diff --git a/README.md b/README.md index 68219535a18b3c02e7c1779c0cc786f148e28bf1..9bd6616b8ff93fc9c23f0c83a8ef798d405f97cb 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ The code signature component provides the following functions: | int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs.| | int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | Enforces code signing for files.| | int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs with the owner ID.| +| int32_t EnforceCodeSignForAppWithPluginId(std::string ownerId, std::string pluginId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs with the owner ID and plugin ID. | | int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); | Parses the owner ID from the signature.| | int32_t EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer); | Trusts a developer certificate.| | int32_t RemoveKeyInProfile(const std::string &bundleName); | Revokes a trusted developer certificate.| diff --git a/README_zh.md b/README_zh.md index 526a39910c2aae81d0a9536dd15e7378eb026bf1..31a7c4874114527eb66fc865d324b520bf344b51 100644 --- a/README_zh.md +++ b/README_zh.md @@ -46,6 +46,7 @@ | int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | 对文件使能代码签名 | | int32_t EnforceCodeSignForFile(const std::string &path); | 对二进制文件使能代码签名 | | int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | 对hap使能代码签名和OwnerId校验 | +| int32_t EnforceCodeSignForAppWithPluginId(std::string ownerId, std::string pluginId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | 对hap使能代码签名、OwnerId和PluginId校验 | | int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); | 从签名中解析OwnerId | | int32_t EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer); | 信任开发者证书 | | int32_t RemoveKeyInProfile(const std::string &bundleName); | 撤销已信任的开发者证书 | diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h b/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h index 46f504a05051fefe01bb1d8c64281431d8704777..3cc85658e35ae17b5a34d2e3de812c6929909c6c 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h @@ -44,11 +44,12 @@ public: /** * @brief Execute code signature addition task * @param ownerId app-identifier of the signature + * @param pluginId plugin-identifier of the signature * @param path hap real path on disk * @param func Callback enable function * @return err code, see err_code.h */ - int32_t ExecuteEnableCodeSignTask(const std::string &ownerId, + int32_t ExecuteEnableCodeSignTask(const std::string &ownerId, const std::string &pluginId, const std::string &path, CallbackFunc &func); /** * @brief Check whether file is verity enabled by fd @@ -60,9 +61,11 @@ private: static int32_t IsFsVerityEnabled(const std::string &path); void SortTaskData(); void ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, const std::string &ownerId, - const std::string &path, CallbackFunc &func); + const std::string &pluginId, const std::string &path, CallbackFunc &func); int32_t CheckOwnerId(const std::string &path, const std::string &ownerId, const uint8_t *sigPtr, uint32_t sigSize); + int32_t CheckPluginId(const std::string &path, const std::string &pluginId, + const uint8_t *sigPtr, uint32_t sigSize); private: std::mutex cvLock_; std::condition_variable taskfinish_; diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h b/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h index 1b5754dac6e427b75ed25e0a00cd52d8c019e179..3e29f7133698acebf73185c53f838cea64efd51c 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h @@ -36,15 +36,18 @@ public: /** * @brief multithreading code signing enable task * @param ownerId string to abtain owner ID from the signature file + * @param pluginId string to abtain plugin ID from the signature file * @param path hap real path on disk * @param CallbackFunc enforce code sign callback function address * @param flag attributes of libs * @return err code, see err_code.h */ - int32_t ProcessMultiTask(const std::string &ownerId, const std::string &path, CallbackFunc &func, uint32_t flag); + int32_t ProcessMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func, uint32_t flag); private: int32_t ProcessOneFile(uint32_t flag); - int32_t ExecuteMultiTask(const std::string &ownerId, const std::string &path, CallbackFunc &func); + int32_t ExecuteMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func); void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg); private: CodeSignBlock codeSignBlock_; diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h b/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h index afd9da05cbd9f4150000942d5000d36b27ae6307..17172c81f75d4ef0c8ddbc78e616143f41e6e82b 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h @@ -69,7 +69,7 @@ public: FileType type, uint32_t flag = 0); /** - * @brief Enforce code signature for a hap with ownerID + * @brief Enforce code signature for a hap with owner ID * @param ownerId app-identifier of the signature * @param path hap real path on disk * @param entryPath map from entryname in hap to real path on disk @@ -80,6 +80,19 @@ public: int32_t EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag = 0); + /** + * @brief Enforce code signature for a hap with plugin ID + * @param ownerId app-identifier of the signature + * @param pluginId plugin-identifier of the signature + * @param path hap real path on disk + * @param entryPath map from entryname in hap to real path on disk + * @param type signature file type + * @param flag attributes of libs + * @return err code, see err_code.h + */ + int32_t EnforceCodeSignForAppWithPluginId(const std::string &ownerId, const std::string &pluginId, + const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag = 0); + /** * @brief Enforce code signature for file with signature * @param path file path @@ -158,7 +171,8 @@ public: static int32_t IsSupportFsVerity(const std::string &path); private: static int32_t EnableCodeSignForFile(const std::string &path, const struct code_sign_enable_arg &arg); - int32_t ProcessCodeSignBlock(const std::string &ownerId, const std::string &path, FileType type, uint32_t flag); + int32_t ProcessCodeSignBlock(const std::string &ownerId, const std::string &pluginId, + const std::string &path, FileType type, uint32_t flag); int32_t HandleCodeSignBlockFailure(const std::string &realPath, int32_t ret); private: EntryMap storedEntryMap_; diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp index 01661753a30751ebaa891c82cef8f367681da613..84577654cefc590bdd1c14a1895f4dc28f840532 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp @@ -84,7 +84,7 @@ int32_t CodeSignEnableMultiTask::IsFsVerityEnabled(const std::string &path) } int32_t CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(const std::string &ownerId, - const std::string &path, CallbackFunc &func) + const std::string &pluginId, const std::string &path, CallbackFunc &func) { SortTaskData(); @@ -93,7 +93,7 @@ int32_t CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(const std::string &ow for (uint32_t i = 0; i < enableData_.size(); i++) { LOG_DEBUG("index: %{public}d, name:%{public}s, %{public}lld", i, enableData_[i].first.c_str(), enableData_[i].second.data_size); - ExecuteEnableCodeSignTask(i, taskRet, ownerId, path, func); + ExecuteEnableCodeSignTask(i, taskRet, ownerId, pluginId, path, func); } std::unique_lock lock(cvLock_); @@ -127,9 +127,10 @@ void CodeSignEnableMultiTask::SortTaskData() } void CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, - const std::string &ownerId, const std::string &path, CallbackFunc &func) + const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func) { - auto enableCodeSignTask = [this, index, &ownerId, &path, &func, &taskRet]() { + auto enableCodeSignTask = [this, index, &ownerId, &pluginId, &path, &func, &taskRet]() { LOG_DEBUG("ExecuteEnableCodeSignTask task called"); { std::unique_lock lock(cvLock_); @@ -142,9 +143,13 @@ void CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(uint32_t &index, int32_t } } - int32_t ret = CheckOwnerId(path, ownerId, + int32_t ownerRet = CheckOwnerId(path, ownerId, reinterpret_cast(this->enableData_[index].second.sig_ptr), this->enableData_[index].second.sig_size); + int32_t pluginRet = CheckPluginId(path, pluginId, + reinterpret_cast(this->enableData_[index].second.sig_ptr), + this->enableData_[index].second.sig_size); + int32_t ret = ownerRet != CS_SUCCESS ? ownerRet : pluginRet; if (ret == CS_SUCCESS) { ret = func(this->enableData_[index].first, this->enableData_[index].second); } @@ -184,6 +189,29 @@ int32_t CodeSignEnableMultiTask::CheckOwnerId(const std::string &path, const std } return ret; } + +int32_t CodeSignEnableMultiTask::CheckPluginId(const std::string &path, const std::string &pluginId, + const uint8_t *sigPtr, uint32_t sigSize) +{ + if (pluginId.empty()) { + return CS_SUCCESS; + } + + int32_t ret; + ByteBuffer sigBuffer; + sigBuffer.CopyFrom(sigPtr, sigSize); + std::string retId; + ret = SignerInfo::ParsePluginIdFromSignature(sigBuffer, retId); + if (ret != CS_SUCCESS) { + ReportInvalidPlugin(path, pluginId, "invalid"); + LOG_ERROR("get pluginId from signature failed, ret %{public}d", ret); + } else if (retId != pluginId) { + ret = CS_ERR_INVALID_PLUGIN_ID; + ReportInvalidPlugin(path, pluginId, retId); + LOG_ERROR("invalid pluginId retId %{public}s pluginId %{public}s", retId.c_str(), pluginId.c_str()); + } + return ret; +} } } } \ No newline at end of file diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp index 377259c563028da89ddb2b6e70bf8b4195ebc0a4..f5bc575ed7ef174bf44c240ae5604547aec4ba08 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp @@ -30,8 +30,8 @@ int32_t CodeSignHelper::ParseCodeSignBlock(const std::string &realPath, return codeSignBlock_.ParseCodeSignBlock(realPath, entryMap, fileType); } -int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &path, - CallbackFunc &func, uint32_t flag) +int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func, uint32_t flag) { int32_t ret; do { @@ -42,7 +42,7 @@ int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std:: return ret; } } while (ret == CS_SUCCESS); - return ExecuteMultiTask(ownerId, path, func); + return ExecuteMultiTask(ownerId, pluginId, path, func); } int32_t CodeSignHelper::ProcessOneFile(uint32_t flag) @@ -67,10 +67,10 @@ int32_t CodeSignHelper::ProcessOneFile(uint32_t flag) return ret; } -int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId, +int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId, const std::string &pluginId, const std::string &path, CallbackFunc &func) { - return multiTask_.ExecuteEnableCodeSignTask(ownerId, path, func); + return multiTask_.ExecuteEnableCodeSignTask(ownerId, pluginId, path, func); } void CodeSignHelper::ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg) diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp index 1f7cbf042a8f7f25ac8c83397bcb8ecec6d77e71..25cb1d484b6f749b7d19b2dd15c5b338ffd08fbc 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp @@ -200,6 +200,12 @@ int32_t CodeSignUtils::EnforceCodeSignForFile(const std::string &path, const uin int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag) +{ + return EnforceCodeSignForAppWithPluginId(ownerId, "", path, entryPathMap, type, flag); +} + +int32_t CodeSignUtils::EnforceCodeSignForAppWithPluginId(const std::string &ownerId, const std::string &pluginId, + const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag) { LOG_INFO("Start to enforce codesign FileType:%{public}u, entryPathMap size:%{public}zu, path = %{public}s, " "flag = %{public}u", type, entryPathMap.size(), path.c_str(), flag); @@ -216,18 +222,18 @@ int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &owner return CS_ERR_PARAM_INVALID; } std::lock_guard lock(storedEntryMapLock_); - int ret = ProcessCodeSignBlock(ownerId, path, type, flag); + int ret = ProcessCodeSignBlock(ownerId, pluginId, path, type, flag); if (ret != CS_SUCCESS) { // retry once to make sure stability - ret = ProcessCodeSignBlock(ownerId, path, type, flag); + ret = ProcessCodeSignBlock(ownerId, pluginId, path, type, flag); } storedEntryMap_.clear(); LOG_INFO("Enforcing done, ret = %{public}d", ret); return ret; } -int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const std::string &path, - FileType type, uint32_t flag) +int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const std::string &pluginId, + const std::string &path, FileType type, uint32_t flag) { std::string realPath; if (!OHOS::PathToRealPath(path, realPath)) { @@ -239,7 +245,7 @@ int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const st if (ret != CS_SUCCESS) { return HandleCodeSignBlockFailure(realPath, ret); } - ret = codeSignHelper.ProcessMultiTask(ownerId, path, EnableCodeSignForFile, flag); + ret = codeSignHelper.ProcessMultiTask(ownerId, pluginId, path, EnableCodeSignForFile, flag); return ret; } diff --git a/interfaces/inner_api/common/include/errcode.h b/interfaces/inner_api/common/include/errcode.h index 4f25050053c00227565fad67720dc862f2fc5256..9230af255de27321c8fde28a594694e36f98daa4 100644 --- a/interfaces/inner_api/common/include/errcode.h +++ b/interfaces/inner_api/common/include/errcode.h @@ -40,7 +40,8 @@ enum SignErrCode { CS_ERR_COMPUTE_DIGEST = -0x204, CS_ERR_NO_OWNER_ID = -0x205, CS_ERR_INIT_LOCAL_CERT = -0x206, - CS_ERR_VERIFY_CERT = -0x207 + CS_ERR_VERIFY_CERT = -0x207, + CS_ERR_NO_PLUGIN_ID = -0x208 }; enum OpenSSLErrCode { @@ -60,6 +61,7 @@ enum VerifyErrCode { CS_ERR_PROFILE = -0x305, CS_ERR_ENABLE_TIMEOUT = -0x306, CS_ERR_FSVREITY_NOT_ENABLED = -0x307, + CS_ERR_INVALID_PLUGIN_ID = -0x308, }; enum IPCErrCode { diff --git a/utils/include/cs_hisysevent.h b/utils/include/cs_hisysevent.h index b0e948587afffdbc66e110d22603888b3b069794..7246244e579243f15c7002e5e9c77ac9a48d6431 100644 --- a/utils/include/cs_hisysevent.h +++ b/utils/include/cs_hisysevent.h @@ -54,6 +54,13 @@ inline void ReportInvalidOwner(const std::string &fileInfo, const std::string &o HiviewDFX::HiSysEvent::EventType::SECURITY, "FILE_INFO", fileInfo, "OWNER_ID", ownerID, "PARSED_OWNER_ID", parsedOwnerID); } +inline void ReportInvalidPlugin(const std::string &fileInfo, const std::string &pluginID, + const std::string &parsedPluginID) +{ + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::CODE_SIGN, "CS_INVALID_PLUGIN", + HiviewDFX::HiSysEvent::EventType::SECURITY, + "FILE_INFO", fileInfo, "PLUGIN_ID", pluginID, "PARSED_PLUGIN_ID", parsedPluginID); +} } } } diff --git a/utils/include/signer_info.h b/utils/include/signer_info.h index 1a689002b976417b5f95b2f4670c846e5da6e26a..f09f48f6a28a42c6e34a6fba32943d98a7517c61 100644 --- a/utils/include/signer_info.h +++ b/utils/include/signer_info.h @@ -32,8 +32,12 @@ public: static const std::string OWNERID_OID; static const std::string OWNERID_OID_SHORT_NAME; static const std::string OWNERID_OID_LONG_NAME; + static const std::string PLUGINID_OID; + static const std::string PLUGINID_OID_SHORT_NAME; + static const std::string PLUGINID_OID_LONG_NAME; static int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); + static int ParsePluginIdFromSignature(const ByteBuffer &sigbuffer, std::string &pluginID); bool InitSignerInfo(const std::string &ownerID, X509 *cert, const EVP_MD *md, const ByteBuffer &contentData, bool carrySigningTime = false); bool AddSignatureInSignerInfo(const ByteBuffer &signature); @@ -45,6 +49,8 @@ private: bool AddAttrsToSignerInfo(const std::string &ownerID, const ByteBuffer &contentData); bool ComputeDigest(const ByteBuffer &data, ByteBuffer &digest); int GetSignAlgorithmID(const X509 *cert); + int AddID(const std::string &id, int nid); + static int ParseIdFromSignature(const ByteBuffer &sigbuffer, std::string &id, int nid); PKCS7_SIGNER_INFO *p7info_ = nullptr; const EVP_MD *md_ = nullptr; diff --git a/utils/src/signer_info.cpp b/utils/src/signer_info.cpp index a79f70406daa4e9188b4717a955589884feb90cc..e00a611871a08620d9724547b49e098960f8d491 100644 --- a/utils/src/signer_info.cpp +++ b/utils/src/signer_info.cpp @@ -37,6 +37,9 @@ static constexpr int MAX_SIGNATURE_SIZE = 1024; // 1024: max signature length const std::string SignerInfo::OWNERID_OID = "1.3.6.1.4.1.2011.2.376.1.4.1"; const std::string SignerInfo::OWNERID_OID_SHORT_NAME = "ownerID"; const std::string SignerInfo::OWNERID_OID_LONG_NAME = "Code Signature Owner ID"; +const std::string SignerInfo::PLUGINID_OID = "1.3.6.1.4.1.2011.2.376.1.4.2"; +const std::string SignerInfo::PLUGINID_OID_SHORT_NAME = "pluginID"; +const std::string SignerInfo::PLUGINID_OID_LONG_NAME = "Code Signature Plugin ID"; bool SignerInfo::InitSignerInfo(const std::string &ownerID, X509 *cert, const EVP_MD *md, const ByteBuffer &contentData, bool carrySigningTime) @@ -225,14 +228,13 @@ PKCS7_SIGNER_INFO *SignerInfo::GetSignerInfo() return p7info_; } -int SignerInfo::AddOwnerID(const std::string &ownerID) +int SignerInfo::AddID(const std::string &id, int nid) { - int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); - ASN1_STRING *ownerIDAsn1 = ASN1_STRING_new(); - ASN1_STRING_set(ownerIDAsn1, ownerID.c_str(), ownerID.length()); - int ret = PKCS7_add_signed_attribute(p7info_, nid, V_ASN1_UTF8STRING, ownerIDAsn1); + ASN1_STRING *idAsn1 = ASN1_STRING_new(); + ASN1_STRING_set(idAsn1, id.c_str(), id.length()); + int ret = PKCS7_add_signed_attribute(p7info_, nid, V_ASN1_UTF8STRING, idAsn1); if (ret == 0) { - ASN1_STRING_free(ownerIDAsn1); + ASN1_STRING_free(idAsn1); ERR_LOG_WITH_OPEN_SSL_MSG("PKCS7_add_signed_attribute failed"); return CS_ERR_OPENSSL_PKCS7; } @@ -240,9 +242,8 @@ int SignerInfo::AddOwnerID(const std::string &ownerID) return CS_SUCCESS; } -int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID) +int SignerInfo::ParseIdFromSignature(const ByteBuffer &sigbuffer, std::string &id, int nid) { - int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); BIO *bio = BIO_new_mem_buf(sigbuffer.GetBuffer(), sigbuffer.GetSize()); if (bio == nullptr) { ERR_LOG_WITH_OPEN_SSL_MSG("BIO_new_mem_buf failed"); @@ -267,17 +268,48 @@ int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::stri ASN1_TYPE *asn1Type = PKCS7_get_signed_attribute(signerInfo, nid); if (asn1Type != nullptr && asn1Type->type == V_ASN1_UTF8STRING) { ASN1_STRING *result = asn1Type->value.asn1_string; - ownerID.assign(reinterpret_cast(ASN1_STRING_get0_data(result)), ASN1_STRING_length(result)); + id.assign(reinterpret_cast(ASN1_STRING_get0_data(result)), ASN1_STRING_length(result)); break; } } BIO_free(bio); PKCS7_free(p7); + return CS_SUCCESS; +} + +int SignerInfo::AddOwnerID(const std::string &ownerID) +{ + int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); + + return AddID(ownerID, nid); +} + +int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID) +{ + int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); + int err = ParseIdFromSignature(sigbuffer, ownerID, nid); + if (err != CS_SUCCESS) { + return err; + } if (ownerID.empty()) { return CS_ERR_NO_OWNER_ID; } return CS_SUCCESS; } + +int SignerInfo::ParsePluginIdFromSignature(const ByteBuffer &sigbuffer, std::string &pluginID) +{ + int nid = CreateNIDFromOID(PLUGINID_OID, PLUGINID_OID_SHORT_NAME, PLUGINID_OID_LONG_NAME); + int err = ParseIdFromSignature(sigbuffer, pluginID, nid); + if (err != CS_SUCCESS) { + return err; + } + if (pluginID.empty()) { + return CS_ERR_NO_PLUGIN_ID; + } + return CS_SUCCESS; +} + } } }