• Home
Name Date Size #Lines LOC

..--

AppScope/06-May-2025-3633

entry/06-May-2025-2,0301,847

hvigor/06-May-2025-2221

screenshots/device/06-May-2025-

.gitignoreD06-May-2025120 1211

README.mdD06-May-20252.7 KiB3820

README_zh.mdD06-May-20255.2 KiB8855

build-profile.json5D06-May-20251 KiB4341

hvigorfile.tsD06-May-2025767 161

hvigorwD06-May-20252 KiB6253

hvigorw.batD06-May-20252.1 KiB8060

oh-package.json5D06-May-2025845 2726

ohosTest.mdD06-May-20252 KiB1814

README.md

1# CertManager
2
3### Introduction
4
5This sample shows how `@ohos.security.certManager` works to implement the function of verifying signature data. The implementation scenario is as follows:
6
71. Signature verification scenario using correct original data and signature data: Simulate the server obtains the public key through the client certificate, verifies the signature data using the public key, and verifies the client's identity and the integrity of the original data.
82. Scenario of using incorrect original or signature data for signature verification: Simulate an attacker modifying the original or signature data. When the server uses the public key for signature verification, the attacker's identity is untrustworthy or the original data is incomplete, resulting in verification failure.
9
10### Usage
11
121. Click the **Install** button, and a pop-up window will pop up on the page, indicating that **Install Success**.
13
142. Click the **Data Display** button, and the correct certificate, original data contents will be displayed in the text boxes of the page.
15
163. Click the **Sign** button, and signature data contents will be displayed in the text boxes of the page. and a pop-up window will pop up on the page, indicating that **Sign Success**.
17
184. Click the **Modify Original Data** button, and the page will display the modified original data and the correct certificate and signature data; Click the signature verification button, and a pop-up window will pop up on the page, indicating **Verification failed**.
19
205. Click the **Modify Signature Data** button, and the page will display the modified signature data, correct certificate, and original data; Click the signature verification button, and a pop-up window will pop up on the page, indicating **Verification failed**.
21
226. Click the **Verify** button, and a pop-up window will pop up on the page, indicating that **Verification passed**.
23
24### Dependency
25
26* not involved.
27
28### Constraints
29
301. This sample can only be run on standard-system devices.
312. This sample has been adapted to the API version 11 SDK, Applicable version: CI DailyBuild of 4.1.5.3 after 12/23/2023, or newer Beta versions, Release versions.
323. This sample requires DevEco Studio 4.0 Release (Build Version: 4.0.0.600) or higher version to compile and run. Due to the limitations of hvigor, there are some restrictions on how to synchronize hvigor in this Sample project. These restrictions can be bypassed by following these steps:
33
34   (1) Change the compileSdkVersion and compatibleSdkVersion support versions in build-profile.json5 from 11 to 10, and then synchronize hvigor.
35
36   (2) After hvigor is synchronized successfully, change the compileSdkVersion and compatibleSdkVersion support versions in build-profile.json5 from 10 to 11, and then you can compile.
37
38

README_zh.md

1# 证书管理
2
3### 介绍
4
5本示例使用了[@ohos.security.certManager](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md)相关接口实现了对签名数据进行校验的功能。
6
7实现场景如下:
8
91)使用**正确**的原始数据和签名数据进行签名校验场景:模拟服务端对签名数据进行校验,验证客户端身份和原始数据完整性。
10
112)使用**错误**的原始数据或签名数据进行签名校验场景:模拟攻击者修改原始数据或签名数据,服务端进行签名校验时,攻击者身份不可信或原始数据不完整,验证失败。
12
13### 效果预览
14
15|                 主页                 |                   校验通过                   |             校验失败             |
16|:----------------------------------:|:------------------------------------------:|:---------------------------------------:|
17| ![](screenshots/device/index.jpeg) | ![](screenshots/device/verify_success.jpeg) | ![](screenshots/device/verify_fail.jpeg) |
18
19使用说明
20
211、点击**安装**按钮,页面弹出弹窗,提示**安装成功**。
22
232、点击**数据展示**按钮,页面文本框中分别显示正确的证书、原始数据内容。
24
253、点击**签名校验**按钮,页面文本框中分别显示签名数据内容。
26
274、点击**修改原始数据**按钮,页面显示修改后的原始数据和正确的证书、签名数据;点击校验按钮,页面弹出弹窗,提示**校验失败**。
28
295、点击**修改签名数据**按钮,页面显示修改后的签名数据和正确的证书、原始数据;点击校验按钮,页面弹出弹窗,提示**校验失败**。
30
316、点击**校验**按钮,页面弹出弹窗,提示**校验通过**。
32
33### 工程目录
34
35```
36entry/src/main/ets/
37|---entryability
38|   |---EntryAbility.ts
39|---model
40|   |---Data.ts                                               // 证书数据
41|   |---Model.ts                                              // 证书管理文件
42|   |---Logger.ts                                             // 日志文件
43|---pages
44|   |---Index.ets                                             // 主界面
45```
46
47### 具体实现
48
49* 签名校验的功能接口Verify封装在Model中
50    * 安装私有凭据:调用[certManager.installPrivateCertificate](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerinstallprivatecertificate)接口安装证书,并获取返回结果cmResult。
51    * 使用凭据进行签名、验签的初始化操作:调用[certManager.init](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerinit)接口进行初始化,并获取返回结果signHandle。
52    * 填充源数据:调用[certManager.update](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerupdate)接口填充源数据。
53    * 完成签名的操作:调用[certManager.finish](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerfinish)接口完成签名,并获取签名结果signResult。
54    * 完成验签的操作:同上,再依次调用[certManager.init](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerinit)接口,[certManager.update](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerupdate)接口,[certManager.finish](https://docs.openharmony.cn/pages/v4.1/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-certManager.md#certmanagerfinish)接口完成验签操作,最终获取验签结果verifyResult。
55
56### 相关权限
57
58[ohos.permission.ACCESS_CERT_MANAGER_INTERNAL](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/security/AccessToken/permissions-for-system-apps.md#ohospermissionaccess_cert_manager_internal)
59
60### 依赖
61
62不涉及。
63
64### 约束与限制
65
661、本示例仅支持标准系统上运行。
67
682、本示例已适配API version 11版本SDK,适用版本号:2023年12月23日及之后的CI每日构建版本(4.1.5.3),或更新的Beta版本、Release版本。
69
703、本示例需要使用DevEco Studio 4.0 Release(Build Version: 4.0.0.600)及以上版本才可编译运行,由于hvigor的限制,本Sample工程在同步hvigor的方式存在一定的限制,需要通过如下步骤规避:
71
72(1)将build-profile.json5中的compileSdkVersion、compatibleSdkVersion支持的版本从11修改为10,同步hvigor;
73
74(2)成功同步hvigor后,再将build-profile.json5中的compileSdkVersion、compatibleSdkVersion支持的版本从10修改为11,即可执行编译。
75
76### 下载
77
78 如需单独下载本工程,执行如下命令:
79
80```
81git init
82git config core.sparsecheckout true
83echo code/BasicFeature/Security/CertManager/ > .git/info/sparse-checkout
84git remote add origin https://gitee.com/openharmony/applications_app_samples.git
85git pull origin master
86```
87
88