本文主要簡析 OpenHarmony 的用戶鑑權管理。

用戶憑證管理

pin_auth（口令認證）：模塊支持用戶口令的設置，刪除和認證功能。

與用戶 IAM 子系統基礎框架配合，也可以支持用戶口令修改的功能；口令認證作為 OpenHarmony 最基礎的用戶身份認證執行器，按照協同認證定義的資源註冊接口，將口令認證相關資源信息註冊到協同認證框架，並根據協同認證框架的調度，完成口令的設置，刪除和認證功能。

face_auth（人臉認證）：支持用戶人臉的錄入，刪除和認證功能；人臉認證是 OpenHarmony 支持的一種生物認證執行器，按照協同認證定義的資源註冊接口，將人臉認證相關資源信息註冊到協同認證框架，並根據協同認證框架的調度，調用人臉認證 HDI，完成人臉的錄入，認證，刪除等功能。

user_auth_framework：主要包括三個模塊，用戶認證、憑據管理和執行器管理。

用戶認證模塊對外提供統一用戶身份認證功能，並且開放生物特徵認證API給三方應用調用。

憑據管理模塊提供系統內統一的用戶憑據管理（增刪改查）接口，向下通過執行器管理模塊，調用系統內的執行器資源，完成用戶憑據的生命週期管理和安全存儲。

執行器管理模塊提供系統內執行器資源的統一管理和協同調度能力，當前支持口令執行器和人臉執行器的管理。

使用

接口：

import osAccount from '@ohos.account.osAccount'

憑證管理：

//UserIdentityManager/*** Provides the abilities for managing user identity.* @name UserIdentityManager* @syscap SystemCapability.Account.OsAccount* @since 8*/class UserIdentityManager {/*** Constructor to get the UserIdentityManager class instance.* @returns Returns the UserIdentityManager class instance.* @systemapi Hide this for inner system use.* @since 8*/constructor();/*** Opens session.* <p>* Start an IDM operation to obtain challenge value.* A challenge value of 0 indicates that opensession failed.* @permission ohos.permission.MANAGE_USER_IDM* @returns Returns a challenge value.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @systemapi Hide this for inner system use.* @since 8*/openSession(callback: AsyncCallback<Uint8Array>): void;openSession(): Promise<Uint8Array>;/*** Adds credential.* <p>* Add user credential information, pass in credential addition method and credential information* (credential type, subclass, if adding user's non password credentials, pass in password authentication token),* and get the result / acquireinfo callback.* @permission ohos.permission.MANAGE_USER_IDM* @param credentialInfo Indicates the credential information.* @param callback Indicates the callback to get results and acquireInfo.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid credentialInfo.* @systemapi Hide this for inner system use.* @since 8*/addCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void;/*** Updates credential.* @permission ohos.permission.MANAGE_USER_IDM* @param credentialInfo Indicates the credential information.* @param callback Indicates the callback to get results and acquireInfo.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid credentialInfo.* @systemapi Hide this for inner system use.* @since 8*/updateCredential(credentialInfo: CredentialInfo, callback: IIdmCallback): void;/*** Closes session.* <p>* End an IDM operation.* @permission ohos.permission.MANAGE_USER_IDM* @systemapi Hide this for inner system use.* @since 8*/closeSession(): void;/*** Cancels entry with a challenge value.* @permission ohos.permission.MANAGE_USER_IDM* @param challenge Indicates the challenge value.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid challenge.* @systemapi Hide this for inner system use.* @since 8*/cancel(challenge: Uint8Array): void;/*** Deletes the user with the authentication token.* @permission ohos.permission.MANAGE_USER_IDM* @param token Indicates the authentication token.* @param callback Indicates the callback to get the deletion result.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid token.* @systemapi Hide this for inner system use.* @since 8*/delUser(token: Uint8Array, callback: IIdmCallback): void;/*** Deletes the user credential information.* @permission ohos.permission.MANAGE_USER_IDM* @param credentialId Indicates the credential index.* @param token Indicates the authentication token.* @param callback Indicates the callback to get the deletion result.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid credentialId or token.* @systemapi Hide this for inner system use.* @since 8*/delCred(credentialId: Uint8Array, token: Uint8Array, callback: IIdmCallback): void;/*** Gets authentication information.* @permission ohos.permission.USE_USER_IDM* @param authType Indicates the authentication type.* @param callback Indicates the callback to get all registered credential information of* the specified type for the current user.* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300002 - invalid authType.* @throws {BusinessError} 12300015 - the authType is not supported on current device.* @throws {BusinessError} 12300016 - authentication timeout.* @throws {BusinessError} 12300017 - authentication service is busy.* @throws {BusinessError} 12300018 - authentication service is locked.* @throws {BusinessError} 12300019 - the credential does not exist.* @systemapi Hide this for inner system use.* @since 8*/getAuthInfo(callback: AsyncCallback<Array<EnrolledCredInfo>>): void;getAuthInfo(authType: AuthType, callback: AsyncCallback<Array<EnrolledCredInfo>>): void;getAuthInfo(authType?: AuthType): Promise<Array<EnrolledCredInfo>>;}

口令管理：

/*** Provides the abilities for Pin code authentication.* @name PINAuth* @syscap SystemCapability.Account.OsAccount* @since 8*/class PINAuth {/*** Constructor to get the PINAuth class instance.* @returns Returns the PINAuth class instance.* @systemapi Hide this for inner system use.* @since 8*/constructor();/*** Register inputer.* @permission ohos.permission.ACCESS_PIN_AUTH* @param inputer Indicates the password input box callback* @throws {BusinessError} 201 - permission denied.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300001 - system service exception.* @throws {BusinessError} 12300007 - PIN inputer has been registered.* @systemapi Hide this for inner system use.* @since 8*/registerInputer(inputer: IInputer): void;/*** Unregister inputer.* @permission ohos.permission.ACCESS_PIN_AUTH* @systemapi Hide this for inner system use.* @since 8*/unregisterInputer(): void;

回調：IInputData，Inputer 回調時帶的參數，用來輸入口令。

/*** Password data callback.** @name IInputData* @syscap SystemCapability.Account.OsAccount* @systemapi Hide this for inner system use.* @since 8*/interface IInputData {/*** Notifies to set data.* @param pinSubType Indicates the credential subtype for authentication.* @param data Indicates the data to set.* @throws {BusinessError} 401 - the parameter check failed.* @throws {BusinessError} 12300002 - invalid pinSubType.* @systemapi Hide this for inner system use.* @since 8*/onSetData: (pinSubType: AuthSubType, data: Uint8Array) => void;}

回調：IInputer，regitsterInputer 是傳入的回調，在需要輸口令時被調用。

/*** Password input box callback.* @name IInputer* @syscap SystemCapability.Account.OsAccount* @systemapi Hide this for inner system use.* @since 8*/interface IInputer {/*** Notifies to get data.* @param pinSubType Indicates the credential subtype for authentication.* @param callback Indicates the password data callback.* @systemapi Hide this for inner system use.* @since 8*/onGetData: (pinSubType: AuthSubType, callback: IInputData) => void;}

回調：IUserAuthCallback，auth，authUser 的回調，用來接收 auth 的結果。

/*** User authentication callback.* @name IUserAuthCallback* @syscap SystemCapability.Account.OsAccount* @systemapi Hide this for inner system use.* @since 8*/interface IUserAuthCallback {/*** The authentication result code is returned through the callback.* @param result Indicates the authentication result code.* @param extraInfo Indicates the specific information for different situation.* If the authentication is passed, the authentication token is returned in extrainfo,* If the authentication fails, the remaining authentication times are returned in extrainfo,* If the authentication executor is locked, the freezing time is returned in extrainfo.* @systemapi Hide this for inner system use.* @since 8*/onResult: (result: number, extraInfo: AuthResult) => void;/*** During an authentication, the TipsCode is returned through the callback.* @param module Indicates the executor type for authentication.* @param acquire Indicates the tip code for different authentication executor.* @param extraInfo reserved parameter.* @systemapi Hide this for inner system use.* @since 8*/onAcquireInfo?: (module: number, acquire: number, extraInfo: any) => void;}

回調：IIdmCallback，addCredential，updateCredential，delUser，delCred 的回調，用來收聽 onResult 是否成功。

/*** Identity manager callback.* @name IIdmCallback* @syscap SystemCapability.Account.OsAccount* @systemapi Hide this for inner system use.* @since 8*/interface IIdmCallback {/*** The authentication result code is returned through the callback.* @param result Indicates the authentication result code.* @param extraInfo pass the specific information for different situation.* @systemapi Hide this for inner system use.* @since 8*/onResult: (result: number, extraInfo: RequestResult) => void;/*** During an authentication, the TipsCode is returned through the callback.* @param module Indicates the executor type for authentication.* @param acquire Indicates the tip code for different authentication executor.* @param extraInfo reserved parameter.* @systemapi Hide this for inner system use.* @since 8*/onAcquireInfo?: (module: number, acquire: number, extraInfo: any) => void;}

流程

如下圖：

①構建對象

//三個對象this.userIdentityManager = new osAccount.UserIdentityManager();this.pinAuth = new osAccount.PINAuth();this.userAuth = new osAccount.UserAuth();

②opensession

/*** Open Session* A challenge value of 0 indicates that opensession failed** @returns challenge value*/openSession(callback: (challenge: string) => void): void {LogUtil.debug(`${this.TAG}openSession in.`);try {this.userIdentityManager.openSession().then((data) =>{callback(this.u8AToStr(data));LogUtil.info(`${this.TAG} openSession success`);}).catch((err) => {LogUtil.error(`${this.TAG} openSession failed` + JSON.stringify(err));})} catch {LogUtil.error(`${this.TAG}openSession failed`);callback('0');}LogUtil.debug(`${this.TAG}openSession out.`);}

③註冊 inputer

/*** Register Inputer*/registerInputer(): boolean {LogUtil.debug(`${this.TAG}registerInputer in.`);let result = false;try {result = this.pinAuth.registerInputer({onGetData: (authSubType, inputData) => {let u8aPwd = this.encodeToU8A(this.password);LogUtil.info(`${this.TAG} before set data, type: ${this.pinSubType}.`);inputData.onSetData(this.pinSubType, u8aPwd);}});if(!result){this.unregisterInputer();result = this.pinAuth.registerInputer({onGetData: (authSubType, inputData) => {let u8aPwd = this.encodeToU8A(this.password);inputData.onSetData(this.pinSubType, u8aPwd);}});}} catch {LogUtil.error(`${this.TAG}registerInputer failed`);}LogUtil.info(`${this.TAG}registerInputer out.`);return result;}

④createPassword

/*** Get AuthInfo** @param authType Credential type.* @returns Returns all registered credential information of this type for the current user*/getPinAuthInfo(callback: (data: Array<{authType: number;authSubType: number;}>) => void): void {LogUtil.debug(`${this.TAG}getPinAuthInfo in.`);try {this.userIdentityManager.getAuthInfo(AuthType.PIN).then((data) => {LogUtil.info(`${this.TAG} get pin auth info data.`);let arrCredInfo = [];try {for(let i = 0; i < data.length; i++) {let credInfo = {'authType': data[i].authType,'authSubType': data[i].authSubType};if (credInfo.authType == AuthType.PIN) {this.pinSubType = credInfo.authSubType;}arrCredInfo.push(credInfo);}} catch(e) {LogUtil.info('faceDemo pin.getAuthInfo error = ' + e);}callback(arrCredInfo);LogUtil.info(`${this.TAG} getAuthInfo success.`);}).catch((err) => {LogUtil.error(`${this.TAG} getAuthInfo failed.` + JSON.stringify(err));})} catch (e) {LogUtil.error(`${this.TAG}getPinAuthInfo failed:` + e);}LogUtil.debug(`${this.TAG}getPinAuthInfo out.`);}

⑤getAuthInfo

⑥autPin

/*** Auth** @param challenge pass in challenge value. challenge是從openSession的回調得到* @param password password* @param onResult Return results through callback.*/authPin(challenge: string, password: string, onResult: (result: number, extraInfo: {token?: string;remainTimes?: number;freezingTime?: number;}) => void): void {LogUtil.debug(`${this.TAG}authPin in.`);this.password = password;try {LogUtil.info(`${this.TAG} before userAuth auth pin`);this.userAuth.auth(this.strToU8A(challenge), AuthType.PIN, AuthTrustLevel.ATL4, {onResult: (result, extraInfo) => {try{if (result === ResultCode.SUCCESS) {LogUtil.debug(`${this.TAG}userAuth.auth onResult: result = success`);} else {LogUtil.debug(`${this.TAG}userAuth.auth failed onResult: result =${result}`);}let info = {'token':this.u8AToStr(extraInfo?.token),'remainTimes': extraInfo.remainTimes,'freezingTime': extraInfo.freezingTime}onResult(result, info)}catch(e) {LogUtil.debug(`${this.TAG}userAuth.auth onResult error = ${JSON.stringify(e)}`);}},onAcquireInfo: (acquireModule, acquire, extraInfo) => {try{LogUtil.debug(this.TAG + 'faceDemo pin.auth onAcquireInfo acquireModule = ' + acquireModule);LogUtil.debug(this.TAG + 'faceDemo pin.auth onAcquireInfo acquire = ' + acquire);}catch(e) {LogUtil.error(this.TAG + 'faceDemo pin.auth onAcquireInfo error = ' + e);}}})} catch (e) {LogUtil.error(`${this.TAG}AuthPin failed:` + e);}LogUtil.debug(`${this.TAG}authPin out.`);}

概述

①主幹代碼：1014 日下載的。

②hilog -b D：打開 debug 輸出

③可能需要的權限：

ohos.permission.MANAGE_USER_IDM

ohos.permission.USE_USER_IDM

ohos.permission.MANAGE_LOCAL_ACCOUNTS

ohos.permission.ACCESS_USER_AUTH_INTERNAL

ohos.permission.ACCESS_PIN_AUTH

④運行 settings，日誌分析

//opensession11-29 14:56:32.473 2813-2813/com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#openSession in.11-29 14:56:32.474 2813-2813/com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#openSession out.//registerInputer(不是系統hap，沒有selinux權限，沒打包設置)com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#registerInputer in.com.ohos.mysettings I C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:40] startcom.ohos.mysettings I C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:70] startaccesstoken_ser I C02f01/AccessTokenManagerStub: [OnRemoteRequest]:OnRemoteRequest called, code: 65296accesstoken_ser I C02f01/PermissionManager: [VerifyAccessToken]:VerifyAccessToken called, tokenID: 537131032, permissionName: ohos.permission.MANAGE_USER_IDMaccesstoken_ser I C02f01/AccessTokenManagerService: [VerifyAccessToken]:tokenID: 537131032, permissionName: ohos.permission.MANAGE_USER_IDM, res 0samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 2, callerPid = 2813, flags= 0accountmgr I C02f01/AccessTokenManagerProxy: [VerifyAccessToken]:result from server data = 0samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 2, callerPid = 571, flags= 0samgr E C02f02/Selinux: avc:denied{ get } for service=941 pid=2813 scontext=u:r:system_core_hap:s0 tcontext=u:object_r:sa_useriam_pinauth_service:s0 tclass=samgr_class permissive=0samgr E C01800/SAMGR: CheckSystemAbilityInner selinux permission denied! SA : 941samgr I C01800/SAMGR: found service : 901.com.ohos.mysettings E C01510/BinderInvoker: 125: SendRequest: handle=0 result = 1com.ohos.mysettings E C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:81] get distributed gallery manager service failcom.ohos.mysettings E C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:47] get proxy failedcom.ohos.mysettings E C01b00/AccountIAM: [RegisterInputer:89]:Failed to register inputercom.ohos.mysettings E A00500/[Settings]: Settings PasswordModel#registerInputer failedcom.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#registerInputer out.//registerInputer(是系統hap，有分佈式權限)com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:40] startaccesstoken_ser I C02f01/PermissionManager: [VerifyAccessToken]:VerifyAccessToken called, tokenID: 537311758, permissionName: ohos.permission.MANAGE_USER_IDMcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:70] startaccesstoken_ser I C02f01/AccessTokenManagerService: [VerifyAccessToken]:tokenID: 537311758, permissionName: ohos.permission.MANAGE_USER_IDM, res 0samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 2, callerPid = 3279, flags= 0accountmgr I C02f01/AccessTokenManagerProxy: [VerifyAccessToken]:result from server data = 0samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 2, callerPid = 571, flags= 0samgr I C01800/SAMGR: found service : 941.samgr I C01800/SAMGR: found service : 901.com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_register.cpp:92] succeed to connect distributed gallery manager servicecom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_auth_proxy.cpp:30] startcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_auth_proxy.cpp:76] code = 1accountmgr I C02401/USER_IDM_SDK: [[email protected]_idm_proxy.cpp:351] code = 0pinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_stub.cpp:28] cmd = 1, flags = 0pinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_stub.cpp:47] startuseriam I C02421/USER_AUTH_SA: [[email protected]_idm_stub.cpp:32] cmd = 0, flags= 0useriam I C02421/USER_AUTH_SA: [[email protected]_idm_stub.cpp:66] enteruseriam I C02421/USER_AUTH_SA: [[email protected]_idm_service.cpp:61] startpinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_service.cpp:112] startpinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_service.cpp:104] startaccesstoken_ser I C02f01/AccessTokenManagerStub: [OnRemoteRequest]:OnRemoteRequest called, code: 65296accesstoken_ser I C02f01/PermissionManager: [VerifyAccessToken]:VerifyAccessToken called, tokenID: 537311758, permissionName: ohos.permission.MANAGE_USER_IDMaccesstoken_ser I C02f01/AccessTokenManagerService: [VerifyAccessToken]:tokenID: 537311758, permissionName: ohos.permission.MANAGE_USER_IDM, res 0useriam I C02f01/AccessTokenManagerProxy: [VerifyAccessToken]:result from server data = 0accesstoken_ser I C02f01/AccessTokenManagerStub: [OnRemoteRequest]:OnRemoteRequest called, code: 65296samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 12, callerPid = 924, flags= 0accesstoken_ser I C02f01/PermissionManager: [VerifyAccessToken]:VerifyAccessToken called, tokenID: 671961229, permissionName: ohos.permission.MANAGE_USER_IDMaccesstoken_ser I C02f01/AccessTokenManagerService: [VerifyAccessToken]:tokenID: 671961229, permissionName: ohos.permission.MANAGE_USER_IDM, res 0useriam I C02f01/AccessTokenManagerProxy: [VerifyAccessToken]:result from server data = 0samgr I C01800/SAMGR: found service : 3503.accesstoken_ser I C02f01/AccessTokenManagerStub: [OnRemoteRequest]:OnRemoteRequest called, code: 65316accesstoken_ser I C02f01/AccessTokenManagerService: [GetTokenType]:called, tokenID: 0x280ff12caccesstoken_ser I C02f01/AccessTokenManagerService: [GetNativeTokenInfo]:called, tokenID: 0x280d508duseriam I C02f01/AccessTokenManagerProxy: [GetNativeTokenInfo]:result from server data = 0samgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 12, callerPid = 483, flags= 0pinauth I C02f01/AccessTokenManagerProxy: [VerifyAccessToken]:result from server data = 0pinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_manager.cpp:29] start, tokenId = 537311758pinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_manager.cpp:47] endcom.ohos.settings I A00500/[Settings]: Settings PasswordModel#registerInputer out.//getAuthInfo (找不到)com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel# get pin auth info data.com.ohos.mysettings I A00500/[Settings]: Settings PasswordSettingController#getListData(false,) incom.ohos.mysettings I A00500/[Settings]: Settings PasswordSettingController#getListData(false,) out => undefinedcom.ohos.mysettings I A00500/[Settings]: Settings PasswordModel# getAuthInfo success.//getAuthInfo（找到）com.ohos.settings I A00500/[Settings]: Settings PasswordModel# get pin auth info data.com.ohos.settings I A00500/[Settings]: Settings h#getListData(true,) incom.ohos.settings I A00500/[Settings]: Settings h#getListData(true,) out => undefinedcom.ohos.settings I A00500/[Settings]: Settings PasswordModel# getAuthInfo success.//addCredential（添加口令失敗，因為不是系統hap所以沒有成功註冊inputer）com.ohos.mysettings I A00500/[Settings]: Settings PasswordInputController passwordOnChange in.com.ohos.mysettings I A00500/[Settings]: Settings PasswordInputController checkInputDigits in.com.ohos.mysettings I A00500/[Settings]: Settings Password Checker isNumber6 in.com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#addPinCredential in.com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel#addPinCredential out.com.ohos.mysettings I A00500/[Settings]: Settings PasswordInputController passwordOnChange out.useriam I C02f01/AccessTokenManagerProxy: [GetNativeTokenInfo]:result from server data = 0useriam I C02421/USER_AUTH_SA: [[email protected]_context.cpp:56] Context(type:Enroll, contextId:0xXXXX7702) startuseriam I C02421/USER_AUTH_SA: [[email protected]_context.cpp:43] Context(type:Enroll, contextId:0xXXXX7702) startsamgr I C01800/SAMGR: SystemAbilityManagerStub::OnReceived, code = 12, callerPid = 483, flags= 0samgr I C01800/SAMGR: found service : 5100.hdf_devmgr I C02500/devsvc_manager_stub: service user_auth_interface_service founduser_auth_host17 user_auth_host I C02421/USER_AUTH_HDI: [[email protected]_auth_interface_service.cpp:374] startuser_auth_host17 user_auth_host I C02421/USER_AUTH_HDI: [[email protected]_auth_interface_service.cpp:69] startuseriam I C02421/USER_AUTH_SA: [[email protected]_node_builder.cpp:114] scheduleNode builder start to builduseriam I C02421/USER_AUTH_SA: [[email protected]_state_machine_impl.cpp:51] fsm schedule new schedule event input:0useriam I C02421/USER_AUTH_SA: [[email protected]_context.cpp:51] Context(type:Enroll, contextId:0xXXXX7702) successuseriam I C02421/USER_AUTH_SA: [operator()@user_idm_stub.cpp:158] leaveuseriam I C02421/USER_AUTH_SA: [BeginEx[email protected]_node_impl.cpp:138] startuseriam I C02421/USER_AUTH_SA: [[email protected]_callback_proxy.cpp:195] code = 2pinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_executor_callback.cpp:64] ExecutorCallback(Id:1) start process cmd 0pinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_command_base.cpp:56] Command(type:ENROLL, id:3, scheduleId:0xXXXX246e) start processpinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]:105] Executor(Id:0x00010001) startpinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_command.cpp:42] Command(type:ENROLL, id:3, scheduleId:0xXXXX246e) send request startpin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:123] startpin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:290] startpin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:315] EVP_sha256 successpin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:326] result size is : [32]pin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:333] startpinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_executor_callback_hdi.cpp:48] Start tokenId_ is 537131032pinauth I C02441/PIN_AUTH_SA: [[email protected]_auth_manager.cpp:65] startpinauth E C02441/PIN_AUTH_SA: [[email protected]_auth_manager.cpp:71] pinAuthInputer is not foundpinauth E C02441/PIN_AUTH_SA: [[email protected]_auth_executor_callback_hdi.cpp:51] inputer is nullptrpinauth E C02500/executor_callback_stub: ExecutorCallbackStubOnGetData failed, error code is <private>pin_auth_host16 pin_auth_host E C01510/BinderInvoker: 125: SendRequest: handle=3 result = -1pin_auth_host16 pin_auth_host E C02500/executor_callback_proxy: OnGetData failed, error code is -1pin_auth_host16 pin_auth_host E C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:143] Enroll Pin failed, fail code : -1pin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:369] startpin_auth_host16 pin_auth_host I C02441/PIN_AUTH_IMPL: [[email protected]_impl.cpp:372] Delete scheduleId succpin_auth_host16 pin_auth_host E C02500/executor_stub: ExecutorStubEnroll failed, error code is <private>com.ohos.mysettings I C01c00/ImsaKit: line: 483, function: OnConfigurationChange,InputMethodController::OnConfigurationChangecom.ohos.mysettings W C03900/Ace: [render_text_field.cpp(UpdateAccessibilityAttr)-(0)] RenderTextField accessibilityNode is null.pinauth E C01510/BinderInvoker: 125: SendRequest: handle=2 result = -1pinauth E C02500/executor_proxy: Enroll failed, error code is -1pinauth E C02441/PIN_AUTH_SA: [[email protected]_auth_executor_hdi.cpp:317] covert hdi result code -1 to framework result code 1pinauth E C02441/PIN_AUTH_SA: [[email protected]_auth_executor_hdi.cpp:131] Enroll fail ret=1pinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_command.cpp:53] Command(type:ENROLL, id:3, scheduleId:0xXXXX246e) enroll result 1pinauth E C02421/USER_AUTH_EXECUTOR: [[email protected]_command_base.cpp:65] Command(type:ENROLL, id:3, scheduleId:0xXXXX246e) send request failedpinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_command_base.cpp:112] Command(type:ENROLL, id:3, scheduleId:0xXXXX246e) end processpinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]:113] Executor(Id:0x00010001) startpinauth I C02421/USER_AUTH_EXECUTOR: [[email protected]_executor_callback.cpp:80] command id = 0 ret = 1useriam E C02421/USER_AUTH_SA: [[email protected]_node_impl.cpp:281] start verify faileduseriam I C02421/USER_AUTH_SA: [[email protected]_state_machine_impl.cpp:84] fsm schedule schedule [state:0] + [event:0] -> [nextState:1]useriam I C02421/USER_AUTH_SA: [[email protected]_context.cpp:57] Context(type:Enroll, contextId:0xXXXX7702) receive result code 7useriam E C02421/USER_AUTH_SA: [[email protected]_context.cpp:88] (scheduleResultAttr != nullptr) check fail, returnuseriam E C02421/USER_AUTH_SA: [[email protected]_context.cpp:62] Context(type:Enroll, contextId:0xXXXX7702) UpdateScheduleResult failuseriam I C02421/USER_AUTH_SA: [[email protected]_idm_callback_proxy.cpp:29] startuseriam I C02421/USER_AUTH_SA: [[email protected]_idm_callback_proxy.cpp:87] startaccountmgr E C01b00/AccountMgrService: [OnResult:138]:failed to add credentialcom.ohos.mysettings I C03900/NAPI: [native_api.cpp(napi_call_function)] engine: 00F1D680, nativeRecv: CD18BAE0, nativeFunc: CD18BC18, nativeArgv: FF95C088com.ohos.mysettings I A00500/[Settings]: Settings PasswordModel# Add pin credential, result: 7com.ohos.mysettings I A00500/[Settings]: Settings PasswordInputController create password failed//addCredential（添加口令成功）com.ohos.settings I A00500/[Settings]: Settings PasswordInputController passwordOnChange in.com.ohos.settings I A00500/[Settings]: Settings PasswordInputController checkInputDigits in.com.ohos.settings I A00500/[Settings]: Settings Password Checker isNumber6 in.com.ohos.settings I A00500/[Settings]: Settings PasswordModel#addPinCredential in.com.ohos.settings I A00500/[Settings]: Settings PasswordModel#addPinCredential out.com.ohos.settings I A00500/[Settings]: Settings PasswordInputController passwordOnChange out.……進入服務層com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_get_data_stub.cpp:29] cmd = 1, flags = 0com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_get_data_service.cpp:34] start……進入app層回調com.ohos.settings D A00500/[Settings]: Settings PasswordModel#encodeToU8A in.com.ohos.settings D A00500/[Settings]: Settings PasswordModel#encodeToU8A out.com.ohos.settings I A00500/[Settings]: Settings PasswordModel# before set data, type: 10000.……進入服務層com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_data_impl.cpp:37] start and data size is 6com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]:36] startcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:27] startcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:51] code = 1com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:45] result = 0com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_get_data_stub.cpp:29] cmd = 1, flags = 0com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_get_data_service.cpp:34] starcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_data_impl.cpp:37] start and data size is 6com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]:36] startcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:27] startcom.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:51] code = 1com.ohos.settings I C02441/PIN_AUTH_SDK: [[email protected]_set_data_proxy.cpp:45] result = 0com.ohos.settings D C02421/USER_AUTH_SA: [[email protected]:157] emplace pair success, type is 100025com.ohos.settings I A00500/[Settings]: Settings PasswordModel# Add pin credential, result: 0com.ohos.settings I A00500/[Settings]: Settings PasswordInputController create password success