0]), &destLen, + reinterpret_cast(compressed.data()), // 解压时跳过头部 + compressed.size()); + if (ret != Z_OK || destLen != oriLen) { + LOGE("DmAuthMessageProcessor::DecompressSyncMsg decompress failed"); + return ""; + } + return decompressed; +} + +std::string DmAuthMessageProcessor::Base64Encode(std::string &inputStr) +{ + // 输入字符串转二进制 + const unsigned char* src = reinterpret_cast(inputStr.data()); + size_t srcLen = inputStr.size(); + + // 计算base64 后最大长度 + size_t maxEncodeLen = ((srcLen + 2) / 3) * 4 + 1; + std::vector buffer(maxEncodeLen); + + // 实际编码长度 + size_t encodedLen = 0; + int32_t ret = mbedtls_base64_encode(buffer.data(), buffer.size(), &encodedLen, src, srcLen); + if (ret != 0) { + LOGE("DmAuthMessageProcessor::Base64Encode mbedtls_base64_encode failed"); + return ""; + } + return std::string(reinterpret_cast(buffer.data()), encodedLen); // 无需终止符 +} + +std::string DmAuthMessageProcessor::Base64Decode(std::string &inputStr) +{ + // 输入字符串转二进制 + const unsigned char* src = reinterpret_cast(inputStr.data()); + size_t srcLen = inputStr.size(); + + // 计算base64 后最大长度 + size_t maxEncodeLen = (srcLen / 4) * 3 + 1; + std::vector buffer(maxEncodeLen); + + // 实际编码长度 + size_t decodedLen = 0; + int32_t ret = mbedtls_base64_decode(buffer.data(), buffer.size(), &decodedLen, src, srcLen); + if (ret != 0) { + LOGE("DmAuthMessageProcessor::Base64Decode mbedtls_base64_decode failed"); + return ""; + } + return std::string(reinterpret_cast(buffer.data()), decodedLen); // 无需终止符 +} + + +// 用于组装syncMsg中的加密部分 +int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, + std::string &encSyncMsg) +{ + JsonObject syncMsgJson; // 完整的180/190 消息 未经压缩&加密 + DmAccessToSync accessToSync; + accessToSync.deviceName = accessSide.deviceName; + accessToSync.deviceId = accessSide.deviceId; + accessToSync.userId = accessSide.userId; + accessToSync.accountId = accessSide.accountId; + accessToSync.tokenId = accessSide.tokenId; + accessToSync.bundleName = accessSide.bundleName; + accessToSync.bindLevel = accessSide.bindLevel; + syncMsgJson[DM_TAG_TRANSMIT_SK_ID] = std::to_string(accessSide.transmitSessionKeyId); + syncMsgJson[DM_TAG_TRANSMIT_SK_TIMESTAMP] = std::to_string(accessSide.transmitSkTimeStamp); + syncMsgJson[DM_TAG_TRANSMIT_CREDENTIAL_ID] = accessSide.transmitCredentialId; + if (!context->isOnline) { // 首次认证 + syncMsgJson[DM_TAG_LNN_SK_ID]=std::to_string(accessSide.lnnSessionKeyId); + syncMsgJson[DM_TAG_LNN_SK_TIMESTAMP]=std::to_string(accessSide.lnnSkTimeStamp); + syncMsgJson[DM_TAG_LNN_CREDENTIAL_ID] = accessSide.lnnCredentialId; + } + + JsonObject accessJsonObj{}; + accessJsonObj = accessToSync; + syncMsgJson[DM_TAG_DMVERSION] = accessSide.dmVersion; + syncMsgJson[DM_TAG_ACCESS] = accessJsonObj.Dump(); // 接收端需要再拆一次json + syncMsgJson[DM_TAG_PROXY] = ""; // 预留字段 留空即可 + std::string aclHashList; + int32_t ret = GetAclListStr(context, aclHashList); + if (ret != DM_OK) { + LOGE("DmAuthMessageProcessor::EncryptSyncMessage GetAclListStr failed"); + return ERR_DM_FAILED; + } + + syncMsgJson[DM_TAG_ACL_CHECKSUM] = aclHashList; + std::string syncMsg = syncMsgJson.Dump(); // 消息构造完成 + + std::string compressMsg = CompressSyncMsg(syncMsg); // 压缩 + if (compressMsg.empty()) { + LOGE("DmAuthMessageProcessor::EncryptSyncMessage compress failed"); + return ERR_DM_FAILED; + } + JsonObject plainJson; + plainJson[DM_TAG_COMPRESS_ORI_LEN] = syncMsg.size(); // 记录压缩前原始长度 用于接收端解析 + plainJson[DM_TAG_COMPRESS] = Base64Encode(compressMsg); + // 加密整个字段 + return cryptoMgr_->EncryptMessage(plainJson.Dump(), encSyncMsg); +} + +int32_t DmAuthMessageProcessor::ACLToStr(DistributedDeviceProfile::AccessControlProfile acl, std::string aclStr) +{ + DmAccessControlTable dmAcl; + dmAcl.accessControlId = acl.GetAccessControlId(); + dmAcl.accesserId = acl.GetAccesserId(); + dmAcl.accesseeId = acl.GetAccesseeId(); + dmAcl.deviceId = acl.GetTrustDeviceId(); + dmAcl.sessionKey = acl.GetSessionKey(); + dmAcl.bindType = acl.GetBindType(); + dmAcl.authType = acl.GetAuthenticationType(); + dmAcl.deviceType = acl.GetDeviceIdType(); + dmAcl.deviceIdHash = acl.GetDeviceIdHash(); + dmAcl.status = acl.GetStatus(); + dmAcl.validPeriod = acl.GetValidPeriod(); + dmAcl.lastAuthTime = acl.GetLastAuthTime(); + dmAcl.bindLevel = acl.GetBindType(); + JsonObject aclJsonObj{}; + aclJsonObj = dmAcl; + aclStr = aclJsonObj.Dump(); + if (aclStr.empty()) { + LOGE("DmAuthMessageProcessor::ACLToStr normalized acl failed"); + return ERR_DM_FAILED; + } + return DM_OK; +} + +std::string DmAuthMessageProcessor::AccesserToStr(DistributedDeviceProfile::AccessControlProfile acl) +{ + JsonObject jsonAccesserObj; + DistributedDeviceProfile::Accesser accesser = acl.GetAccesser(); + jsonAccesserObj[DM_TAG_ACCESSER_DEVICE_ID] = accesser.GetAccesserDeviceId(); + jsonAccesserObj[DM_TAG_ACCESSER_USER_ID] = accesser.GetAccesserUserId(); + jsonAccesserObj[DM_TAG_ACCESSER_ACOUNT_ID] = accesser.GetAccesserAccountId(); + jsonAccesserObj[DM_TAG_ACCESSER_TOKEN_ID] = accesser.GetAccesserTokenId(); + jsonAccesserObj[DM_TAG_ACCESSER_SERVICE_NAME] = std::vector(); // 预留字段 DP库未适配 + jsonAccesserObj[DM_TAG_ACCESSER_BUNDLE_NAME] = accesser.GetAccesserBundleName(); + jsonAccesserObj[DM_TAG_ACCESSER_HAP_SIGNATURE] = accesser.GetAccesserHapSignature(); + jsonAccesserObj[DM_TAG_ACCESSER_BIND_LEVEL] = accesser.GetAccesserBindLevel(); + jsonAccesserObj[DM_TAG_ACCESSER_CREDENTIAL_ID] = accesser.GetAccesserBindLevel(); + jsonAccesserObj[DM_TAG_ACCESSER_STATUS] = accesser.GetAccesserStatus(); + jsonAccesserObj[DM_TAG_ACCESSER_SK_ID] = accesser.GetAccesserSessionKeyId(); + jsonAccesserObj[DM_TAG_ACCESSER_SK_TIMESTAMP] = accesser.GetAccesserSKTimeStamp(); + return jsonAccesserObj.Dump(); +} + +std::string DmAuthMessageProcessor::AccesseeToStr(DistributedDeviceProfile::AccessControlProfile acl) +{ + JsonObject jsonAccesseeObj; + DistributedDeviceProfile::Accessee accessee = acl.GetAccessee(); + jsonAccesseeObj[DM_TAG_ACCESSEE_DEVICE_ID] = accessee.GetAccesseeDeviceId(); + jsonAccesseeObj[DM_TAG_ACCESSEE_USER_ID] = accessee.GetAccesseeUserId(); + jsonAccesseeObj[DM_TAG_ACCESSEE_ACOUNT_ID] = accessee.GetAccesseeAccountId(); + jsonAccesseeObj[DM_TAG_ACCESSEE_TOKEN_ID] = accessee.GetAccesseeTokenId(); + jsonAccesseeObj[DM_TAG_ACCESSEE_SERVICE_NAME] = std::vector(); // 预留字段 DP库未适配 + jsonAccesseeObj[DM_TAG_ACCESSEE_BUNDLE_NAME] = accessee.GetAccesseeBundleName(); + jsonAccesseeObj[DM_TAG_ACCESSEE_HAP_SIGNATURE] = accessee.GetAccesseeHapSignature(); + jsonAccesseeObj[DM_TAG_ACCESSEE_BIND_LEVEL] = accessee.GetAccesseeBindLevel(); + jsonAccesseeObj[DM_TAG_ACCESSEE_CREDENTIAL_ID] = accessee.GetAccesseeBindLevel(); + jsonAccesseeObj[DM_TAG_ACCESSEE_STATUS] = accessee.GetAccesseeStatus(); + jsonAccesseeObj[DM_TAG_ACCESSEE_SK_ID] = accessee.GetAccesseeSessionKeyId(); + jsonAccesseeObj[DM_TAG_ACCESSEE_SK_TIMESTAMP] = accessee.GetAccesseeSKTimeStamp(); + return jsonAccesseeObj.Dump(); +} + +int32_t DmAuthMessageProcessor::CreateSyncMessage(std::shared_ptr context, JsonObject &jsonObject) +{ + DmAccess accessSide; // 代表本端的access + if (context->direction == DM_AUTH_SOURCE) { + accessSide = context->accesser; + } else { + accessSide = context->accessee; + } + std::string encSyncMsg; + int32_t ret = EncryptSyncMessage(context, accessSide, encSyncMsg); + if (ret != DM_OK) { + LOGE("DmAuthMessageProcessor::CreateSyncMessage encrypt failed"); + return ret; + } + jsonObject[DM_TAG_SYNC] = encSyncMsg; + return DM_OK; +} + +// 解析transmit和PSKID 解析160 +int32_t DmAuthMessageProcessor::ParseAuthStartMessage(const JsonObject &jsonObject, + std::shared_ptr context) +{ + if (jsonObject.IsDiscarded() || !jsonObject.Contains(DM_TAG_DATA) || + !jsonObject[DM_TAG_DATA].IsString()) { + LOGE("DmAuthMessageProcessor::ParseAuthStartMessage Unlegal json string failed"); + return ERR_DM_FAILED; + } + context->transmitData = jsonObject[DM_TAG_DATA].Get(); + + context->authStateMachine->TransitionTo(std::make_shared()); + return DM_OK; +} + +int32_t DmAuthMessageProcessor::GetAclListStr(std::shared_ptr &context, std::string &aclList) +{ + JsonObject jsonAclListObj; + jsonAclListObj[DM_TAG_DMVERSION] = context->accesser.dmVersion; // 在80/90 流程会协商出双方均兼容的版本号,此处取accesser的ver即可 + + // 查询ACL + std::vector profiles = + DeviceProfileConnector::GetInstance().GetAccessControlProfile(); + std::vector accceserStrList; + std::vector accceseeStrList; + // 遍历acl table 找到双端历史acl记录 + for (auto &item : profiles) { + if (item.GetAccesser().GetAccesserDeviceId() == context->accesser.deviceId && + item.GetAccesser().GetAccesserUserId() == context->accesser.userId && + item.GetAccessee().GetAccesseeDeviceId() == context->accessee.deviceId && + item.GetAccessee().GetAccesseeUserId() == context->accessee.userId) { + // 以SHA256的摘要保存 + uint8_t accesserHash[DM_HASH_LEN] = {0}; + std::string accesserStr = AccesserToStr(item); + Crypto::DmGenerateStrHash(accesserStr.data(), accesserStr.size(), accesserHash, DM_HASH_LEN, 0); + accceserStrList.push_back(reinterpret_cast(accesserHash)); + + uint8_t accesseeHash[DM_HASH_LEN] = {0}; + std::string accesseeStr = AccesseeToStr(item); + Crypto::DmGenerateStrHash(accesseeStr.data(), accesseeStr.size(), accesseeHash, DM_HASH_LEN, 0); + accceseeStrList.push_back(reinterpret_cast(accesseeHash)); + } + } + if (accceserStrList.empty() || accceseeStrList.empty()) { + LOGI("DmAuthMessageProcessor::CreateSyncMessage acl lis is empty"); // 双方无旧ACL需要同步 此时返回空字符串 + } + + jsonAclListObj[DM_TAG_ACCESSER] = accceserStrList; + jsonAclListObj[DM_TAG_ACCESSEE] = accceseeStrList; + aclList = jsonAclListObj.Dump(); + return DM_OK; +} + +void ToJson(JsonItemObject &itemObject, const DmAccessControlTable &table) +{ + itemObject["accessControlId"] = table.accessControlId; + itemObject["accesserId"] = table.accesserId; + itemObject["accesseeId"] = table.accesseeId; + itemObject["deviceId"] = table.deviceId; + itemObject["sessionKey"] = table.sessionKey; + itemObject["bindType"] = table.bindType; + itemObject["authType"] = table.authType; + itemObject["deviceType"] = table.deviceType; + itemObject["deviceIdHash"] = table.deviceIdHash; + itemObject["status"] = table.status; + itemObject["validPeriod"] = table.validPeriod; + itemObject["lastAuthTime"] = table.lastAuthTime; + itemObject["bindLevel"] = table.bindLevel; +} + +void FromJson(const JsonItemObject &itemObject, DmAccessControlTable &table) +{ + if (itemObject.Contains("accessControlId") && itemObject["accessControlId"].IsNumberInteger()) { + table.accessControlId = itemObject["accessControlId"].Get(); + } + if (itemObject.Contains("accesserId") && itemObject["accesserId"].IsNumberInteger()) { + table.accesserId = itemObject["accesserId"].Get(); + } + if (itemObject.Contains("accesseeId") && itemObject["accesseeId"].IsNumberInteger()) { + table.accesseeId = itemObject["accesseeId"].Get(); + } + if (itemObject.Contains("deviceId") && itemObject["deviceId"].IsString()) { + table.deviceId = itemObject["deviceId"].Get(); + } + if (itemObject.Contains("sessionKey") && itemObject["sessionKey"].IsString()) { + table.sessionKey = itemObject["sessionKey"].Get(); + } + if (itemObject.Contains("bindType") && itemObject["bindType"].IsNumberInteger()) { + table.bindType = itemObject["bindType"].Get(); + } + if (itemObject.Contains("authType") && itemObject["authType"].IsNumberInteger()) { + table.authType = itemObject["authType"].Get(); + } + if (itemObject.Contains("deviceType") && itemObject["deviceType"].IsNumberInteger()) { + table.deviceType = itemObject["deviceType"].Get(); + } + if (itemObject.Contains("deviceIdHash") && itemObject["deviceIdHash"].IsString()) { + table.deviceIdHash = itemObject["deviceIdHash"].Get(); + } + if (itemObject.Contains("status") && itemObject["status"].IsNumberInteger()) { + table.status = itemObject["status"].Get(); + } + if (itemObject.Contains("validPeriod") && itemObject["validPeriod"].IsNumberInteger()) { + table.validPeriod = itemObject["validPeriod"].Get(); + } + if (itemObject.Contains("lastAuthTime") && itemObject["lastAuthTime"].IsNumberInteger()) { + table.lastAuthTime = itemObject["lastAuthTime"].Get(); + } + if (itemObject.Contains("bindLevel") && itemObject["bindLevel"].IsNumberInteger()) { + table.bindLevel = itemObject["bindLevel"].Get(); + } +} + +void ToJson(JsonItemObject &itemObject, const DmAccessToSync &table) +{ + itemObject["deviceName"] = table.deviceName; + itemObject["deviceId"] = table.deviceId; + itemObject["userId"] = table.userId; + itemObject["accountId"] = table.accountId; + itemObject["tokenId"] = table.tokenId; + itemObject["bundleName"] = table.bundleName; + itemObject["bindLevel"] = table.bindLevel; + itemObject["sessionKeyId"] = table.sessionKeyId; + itemObject["skTimeStamp"] = table.skTimeStamp; +} + +void FromJson(const JsonItemObject &itemObject, DmAccessToSync &table) +{ + if (itemObject.Contains("deviceName") && itemObject["deviceName"].IsString()) { + table.deviceName = itemObject["deviceName"].Get(); + } + if (itemObject.Contains("deviceId") && itemObject["deviceId"].IsString()) { + table.deviceId = itemObject["deviceId"].Get(); + } + if (itemObject.Contains("userId") && itemObject["userId"].IsNumberInteger()) { + table.userId = itemObject["userId"].Get(); + } + if (itemObject.Contains("accountId") && itemObject["accountId"].IsString()) { + table.accountId = itemObject["accountId"].Get(); + } + if (itemObject.Contains("tokenId") && itemObject["tokenId"].IsNumberInteger()) { + table.tokenId = itemObject["tokenId"].Get(); + } + if (itemObject.Contains("bundleName") && itemObject["bundleName"].IsString()) { + table.bundleName = itemObject["bundleName"].Get(); + } + if (itemObject.Contains("bindLevel") && itemObject["bindLevel"].IsNumberInteger()) { + table.bindLevel = itemObject["bindLevel"].Get(); + } + if (itemObject.Contains("sessionKeyId") && itemObject["sessionKeyId"].IsNumberInteger()) { + table.sessionKeyId = itemObject["sessionKeyId"].Get(); + } + if (itemObject.Contains("skTimeStamp") && itemObject["skTimeStamp"].IsNumberInteger()) { + table.skTimeStamp = itemObject["skTimeStamp"].Get(); + } +} + +} // namespace DistributedHardware +} // namespace OHOS \ No newline at end of file -- Gitee From 6035db5a9cffe271dde8f54ab40ccc783a206092 Mon Sep 17 00:00:00 2001 From: x30061562 Date: Thu, 27 Mar 2025 20:10:13 +0800 Subject: [PATCH 2/2] cleancode Signed-off-by: x30061562 --- .../auth_stages/auth_credential.cpp | 203 ++++++--------- .../dm_auth_message_processor.cpp | 244 +++++++++--------- 2 files changed, 208 insertions(+), 239 deletions(-) diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 28bc97258..5fc3cbe31 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -13,30 +13,25 @@ * limitations under the License. */ #include -#include -#include #include -#include "dm_auth_state.h" +#include +#include #include "dm_auth_context.h" #include "dm_auth_manager_base.h" -#include "dm_auth_state_machine.h" #include "dm_auth_message_processor.h" -#include "dm_log.h" +#include "dm_auth_state.h" +#include "dm_auth_state_machine.h" #include "dm_constants.h" -#include "multiple_user_connector.h" +#include "dm_log.h" #include "deviceprofile_connector.h" #include "hichain_auth_connector.h" +#include "multiple_user_connector.h" namespace OHOS { namespace DistributedHardware { namespace { -const char * const FILED_DEVICE_ID = "deviceId"; - -// 从context中提取transmit data,使用SK解密,并透传给HICHAIN -// 如果ontransmit事件,在对应回调解析并保存在context -// 如果onsessionkeyreturned事件,在对应回调解析并保存在cryptomgr int32_t AuthCredentialTransmitDecryptProcess(std::shared_ptr context, DmEventType event) { if (context->transmitData.empty()) { @@ -44,13 +39,12 @@ int32_t AuthCredentialTransmitDecryptProcess(std::shared_ptr cont return ERR_DM_FAILED; } - // 透传给hichain int32_t ret = context->hiChainAuthConnector->ProcessCredData(context->requestId, context->transmitData); if (ret != DM_OK) { LOGE("AuthCredentialTransmitDecryptProcess: ProcessCredData transmit data failed"); return ERR_DM_FAILED; } - // 等待hichain返回结果 + if (context->authStateMachine->WaitExpectEvent(event) != event) { LOGE("AuthCredentialTransmitDecryptProcess: Hichain auth transmit data failed"); return ERR_DM_FAILED; @@ -58,22 +52,20 @@ int32_t AuthCredentialTransmitDecryptProcess(std::shared_ptr cont return DM_OK; } -// 解析HICHAIN transmit data,并透传给对端 int32_t AuthCredentialTransmitSend(std::shared_ptr context, DmMessageType msgType) { - // 获取transmit data if (context->transmitData.empty()) { LOGE("AuthCredentialTransmitSend: Get onTransmitData failed."); return ERR_DM_FAILED; } std::string message = - context->authMessageProcessor->CreateMessage(msgType, context); // 不需要额外传data,context中均有 + context->authMessageProcessor->CreateMessage(msgType, context); if (message.empty()) { LOGE("AuthCredentialTransmitSend: CreateMessage AuthCredential transmit data failed"); return ERR_DM_FAILED; } - // 发送报文 + return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } @@ -91,15 +83,17 @@ DmAuthStateType AuthSrcCredentialAuthNegotiateState::GetStateType() { return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_NEGOTIATE_STATE; } -// 收到170凭据认证报文,解析ontransmit,回复161报文 + +// Parse the ontransmit data, respond with 161 message int32_t AuthSrcCredentialAuthNegotiateState::Action(std::shared_ptr context) { - // 解密并透传transmitData + // decrypt and transmit transmitData int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); if (ret != DM_OK) { return ret; } - // 发送161报文 + + // Send 161 message return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_REQ_CREDENTIAL_AUTH_NEGOTIATE); } @@ -108,18 +102,15 @@ DmAuthStateType AuthSrcCredentialAuthDoneState::GetStateType() return DmAuthStateType::AUTH_SRC_CREDENTIAL_AUTH_DONE_STATE; } -// 收到171凭据认证报文 int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr context) { - // 解密并透传transmitData - // 171报文在首次认证情况下会发生两次,先进行应用凭据认证,后进行用户凭据认证;非首次认证仅进行应用凭据认证 - // 最后一次认证结束后会收到ON_FINISH + // decrypt and transmit transmitData int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_SESSION_KEY_RETURNED); if (ret != DM_OK) { return ret; } - // 认证结束触发Onfinish回调事件 + // Authentication completion triggers the Onfinish callback event. if (context->authStateMachine->WaitExpectEvent(ON_FINISH) != ON_FINISH) { LOGE("AuthSrcCredentialAuthDoneState::Action Hichain auth SINK transmit data failed"); return ERR_DM_FAILED; @@ -131,13 +122,12 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co LOGE("AuthSrcCredentialAuthDoneState::Action DP save user session key failed"); return ret; } - // 首次认证 且 应用凭据流程 + + // first time joinLnn, auth lnnCredential if (context->isOnline == false && context->isAppCredentialVerified == false) { context->isAppCredentialVerified = true; - // 保存到DP 获取应用凭据ID 并保存 SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); - msgType = MSG_TYPE_REQ_CREDENTIAL_AUTH_START; // 发送160 - // 认证用户凭据 + msgType = MSG_TYPE_REQ_CREDENTIAL_AUTH_START; ret = context->hiChainAuthConnector->AuthCredential(context->accesser.userId, context->requestId, context->accesser.lnnCredentialId, std::string("")); if (ret != DM_OK) { @@ -145,24 +135,20 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return ret; } - // 等待onTransmit事件 + // wait for onTransmit event if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthDoneState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - } else if (context->isOnline == false) { - // 首次认证 且 用户凭据流程 - // 保存到DP 获取用户凭据ID 并保存 + } else if (context->isOnline == false) { // First-time authentication and Lnn credential process SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - msgType = MSG_TYPE_REQ_DATA_SYNC; // 发送180 - } else { - // 非首次认证 应用凭据流程 - // 保存到DP 获取应用凭据ID 并保存 + msgType = MSG_TYPE_REQ_DATA_SYNC; + } else { // Non-first-time authentication transport credential process SetAuthContext(skId, context->accesser.transmitSkTimeStamp, context->accesser.transmitSessionKeyId); - msgType = MSG_TYPE_REQ_DATA_SYNC; // 发送180 + msgType = MSG_TYPE_REQ_DATA_SYNC; } std::string message = - context->authMessageProcessor->CreateMessage(msgType, context); // 不需要额外传data,context中均有 + context->authMessageProcessor->CreateMessage(msgType, context); if (message.empty()) { LOGE("AuthSrcCredentialAuthDoneState::Action CreateMessage failed"); return ERR_DM_FAILED; @@ -171,21 +157,20 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); } -// SINK端凭据校验操作 DmAuthStateType AuthSinkCredentialAuthStartState::GetStateType() { return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_START_STATE; } -// 收到160凭证认证报文,发送170报文 + int32_t AuthSinkCredentialAuthStartState::Action(std::shared_ptr context) { context->timer->DeleteTimer(std::string(WAIT_REQUEST_TIMEOUT_TASK)); - // 解密并透传transmitData + int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); if (ret != DM_OK) { return ret; } - // 构造并发送170报文 + return AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_START); } @@ -194,19 +179,17 @@ DmAuthStateType AuthSinkCredentialAuthNegotiateState::GetStateType() return DmAuthStateType::AUTH_SINK_CREDENTIAL_AUTH_NEGOTIATE_STATE; } -// 收到161凭据协商报文,并回复171报文 -// 通过isAppCredentialVerified关键词区分首次认证、非首次认证 int32_t AuthSinkCredentialAuthNegotiateState::Action(std::shared_ptr context) { - // 解密并透传transmitData int32_t ret = AuthCredentialTransmitDecryptProcess(context, ON_TRANSMIT); if (ret != DM_OK) { - return ret; // 内部有日志 不重复打印 + return ret; } - // 构造并发送171报文 + + // Construct and send 171 message ret = AuthCredentialTransmitSend(context, DmMessageType::MSG_TYPE_RESP_CREDENTIAL_AUTH_NEGOTIATE); if (ret != DM_OK) { - return ret; // 内部有日志 不重复打印 + return ret; } if (context->authStateMachine->WaitExpectEvent(ON_SESSION_KEY_RETURNED) != ON_SESSION_KEY_RETURNED) { @@ -225,14 +208,15 @@ int32_t AuthSinkCredentialAuthNegotiateState::Action(std::shared_ptrisOnline == false && - context->isAppCredentialVerified == true) { // SINK首次认证场景,第二次收到161的流程 保存用户级永久SK到DP + context->isAppCredentialVerified == true) { context->accessee.lnnSkTimeStamp = std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()) .count(); context->accessee.lnnSessionKeyId = skId; - } else { // 应用级凭据认证流程 首次认证的第一次161处理 和 非首次认证的161处理 - context->isAppCredentialVerified = true; // 用于指示 首次认证的应用级凭据已认证 + } else { // Twice transport cred auth + context->isAppCredentialVerified = true; context->accessee.transmitSkTimeStamp = std::chrono::duration_cast(std::chrono::system_clock::now().time_since_epoch()) .count(); @@ -241,15 +225,13 @@ int32_t AuthSinkCredentialAuthNegotiateState::Action(std::shared_ptr &authContext) { LOGI("AuthCredentialAgreeState::CreateAuthParamsString start."); - // 参数校验 + if ((authorizedScope != DM_AUTH_SCOPE_USER && authorizedScope != DM_AUTH_SCOPE_APP) || (method != DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE && method != DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT)) { return std::string(""); @@ -257,40 +239,38 @@ std::string AuthCredentialAgreeState::CreateAuthParamsString(DmAuthScope authori JsonObject jsonObj; if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) { - jsonObj[DM_TAG_METHOD] = method; // 凭据生成方式,只有导入时,需要传入method + jsonObj[DM_TAG_METHOD] = method; } - jsonObj[DM_TAG_DEVICE_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? // 设备ID 生成是本端,导入是对端 + jsonObj[DM_TAG_DEVICE_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? authContext->GetDeviceId(DM_AUTH_LOCAL_SIDE) : authContext->GetDeviceId(DM_AUTH_REMOTE_SIDE); if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) { jsonObj[DM_TAG_PEER_USER_SPACE_ID] = std::to_string(authContext->GetUserId(DM_AUTH_REMOTE_SIDE)); } jsonObj[DM_TAG_USER_ID] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? authContext->GetAccountId(DM_AUTH_LOCAL_SIDE) : authContext->GetAccountId(DM_AUTH_REMOTE_SIDE); - jsonObj[DM_TAG_SUBJECT] = DM_AUTH_CREDENTIAL_SUBJECT_PRIMARY; // 主控设备 - jsonObj[DM_TAG_CRED_TYPE] = DM_AUTH_CREDENTIAL_ACCOUNT_UNRELATED; // 账号无关 + jsonObj[DM_TAG_SUBJECT] = DM_AUTH_CREDENTIAL_SUBJECT_PRIMARY; + jsonObj[DM_TAG_CRED_TYPE] = DM_AUTH_CREDENTIAL_ACCOUNT_UNRELATED; jsonObj[DM_TAG_KEY_FORMAT] = (method == DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE) ? - DM_AUTH_KEY_FORMAT_ASYMM_GENERATE : DM_AUTH_KEY_FORMAT_ASYMM_IMPORT; // 生成或导入非对称秘钥 - jsonObj[DM_TAG_ALGORITHM_TYPE] = DM_AUTH_ALG_TYPE_ED25519; // ED25519 - jsonObj[DM_TAG_PROOF_TYPE] = DM_AUTH_CREDENTIAL_PROOF_PSK; // PSK - if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) { // 导入公钥 16进制字符串 + DM_AUTH_KEY_FORMAT_ASYMM_GENERATE : DM_AUTH_KEY_FORMAT_ASYMM_IMPORT; + jsonObj[DM_TAG_ALGORITHM_TYPE] = DM_AUTH_ALG_TYPE_ED25519; + jsonObj[DM_TAG_PROOF_TYPE] = DM_AUTH_CREDENTIAL_PROOF_PSK; + if (method == DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT) { jsonObj[DM_TAG_KEY_VALUE] = authContext->GetPublicKey(DM_AUTH_REMOTE_SIDE, authorizedScope); } - jsonObj[DM_TAG_AUTHORIZED_SCOPE] = authorizedScope; // 用户级或者应用级 + jsonObj[DM_TAG_AUTHORIZED_SCOPE] = authorizedScope; if (authorizedScope == DM_AUTH_SCOPE_APP) { std::vector tokenIds = {std::to_string(authContext->accesser.tokenId), std::to_string(authContext->accessee.tokenId)}; jsonObj[DM_TAG_AUTHRIZED_APP_LIST] = tokenIds; } - jsonObj[DM_TAG_CREDENTIAL_OWNER] = DM_AUTH_CREDENTIAL_OWNER; // 调用方包名DM模块 + jsonObj[DM_TAG_CREDENTIAL_OWNER] = DM_AUTH_CREDENTIAL_OWNER; LOGI("AuthCredentialAgreeState::CreateAuthParamsString leave."); return jsonObj.Dump(); } -// 生成凭据Id和公钥 -// authorizedScope 用户级还是应用级 -// authContext 上下文 +// Generate credential ID and public key int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authorizedScope, std::shared_ptr &authContext) { @@ -300,7 +280,6 @@ int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authori return ERR_DM_FAILED; } - // 创建authParams的json格式字符串 std::string authParamsString = CreateAuthParamsString(authorizedScope, DM_AUTH_CREDENTIAL_ADD_METHOD_GENERATE, authContext); if (authParamsString == "") { @@ -308,7 +287,6 @@ int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authori return ERR_DM_FAILED; } - // 生成凭据 int32_t osAccountId = (authContext->direction == DM_AUTH_SOURCE) ? authContext->accesser.userId : authContext->accessee.userId; std::string credId; @@ -318,7 +296,6 @@ int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authori return ret; } - // 导出公钥 std::string publicKey; ret = authContext->hiChainAuthConnector->ExportCredential(osAccountId, credId, publicKey); if (ret != DM_OK) { @@ -327,7 +304,6 @@ int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authori return ret; } - // 保存凭据Id和公钥 (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId); (void)authContext->SetPublicKey(DM_AUTH_LOCAL_SIDE, authorizedScope, publicKey); LOGI("AuthCredentialAgreeState::GenerateCredIdAndPublicKey credId=%{public}s, publicKey=%{public}s.\n", @@ -337,9 +313,7 @@ int32_t AuthCredentialAgreeState::GenerateCredIdAndPublicKey(DmAuthScope authori return DM_OK; } -// 协商凭据得到协商凭据Id -// authorizedScope 设备级还是应用级 -// authContext 上下文 +// Get the negotiation credential ID by agree credential int32_t AuthCredentialAgreeState::AgreeCredential(DmAuthScope authorizedScope, std::shared_ptr &authContext) { @@ -348,15 +322,13 @@ int32_t AuthCredentialAgreeState::AgreeCredential(DmAuthScope authorizedScope, return ERR_DM_FAILED; } - // 创建authParams的json格式字符串 std::string authParamsString = CreateAuthParamsString(authorizedScope, DM_AUTH_CREDENTIAL_ADD_METHOD_IMPORT, authContext); if (authParamsString == "") { - LOGE("AuthCredentialAgreeState::AgreeCredential() error, create authParamsString failed."); + LOGE("AuthCredentialAgreeState::AgreeCredential error, create authParamsString failed."); return ERR_DM_FAILED; } - // 凭据协商得到协商凭据Id int32_t osAccountId = authContext->direction == DM_AUTH_SOURCE ? authContext->accesser.userId : authContext->accessee.userId; std::string selfCredId = authContext->GetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope); @@ -364,10 +336,9 @@ int32_t AuthCredentialAgreeState::AgreeCredential(DmAuthScope authorizedScope, int32_t ret = authContext->hiChainAuthConnector->AgreeCredential(osAccountId, selfCredId, authParamsString, credId); if (ret != DM_OK) { - LOGE("AuthCredentialAgreeState::AgreeCredential() error, agree credential failed."); + LOGE("AuthCredentialAgreeState::AgreeCredential error, agree credential failed."); } - // 保存协商凭据Id到上下文 (void)authContext->SetCredentialId(DM_AUTH_LOCAL_SIDE, authorizedScope, credId); LOGI("AuthCredentialAgreeState::AgreeCredential leave."); return DM_OK; @@ -384,7 +355,7 @@ int32_t AuthSrcCredentialExchangeState::Action(std::shared_ptr co int32_t ret = ERR_DM_FAILED; context->isAppCredentialVerified = false; - // 首次认证,生成用户级凭据和公钥 + // First authentication, generate LNN credentials and public key if (!context->isOnline) { ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_USER, context); if (ret != DM_OK) { @@ -393,14 +364,13 @@ int32_t AuthSrcCredentialExchangeState::Action(std::shared_ptr co } } - // 生成应用级凭据和公钥 + // Generate transmit credentials and public key ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_APP, context); if (ret != DM_OK) { LOGE("AuthSrcCredentialExchangeState::Action() error, generate app credId and publicKey failed."); return ret; } - // 发送140报文 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_EXCHANGE, context); LOGI("AuthSrcCredentialExchangeState::Action() leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); @@ -424,16 +394,16 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // 首次认证 + // First authentication lnn cred if (!context->isOnline) { - // 生成用户级凭据和公钥 + // Generate credentials and public key ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_USER, context); if (ret != DM_OK) { LOGE("AuthSinkCredentialExchangeState::Action failed, generate user cred and publicKey failed."); return ret; } - // 协商用户级凭据 + // Agree credentials tmpCredId = context->accessee.lnnCredentialId; ret = AgreeCredential(DM_AUTH_SCOPE_USER, context); if (ret != DM_OK) { @@ -443,18 +413,18 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // 删除临时用户级凭据 + // Delete temporary credentials context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); } - // 生成应用级凭据和公钥 + // Generate transport credentials and public key ret = GenerateCredIdAndPublicKey(DM_AUTH_SCOPE_APP, context); if (ret != DM_OK) { LOGE("AuthSinkCredentialExchangeState::Action failed, generate app cred and publicKey failed."); return ret; } - // 协商应用级公钥 + // Agree transport credentials and public key tmpCredId = context->accessee.transmitCredentialId; ret = AgreeCredential(DM_AUTH_SCOPE_APP, context); if (ret != DM_OK) { @@ -464,10 +434,9 @@ int32_t AuthSinkCredentialExchangeState::Action(std::shared_ptr c return ret; } - // 删除临时应用级凭据 + // Delete temporary transport credentials context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - // 发送150报文 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_RESP_CREDENTIAL_EXCHANGE, context); LOGI("AuthSinkCredentialExchangeState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); @@ -491,36 +460,38 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // 首次认证 - if (!context->isOnline) { - // 协商用户级凭据 - tmpCredId = context->accesser.lnnCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_USER, context); + if (NeedAgreeCredential(context)) { + // First authentication + if (!context->isOnline) { + // Agree lnn credentials and public key + tmpCredId = context->accesser.lnnCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_USER, context); + if (ret != DM_OK) { + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_USER, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree user cred failed."); + return ret; + } + + // Delete temporary lnn credentials + context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); + } + + // Agree transport credentials and public key + tmpCredId = context->accesser.transmitCredentialId; + ret = AgreeCredential(DM_AUTH_SCOPE_APP, context); if (ret != DM_OK) { context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_USER, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree user cred failed."); + context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_APP, ""); + LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); return ret; } - // 删除临时用户级凭据 - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - } - - // 协商应用级凭据 - tmpCredId = context->accesser.transmitCredentialId; - ret = AgreeCredential(DM_AUTH_SCOPE_APP, context); - if (ret != DM_OK) { + // Delete temporary transport credentials context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - context->SetCredentialId(DM_AUTH_LOCAL_SIDE, DM_AUTH_SCOPE_APP, ""); - LOGE("AuthSrcCredentialAuthStartState::Action failed, agree app cred failed."); - return ret; } - // 删除临时应用级凭据 - context->hiChainAuthConnector->DeleteCredential(osAccountId, tmpCredId); - - // 凭据认证 先进行应用级 + // Transport credential authentication ret = context->hiChainAuthConnector->AuthCredential(osAccountId, context->requestId, context->accesser.transmitCredentialId, std::string("")); if (ret != DM_OK) { @@ -528,13 +499,11 @@ int32_t AuthSrcCredentialAuthStartState::Action(std::shared_ptr c return ret; } - // 阻塞等待事件ON_TRANSMIT事件到来 if (context->authStateMachine->WaitExpectEvent(ON_TRANSMIT) != ON_TRANSMIT) { LOGE("AuthSrcCredentialAuthStartState::Action failed, ON_TRANSMIT event not arrived."); return ERR_DM_FAILED; } - // 发送160报文 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_CREDENTIAL_AUTH_START, context); LOGI(" AuthSrcCredentialAuthStartState::Action leave."); return context->softbusConnector->GetSoftbusSession()->SendData(context->sessionId, message); diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index ed4410980..ebd2fe6e2 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -31,8 +31,6 @@ #include "dm_auth_context.h" #include "dm_auth_state_machine.h" #include "dm_crypto.h" -#undef LOG_TAG -#define LOG_TAG "DHDM_V2" namespace OHOS { namespace DistributedHardware { @@ -55,19 +53,18 @@ void CreateNegotiateExtraInfoMessage(std::shared_ptr context, Jso void ParseNegotiateExtraInfoMessage(const JsonItemObject &jsonExtraObject, std::shared_ptr context) { - // accesser在extra中传输对端peerUserId和peerDisplayId时,从中获取userId if (jsonExtraObject[DM_TAG_ACCESSEE_USER_ID].IsNumberInteger()) { context->accessee.userId = jsonExtraObject[DM_TAG_ACCESSEE_USER_ID].Get(); } else if (jsonExtraObject[DM_TAG_PEER_DISPLAY_ID].IsNumberInteger()) { context->accessee.displayId = jsonExtraObject[DM_TAG_PEER_DISPLAY_ID].Get(); } - return; } -void ParseDmAccessToSync(const JsonItemObject &jsonObject, DmAccess &access) +void ParseDmAccessToSync(const std::string &jsonString, DmAccess &access) { - DmAccessToSync srcAccessToSync = jsonObject.Get(); + JsonObject accessjson(jsonString); + DmAccessToSync srcAccessToSync = accessjson.Get(); access.deviceName = srcAccessToSync.deviceName; access.deviceId = srcAccessToSync.deviceId; access.userId = srcAccessToSync.userId; @@ -80,23 +77,23 @@ void ParseDmAccessToSync(const JsonItemObject &jsonObject, DmAccess &access) return; } -int32_t ParaseAclChecksumList(const JsonItemObject &aclChecksumjson, DmAccess &access) +int32_t ParaseAclChecksumList(const std::string &jsonString, DmAccess &access) { + JsonObject aclChecksumjson(jsonString); if (aclChecksumjson.IsDiscarded()) { LOGE("ParseSyncMessage aclChecksumjson error"); return ERR_DM_FAILED; } - if (!aclChecksumjson[DM_TAG_ACCESSER].IsArray()) { // 再解析一次 acl + if (!aclChecksumjson[DM_TAG_ACCESSER].IsArray()) { LOGE("ParseSyncMessage DM_TAG_ACCESSER error"); return ERR_DM_FAILED; } aclChecksumjson[DM_TAG_ACCESSER].Get(access.accesserStrList); - if (!aclChecksumjson[DM_TAG_ACCESSEE].IsArray()) { // 再解析一次 acl + if (!aclChecksumjson[DM_TAG_ACCESSEE].IsArray()) { LOGE("ParseSyncMessage DM_TAG_ACCESSEE error"); return ERR_DM_FAILED; } aclChecksumjson[DM_TAG_ACCESSEE].Get(access.accesseeStrList); - return DM_OK; } @@ -115,7 +112,6 @@ bool IsMessageValid(const JsonItemObject &jsonObject) } -// 保存秘钥 int32_t DmAuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const uint32_t keyLen) { if (cryptoMgr_ == nullptr) { @@ -125,7 +121,6 @@ int32_t DmAuthMessageProcessor::SaveSessionKey(const uint8_t *sessionKey, const return cryptoMgr_->SaveSessionKey(sessionKey, keyLen); } -// 保存永久SK int32_t DmAuthMessageProcessor::SaveSessionKeyToDP(int32_t &skId) { if (cryptoMgr_ == nullptr) { @@ -165,7 +160,7 @@ void DmAuthMessageProcessor::SetTransmitAccessControlList(std::shared_ptraccesser.tokenId); accesser.SetAccesserBundleName(context->accesser.bundleName); accesser.SetAccesserDeviceName(context->accesser.deviceName); - accesser.SetAccesserCredentialId(stoi(context->accesser.transmitCredentialId)); + // accesser.SetAccesserCredentialId(stoi(context->accesser.transmitCredentialId)); accesser.SetAccesserSessionKeyId(context->accesser.transmitSessionKeyId); accesser.SetAccesserSKTimeStamp(context->accesser.transmitSkTimeStamp); accessee.SetAccesseeDeviceId(context->accessee.deviceId); @@ -174,7 +169,7 @@ void DmAuthMessageProcessor::SetTransmitAccessControlList(std::shared_ptraccessee.tokenId); accessee.SetAccesseeBundleName(context->accessee.bundleName); accessee.SetAccesseeDeviceName(context->accessee.deviceName); - accessee.SetAccesseeCredentialId(stoi(context->accessee.transmitCredentialId)); + // accessee.SetAccesseeCredentialId(stoi(context->accessee.transmitCredentialId)); accessee.SetAccesseeSessionKeyId(context->accessee.transmitSessionKeyId); accessee.SetAccesseeSKTimeStamp(context->accessee.transmitSkTimeStamp); } @@ -187,7 +182,7 @@ void DmAuthMessageProcessor::SetLnnAccessControlList(std::shared_ptraccesser.accountId); accesser.SetAccesserTokenId(0); accesser.SetAccesserDeviceName(context->accesser.deviceName); - accesser.SetAccesserCredentialId(stoi(context->accesser.lnnCredentialId)); + // accesser.SetAccesserCredentialId(stoi(context->accesser.lnnCredentialId)); accesser.SetAccesserSessionKeyId(context->accesser.lnnSessionKeyId); accesser.SetAccesserSKTimeStamp(context->accesser.lnnSkTimeStamp); accessee.SetAccesseeDeviceId(context->accessee.deviceId); @@ -195,7 +190,7 @@ void DmAuthMessageProcessor::SetLnnAccessControlList(std::shared_ptraccessee.accountId); accessee.SetAccesseeTokenId(0); accessee.SetAccesseeDeviceName(context->accessee.deviceName); - accessee.SetAccesseeCredentialId(stoi(context->accessee.lnnCredentialId)); + // accessee.SetAccesseeCredentialId(stoi(context->accessee.lnnCredentialId)); accessee.SetAccesseeSessionKeyId(context->accessee.lnnSessionKeyId); accessee.SetAccesseeSKTimeStamp(context->accessee.lnnSkTimeStamp); } @@ -290,7 +285,6 @@ DmAuthMessageProcessor::~DmAuthMessageProcessor() } } -// 解析报文,返回值为错误码,实际解析出来的信息保存到context中 int32_t DmAuthMessageProcessor::ParseMessage(std::shared_ptr context, const std::string &message) { JsonObject jsonObject(message); @@ -300,6 +294,7 @@ int32_t DmAuthMessageProcessor::ParseMessage(std::shared_ptr cont DmMessageType msgType = static_cast(jsonObject[TAG_MSG_TYPE].Get()); context->msgType = msgType; LOGI("DmAuthMessageProcessor::ParseMessage message type %{public}d", context->msgType); + LOGI("DmAuthMessageProcessor::ParseMessage message is %{public}s", message.c_str()); auto itr = paraseMessageFuncMap_.find(msgType); if (itr == paraseMessageFuncMap_.end()) { LOGI("DmAuthMessageProcessor::ParseMessage message type error %{public}d", context->msgType); @@ -308,7 +303,7 @@ int32_t DmAuthMessageProcessor::ParseMessage(std::shared_ptr cont return (this->*(itr->second))(jsonObject, context); } -static std::vector stringToVector(const std::string& str) +static std::vector stringToVectorAuthType(const std::string& str) { std::vector vec; std::istringstream iss(str); @@ -319,17 +314,41 @@ static std::vector stringToVector(const std::string& str) return vec; } -static std::string vectorToString(const std::vector& vec) +static std::vector stringToVectorInt32(const std::string& str) +{ + std::vector vec; + std::istringstream iss(str); + int32_t num; + while (iss >> num) { + vec.push_back(static_cast(num)); + } + return vec; +} + +static std::string vectorAuthTypeToString(const std::vector& vec) +{ + std::ostringstream oss; + for (size_t i = 0; i < vec.size(); ++i) { + oss << static_cast(vec[i]); + if (i != vec.size() - 1) { + oss << " "; // Add a separator (e.g. space) + } + } + return oss.str(); +} + +static std::string vectorInt32ToString(const std::vector& vec) { std::ostringstream oss; for (size_t i = 0; i < vec.size(); ++i) { oss << static_cast(vec[i]); if (i != vec.size() - 1) { - oss << " "; // 添加分隔符(例如空格) + oss << " "; // Add a separator (e.g. space) } } return oss.str(); } + int32_t DmAuthMessageProcessor::ParseMessageNegotiateTransmit(const JsonObject &jsonObject, std::shared_ptr context) { @@ -357,7 +376,6 @@ int32_t DmAuthMessageProcessor::ParseMessageNegotiateTransmit(const JsonObject & return DM_OK; } -// 解析131报文信息MSG_TYPE_RESP_PIN_AUTH_MSG_NEGOTIATE int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate(const JsonObject &jsonObject, std::shared_ptr context) { @@ -371,7 +389,6 @@ int32_t DmAuthMessageProcessor::ParseMessageRespPinAuthNegotiate(const JsonObjec return DM_OK; } -// 解析140报文信息MSG_TYPE_REQ_CREDENTIAL_EXCHANGE,SINK端存放对方公钥 int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -380,7 +397,6 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js return ERR_DM_FAILED; } - // 解密 std::string plainText; if (cryptoMgr_->DecryptMessage(jsonObject[DM_TAG_DATA].Get(), plainText) != DM_OK) { LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, decrypt data failed."); @@ -388,7 +404,7 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js } JsonObject jsonData(plainText); - // 首次认证,解析用户级公钥 + // First authentication, parse lnn public key if (!context->isOnline) { if (!jsonData[DM_TAG_LNN_PUBLICK_KEY].IsString()) { LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange() error, first auth, no lnnPublicKey."); @@ -404,15 +420,14 @@ int32_t DmAuthMessageProcessor::ParseMessageReqCredExchange(const JsonObject &js LOGE("DmAuthMessageProcessor::ParseMessageReqCredExchange, MSG_TYPE_REQ_CREDENTIAL_EXCHANGE message error."); return ERR_DM_FAILED; } - context->accesser.ephemeralPublicKey = jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].Get(); // 解析应用级公钥 - context->accesser.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); // 解析deviceId - context->accesser.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); // 解析userId - context->accesser.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); // 解析tokenId + context->accesser.ephemeralPublicKey = jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].Get(); + context->accesser.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); + context->accesser.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); + context->accesser.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; } -// 解析150报文信息MSG_TYPE_RESP_CREDENTIAL_EXCHANGE,SRC端存放对方公钥,和协商凭据Id int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &jsonObject, std::shared_ptr context) { @@ -422,7 +437,6 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return ERR_DM_FAILED; } - // 解密 std::string plainText; if (cryptoMgr_->DecryptMessage(jsonObject[DM_TAG_DATA].Get(), plainText) != DM_OK) { LOGE("DmAuthMessageProcessor::ParseMessageRspCredExchange error, decrypt data failed."); @@ -433,7 +447,7 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js JsonObject jsonData(plainText); - // 首次认证,解析对方用户级公钥和协商用户级凭据Id + // First authentication, parse lnn public key std::string tmpString; if (!context->isOnline) { if (!jsonData[DM_TAG_LNN_PUBLICK_KEY].IsString()) { @@ -443,7 +457,7 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js context->accessee.lnnPublicKey = jsonData[DM_TAG_LNN_PUBLICK_KEY].Get(); } - // 解析对方应用级公钥和协商应用级凭据Id + // First authentication, parse transmit public key if (!jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].IsString() || !jsonData[DM_TAG_DEVICE_ID].IsString() || !jsonData[DM_TAG_PEER_USER_SPACE_ID].IsNumberInteger() || @@ -453,15 +467,14 @@ int32_t DmAuthMessageProcessor::ParseMessageRspCredExchange(const JsonObject &js return ERR_DM_FAILED; } context->accessee.ephemeralPublicKey = jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY].Get(); - context->accessee.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); // 解析deviceId - context->accessee.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); // 解析userId - context->accessee.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); // 解析tokenId + context->accessee.deviceId = jsonData[DM_TAG_DEVICE_ID].Get(); + context->accessee.userId = jsonData[DM_TAG_PEER_USER_SPACE_ID].Get(); + context->accessee.tokenId = jsonData[DM_TAG_TOKEN_ID].Get(); context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; } -// 创建报文,构造对应msgType的报文,返回值为json格式报文的字符串 std::string DmAuthMessageProcessor::CreateMessage(DmMessageType msgType, std::shared_ptr context) { LOGI("DmAuthMessageProcessor::CreateMessage start. msgType is %{public}d", msgType); @@ -473,11 +486,10 @@ std::string DmAuthMessageProcessor::CreateMessage(DmMessageType msgType, std::sh return ""; } int32_t ret = (this->*(itr->second))(context, jsonObj); + LOGI("DmAuthMessageProcessor::CreateMessage start. message is %{public}s", jsonObj.Dump().c_str()); return (ret == DM_OK) ? jsonObj.Dump() : ""; } -// 内部各类报文的实现 -// 161 170 171消息构造 int32_t DmAuthMessageProcessor::CreateCredentialNegotiateMessage(std::shared_ptr context, JsonObject &jsonObject) { @@ -486,10 +498,9 @@ int32_t DmAuthMessageProcessor::CreateCredentialNegotiateMessage(std::shared_ptr return DM_OK; } -// 创建80报文 +// Create 80 message. int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptr context, JsonObject &jsonObject) { - jsonObject[TAG_AUTH_TYPE] = context->authType; jsonObject[TAG_SESSION_NAME] = context->sessionName; jsonObject[DM_TAG_DMVERSION] = context->accesser.dmVersion; @@ -512,7 +523,7 @@ int32_t DmAuthMessageProcessor::CreateNegotiateMessage(std::shared_ptr context, JsonObject &jsonObject) { @@ -527,16 +538,12 @@ int32_t DmAuthMessageProcessor::CreateRespNegotiateMessage(std::shared_ptraccessee.bundleName; jsonObject[TAG_IS_ONLINE] = context->isOnline; jsonObject[TAG_IS_AUTHED] = context->accessee.isAuthed; - jsonObject[TAG_CREDENTIAL_INFO] = context->accessee.credentialInfos; + jsonObject[TAG_CERT_INFO] = vectorInt32ToString(context->accessee.credentialTypeLists); - jsonObject[DM_TAG_AUTH_TYPE_LIST] = vectorToString(context->authTypeList); - if (context->authResultReady) { - jsonObject[DM_TAG_AUTH_RESULT] = context->authResult; - } return DM_OK; } -// 创建140报文 +// Create 140 message. int32_t DmAuthMessageProcessor::CreateMessageReqCredExchange(std::shared_ptr context, JsonObject &jsonObject) { @@ -560,7 +567,7 @@ int32_t DmAuthMessageProcessor::CreateMessageReqCredExchange(std::shared_ptr context, JsonObject &jsonObject) { @@ -569,10 +576,10 @@ int32_t DmAuthMessageProcessor::CreateMessageRspCredExchange(std::shared_ptrisOnline) { jsonData[DM_TAG_LNN_PUBLICK_KEY] = context->accessee.lnnPublicKey; } - jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY] = context->accessee.ephemeralPublicKey; // 本端应用级公钥 - jsonData[DM_TAG_DEVICE_ID] = context->accessee.deviceId; // 本端deviceId - jsonData[DM_TAG_PEER_USER_SPACE_ID] = context->accessee.userId; // 本端userId - jsonData[DM_TAG_TOKEN_ID] = context->accessee.tokenId; // 本端tokenId + jsonData[DM_TAG_TRANSMIT_PUBLICK_KEY] = context->accessee.ephemeralPublicKey; + jsonData[DM_TAG_DEVICE_ID] = context->accessee.deviceId; + jsonData[DM_TAG_PEER_USER_SPACE_ID] = context->accessee.userId; + jsonData[DM_TAG_TOKEN_ID] = context->accessee.tokenId; std::string plainText = jsonData.Dump(); std::string cipherText; @@ -586,7 +593,7 @@ int32_t DmAuthMessageProcessor::CreateMessageRspCredExchange(std::shared_ptr context, JsonObject &jsonObject) { @@ -614,11 +621,11 @@ bool DmAuthMessageProcessor::ChecksumAcl(DistributedDeviceProfile::AccessControl return (accesserIter != accesserStrList.end()) && (accesseeIter != accesseeStrList.end()); } -// 创建190报文 +// Create 190 message. int32_t DmAuthMessageProcessor::CreateMessageSyncResp(std::shared_ptr context, JsonObject &jsonObject) { - DmAccess access; // 代表本端的access + DmAccess access; if (context->direction == DM_AUTH_SINK) { access = context->accessee; } else { @@ -635,7 +642,7 @@ int32_t DmAuthMessageProcessor::CreateMessageSyncResp(std::shared_ptr context, JsonObject &jsonObject) { @@ -685,33 +692,30 @@ int32_t DmAuthMessageProcessor::ParseSyncMessage(std::shared_ptr } access.dmVersion = jsonObject[DM_TAG_DMVERSION].Get(); - if (!jsonObject[DM_TAG_ACCESS].IsString()) { // 再解析一次 + if (!jsonObject[DM_TAG_ACCESS].IsString()) { LOGE("ParseSyncMessage DM_TAG_ACCESS error"); return ERR_DM_FAILED; } std::string srcAccessStr = jsonObject[DM_TAG_ACCESS].Get(); - // 解析到 access里面 - JsonObject accessjson(srcAccessStr); - ParseDmAccessToSync(accessjson, access); - if (jsonObject[DM_TAG_PROXY].IsString()) { // 预留字段 + // Parse into access + ParseDmAccessToSync(srcAccessStr, access); + if (jsonObject[DM_TAG_PROXY].IsString()) { // Reserved field std::string proxyInfo = jsonObject[DM_TAG_PROXY].Get(); } - if (jsonObject[DM_TAG_SERVICEINFO].IsString()) { // sp 暂时没有传 + if (jsonObject[DM_TAG_SERVICEINFO].IsString()) { // sp not yet uploaded std::string serviceInfo = jsonObject[DM_TAG_SERVICEINFO].Get(); } - if (!jsonObject[DM_TAG_ACL_CHECKSUM].IsString()) { // 再解析一次 acl + if (!jsonObject[DM_TAG_ACL_CHECKSUM].IsString()) { // Re-parse the acl LOGE("ParseSyncMessage DM_TAG_ACL_CHECKSUM error"); return ERR_DM_FAILED; } std::string aclChecksumList = jsonObject[DM_TAG_ACL_CHECKSUM].Get(); - JsonObject aclChecksumjson(aclChecksumList); - return ParaseAclChecksumList(aclChecksumjson, access); + return ParaseAclChecksumList(aclChecksumList, access); } int32_t DmAuthMessageProcessor::DecryptSyncMessage(std::shared_ptr &context, DmAccess &access, std::string &enSyncMsg) { - // 解密整个字段 std::string syncMsgCompress = ""; int32_t ret = cryptoMgr_->DecryptMessage(enSyncMsg, syncMsgCompress); if (ret != DM_OK) { @@ -733,10 +737,8 @@ int32_t DmAuthMessageProcessor::DecryptSyncMessage(std::shared_ptr(); - // 解压缩 std::string compressBase64 = Base64Decode(compressMsg); std::string syncMsg = DecompressSyncMsg(compressBase64, dataLen); - // 解析字段 JsonObject jsonObject(syncMsg); if (jsonObject.IsDiscarded()) { LOGE("DmAuthMessageProcessor::DecryptSyncMessage jsonStr error"); @@ -752,16 +754,16 @@ int32_t DmAuthMessageProcessor::DecryptSyncMessage(std::shared_ptr context) { - // 解析json中的加密数据 - if (!jsonObject[DM_TAG_SYNC].IsString()) { // 再解析一次 acl + if (!jsonObject[DM_TAG_SYNC].IsString()) { LOGE("ParseMessageSyncReq json error"); return ERR_DM_FAILED; } std::string enSyncMsg = jsonObject[DM_TAG_SYNC].Get(); - // 解密数据 + 解析数据到context中 + // Decrypt data and parse data into context int32_t ret = DecryptSyncMessage(context, context->accesser, enSyncMsg); if (ret != DM_OK) { LOGE("DecryptSyncMessage enSyncMsg error"); @@ -771,17 +773,16 @@ int32_t DmAuthMessageProcessor::ParseMessageSyncReq(const JsonObject &jsonObject return DM_OK; } -// 解析 190报文信息 MSG_TYPE_RESP_DATA_SYNC 存放对方密文四元组,acl sp skid +// Parse 190 message save the remote encrypted quadruple, acl sp skid int32_t DmAuthMessageProcessor::ParseMessageSyncResp(const JsonObject &jsonObject, std::shared_ptr context) { - // 解析json中的加密数据 - if (!jsonObject[DM_TAG_SYNC].IsString()) { // 再解析一次 acl + if (!jsonObject[DM_TAG_SYNC].IsString()) { LOGE("ParseMessageSyncResp json error"); return ERR_DM_FAILED; } std::string enSyncMsg = jsonObject[DM_TAG_SYNC].Get(); - // 解密数据 + 解析数据到context中 + // Decrypt data and parse data into context int32_t ret = DecryptSyncMessage(context, context->accessee, enSyncMsg); if (ret != DM_OK) { LOGE("DecryptSyncMessage enSyncMsg error"); @@ -811,7 +812,7 @@ int32_t DmAuthMessageProcessor::ParseMessageSinkFinish(const JsonObject &jsonObj return DM_OK; } -// 解析201报文 +// Parse 201 message int32_t DmAuthMessageProcessor::ParseMessageSrcFinish(const JsonObject &jsonObject, std::shared_ptr context) { @@ -873,9 +874,6 @@ int32_t DmAuthMessageProcessor::ParseNegotiateMessage(const JsonObject &jsonObje if (jsonObject[TAG_BIND_LEVEL].IsNumberInteger()) { context->accesser.bindLevel = jsonObject[TAG_BIND_LEVEL].Get(); } - if (jsonObject[TAG_AUTH_TYPE].IsNumberInteger()) { - context->authType = static_cast(jsonObject[TAG_AUTH_TYPE].Get()); - } if (jsonObject.Contains(DM_TAG_EXTRA_INFO) && jsonObject[DM_TAG_EXTRA_INFO].IsObject()) { ParseNegotiateExtraInfoMessage(jsonObject[DM_TAG_EXTRA_INFO], context); @@ -924,17 +922,8 @@ int32_t DmAuthMessageProcessor::ParseMessageRespAclNegotiate(const JsonObject &j context->accessee.isAuthed = jsonObject[TAG_IS_AUTHED].Get(); } - if (jsonObject[TAG_CREDENTIAL_INFO].IsString()) { - context->accessee.credentialInfos = jsonObject[TAG_CREDENTIAL_INFO].Get(); - } - - if (jsonObject[DM_TAG_AUTH_TYPE_LIST].IsString()) { - auto strList = jsonObject[DM_TAG_AUTH_TYPE_LIST].Get(); - context->authTypeList = stringToVector(strList); - } - if (jsonObject.Contains(DM_TAG_AUTH_RESULT) && jsonObject[DM_TAG_AUTH_RESULT].IsNumberInteger()) { - context->authResult = static_cast(jsonObject[DM_TAG_AUTH_RESULT].Get()); - context->authResultReady = true; + if (jsonObject[TAG_CERT_INFO].IsString()) { + context->accessee.credentialTypeLists = stringToVectorInt32(jsonObject[TAG_CERT_INFO].Get()); } context->authStateMachine->TransitionTo(std::make_shared()); @@ -950,7 +939,12 @@ int32_t DmAuthMessageProcessor::ParseMessageReqUserConfirm(const JsonObject &jso if (json[TAG_DEVICE_NAME].IsString()) { context->accesser.deviceName = json[TAG_DEVICE_NAME].Get(); } - + if (json[TAG_AUTH_TYPE].IsNumberInteger()) { + context->authType = static_cast(json[TAG_AUTH_TYPE].Get()); + } + if (json[TAG_CERT_INFO].IsString()) { + context->accesser.credentialTypeLists = stringToVectorInt32(json[TAG_CERT_INFO].Get()); + } context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; } @@ -961,6 +955,12 @@ int32_t DmAuthMessageProcessor::ParseMessageRespUserConfirm(const JsonObject &js if (json[DM_TAG_AUTH_RESULT].IsNumberInteger()) { context->authResult = static_cast(json[DM_TAG_AUTH_RESULT].Get()); } + + if (json[DM_TAG_AUTH_TYPE_LIST].IsString()) { + auto strList = json[DM_TAG_AUTH_TYPE_LIST].Get(); + context->authTypeList = stringToVectorAuthType(strList); + } + context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK; } @@ -998,6 +998,8 @@ int32_t DmAuthMessageProcessor::ParseMessageReqPinAuthNegotiate(const JsonObject int32_t DmAuthMessageProcessor::CreateMessageReqUserConfirm(std::shared_ptr context, JsonObject &json) { + json[TAG_AUTH_TYPE] = context->authType; + json[TAG_CERT_INFO] = vectorInt32ToString(context->accesser.credentialTypeLists); json[TAG_DEVICE_TYPE] = context->accesser.deviceType; json[TAG_DEVICE_NAME] = context->accesser.deviceName; return DM_OK; @@ -1006,6 +1008,7 @@ int32_t DmAuthMessageProcessor::CreateMessageReqUserConfirm(std::shared_ptr context, JsonObject &json) { json[DM_TAG_AUTH_RESULT] = context->authResult; + json[DM_TAG_AUTH_TYPE_LIST] = vectorAuthTypeToString(context->authTypeList); return DM_OK; } @@ -1044,18 +1047,18 @@ void DmAuthMessageProcessor::CreateAndSendMsg(DmMessageType msgType, std::shared std::string DmAuthMessageProcessor::CompressSyncMsg(std::string &inputStr) { uint32_t srcLen = inputStr.size(); - uint32_t boundSize = compressBound(srcLen); // 最大压缩长度 + uint32_t boundSize = compressBound(srcLen); // Maximum compression length std::string compressed(boundSize, '\0'); - // 压缩到预留空间 - unsigned long destSize = boundSize; // 实际可用长度 + // Compress to reserved space + unsigned long destSize = boundSize; // Actual usable length int32_t ret = compress(reinterpret_cast(&compressed[0]), &destSize, reinterpret_cast(inputStr.data()), srcLen); if (ret != Z_OK) { LOGE("DmAuthMessageProcessor::CompressSyncMsg zlib compress failed"); return ""; } - compressed.resize(destSize); // 实际使用长度 + compressed.resize(destSize); // Actual usage length return compressed; } @@ -1063,9 +1066,9 @@ std::string DmAuthMessageProcessor::DecompressSyncMsg(std::string& compressed, u { std::string decompressed; decompressed.resize(oriLen); - unsigned long destLen = oriLen; // 实际使用长度 + unsigned long destLen = oriLen; // Actual usage length int32_t ret = uncompress(reinterpret_cast(&decompressed[0]), &destLen, - reinterpret_cast(compressed.data()), // 解压时跳过头部 + reinterpret_cast(compressed.data()), // Skip header when decompressing compressed.size()); if (ret != Z_OK || destLen != oriLen) { LOGE("DmAuthMessageProcessor::DecompressSyncMsg decompress failed"); @@ -1076,35 +1079,35 @@ std::string DmAuthMessageProcessor::DecompressSyncMsg(std::string& compressed, u std::string DmAuthMessageProcessor::Base64Encode(std::string &inputStr) { - // 输入字符串转二进制 + // Convert input string to binary const unsigned char* src = reinterpret_cast(inputStr.data()); size_t srcLen = inputStr.size(); - // 计算base64 后最大长度 + // Calculate the maximum length after base64 encoding size_t maxEncodeLen = ((srcLen + 2) / 3) * 4 + 1; std::vector buffer(maxEncodeLen); - // 实际编码长度 + // Actual encoding length size_t encodedLen = 0; int32_t ret = mbedtls_base64_encode(buffer.data(), buffer.size(), &encodedLen, src, srcLen); if (ret != 0) { LOGE("DmAuthMessageProcessor::Base64Encode mbedtls_base64_encode failed"); return ""; } - return std::string(reinterpret_cast(buffer.data()), encodedLen); // 无需终止符 + return std::string(reinterpret_cast(buffer.data()), encodedLen); // No terminator needed } std::string DmAuthMessageProcessor::Base64Decode(std::string &inputStr) { - // 输入字符串转二进制 + // Convert input string to binary const unsigned char* src = reinterpret_cast(inputStr.data()); size_t srcLen = inputStr.size(); - // 计算base64 后最大长度 + // Calculate the maximum length after base64 encoding size_t maxEncodeLen = (srcLen / 4) * 3 + 1; std::vector buffer(maxEncodeLen); - // 实际编码长度 + // Actual encoding length size_t decodedLen = 0; int32_t ret = mbedtls_base64_decode(buffer.data(), buffer.size(), &decodedLen, src, srcLen); if (ret != 0) { @@ -1115,11 +1118,10 @@ std::string DmAuthMessageProcessor::Base64Decode(std::string &inputStr) } -// 用于组装syncMsg中的加密部分 int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptr &context, DmAccess &accessSide, std::string &encSyncMsg) { - JsonObject syncMsgJson; // 完整的180/190 消息 未经压缩&加密 + JsonObject syncMsgJson; DmAccessToSync accessToSync; accessToSync.deviceName = accessSide.deviceName; accessToSync.deviceId = accessSide.deviceId; @@ -1131,7 +1133,7 @@ int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptrisOnline) { // 首次认证 + if (!context->isOnline) { // First certification syncMsgJson[DM_TAG_LNN_SK_ID]=std::to_string(accessSide.lnnSessionKeyId); syncMsgJson[DM_TAG_LNN_SK_TIMESTAMP]=std::to_string(accessSide.lnnSkTimeStamp); syncMsgJson[DM_TAG_LNN_CREDENTIAL_ID] = accessSide.lnnCredentialId; @@ -1140,8 +1142,8 @@ int32_t DmAuthMessageProcessor::EncryptSyncMessage(std::shared_ptrEncryptMessage(plainJson.Dump(), encSyncMsg); } @@ -1198,7 +1199,7 @@ std::string DmAuthMessageProcessor::AccesserToStr(DistributedDeviceProfile::Acce jsonAccesserObj[DM_TAG_ACCESSER_USER_ID] = accesser.GetAccesserUserId(); jsonAccesserObj[DM_TAG_ACCESSER_ACOUNT_ID] = accesser.GetAccesserAccountId(); jsonAccesserObj[DM_TAG_ACCESSER_TOKEN_ID] = accesser.GetAccesserTokenId(); - jsonAccesserObj[DM_TAG_ACCESSER_SERVICE_NAME] = std::vector(); // 预留字段 DP库未适配 + jsonAccesserObj[DM_TAG_ACCESSER_SERVICE_NAME] = std::vector(); // Reserved field jsonAccesserObj[DM_TAG_ACCESSER_BUNDLE_NAME] = accesser.GetAccesserBundleName(); jsonAccesserObj[DM_TAG_ACCESSER_HAP_SIGNATURE] = accesser.GetAccesserHapSignature(); jsonAccesserObj[DM_TAG_ACCESSER_BIND_LEVEL] = accesser.GetAccesserBindLevel(); @@ -1217,7 +1218,7 @@ std::string DmAuthMessageProcessor::AccesseeToStr(DistributedDeviceProfile::Acce jsonAccesseeObj[DM_TAG_ACCESSEE_USER_ID] = accessee.GetAccesseeUserId(); jsonAccesseeObj[DM_TAG_ACCESSEE_ACOUNT_ID] = accessee.GetAccesseeAccountId(); jsonAccesseeObj[DM_TAG_ACCESSEE_TOKEN_ID] = accessee.GetAccesseeTokenId(); - jsonAccesseeObj[DM_TAG_ACCESSEE_SERVICE_NAME] = std::vector(); // 预留字段 DP库未适配 + jsonAccesseeObj[DM_TAG_ACCESSEE_SERVICE_NAME] = std::vector(); // Reserved field jsonAccesseeObj[DM_TAG_ACCESSEE_BUNDLE_NAME] = accessee.GetAccesseeBundleName(); jsonAccesseeObj[DM_TAG_ACCESSEE_HAP_SIGNATURE] = accessee.GetAccesseeHapSignature(); jsonAccesseeObj[DM_TAG_ACCESSEE_BIND_LEVEL] = accessee.GetAccesseeBindLevel(); @@ -1230,7 +1231,7 @@ std::string DmAuthMessageProcessor::AccesseeToStr(DistributedDeviceProfile::Acce int32_t DmAuthMessageProcessor::CreateSyncMessage(std::shared_ptr context, JsonObject &jsonObject) { - DmAccess accessSide; // 代表本端的access + DmAccess accessSide; if (context->direction == DM_AUTH_SOURCE) { accessSide = context->accesser; } else { @@ -1246,7 +1247,6 @@ int32_t DmAuthMessageProcessor::CreateSyncMessage(std::shared_ptr return DM_OK; } -// 解析transmit和PSKID 解析160 int32_t DmAuthMessageProcessor::ParseAuthStartMessage(const JsonObject &jsonObject, std::shared_ptr context) { @@ -1264,20 +1264,20 @@ int32_t DmAuthMessageProcessor::ParseAuthStartMessage(const JsonObject &jsonObje int32_t DmAuthMessageProcessor::GetAclListStr(std::shared_ptr &context, std::string &aclList) { JsonObject jsonAclListObj; - jsonAclListObj[DM_TAG_DMVERSION] = context->accesser.dmVersion; // 在80/90 流程会协商出双方均兼容的版本号,此处取accesser的ver即可 + jsonAclListObj[DM_TAG_DMVERSION] = context->accesser.dmVersion; - // 查询ACL + // Query ACL. std::vector profiles = DeviceProfileConnector::GetInstance().GetAccessControlProfile(); std::vector accceserStrList; std::vector accceseeStrList; - // 遍历acl table 找到双端历史acl记录 + // Traverse the ACL table to find historical ACL records at both ends. for (auto &item : profiles) { if (item.GetAccesser().GetAccesserDeviceId() == context->accesser.deviceId && item.GetAccesser().GetAccesserUserId() == context->accesser.userId && item.GetAccessee().GetAccesseeDeviceId() == context->accessee.deviceId && item.GetAccessee().GetAccesseeUserId() == context->accessee.userId) { - // 以SHA256的摘要保存 + // Save the digest using SHA256. uint8_t accesserHash[DM_HASH_LEN] = {0}; std::string accesserStr = AccesserToStr(item); Crypto::DmGenerateStrHash(accesserStr.data(), accesserStr.size(), accesserHash, DM_HASH_LEN, 0); @@ -1290,7 +1290,7 @@ int32_t DmAuthMessageProcessor::GetAclListStr(std::shared_ptr &co } } if (accceserStrList.empty() || accceseeStrList.empty()) { - LOGI("DmAuthMessageProcessor::CreateSyncMessage acl lis is empty"); // 双方无旧ACL需要同步 此时返回空字符串 + LOGI("DmAuthMessageProcessor::CreateSyncMessage acl lis is empty"); } jsonAclListObj[DM_TAG_ACCESSER] = accceserStrList; -- Gitee