From 7b96792798836b48b95c705c02f15d133db4b262 Mon Sep 17 00:00:00 2001 From: huangjun Date: Wed, 13 Aug 2025 14:32:55 +0800 Subject: [PATCH 1/4] fix error message bug Signed-off-by: huangjun --- hapsigntool_cpp/profile/src/pkcs7_data.cpp | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) diff --git a/hapsigntool_cpp/profile/src/pkcs7_data.cpp b/hapsigntool_cpp/profile/src/pkcs7_data.cpp index 0628bd92..6a9a9e30 100644 --- a/hapsigntool_cpp/profile/src/pkcs7_data.cpp +++ b/hapsigntool_cpp/profile/src/pkcs7_data.cpp @@ -171,7 +171,7 @@ int PKCS7Data::Verify(const std::string& content) const } if (VerifyCertChain() < 0) { - PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "cert Chain verify failed"); + SIGNATURE_TOOLS_LOGE("Cert Chain verify failed."); PrintCertChainSub(m_p7->d.sign->cert); return VERIFY_ERROR; } @@ -329,11 +329,10 @@ int PKCS7Data::CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime, ASN1_TIME_set_string(tm, (reinterpret_cast(signTime->value.asn1_string->data))); if (ASN1_TIME_compare(notBefore, signTime->value.asn1_string) > 0 || ASN1_TIME_compare(notAfter, signTime->value.asn1_string) < 0) { - SIGNATURE_TOOLS_LOGE("sign time invalid, signTime: %s, notBefore: %s, " - "notAfter: %s", GetASN1Time(tm).c_str(), - GetASN1Time(notBefore).c_str(), GetASN1Time(notAfter).c_str()); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The certificate has expired! NotAfter:" + GetASN1Time(notAfter)); ASN1_TIME_free(tm); - return RET_FAILED; + return VERIFY_ERROR; } ASN1_TIME_free(tm); return RET_OK; @@ -469,7 +468,7 @@ int PKCS7Data::VerifySignerInfoCertChain(PKCS7* pkcs7, PKCS7_SIGNER_INFO* signer { X509* sigCert = PKCS7_cert_from_signer_info(pkcs7, signerInfo); if (sigCert == nullptr) { - SIGNATURE_TOOLS_LOGE("get sign cert from signInfo failed"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Get sign cert from signInfo failed"); return VERIFY_ERROR; } @@ -478,12 +477,12 @@ int PKCS7Data::VerifySignerInfoCertChain(PKCS7* pkcs7, PKCS7_SIGNER_INFO* signer std::vector certChain; certChain.emplace_back(X509_dup(sigCert)); if (!VerifyCertOpensslUtils::GetCertsChain(certChain, certVisitFlag)) { - SIGNATURE_TOOLS_LOGE("get cert chain for signInfo failed"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "Get cert chain for signInfo failed"); ClearCertChain(certChain); return VERIFY_ERROR; } if (certChain.size() < MIN_CERTS_NUM) { - SIGNATURE_TOOLS_LOGE("GetCertsChain less than two!"); + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "GetCertsChain less than two!"); ClearCertChain(certChain); return VERIFY_ERROR; } -- Gitee From 27c732b590537401b31e03fb8414f8e75084daae Mon Sep 17 00:00:00 2001 From: huangjun Date: Wed, 13 Aug 2025 14:41:48 +0800 Subject: [PATCH 2/4] fix error message bug Signed-off-by: huangjun --- hapsigntool_cpp/profile/src/pkcs7_data.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hapsigntool_cpp/profile/src/pkcs7_data.cpp b/hapsigntool_cpp/profile/src/pkcs7_data.cpp index 6a9a9e30..5da2a0c5 100644 --- a/hapsigntool_cpp/profile/src/pkcs7_data.cpp +++ b/hapsigntool_cpp/profile/src/pkcs7_data.cpp @@ -330,7 +330,7 @@ int PKCS7Data::CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime, if (ASN1_TIME_compare(notBefore, signTime->value.asn1_string) > 0 || ASN1_TIME_compare(notAfter, signTime->value.asn1_string) < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The certificate has expired! NotAfter:" + GetASN1Time(notAfter)); + "The certificate has expired! NotAfter: " + GetASN1Time(notAfter)); ASN1_TIME_free(tm); return VERIFY_ERROR; } -- Gitee From 1e4df05e7209b0896e0a33629ba39d8deb0efeac Mon Sep 17 00:00:00 2001 From: huangjun Date: Wed, 13 Aug 2025 18:08:53 +0800 Subject: [PATCH 3/4] fix error message bug Signed-off-by: huangjun --- hapsigntool_cpp/profile/src/pkcs7_data.cpp | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/hapsigntool_cpp/profile/src/pkcs7_data.cpp b/hapsigntool_cpp/profile/src/pkcs7_data.cpp index 5da2a0c5..0cd1e3b4 100644 --- a/hapsigntool_cpp/profile/src/pkcs7_data.cpp +++ b/hapsigntool_cpp/profile/src/pkcs7_data.cpp @@ -327,8 +327,14 @@ int PKCS7Data::CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime, } ASN1_TIME* tm = ASN1_TIME_new(); ASN1_TIME_set_string(tm, (reinterpret_cast(signTime->value.asn1_string->data))); - if (ASN1_TIME_compare(notBefore, signTime->value.asn1_string) > 0 || - ASN1_TIME_compare(notAfter, signTime->value.asn1_string) < 0) { + if (ASN1_TIME_compare(notBefore, signTime->value.asn1_string) > 0) { + PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, + "The system time of the device running sign tool is inaccurate! The signTime is " + GetASN1Time(signTime) + + " and earlier than notBefore which is " + GetASN1Time(notBefore)); + ASN1_TIME_free(tm); + return VERIFY_ERROR; + } + if (ASN1_TIME_compare(notAfter, signTime->value.asn1_string) < 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, "The certificate has expired! NotAfter: " + GetASN1Time(notAfter)); ASN1_TIME_free(tm); -- Gitee From 96dadce756329e033eee00a7f14ef82eacdaab96 Mon Sep 17 00:00:00 2001 From: huangjun Date: Wed, 13 Aug 2025 18:21:40 +0800 Subject: [PATCH 4/4] fix error message bug Signed-off-by: huangjun --- hapsigntool_cpp/profile/src/pkcs7_data.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hapsigntool_cpp/profile/src/pkcs7_data.cpp b/hapsigntool_cpp/profile/src/pkcs7_data.cpp index 0cd1e3b4..1f5e60bf 100644 --- a/hapsigntool_cpp/profile/src/pkcs7_data.cpp +++ b/hapsigntool_cpp/profile/src/pkcs7_data.cpp @@ -329,7 +329,7 @@ int PKCS7Data::CheckSignTimeInValidPeriod(const ASN1_TYPE* signTime, ASN1_TIME_set_string(tm, (reinterpret_cast(signTime->value.asn1_string->data))); if (ASN1_TIME_compare(notBefore, signTime->value.asn1_string) > 0) { PrintErrorNumberMsg("VERIFY_ERROR", VERIFY_ERROR, - "The system time of the device running sign tool is inaccurate! The signTime is " + GetASN1Time(signTime) + + "The system time of the device running sign tool is inaccurate! The signTime is " + GetASN1Time(tm) + " and earlier than notBefore which is " + GetASN1Time(notBefore)); ASN1_TIME_free(tm); return VERIFY_ERROR; -- Gitee