• Home
Name Date Size #Lines LOC

..--

AppScope/06-May-2025-3633

entry/06-May-2025-2,1811,927

hvigor/06-May-2025-2321

screenshots/device/06-May-2025-

.gitignoreD06-May-2025119 1111

README.mdD06-May-20253.5 KiB5127

README_zh.mdD06-May-20256.9 KiB11168

build-profile.json5D06-May-20251.1 KiB4442

hvigorfile.tsD06-May-2025767 161

hvigorwD06-May-20252 KiB6253

hvigorw.batD06-May-20252.1 KiB8060

oh-package.json5D06-May-2025855 2826

ohosTest.mdD06-May-20252 KiB1915

README.md

1# Certificate Framework
2
3### Introduction
4
5This sample shows how `@ohos.security.cert` works to implement the function of verifying signature data.
6
7The implementation scenario(1):
8
91. Signature verification scenario using correct original data and signature data: Simulate the server obtains the public key through the client certificate, verifies the signature data using the public key, and verifies the client's identity and the integrity of the original data.
102. Scenario of using incorrect original or signature data for signature verification: Simulate an attacker modifying the original or signature data. When the server uses the public key for signature verification, the attacker's identity is untrustworthy or the original data is incomplete, resulting in verification failure.
11
12### Usage
13
141. Click the **Data Display** button, and the correct certificate, original, and signature data contents will be displayed in the text boxes of the page.
15
162. Click the **Signature Verification** button, and a pop-up window will pop up on the page, indicating that **Verification passed**.
17
183. Click the **Modify Original Data** button, and the page will display the modified original data and the correct certificate and signature data; Click the signature verification button, and a pop-up window will pop up on the page, indicating **Verification failed**.
19
204. Click the **Modify Signature Data** button, and the page will display the modified signature data, correct certificate, and original data; Click the signature verification button, and a pop-up window will pop up on the page, indicating **Verification failed**.
215. Click the **Data Display** button to restore the display of correct certificates, original and signature data on the page; Click the **Signature Verification** button, and a pop-up window will pop up on the page, indicating that **Verification passed**.
22
23
24The implementation scenario(2):
25
261. Use certificate chain data and root certificate data for certificate chain verification scenario: Verify whether the root certificate of the certificate chain is in the trusted list.
272. Using Certificate Chain Data and Certificate Revocation List: Verify that the certificate in the certificate chain has been revoked.
28
29### Usage
30
311. Click the **Data Display** button, and the correct certificate chain, root certificate and CRL data content will be displayed in the text box.
32
332. Click the **Certificate chain verification** button, the page pops up, indicating that **verification passed**.
34
353. Open the **Verification certificate revocation list**, click the **Certificate chain verification** button, the page pops up, indicating that **verification failed**.
36
37### Dependency
38
39* not involved.
40
41### Constraints
42
431. This sample can only be run on standard-system devices.
442. This sample has been adapted to the API version 11 SDK, Applicable version: CI DailyBuild of 4.1.5.3 after 12/23/2023, or newer Beta versions, Release versions.
453. This sample requires DevEco Studio 4.0 Release (Build Version: 4.0.0.600) or higher version to compile and run. Due to the limitations of hvigor, there are some restrictions on how to synchronize hvigor in this Sample project. These restrictions can be bypassed by following these steps:
46
47   (1) Change the compileSdkVersion and compatibleSdkVersion support versions in build-profile.json5 from 11 to 10, and then synchronize hvigor.
48
49   (2) After hvigor is synchronized successfully, change the compileSdkVersion and compatibleSdkVersion support versions in build-profile.json5 from 10 to 11, and then you can compile.
50
51

README_zh.md

1# 证书算法库框架
2
3### 介绍
4
5本示例使用了[@ohos.security.cert](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-cert.md)相关接口实现了对签名数据进行校验的功能。
6
7实现场景(一)如下:
8
91)使用**正确**的原始数据和签名数据进行签名校验场景:模拟服务端通过客户端证书获取公钥,利用公钥对签名数据进行校验,验证客户端身份和原始数据完整性。
10
112)使用**错误**的原始数据或签名数据进行签名校验场景:模拟攻击者修改原始数据或签名数据,服务端在利用公钥进行签名校验时,攻击者身份不可信或原始数据不完整,验证失败。
12
13### 效果预览
14
15|   主页    |                   校验通过                   |             校验失败             |
16|:-------:|:------------------------------------------:|:---------------------------------------:|
17| ![](screenshots/device/index.jpeg) | ![](screenshots/device/verify_success.jpeg) | ![](screenshots/device/verify_fail.jpeg) |
18
19使用说明
20
211、点击**数据展示**按钮,页面文本框中分别显示正确的证书、原始和签名数据内容。
22
232、点击**签名校验**按钮,页面弹出弹窗,提示**校验通过**。
24
253、点击**修改原始数据**按钮,页面显示修改后的原始数据和正确的证书、签名数据;点击签名校验按钮,页面弹出弹窗,提示**校验失败**。
26
274、点击**修改签名数据**按钮,页面显示修改后的签名数据和正确的证书、原始数据;点击签名校验按钮,页面弹出弹窗,提示**校验失败**。
28
295、点击**数据展示**按钮,页面恢复正确证书、原始和签名数据的展示;点击**签名校验**按钮,页面弹出弹窗,提示**校验通过**。
30
31实现场景(二)如下:
32
331)使用**证书链数据**和**根证书数据**进行证书链校验场景:验证证书链的根证书是否在可信任列表中。
34
352)使用**证书链数据**和**证书吊销列表**:验证证书链中的证书是否被吊销。
36
37### 效果预览
38
39|                    主页                    |                    校验通过                    |                校验失败                |
40|:----------------------------------------:|:------------------------------------------:|:----------------------------------:|
41| ![](screenshots/device/chain_index.jpeg) | ![](screenshots/device/chain_success.jpeg) | ![](screenshots/device/chain_fail.jpeg) |
42
43使用说明
44
451、点击**数据展示**按钮,页面文本框中分别显示正确的证书链、根证书和CRL数据内容。
46
472、点击**证书链校验**按钮,页面弹出弹窗,提示**校验通过**。
48
493、开启**校验证书吊销列表**,点击**证书链校验**按钮,页面弹出弹窗,提示**校验失败**。
50
51
52### 工程目录
53
54```
55entry/src/main/ets/
56|---entryability
57|   |---EntryAbility.ts
58|---model
59|   |---Data.ts                                               // 证书数据
60|   |---CertChainModel.ts                                     // 证书链校验模型文件
61|   |---CertFrameworkModel.ts                                 // 证书算法库框架模型文件
62|   |---Logger.ts                                             // 日志文件
63|---pages
64|   |---Index.ets                                             // 主界面
65```
66
67### 具体实现
68
69场景(一)
70* 使用证书公钥实现签名校验的功能接口Verify封装在CertFrameworkModel中
71    * 获取证书公钥:首先调用[cert.createX509Cert](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509cert)接口生成证书对象certObject,使用certObject对象的[getPublicKey](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-cert.md#getpublickey)能力获取公钥pubKey;然后调用[cryptoFramework.createAsyKeyGenerator](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateasykeygenerator)接口创建密钥生成器keyGenerator,使用keyGenerator的[convertKey](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#convertkey)能力将公钥pubKey转换为正确的格式。
72    * 使用公钥校验签名:首先调用[cryptoFramework.createVerify](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#cryptoframeworkcreateverify)接口创建验签对象verifier,使用公钥pubKey对验签对象verifier进行初始化[verifier.init](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#init-4);然后使用验签对象verifier的[verify](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md#verify)能力对签名进行校验。
73
74场景(二)
75* 使用证书公钥实现签名校验的功能接口validate封装在CertChainModel中
76  * 创建证书链: 调用[cert.createX509CertChain](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509certchain11)接口生成证书链对象certChainObject。
77  * 验证证书链: 从根证书中获取校验参数,然后使用certChainObject对象中的validate能力来对证书链进行验证。
78
79### 相关权限
80
81不涉及。
82
83### 依赖
84
85* 加解密算法库框架[@ohos.security.cryptoFramework](https://gitee.com/openharmony/docs/blob/master/zh-cn/application-dev/reference/apis-crypto-architecture-kit/js-apis-cryptoFramework.md)
86
87### 约束与限制
88
891、本示例仅支持标准系统上运行。
90
912、本示例已适配API version 11版本SDK,适用版本号:2023年12月23日及之后的CI每日构建版本(4.1.5.3),或更新的Beta版本、Release版本。
92
933、本示例需要使用DevEco Studio 4.0 Release(Build Version: 4.0.0.600)及以上版本才可编译运行,由于hvigor的限制,本Sample工程在同步hvigor的方式存在一定的限制,需要通过如下步骤规避:
94
95(1)将build-profile.json5中的compileSdkVersion、compatibleSdkVersion支持的版本从11修改为10,同步hvigor;
96
97(2)成功同步hvigor后,再将build-profile.json5中的compileSdkVersion、compatibleSdkVersion支持的版本从10修改为11,即可执行编译。
98
99### 下载
100
101 如需单独下载本工程,执行如下命令:
102
103```
104git init
105git config core.sparsecheckout true
106echo code/SystemFeature/Security/CertificateFramework > .git/info/sparse-checkout
107git remote add origin https://gitee.com/openharmony/applications_app_samples.git
108git pull origin master
109```
110
111