diff --git a/interfaces/innerkits/appverify/include/provision/provision_info.h b/interfaces/innerkits/appverify/include/provision/provision_info.h index 92dc7eb908a6d328f49060ff8e00e701286b582c..a11b1b7cb38407de20f030add68d69b78134328a 100644 --- a/interfaces/innerkits/appverify/include/provision/provision_info.h +++ b/interfaces/innerkits/appverify/include/provision/provision_info.h @@ -98,6 +98,7 @@ struct ProvisionInfo { int32_t profileBlockLength = 0; std::unique_ptr profileBlock; std::string appServiceCapabilities; + std::string organization; }; } // namespace Verify } // namespace Security diff --git a/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h b/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h index 7b86e08095747fb244bc7b07b6f0b8f14abeaeb7..fd703346b4e62847dfa819b3671da4406a3a25a3 100644 --- a/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h +++ b/interfaces/innerkits/appverify/include/util/hap_cert_verify_openssl_utils.h @@ -49,6 +49,7 @@ public: DLL_EXPORT static bool X509NameCompare(const X509_NAME* a, const X509_NAME* b); DLL_EXPORT static bool GetPublickeyBase64(const X509* cert, std::string& publicKey); DLL_EXPORT static int32_t CalculateLenAfterBase64Encode(int32_t len); + DLL_EXPORT static bool GetOrganizationFromPemCert(const std::string& certStr, std::string& organization); private: DLL_EXPORT static X509* FindCertOfIssuer(X509* cert, CertSign& certVisitSign); diff --git a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h index 0b51c39a9389226fc8cd1e4b02a7c8f47189bef5..f5983b6d8fea4696d40d60353877a5a3836889b3 100644 --- a/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h +++ b/interfaces/innerkits/appverify/include/verify/hap_verify_v2.h @@ -55,6 +55,7 @@ private: bool VerifyProfileSignature(const Pkcs7Context& pkcs7Context, Pkcs7Context& profileContext); void SetProfileBlockData(const Pkcs7Context& pkcs7Context, const HapByteBuffer& hapProfileBlock, ProvisionInfo& provisionInfo); + void SetOrganization(ProvisionInfo& provisionInfo); private: static const int32_t HEX_PRINT_LENGTH; diff --git a/interfaces/innerkits/appverify/src/provision/provision_info.cpp b/interfaces/innerkits/appverify/src/provision/provision_info.cpp index 30198c46563bc1d6e6abc089a99015812c1585c2..739d563adf66e82aae9a758c562d943572463e6c 100644 --- a/interfaces/innerkits/appverify/src/provision/provision_info.cpp +++ b/interfaces/innerkits/appverify/src/provision/provision_info.cpp @@ -71,6 +71,7 @@ ProvisionInfo &ProvisionInfo::operator=(const ProvisionInfo &info) } } this->appServiceCapabilities = info.appServiceCapabilities; + this->organization = info.organization; return *this; } } // namespace Verify diff --git a/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp b/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp index 4600aebb79cad7acab142d3786e5187edad6691c..18649be5d1082836b70672f51387177bf63d135d 100644 --- a/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp +++ b/interfaces/innerkits/appverify/src/util/hap_cert_verify_openssl_utils.cpp @@ -167,6 +167,20 @@ bool HapCertVerifyOpensslUtils::GetPublickeyBase64(const X509* cert, std::string return true; } +bool HapCertVerifyOpensslUtils::GetOrganizationFromPemCert(const std::string& certStr, std::string& organization) +{ + HAPVERIFY_LOG_DEBUG(LABEL, "GetFingerprintBase64FromPemCert begin"); + X509* cert = GetX509CertFromPemString(certStr); + if (cert == nullptr) { + HAPVERIFY_LOG_ERROR(LABEL, "GetX509CertFromPemString failed"); + return false; + } + X509_NAME* name = X509_get_subject_name(cert); + GetTextFromX509Name(name, NID_organizationName, organization); + X509_free(cert); + return true; +} + /* * The length after Base64 encoding is 4/3 of the length before encoding, * and openssl function will add '\0' to the encoded string. diff --git a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp index ae2af2e6a7f5b4cb93c664df1dd55be75fdd08ef..2eb778986fc5383ccb3c6befb0e6bfa230d3fda3 100644 --- a/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp +++ b/interfaces/innerkits/appverify/src/verify/hap_verify_v2.cpp @@ -201,7 +201,7 @@ bool HapVerifyV2::VerifyAppSourceAndParseProfile(Pkcs7Context& pkcs7Context, HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed"); return false; } - + SetOrganization(provisionInfo); SetProfileBlockData(pkcs7Context, hapProfileBlock, provisionInfo); hapVerifyV1Result.SetProvisionInfo(provisionInfo); @@ -451,6 +451,7 @@ int32_t HapVerifyV2::ParseHapProfile(const std::string& filePath, HapVerifyResul HAPVERIFY_LOG_ERROR(LABEL, "Generate appId or generate fingerprint failed"); return PROFILE_PARSE_FAIL; } + SetOrganization(info); hapVerifyV1Result.SetProvisionInfo(info); return VERIFY_SUCCESS; } @@ -474,6 +475,20 @@ int32_t HapVerifyV2::ParseHapSignatureInfo(const std::string& filePath, Signatur return VERIFY_SUCCESS; } +void HapVerifyV2::SetOrganization(ProvisionInfo& provisionInfo) +{ + std::string& certInProfile = provisionInfo.bundleInfo.distributionCertificate; + if (provisionInfo.bundleInfo.distributionCertificate.empty()) { + HAPVERIFY_LOG_ERROR(LABEL, "distributionCertificate is empty"); + return; + } + std::string organization; + if (!HapCertVerifyOpensslUtils::GetOrganizationFromPemCert(certInProfile, organization)) { + HAPVERIFY_LOG_ERROR(LABEL, "Generate organization from pem certificate failed"); + return; + } + provisionInfo.organization = organization; +} } // namespace Verify } // namespace Security } // namespace OHOS