diff --git a/common/include/dm_cert.h b/common/include/dm_cert.h index 5080ef8603a258794371a09acfc78e9ec7267d47..75510dd45c896782a7430ebfc220cf9e171ab1c2 100644 --- a/common/include/dm_cert.h +++ b/common/include/dm_cert.h @@ -20,6 +20,10 @@ #define DM_CERTS_COUNT 4 #define UDID_BUF_LEN 65 #define DM_CERTIFICATE_SIZE 8192 +#define ATTEST_CERTS_INDEX 0 +#define DEVICE_CERTS_INDEX 1 +#define MANUFACTURE_CERTS_INDEX 2 +#define ROOT_CERTS_INDEX 3 #include #include diff --git a/common/include/dm_constants.h b/common/include/dm_constants.h index 91877cd1970aa5a60e5f383066c196b9057dfaeb..403201b60ebb3d88a6d184c3cb898e40ebc1c1ab 100755 --- a/common/include/dm_constants.h +++ b/common/include/dm_constants.h @@ -200,6 +200,7 @@ extern const char* DM_VERSION_5_1_0; extern const char* DM_VERSION_5_1_1; extern const char* DM_VERSION_5_1_2; extern const char* DM_VERSION_5_1_3; +extern const char* DM_VERSION_5_1_4; extern const char* DM_CURRENT_VERSION; extern const char* DM_ACL_AGING_VERSION; extern const char* DM_VERSION_5_0_OLD_MAX; // Estimated highest version number of the old version diff --git a/common/include/i_dm_auth_cert_ext.h b/common/include/i_dm_auth_cert_ext.h index fafda279c421563357281076ee117c98e5f000f8..56efa391e45063f4dd84ea47598bb709cba8edd0 100644 --- a/common/include/i_dm_auth_cert_ext.h +++ b/common/include/i_dm_auth_cert_ext.h @@ -25,6 +25,9 @@ public: virtual ~IDMAuthCertExt() = default; virtual int32_t GenerateCertificate(DmCertChain &dmCertChain) = 0; virtual int32_t VerifyCertificate(const DmCertChain &dmCertChain, const char *deviceIdHash) = 0; + virtual int32_t GenerateCertificateV2(DmCertChain &dmCertChain, const uint64_t random) = 0; + virtual int32_t VerifyCertificateV2(const DmCertChain &dmCertChain, const char *deviceIdHash, + const uint64_t random) = 0; }; using CreateDMAuthCertFuncPtr = IDMAuthCertExt *(*)(void); diff --git a/common/src/dm_constants.cpp b/common/src/dm_constants.cpp index 3be5b9fb7ff00724ac4a11f6ca59fa1d149cb39c..73ed7a13ca8ec73532b3cacbdf1ef36d8955ddaf 100644 --- a/common/src/dm_constants.cpp +++ b/common/src/dm_constants.cpp @@ -188,7 +188,8 @@ const char* DM_VERSION_5_1_0 = "5.1.0"; const char* DM_VERSION_5_1_1 = "5.1.1"; const char* DM_VERSION_5_1_2 = "5.1.2"; const char* DM_VERSION_5_1_3 = "5.1.3"; -const char* DM_CURRENT_VERSION = DM_VERSION_5_1_3; +const char* DM_VERSION_5_1_4 = "5.1.4"; +const char* DM_CURRENT_VERSION = DM_VERSION_5_1_4; const char* DM_ACL_AGING_VERSION = DM_VERSION_5_1_0; const char* DM_VERSION_5_0_OLD_MAX = "5.0.99"; // Estimated highest version number of the old version const int32_t OLD_DM_HO_OSTYPE = -1; diff --git a/services/implementation/include/attest/dm_auth_cert.h b/services/implementation/include/attest/dm_auth_cert.h index 8891398616c2f3e87d5ce5dacda580dfb4aab098..a2d4a3ffcd7eb8304410b8e940a18ea4f82967ea 100644 --- a/services/implementation/include/attest/dm_auth_cert.h +++ b/services/implementation/include/attest/dm_auth_cert.h @@ -38,6 +38,8 @@ public: int32_t GenerateCertificate(DmCertChain &dmCertChain); int32_t VerifyCertificate(const DmCertChain &dmCertChain, const char *deviceIdHash); + int32_t GenerateCertificateV2(DmCertChain &dmCertChain, const uint64_t random); + int32_t VerifyCertificateV2(const DmCertChain &dmCertChain, const char *deviceIdHash, const uint64_t random); private: AuthCert(); diff --git a/services/implementation/include/authentication_v2/auth_manager.h b/services/implementation/include/authentication_v2/auth_manager.h index 9b087c1e02db9b856bbce7fc1ec646147f88f66a..02deef3fe7ca1f8f8b1fec0005eccb180e1578b2 100644 --- a/services/implementation/include/authentication_v2/auth_manager.h +++ b/services/implementation/include/authentication_v2/auth_manager.h @@ -154,8 +154,6 @@ private: void GetBindCallerInfo(); int32_t GetBindLevel(int32_t bindLevel); void GetIsNeedJoinLnnParam(const std::map &bindParam); - std::mutex certMtx_; - std::condition_variable certCV_; }; class AuthSrcManager : public AuthManager { diff --git a/services/implementation/include/authentication_v2/dm_auth_context.h b/services/implementation/include/authentication_v2/dm_auth_context.h index dbee2271d209e4d6c36a5ac7108cae61c871242d..e60adda5c2876c443aa42a3f23cb2ea0034c5cdb 100644 --- a/services/implementation/include/authentication_v2/dm_auth_context.h +++ b/services/implementation/include/authentication_v2/dm_auth_context.h @@ -196,9 +196,11 @@ struct DmAccess { int32_t sessionKeyId; // Used as key delivery material, retrieves the SK from the bus int32_t transmitSessionKeyId; // Permanent application SKID on this end, returned by DP for ACL updates and aging int32_t lnnSessionKeyId{0}; // Permanent user SKID on this end, returned by DP for ACL updates and aging + int32_t oldBindLevel; int64_t transmitSkTimeStamp; // Used for aging, time is 2 days, application-level credential timestamp int64_t lnnSkTimeStamp{0}; // Used for aging, time is 2 days, user-level credential timestamp int64_t skTimeStamp; // Used for aging, time is 2 days + uint64_t certRandom{0}; // Used for cert generate bool isAuthed; bool isUserLevelAuthed; bool isOnline; @@ -216,7 +218,6 @@ struct DmAccess { // send both the new and old protocol messages simultaneously in the 80 message when // authType == import. Therefore, it is required to define these fields for compatibility processing. std::string accountGroupIdHash; - int32_t oldBindLevel; std::string oldBundleName; // construct for old version compatible end std::string extraInfo; // Expandable field, JSON format, KV structure @@ -302,7 +303,9 @@ struct DmAuthContext { bool needBind{true}; bool needAgreeCredential{true}; bool needAuth{true}; - + std::mutex certMtx_; // cert lock + std::mutex certCVMtx_; // cert cv lock + std::condition_variable certCV_; // cert cv CleanNotifyCallback cleanNotifyCallback{nullptr}; std::string GetDeviceId(DmAuthSide side); diff --git a/services/implementation/include/authentication_v2/dm_auth_manager_base.h b/services/implementation/include/authentication_v2/dm_auth_manager_base.h index 2bb96eefebeb98b1f8cd2630dcf35952f35a030b..c680323a42aa2443360017c9edf8a8c3c738c270 100644 --- a/services/implementation/include/authentication_v2/dm_auth_manager_base.h +++ b/services/implementation/include/authentication_v2/dm_auth_manager_base.h @@ -80,6 +80,7 @@ extern const char* TAG_DM_CERT_CHAIN; extern const char* TAG_CERT_COUNT; extern const char* TAG_CERT; extern const char* TAG_IS_COMMON_FLAG; +extern const char* TAG_CERT_RANDOM; extern const int32_t AUTHENTICATE_TIMEOUT; extern const int32_t CONFIRM_TIMEOUT; diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h index a1d43b149c303fcd17a1d5fb034473fce485e88d..0eae068149885bf8a5c702e30f140cd64a1c5721 100644 --- a/services/implementation/include/authentication_v2/dm_auth_state.h +++ b/services/implementation/include/authentication_v2/dm_auth_state.h @@ -238,6 +238,7 @@ private: void GetCustomDescBySinkLanguage(std::shared_ptr context); void ResetBindLevel(std::shared_ptr context); void NegotiateUltrasonic(std::shared_ptr context); + void GenerateCertificate(std::shared_ptr context); }; class AuthSinkStatePinAuthComm { @@ -459,9 +460,6 @@ public: int32_t Action(std::shared_ptr context) override; int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); -private: - std::mutex certCVMtx_; - std::condition_variable certCV_; }; class AuthSinkSKDeriveState : public DmAuthState { @@ -497,9 +495,6 @@ public: int32_t DerivativeSessionKey(std::shared_ptr context); int32_t DerivativeProxySessionKey(std::shared_ptr context); int32_t HandleSrcCredentialAuthDone(std::shared_ptr context); -private: - std::mutex certCVMtx_; - std::condition_variable certCV_; }; class AuthSinkCredentialAuthStartState : public DmAuthState { diff --git a/services/implementation/src/attest/dm_auth_cert.cpp b/services/implementation/src/attest/dm_auth_cert.cpp index 1587ae6bc362b6fd00d7d5ca6086155d3ce301b1..4438e561ae5e0cf69b018e724585c33d37e2b5e7 100644 --- a/services/implementation/src/attest/dm_auth_cert.cpp +++ b/services/implementation/src/attest/dm_auth_cert.cpp @@ -86,5 +86,23 @@ int32_t AuthCert::VerifyCertificate(const DmCertChain &dmCertChain, const char * } return dmAuthCertExt_->VerifyCertificate(dmCertChain, deviceIdHash); } + +int32_t AuthCert::GenerateCertificateV2(DmCertChain &dmCertChain, const uint64_t random) +{ + if (!IsDMAdapterAuthCertLoaded()) { + LOGE("authCertSo load failed!"); + return ERR_DM_FAILED; + } + return dmAuthCertExt_->GenerateCertificateV2(dmCertChain, random); +} + +int32_t AuthCert::VerifyCertificateV2(const DmCertChain &dmCertChain, const char *deviceIdHash, const uint64_t random) +{ + if (!IsDMAdapterAuthCertLoaded()) { + LOGE("authCertSo load failed!"); + return ERR_DM_FAILED; + } + return dmAuthCertExt_->VerifyCertificateV2(dmCertChain, deviceIdHash, random); +} } // namespace DistributedHardware } // namespace OHOS \ No newline at end of file diff --git a/services/implementation/src/authentication_v2/auth_manager.cpp b/services/implementation/src/authentication_v2/auth_manager.cpp index 70ffbf6638367ef46282878ed574890f5c286f9c..ad9835e7c3ebe9ee8168563c6e0316ada515f56e 100644 --- a/services/implementation/src/authentication_v2/auth_manager.cpp +++ b/services/implementation/src/authentication_v2/auth_manager.cpp @@ -26,8 +26,6 @@ #include "multiple_user_connector.h" #include "auth_manager.h" -#include "dm_auth_attest_common.h" -#include "dm_auth_cert.h" #include "dm_constants.h" #include "dm_crypto.h" #include "dm_random.h" @@ -40,7 +38,6 @@ #include "dm_auth_context.h" #include "dm_auth_message_processor.h" #include "dm_auth_state.h" -#include "ffrt.h" #include "json_object.h" #ifdef SUPPORT_MSDP @@ -652,33 +649,6 @@ int32_t AuthManager::AuthenticateDevice(const std::string &pkgName, int32_t auth return DM_OK; } -void GenerateCertificate(std::shared_ptr context) -{ - if (context == nullptr) { - LOGE("context is nullptr!"); - return; - } -#ifdef DEVICE_MANAGER_COMMON_FLAG - context->accesser.isCommonFlag = true; - LOGI("open device do not generate cert!"); - context->accesser.cert = "common"; -#else - DmCertChain dmCertChain; - int32_t certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); - if (certRet != DM_OK) { - LOGE("generate cert fail, certRet = %{public}d", certRet); - return; - } - { - std::lock_guard lock(certMtx_); - context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); - } - certCV_.notify_all(); - AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); -#endif - return; -} - int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId &targetId, const std::map &bindParam, int sessionId, uint64_t logicalSessionId) { @@ -723,8 +693,6 @@ int32_t AuthManager::BindTarget(const std::string &pkgName, const PeerTargetId & context_->logicalSessionId = logicalSessionId; context_->requestId = static_cast(logicalSessionId); context_->authStateMachine->TransitionTo(std::make_shared()); - // generate cert sync - ffrt::submit([=]() { GenerateCertificate(context_);}); info = { .funcName = "BindTarget" }; info.channelId = sessionId; DmRadarHelper::GetInstance().ReportAuthSendRequest(info); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp index a4581ac99f1ae17287c1e36491d5a78670303721..b2fc5f4351b48d27aacc0368489e71587c405c41 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_acl.cpp @@ -66,8 +66,14 @@ int32_t AuthSinkDataSyncState::VerifyCertificate(std::shared_ptr LOGE("cert deserialize fail!"); return ERR_DM_DESERIAL_CERT_FAILED; } - int32_t certRet = AuthCert::GetInstance(). - VerifyCertificate(dmCertChain, context->accesser.deviceIdHash.c_str()); + int32_t certRet = -1; + if (CompareVersion(context->accesser.dmVersion, DM_VERSION_5_1_3)) { + certRet = AuthCert::GetInstance(). + VerifyCertificateV2(dmCertChain, context->accesser.deviceIdHash.c_str(), context->accessee.certRandom); + } else { + certRet = AuthCert::GetInstance(). + VerifyCertificate(dmCertChain, context->accesser.deviceIdHash.c_str()); + } // free dmCertChain memory AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); if (certRet != DM_OK) { diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_confirm.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_confirm.cpp index 7918ad77a5ee6558d3643a2aa99387358cf73408..28ed7e71f357dfbdb0aeea4605c96c877d7cc9e8 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_confirm.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_confirm.cpp @@ -22,6 +22,8 @@ #include "deviceprofile_connector.h" #include "distributed_device_profile_errors.h" #include "dm_anonymous.h" +#include "dm_auth_attest_common.h" +#include "dm_auth_cert.h" #include "dm_auth_context.h" #include "dm_auth_state.h" #include "dm_auth_state_machine.h" @@ -31,6 +33,7 @@ #include "dm_log.h" #include "dm_negotiate_process.h" #include "dm_softbus_cache.h" +#include "ffrt.h" #include "multiple_user_connector.h" namespace OHOS { @@ -613,6 +616,38 @@ void AuthSrcConfirmState::GetP2PCredentialInfo(std::shared_ptr co } } +void AuthSrcConfirmState::GenerateCertificate(std::shared_ptr context) +{ + if (context == nullptr) { + LOGE("context is nullptr!"); + return; + } +#ifdef DEVICE_MANAGER_COMMON_FLAG + context->accesser.isCommonFlag = true; + LOGI("open device do not generate cert!"); + context->accesser.cert = "common"; +#else + DmCertChain dmCertChain; + int32_t certRet = -1; + if (CompareVersion(context->accessee.dmVersion, DM_VERSION_5_1_3)) { + certRet = AuthCert::GetInstance().GenerateCertificateV2(dmCertChain, context->accessee.certRandom); + } else { + certRet = AuthCert::GetInstance().GenerateCertificate(dmCertChain); + } + if (certRet != DM_OK) { + LOGE("generate cert fail, certRet = %{public}d", certRet); + return; + } + { + std::lock_guard lock(context->certMtx_); + context->accesser.cert = AuthAttestCommon::GetInstance().SerializeDmCertChain(&dmCertChain); + } + context->certCV_.notify_all(); + AuthAttestCommon::GetInstance().FreeDmCertChain(dmCertChain); +#endif + return; +} + int32_t AuthSrcConfirmState::Action(std::shared_ptr context) { LOGI("start."); @@ -641,6 +676,8 @@ int32_t AuthSrcConfirmState::Action(std::shared_ptr context) NegotiateProxyAcl(context); NegotiateUltrasonic(context); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_USER_CONFIRM, context); + // generate cert sync + ffrt::submit([=]() { GenerateCertificate(context);}); context->listener->OnAuthResult(context->processInfo, context->peerTargetId.deviceId, context->accessee.tokenIdHash, static_cast(STATUS_DM_SHOW_AUTHORIZE_UI), DM_OK); context->listener->OnBindResult(context->processInfo, context->peerTargetId, diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp index 47d2813af2c1f73a7d926e5a106ebb81bf1fc99a..6f294d97f1659181e23e55dbc12558550a47dae3 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_credential.cpp @@ -117,8 +117,8 @@ int32_t AuthSrcCredentialAuthDoneState::Action(std::shared_ptr co CHECK_NULL_RETURN(context->authMessageProcessor, ERR_DM_POINT_NULL); if (GetSessionKey(context)) { DerivativeSessionKey(context); - std::unique_lock cvLock(certCVMtx_); - certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + std::unique_lock cvLock(context->certCVMtx_); + context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), [=] {return !context->accesser.cert.empty();}); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_REQ_DATA_SYNC, context); return DM_OK; @@ -169,14 +169,14 @@ int32_t AuthSrcCredentialAuthDoneState::HandleSrcCredentialAuthDone(std::shared_ return ret; } SetAuthContext(skId, context->accesser.lnnSkTimeStamp, context->accesser.lnnSessionKeyId); - std::unique_lock cvLock(certCVMtx_); - certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + std::unique_lock cvLock(context->certCVMtx_); + context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } else { // Non-first-time authentication transport credential process DerivativeSessionKey(context); - std::unique_lock cvLock(certCVMtx_); - certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + std::unique_lock cvLock(context->certCVMtx_); + context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), [=] {return !context->accesser.cert.empty();}); msgType = MSG_TYPE_REQ_DATA_SYNC; } @@ -746,8 +746,8 @@ int32_t AuthSrcSKDeriveState::Action(std::shared_ptr context) // derive transmit sk DerivativeSessionKey(context); // wait cert generate - std::unique_lock cvLock(certCVMtx_); - certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), + std::unique_lock cvLock(context->certCVMtx_); + context->certCV_.wait_for(cvLock, std::chrono::milliseconds(GENERATE_CERT_TIMEOUT), [=] {return !context->accesser.cert.empty();}); // send 180 std::string message = context->authMessageProcessor->CreateMessage(MSG_TYPE_REQ_DATA_SYNC, context); diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp index 490247779e028bd5d313c4650864c84f84decf57..853d616dc8d701543e683a78b91efb8a7c37764a 100644 --- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp +++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp @@ -51,6 +51,8 @@ namespace DistributedHardware { namespace { const char* DM_DISTURBANCE_EVENT_KEY = "business_id_cast+_disturbance_event"; const char* DM_ANTI_DISTURBANCE_MODE = "is_in_anti_disturbance_mode"; + const int64_t DM_MIN_RANDOM = 1; + const int64_t DM_MAX_RANDOM_INT64 = INT64_MAX; } DmAuthStateType AuthSrcStartState::GetStateType() @@ -248,6 +250,7 @@ int32_t AuthSinkNegotiateStateMachine::Action(std::shared_ptr con context->reason = ret; return ret; } + context->accessee.certRandom = static_cast(GenRandLongLong(DM_MIN_RANDOM, DM_MAX_RANDOM_INT64)); context->authMessageProcessor->CreateAndSendMsg(MSG_TYPE_RESP_ACL_NEGOTIATE, context); context->timer->StartTimer(std::string(WAIT_REQUEST_TIMEOUT_TASK), DmAuthState::GetTaskTimeout(context, WAIT_REQUEST_TIMEOUT_TASK, WAIT_REQUEST_TIMEOUT), diff --git a/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp b/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp index 9a3910b6e25051ebf2536a75b49ed831b4da5042..3c9fb29de51fa0b2b83b89d63e1db4e3bbe2f57a 100644 --- a/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_manager_base.cpp @@ -82,6 +82,7 @@ const char* TAG_DM_CERT_CHAIN = "dmCertChain"; const char* TAG_CERT_COUNT = "certCount"; const char* TAG_CERT = "cert"; const char* TAG_IS_COMMON_FLAG = "isCommonFlag"; +const char* TAG_CERT_RANDOM = "certRandom"; const int32_t AUTHENTICATE_TIMEOUT = 120; const int32_t CONFIRM_TIMEOUT = 60; diff --git a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp index 2394a4f42954a1160cf73516fa272a55df489d09..792f37174c85ee900106dfd1b7fd959a209f8110 100644 --- a/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp +++ b/services/implementation/src/authentication_v2/dm_auth_message_processor.cpp @@ -947,6 +947,7 @@ int32_t DmAuthMessageProcessor::CreateRespNegotiateMessage(std::shared_ptraccessee.language; jsonObject[TAG_EXTRA_INFO] = context->accessee.extraInfo; jsonObject[TAG_NETWORKID_ID] = context->accessee.networkId; + jsonObject[TAG_CERT_RANDOM] = context->accessee.certRandom; jsonObject[TAG_IS_ONLINE] = context->accesser.isOnline; CreateProxyRespNegotiateMessage(context, jsonObject); @@ -1540,50 +1541,42 @@ int32_t DmAuthMessageProcessor::ParseMessageRespAclNegotiate(const JsonObject &j if (jsonObject[TAG_DEVICE_VERSION].IsString()) { context->accessee.dmVersion = jsonObject[TAG_DEVICE_VERSION].Get(); } - if (jsonObject[TAG_DEVICE_NAME].IsString()) { context->accessee.deviceName = jsonObject[TAG_DEVICE_NAME].Get(); } - if (jsonObject[TAG_DEVICE_ID_HASH].IsString()) { context->accessee.deviceIdHash = jsonObject[TAG_DEVICE_ID_HASH].Get(); } - if (jsonObject[TAG_USER_ID].IsNumberInteger()) { context->accessee.userId = jsonObject[TAG_USER_ID].Get(); } - if (jsonObject[TAG_ACCOUNT_ID_HASH].IsString()) { context->accessee.accountIdHash = jsonObject[TAG_ACCOUNT_ID_HASH].Get(); } - if (jsonObject[TAG_TOKEN_ID_HASH].IsString()) { context->accessee.tokenIdHash = jsonObject[TAG_TOKEN_ID_HASH].Get(); } - if (jsonObject[TAG_NETWORKID_ID].IsString()) { context->accessee.networkId = jsonObject[TAG_NETWORKID_ID].Get(); } - if (jsonObject[TAG_IS_ONLINE].IsBoolean()) { context->isOnline = jsonObject[TAG_IS_ONLINE].Get(); } - if (jsonObject[TAG_ACL_TYPE_LIST].IsString()) { context->accessee.aclTypeList = jsonObject[TAG_ACL_TYPE_LIST].Get(); } - if (jsonObject[TAG_CERT_TYPE_LIST].IsString()) { context->accessee.credTypeList = jsonObject[TAG_CERT_TYPE_LIST].Get(); } - if (jsonObject[TAG_LANGUAGE].IsString()) { context->accessee.language = jsonObject[TAG_LANGUAGE].Get(); } - if (jsonObject[TAG_EXTRA_INFO].IsString()) { context->accessee.extraInfo = jsonObject[TAG_EXTRA_INFO].Get(); } + if (jsonObject[TAG_CERT_RANDOM].IsNumberInteger()) { + context->accessee.certRandom = jsonObject[TAG_CERT_RANDOM].Get(); + } ParseMessageProxyRespAclNegotiate(jsonObject, context); context->authStateMachine->TransitionTo(std::make_shared()); return DM_OK;