Add 2 fields to code signature

[Trinity2019]

Summary

Add following fields to code_signature:

code_signature.team_id
code_signature.signing_id

Motivation:

performance enhancement: Collecting the team id and signing id can be done very fast whereas the signer name can be slow so there are cases where a data shipper may not want to report the signer name and just report the team id and signing id.

Need to point out team id and signing id are *OS(including macOS) specific and important for *OS. Combined together they are enough for *OS to identify/verify the origin and authenticity of a software vendor's code. Apple takes care of the uniqueness of team id and also checks the reputation of the team/company. Signing id is also important for *OS to identify applications from a software vendor.

Other big venders uses team id and signing id(a.k.a. bundle id) for profiling/whitelisting/etc. purpose:
https://docs.microsoft.com/en-us/mem/intune/configuration/kernel-extensions-settings-macos
https://derflounder.wordpress.com/2018/04/12/whitelisting-third-party-kernel-extensions-using-profiles/
https://www.jamf.com/jamf-nation/discussions/28183/configure-apple-team-id-in-mdm-profile

Detailed Design:

• example team_id:
  EQHXZ8M8AV // which is a team id for Google
  UBF8T346G9 // which is a team id for Microsoft
  suggested datatype for team id will be string
• example signing_id:
  com.apple.xpc.launchd // which is the signing id for /sbin/launchd
com.apple.xpc.proxy // which is the signing id for /usr/libexec/xpcproxy
  suggested datatype for signing id is string

[ebeahan]

Thanks for the detailed write-up, @Trinity2019! Would you be willing to open a PR for these changes?

I'm not familiar with code signing between different OSs, so the answer to the following may be a simple "no". 😅

Are there similar values/IDs provided by different OSs that would ever be relevant values for these fields, in addition to macOS/OSX?

[Trinity2019]

Hi @ebeahan thanks for quick response!
I just did some research and found the similar thing on Windows. On a Windows 10, open "Windows Powershell" as administrator. Type in following command:
get-appxpackage
It'll show the information of store apps on that Windows. Here's some examples:

Name              : Microsoft.ZuneMusic
Publisher         : CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
Architecture      : X64
ResourceId        : 
Version           : 10.20122.11121.0
PackageFullName   : Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe
InstallLocation   : C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20122.11121.0_x64__8wekyb3d8bbwe
IsFramework       : False
PackageFamilyName : Microsoft.ZuneMusic_8wekyb3d8bbwe
PublisherId       : 8wekyb3d8bbwe

Name              : DellInc.DellUpdate
Publisher         : CN=F005DA31-7CE1-4D3E-ABEE-08A4AFF4F592
Architecture      : X86
ResourceId        : 
Version           : 4.1.15.0
PackageFullName   : DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2
InstallLocation   : C:\Program Files\WindowsApps\DellInc.DellUpdate_4.1.15.0_x86__htrsf667h5kn2
IsFramework       : False
PackageFamilyName : DellInc.DellUpdate_htrsf667h5kn2
PublisherId       : htrsf667h5kn2

Name              : NVIDIACorp.NVIDIAControlPanel
Publisher         : CN=D6816951-877F-493B-B4EE-41AB9419C326
Architecture      : X64
ResourceId        : 
Version           : 8.1.960.0
PackageFullName   : NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj
InstallLocation   : C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.960.0_x64__56jybvy8sckqj
IsFramework       : False
PackageFamilyName : NVIDIACorp.NVIDIAControlPanel_56jybvy8sckqj
PublisherId       : 56jybvy8sckqj

So on Windows, the closest match to *OS team id is PublisherId: 56jybvy8sckqj is NVIDIA; htrsf667h5kn2 is Dell; 8wekyb3d8bbwe is Microsoft.
The close match to signing id is PackageFamilyName: NVIDIACorp.NVIDIAControlPanel_56jybvy8sckqj for NVIDIA's ControlPanel app; DellInc.DellUpdate_htrsf667h5kn2 for DellUpdate app, etc.
Or packageIdentityName(which is Name in above examples) is also a close match to signing id on macOS: NVIDIACorp.NVIDIAControlPanel for NVIDIA ControlPanel app.

[ebeahan]

Closed via #1269

[Trinity2019]

Thank you @ebeahan for all the help! and thanks @rw-access for the PR review!