From d8a1919e77e4416efb9f8541c68738986e0a10d7 Mon Sep 17 00:00:00 2001 From: wangyinghao Date: Mon, 30 Jun 2025 15:53:12 +0800 Subject: [PATCH] Feat: Implement EnforceCodeSignForAppWithPluginId Signed-off-by: wangyinghao Change-Id: I696a465c8b14add25c1eee048942c2f57887242a --- README.md | 1 + README_zh.md | 1 + .../include/code_sign_enable_multi_task.h | 7 ++- .../include/code_sign_helper.h | 7 ++- .../code_sign_utils/include/code_sign_utils.h | 18 ++++++- .../src/code_sign_enable_multi_task.cpp | 38 ++++++++++++-- .../code_sign_utils/src/code_sign_helper.cpp | 10 ++-- .../code_sign_utils/src/code_sign_utils.cpp | 16 ++++-- interfaces/inner_api/common/include/errcode.h | 4 +- utils/include/cs_hisysevent.h | 7 +++ utils/include/signer_info.h | 6 +++ utils/src/signer_info.cpp | 50 +++++++++++++++---- 12 files changed, 134 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 6821953..9bd6616 100644 --- a/README.md +++ b/README.md @@ -43,6 +43,7 @@ The code signature component provides the following functions: | int32_t EnforceCodeSignForApp(const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs.| | int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | Enforces code signing for files.| | int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs with the owner ID.| +| int32_t EnforceCodeSignForAppWithPluginId(std::string ownerId, std::string pluginId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | Enforces code signing for HAPs with the owner ID and plugin ID. | | int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); | Parses the owner ID from the signature.| | int32_t EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer); | Trusts a developer certificate.| | int32_t RemoveKeyInProfile(const std::string &bundleName); | Revokes a trusted developer certificate.| diff --git a/README_zh.md b/README_zh.md index 526a399..31a7c48 100644 --- a/README_zh.md +++ b/README_zh.md @@ -46,6 +46,7 @@ | int32_t EnforceCodeSignForFile(const std::string &path, const ByteBuffer &signature); | 对文件使能代码签名 | | int32_t EnforceCodeSignForFile(const std::string &path); | 对二进制文件使能代码签名 | | int32_t EnforceCodeSignForAppWithOwnerId(std::string ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | 对hap使能代码签名和OwnerId校验 | +| int32_t EnforceCodeSignForAppWithPluginId(std::string ownerId, std::string pluginId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag); | 对hap使能代码签名、OwnerId和PluginId校验 | | int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); | 从签名中解析OwnerId | | int32_t EnableKeyInProfile(const std::string &bundleName, const ByteBuffer &profileBuffer); | 信任开发者证书 | | int32_t RemoveKeyInProfile(const std::string &bundleName); | 撤销已信任的开发者证书 | diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h b/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h index 46f504a..3cc8565 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_enable_multi_task.h @@ -44,11 +44,12 @@ public: /** * @brief Execute code signature addition task * @param ownerId app-identifier of the signature + * @param pluginId plugin-identifier of the signature * @param path hap real path on disk * @param func Callback enable function * @return err code, see err_code.h */ - int32_t ExecuteEnableCodeSignTask(const std::string &ownerId, + int32_t ExecuteEnableCodeSignTask(const std::string &ownerId, const std::string &pluginId, const std::string &path, CallbackFunc &func); /** * @brief Check whether file is verity enabled by fd @@ -60,9 +61,11 @@ private: static int32_t IsFsVerityEnabled(const std::string &path); void SortTaskData(); void ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, const std::string &ownerId, - const std::string &path, CallbackFunc &func); + const std::string &pluginId, const std::string &path, CallbackFunc &func); int32_t CheckOwnerId(const std::string &path, const std::string &ownerId, const uint8_t *sigPtr, uint32_t sigSize); + int32_t CheckPluginId(const std::string &path, const std::string &pluginId, + const uint8_t *sigPtr, uint32_t sigSize); private: std::mutex cvLock_; std::condition_variable taskfinish_; diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h b/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h index 1b5754d..3e29f71 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_helper.h @@ -36,15 +36,18 @@ public: /** * @brief multithreading code signing enable task * @param ownerId string to abtain owner ID from the signature file + * @param pluginId string to abtain plugin ID from the signature file * @param path hap real path on disk * @param CallbackFunc enforce code sign callback function address * @param flag attributes of libs * @return err code, see err_code.h */ - int32_t ProcessMultiTask(const std::string &ownerId, const std::string &path, CallbackFunc &func, uint32_t flag); + int32_t ProcessMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func, uint32_t flag); private: int32_t ProcessOneFile(uint32_t flag); - int32_t ExecuteMultiTask(const std::string &ownerId, const std::string &path, CallbackFunc &func); + int32_t ExecuteMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func); void ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg); private: CodeSignBlock codeSignBlock_; diff --git a/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h b/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h index afd9da0..17172c8 100644 --- a/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h +++ b/interfaces/inner_api/code_sign_utils/include/code_sign_utils.h @@ -69,7 +69,7 @@ public: FileType type, uint32_t flag = 0); /** - * @brief Enforce code signature for a hap with ownerID + * @brief Enforce code signature for a hap with owner ID * @param ownerId app-identifier of the signature * @param path hap real path on disk * @param entryPath map from entryname in hap to real path on disk @@ -80,6 +80,19 @@ public: int32_t EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag = 0); + /** + * @brief Enforce code signature for a hap with plugin ID + * @param ownerId app-identifier of the signature + * @param pluginId plugin-identifier of the signature + * @param path hap real path on disk + * @param entryPath map from entryname in hap to real path on disk + * @param type signature file type + * @param flag attributes of libs + * @return err code, see err_code.h + */ + int32_t EnforceCodeSignForAppWithPluginId(const std::string &ownerId, const std::string &pluginId, + const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag = 0); + /** * @brief Enforce code signature for file with signature * @param path file path @@ -158,7 +171,8 @@ public: static int32_t IsSupportFsVerity(const std::string &path); private: static int32_t EnableCodeSignForFile(const std::string &path, const struct code_sign_enable_arg &arg); - int32_t ProcessCodeSignBlock(const std::string &ownerId, const std::string &path, FileType type, uint32_t flag); + int32_t ProcessCodeSignBlock(const std::string &ownerId, const std::string &pluginId, + const std::string &path, FileType type, uint32_t flag); int32_t HandleCodeSignBlockFailure(const std::string &realPath, int32_t ret); private: EntryMap storedEntryMap_; diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp index 0166175..8457765 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_enable_multi_task.cpp @@ -84,7 +84,7 @@ int32_t CodeSignEnableMultiTask::IsFsVerityEnabled(const std::string &path) } int32_t CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(const std::string &ownerId, - const std::string &path, CallbackFunc &func) + const std::string &pluginId, const std::string &path, CallbackFunc &func) { SortTaskData(); @@ -93,7 +93,7 @@ int32_t CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(const std::string &ow for (uint32_t i = 0; i < enableData_.size(); i++) { LOG_DEBUG("index: %{public}d, name:%{public}s, %{public}lld", i, enableData_[i].first.c_str(), enableData_[i].second.data_size); - ExecuteEnableCodeSignTask(i, taskRet, ownerId, path, func); + ExecuteEnableCodeSignTask(i, taskRet, ownerId, pluginId, path, func); } std::unique_lock lock(cvLock_); @@ -127,9 +127,10 @@ void CodeSignEnableMultiTask::SortTaskData() } void CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(uint32_t &index, int32_t &taskRet, - const std::string &ownerId, const std::string &path, CallbackFunc &func) + const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func) { - auto enableCodeSignTask = [this, index, &ownerId, &path, &func, &taskRet]() { + auto enableCodeSignTask = [this, index, &ownerId, &pluginId, &path, &func, &taskRet]() { LOG_DEBUG("ExecuteEnableCodeSignTask task called"); { std::unique_lock lock(cvLock_); @@ -142,9 +143,13 @@ void CodeSignEnableMultiTask::ExecuteEnableCodeSignTask(uint32_t &index, int32_t } } - int32_t ret = CheckOwnerId(path, ownerId, + int32_t ownerRet = CheckOwnerId(path, ownerId, reinterpret_cast(this->enableData_[index].second.sig_ptr), this->enableData_[index].second.sig_size); + int32_t pluginRet = CheckPluginId(path, pluginId, + reinterpret_cast(this->enableData_[index].second.sig_ptr), + this->enableData_[index].second.sig_size); + int32_t ret = ownerRet != CS_SUCCESS ? ownerRet : pluginRet; if (ret == CS_SUCCESS) { ret = func(this->enableData_[index].first, this->enableData_[index].second); } @@ -184,6 +189,29 @@ int32_t CodeSignEnableMultiTask::CheckOwnerId(const std::string &path, const std } return ret; } + +int32_t CodeSignEnableMultiTask::CheckPluginId(const std::string &path, const std::string &pluginId, + const uint8_t *sigPtr, uint32_t sigSize) +{ + if (pluginId.empty()) { + return CS_SUCCESS; + } + + int32_t ret; + ByteBuffer sigBuffer; + sigBuffer.CopyFrom(sigPtr, sigSize); + std::string retId; + ret = SignerInfo::ParsePluginIdFromSignature(sigBuffer, retId); + if (ret != CS_SUCCESS) { + ReportInvalidPlugin(path, pluginId, "invalid"); + LOG_ERROR("get pluginId from signature failed, ret %{public}d", ret); + } else if (retId != pluginId) { + ret = CS_ERR_INVALID_PLUGIN_ID; + ReportInvalidPlugin(path, pluginId, retId); + LOG_ERROR("invalid pluginId retId %{public}s pluginId %{public}s", retId.c_str(), pluginId.c_str()); + } + return ret; +} } } } \ No newline at end of file diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp index 377259c..f5bc575 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_helper.cpp @@ -30,8 +30,8 @@ int32_t CodeSignHelper::ParseCodeSignBlock(const std::string &realPath, return codeSignBlock_.ParseCodeSignBlock(realPath, entryMap, fileType); } -int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &path, - CallbackFunc &func, uint32_t flag) +int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std::string &pluginId, + const std::string &path, CallbackFunc &func, uint32_t flag) { int32_t ret; do { @@ -42,7 +42,7 @@ int32_t CodeSignHelper::ProcessMultiTask(const std::string &ownerId, const std:: return ret; } } while (ret == CS_SUCCESS); - return ExecuteMultiTask(ownerId, path, func); + return ExecuteMultiTask(ownerId, pluginId, path, func); } int32_t CodeSignHelper::ProcessOneFile(uint32_t flag) @@ -67,10 +67,10 @@ int32_t CodeSignHelper::ProcessOneFile(uint32_t flag) return ret; } -int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId, +int32_t CodeSignHelper::ExecuteMultiTask(const std::string &ownerId, const std::string &pluginId, const std::string &path, CallbackFunc &func) { - return multiTask_.ExecuteEnableCodeSignTask(ownerId, path, func); + return multiTask_.ExecuteEnableCodeSignTask(ownerId, pluginId, path, func); } void CodeSignHelper::ShowCodeSignInfo(const std::string &path, const struct code_sign_enable_arg &arg) diff --git a/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp b/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp index 1f7cbf0..25cb1d4 100644 --- a/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp +++ b/interfaces/inner_api/code_sign_utils/src/code_sign_utils.cpp @@ -200,6 +200,12 @@ int32_t CodeSignUtils::EnforceCodeSignForFile(const std::string &path, const uin int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &ownerId, const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag) +{ + return EnforceCodeSignForAppWithPluginId(ownerId, "", path, entryPathMap, type, flag); +} + +int32_t CodeSignUtils::EnforceCodeSignForAppWithPluginId(const std::string &ownerId, const std::string &pluginId, + const std::string &path, const EntryMap &entryPathMap, FileType type, uint32_t flag) { LOG_INFO("Start to enforce codesign FileType:%{public}u, entryPathMap size:%{public}zu, path = %{public}s, " "flag = %{public}u", type, entryPathMap.size(), path.c_str(), flag); @@ -216,18 +222,18 @@ int32_t CodeSignUtils::EnforceCodeSignForAppWithOwnerId(const std::string &owner return CS_ERR_PARAM_INVALID; } std::lock_guard lock(storedEntryMapLock_); - int ret = ProcessCodeSignBlock(ownerId, path, type, flag); + int ret = ProcessCodeSignBlock(ownerId, pluginId, path, type, flag); if (ret != CS_SUCCESS) { // retry once to make sure stability - ret = ProcessCodeSignBlock(ownerId, path, type, flag); + ret = ProcessCodeSignBlock(ownerId, pluginId, path, type, flag); } storedEntryMap_.clear(); LOG_INFO("Enforcing done, ret = %{public}d", ret); return ret; } -int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const std::string &path, - FileType type, uint32_t flag) +int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const std::string &pluginId, + const std::string &path, FileType type, uint32_t flag) { std::string realPath; if (!OHOS::PathToRealPath(path, realPath)) { @@ -239,7 +245,7 @@ int32_t CodeSignUtils::ProcessCodeSignBlock(const std::string &ownerId, const st if (ret != CS_SUCCESS) { return HandleCodeSignBlockFailure(realPath, ret); } - ret = codeSignHelper.ProcessMultiTask(ownerId, path, EnableCodeSignForFile, flag); + ret = codeSignHelper.ProcessMultiTask(ownerId, pluginId, path, EnableCodeSignForFile, flag); return ret; } diff --git a/interfaces/inner_api/common/include/errcode.h b/interfaces/inner_api/common/include/errcode.h index 4f25050..9230af2 100644 --- a/interfaces/inner_api/common/include/errcode.h +++ b/interfaces/inner_api/common/include/errcode.h @@ -40,7 +40,8 @@ enum SignErrCode { CS_ERR_COMPUTE_DIGEST = -0x204, CS_ERR_NO_OWNER_ID = -0x205, CS_ERR_INIT_LOCAL_CERT = -0x206, - CS_ERR_VERIFY_CERT = -0x207 + CS_ERR_VERIFY_CERT = -0x207, + CS_ERR_NO_PLUGIN_ID = -0x208 }; enum OpenSSLErrCode { @@ -60,6 +61,7 @@ enum VerifyErrCode { CS_ERR_PROFILE = -0x305, CS_ERR_ENABLE_TIMEOUT = -0x306, CS_ERR_FSVREITY_NOT_ENABLED = -0x307, + CS_ERR_INVALID_PLUGIN_ID = -0x308, }; enum IPCErrCode { diff --git a/utils/include/cs_hisysevent.h b/utils/include/cs_hisysevent.h index b0e9485..7246244 100644 --- a/utils/include/cs_hisysevent.h +++ b/utils/include/cs_hisysevent.h @@ -54,6 +54,13 @@ inline void ReportInvalidOwner(const std::string &fileInfo, const std::string &o HiviewDFX::HiSysEvent::EventType::SECURITY, "FILE_INFO", fileInfo, "OWNER_ID", ownerID, "PARSED_OWNER_ID", parsedOwnerID); } +inline void ReportInvalidPlugin(const std::string &fileInfo, const std::string &pluginID, + const std::string &parsedPluginID) +{ + HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::CODE_SIGN, "CS_INVALID_PLUGIN", + HiviewDFX::HiSysEvent::EventType::SECURITY, + "FILE_INFO", fileInfo, "PLUGIN_ID", pluginID, "PARSED_PLUGIN_ID", parsedPluginID); +} } } } diff --git a/utils/include/signer_info.h b/utils/include/signer_info.h index 1a68900..f09f48f 100644 --- a/utils/include/signer_info.h +++ b/utils/include/signer_info.h @@ -32,8 +32,12 @@ public: static const std::string OWNERID_OID; static const std::string OWNERID_OID_SHORT_NAME; static const std::string OWNERID_OID_LONG_NAME; + static const std::string PLUGINID_OID; + static const std::string PLUGINID_OID_SHORT_NAME; + static const std::string PLUGINID_OID_LONG_NAME; static int ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID); + static int ParsePluginIdFromSignature(const ByteBuffer &sigbuffer, std::string &pluginID); bool InitSignerInfo(const std::string &ownerID, X509 *cert, const EVP_MD *md, const ByteBuffer &contentData, bool carrySigningTime = false); bool AddSignatureInSignerInfo(const ByteBuffer &signature); @@ -45,6 +49,8 @@ private: bool AddAttrsToSignerInfo(const std::string &ownerID, const ByteBuffer &contentData); bool ComputeDigest(const ByteBuffer &data, ByteBuffer &digest); int GetSignAlgorithmID(const X509 *cert); + int AddID(const std::string &id, int nid); + static int ParseIdFromSignature(const ByteBuffer &sigbuffer, std::string &id, int nid); PKCS7_SIGNER_INFO *p7info_ = nullptr; const EVP_MD *md_ = nullptr; diff --git a/utils/src/signer_info.cpp b/utils/src/signer_info.cpp index a79f704..e00a611 100644 --- a/utils/src/signer_info.cpp +++ b/utils/src/signer_info.cpp @@ -37,6 +37,9 @@ static constexpr int MAX_SIGNATURE_SIZE = 1024; // 1024: max signature length const std::string SignerInfo::OWNERID_OID = "1.3.6.1.4.1.2011.2.376.1.4.1"; const std::string SignerInfo::OWNERID_OID_SHORT_NAME = "ownerID"; const std::string SignerInfo::OWNERID_OID_LONG_NAME = "Code Signature Owner ID"; +const std::string SignerInfo::PLUGINID_OID = "1.3.6.1.4.1.2011.2.376.1.4.2"; +const std::string SignerInfo::PLUGINID_OID_SHORT_NAME = "pluginID"; +const std::string SignerInfo::PLUGINID_OID_LONG_NAME = "Code Signature Plugin ID"; bool SignerInfo::InitSignerInfo(const std::string &ownerID, X509 *cert, const EVP_MD *md, const ByteBuffer &contentData, bool carrySigningTime) @@ -225,14 +228,13 @@ PKCS7_SIGNER_INFO *SignerInfo::GetSignerInfo() return p7info_; } -int SignerInfo::AddOwnerID(const std::string &ownerID) +int SignerInfo::AddID(const std::string &id, int nid) { - int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); - ASN1_STRING *ownerIDAsn1 = ASN1_STRING_new(); - ASN1_STRING_set(ownerIDAsn1, ownerID.c_str(), ownerID.length()); - int ret = PKCS7_add_signed_attribute(p7info_, nid, V_ASN1_UTF8STRING, ownerIDAsn1); + ASN1_STRING *idAsn1 = ASN1_STRING_new(); + ASN1_STRING_set(idAsn1, id.c_str(), id.length()); + int ret = PKCS7_add_signed_attribute(p7info_, nid, V_ASN1_UTF8STRING, idAsn1); if (ret == 0) { - ASN1_STRING_free(ownerIDAsn1); + ASN1_STRING_free(idAsn1); ERR_LOG_WITH_OPEN_SSL_MSG("PKCS7_add_signed_attribute failed"); return CS_ERR_OPENSSL_PKCS7; } @@ -240,9 +242,8 @@ int SignerInfo::AddOwnerID(const std::string &ownerID) return CS_SUCCESS; } -int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID) +int SignerInfo::ParseIdFromSignature(const ByteBuffer &sigbuffer, std::string &id, int nid) { - int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); BIO *bio = BIO_new_mem_buf(sigbuffer.GetBuffer(), sigbuffer.GetSize()); if (bio == nullptr) { ERR_LOG_WITH_OPEN_SSL_MSG("BIO_new_mem_buf failed"); @@ -267,17 +268,48 @@ int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::stri ASN1_TYPE *asn1Type = PKCS7_get_signed_attribute(signerInfo, nid); if (asn1Type != nullptr && asn1Type->type == V_ASN1_UTF8STRING) { ASN1_STRING *result = asn1Type->value.asn1_string; - ownerID.assign(reinterpret_cast(ASN1_STRING_get0_data(result)), ASN1_STRING_length(result)); + id.assign(reinterpret_cast(ASN1_STRING_get0_data(result)), ASN1_STRING_length(result)); break; } } BIO_free(bio); PKCS7_free(p7); + return CS_SUCCESS; +} + +int SignerInfo::AddOwnerID(const std::string &ownerID) +{ + int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); + + return AddID(ownerID, nid); +} + +int SignerInfo::ParseOwnerIdFromSignature(const ByteBuffer &sigbuffer, std::string &ownerID) +{ + int nid = CreateNIDFromOID(OWNERID_OID, OWNERID_OID_SHORT_NAME, OWNERID_OID_LONG_NAME); + int err = ParseIdFromSignature(sigbuffer, ownerID, nid); + if (err != CS_SUCCESS) { + return err; + } if (ownerID.empty()) { return CS_ERR_NO_OWNER_ID; } return CS_SUCCESS; } + +int SignerInfo::ParsePluginIdFromSignature(const ByteBuffer &sigbuffer, std::string &pluginID) +{ + int nid = CreateNIDFromOID(PLUGINID_OID, PLUGINID_OID_SHORT_NAME, PLUGINID_OID_LONG_NAME); + int err = ParseIdFromSignature(sigbuffer, pluginID, nid); + if (err != CS_SUCCESS) { + return err; + } + if (pluginID.empty()) { + return CS_ERR_NO_PLUGIN_ID; + } + return CS_SUCCESS; +} + } } } -- Gitee