diff --git a/OAT.xml b/OAT.xml
index 68b9b39759ac0c0df47a57eed9529cd2d01ee6e5..1f1350dac419b8cb558daf495f2265d3577fb28c 100644
--- a/OAT.xml
+++ b/OAT.xml
@@ -29,20 +29,16 @@
-
-
-
-
+
+
-
-
-
-
+
+
@@ -50,7 +46,9 @@
-
+
+
+
diff --git a/autosign/UnsgnedReleasedProfileTemplate.json b/autosign/UnsgnedReleasedProfileTemplate.json
new file mode 100644
index 0000000000000000000000000000000000000000..71c39a35b3241f68d63f12c8842351e53baa4332
--- /dev/null
+++ b/autosign/UnsgnedReleasedProfileTemplate.json
@@ -0,0 +1 @@
+{"version-name": "1.0.0", "version-code": 1, "app-distribution-type": "os_integration", "uuid": "5027b99e-5f9e-465d-9508-a9e0134ffe18", "validity": {"not-before": 1594865258, "not-after": 1689473258}, "type": "release", "bundle-info": {"developer-id": "OpenHarmony", "distribution-certificate": "-----BEGIN CERTIFICATE-----\nMIICSTCCAc+gAwIBAgIFAJV7uNUwCgYIKoZIzj0EAwIwYzELMAkGA1UEBhMCQ04x\nFDASBgNVBAoMC09wZW5IYXJtb255MRkwFwYDVQQLDBBPcGVuSGFybW9ueSBUZWFt\nMSMwIQYDVQQDDBpPcGVuSGFybW9ueSBBcHBsaWNhdGlvbiBDQTAeFw0yMjAxMjkw\nNTU0MTRaFw0yMzAxMjkwNTU0MTRaMGgxCzAJBgNVBAYTAkNOMRQwEgYDVQQKDAtP\ncGVuSGFybW9ueTEZMBcGA1UECwwQT3Blbkhhcm1vbnkgVGVhbTEoMCYGA1UEAwwf\nT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFzZTBZMBMGByqGSM49AgEGCCqG\nSM49AwEHA0IABAW8pFu7tHGUuWtddD5wvazc1qN8ts9UPZH4pecbb/bSFWKh7X7R\n/eTVaRrCTSSdovI1dhoV5GjuFsKW+jT2TwSjazBpMB0GA1UdDgQWBBScyywAaAMj\nI7HcuIS42lvZx0Lj+zAJBgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIHgDATBgNVHSUE\nDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQMECDAGAgEBCgEAMAoGCCqGSM49\nBAMCA2gAMGUCMFfNidGo6uK6KGT9zT1T5bY1NCHTH3P3muy5X1xudOgxWoOqIbnk\ntmQYB78dxWEHLQIxANfApAlXAD/0hnyNC8RDzfLOPEeay6jU9FXJj3AoR90rwZpR\noN9sYD6Oks4VGRw6yQ==\n-----END CERTIFICATE-----\n", "bundle-name": "com.OpenHarmony.app.test", "app-feature": "hos_system_app"}, "permissions": {"restricted-permissions": []}, "issuer": "pki_internal"}
\ No newline at end of file
diff --git a/autosign/autosign.py b/autosign/autosign.py
index 28eb08ecd837d6d39aeee7e9c3677d0e1acd035e..efe2e744b45f2d1a019818dc0edb447481cb6a83 100644
--- a/autosign/autosign.py
+++ b/autosign/autosign.py
@@ -12,7 +12,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################
-
+import json
import os
import re
import sys
@@ -64,8 +64,8 @@ def print_help():
" signtool.jar : Main progress jar file\n" \
"\n" \
"Example: \n" \
- " python autosign.py generate \n" \
- " python autosign.py sign" \
+ " python autosign.py createAppCertAndProfile \n" \
+ " python autosign.py signHap" \
"\n"
print(content)
@@ -152,6 +152,13 @@ def do_sign(jar):
run_with_engine(sign_engine_config, jar)
+def do_sign_hap(jar):
+ sign_hap_engine_config = {
+ 'sign.app': 'sign-app'
+ }
+ run_with_engine(sign_hap_engine_config, jar)
+
+
def do_generate(jar):
cert_engine_config = {
'app.keypair': 'generate-keypair',
@@ -166,6 +173,32 @@ def do_generate(jar):
run_with_engine(cert_engine_config, jar)
+def do_generate_root_cert(jar):
+ root_engine_config = {
+ 'profile.keypair': 'generate-keypair',
+ 'root-ca': 'generate-ca',
+ 'sub-ca.app': 'generate-ca',
+ 'sub-ca.profile': 'generate-ca',
+ 'cert.profile': 'generate-profile-cert',
+ }
+ run_with_engine(root_engine_config, jar)
+
+
+def do_generate_app_cert(jar):
+ app_cert_engine_config = {
+ 'app.keypair': 'generate-keypair',
+ 'cert.app': 'generate-app-cert',
+ }
+ run_with_engine(app_cert_engine_config, jar)
+
+
+def do_sign_profile(jar):
+ app_cert_engine_config = {
+ 'sign.profile': 'sign-profile',
+ }
+ run_with_engine(app_cert_engine_config, jar)
+
+
def convert_to_map(line, temp_map):
line = line.strip('\n')
strs = line.split('=', 1)
@@ -177,8 +210,8 @@ def convert_to_map(line, temp_map):
temp_map[strs[0]] = strs[1]
-def load_config():
- config_file = 'autosign.config'
+def load_config(config):
+ config_file = config
temp_map = {}
with open(config_file, 'r', encoding='utf-8') as f:
for line in f.readlines():
@@ -199,22 +232,64 @@ def process_cmd():
exit(0)
action = args[1]
- if action not in ['generate', 'sign']:
+ if action not in ['createRootAndSubCert', 'createAppCertAndProfile', 'signHap']:
print("Not support cmd")
print_help()
exit(1)
return action
-if __name__ == '__main__':
- act = process_cmd()
- load_config()
- jar_file = global_config.get('config', {}).get('signtool')
- if not os.path.exists(jar_file):
- print("Jar file '{}' not found".format(jar_file))
+def process_jar():
+ read_jar_file = global_config.get('config', {}).get('signtool')
+ if not os.path.exists(read_jar_file):
+ print("Jar file '{}' not found".format(read_jar_file))
+ exit(1)
+ return read_jar_file
+
+
+def replace_cert_in_profile():
+ profile_file = global_config.get('sign.profile', {}).get('inFile')
+ app_cert_file = global_config.get('cert.app', {}).get('outFile')
+ tar_dir = global_config.get('config', {}).get('targetDir')
+ app_cert_file = os.path.join(tar_dir, app_cert_file)
+ if not os.path.exists(profile_file):
+ print("profile file '{}' not found".format(jar_file))
+ exit(1)
+ if not os.path.exists(app_cert_file):
+ print("app cert file '{}' not found".format(jar_file))
exit(1)
- if act == 'generate':
- do_generate(jar_file)
- elif act == 'sign':
- do_sign(jar_file)
+ app_cert = ''
+ # read app cert
+ with open(app_cert_file, 'r', encoding='utf-8') as f:
+ app_cert_temp = f.read()
+ app_cert = app_cert_temp.split("-----END CERTIFICATE-----")[0] + "-----END CERTIFICATE-----\n"
+
+ profile = {}
+ # read profile
+ with open(profile_file, 'r', encoding='utf-8') as f:
+ profile = json.load(f)
+
+ profile["bundle-info"]["distribution-certificate"] = app_cert
+
+ # save profile
+ with open(profile_file, 'w', encoding='utf-8') as profile_write:
+ json.dump(profile, profile_write)
+
+
+if __name__ == '__main__':
+ act = process_cmd()
+ if act == 'createRootAndSubCert':
+ load_config('createRootAndSubCert.config')
+ jar_file = process_jar()
+ do_generate_root_cert(jar_file)
+ elif act == 'createAppCertAndProfile':
+ load_config('createAppCertAndProfile.config')
+ jar_file = process_jar()
+ do_generate_app_cert(jar_file)
+ replace_cert_in_profile()
+ do_sign_profile(jar_file)
+ elif act == 'signHap':
+ load_config('signHap.config')
+ jar_file = process_jar()
+ do_sign_hap(jar_file)
diff --git a/autosign/createAppCertAndProfile.config b/autosign/createAppCertAndProfile.config
new file mode 100644
index 0000000000000000000000000000000000000000..269804dae72d3d93a6a020ac672dd86705d65324
--- /dev/null
+++ b/autosign/createAppCertAndProfile.config
@@ -0,0 +1,59 @@
+// Base configuration
+//
+// Location of signtool.jar
+
+config.signtool=../hapsigntool/hap_sign_tool/build/libs/hap-sign-tool.jar
+
+// All products would be put into folder
+config.targetDir=result
+
+// Common configuration, will be overwrite by detail config
+common.keystoreFile=OpenHarmony.p12
+common.keystorePwd=123456
+common.keyAlg=ECC
+common.keySize=NIST-P-256
+common.signAlg=SHA256withECDSA
+common.validity=365
+common.outForm=certChain
+common.mode=localSign
+
+// You must change this instead of using default
+common.keyPwd=123456
+common.issuerKeyPwd=123456
+
+// keypair of app signature
+app.keypair.keyAlias=oh-app1-key-v1
+app.keypair.keyPwd=123456
+
+// keypair of profile signature
+profile.keypair.keyAlias=openharmony application profile release
+profile.keypair.keyPwd=123456
+
+// Root CA
+root-ca.outFile=rootCA.cer
+
+// Sub APP CA
+sub-ca.app.keyAlias=openharmony application ca
+sub-ca.app.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Team,CN= OpenHarmony Application CA
+sub-ca.app.outFile=subCA.cer
+
+// App signature cert
+cert.app.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Team,CN=OpenHarmony Application Release
+cert.app.outFile=app1.pem
+
+// Profile signature cert
+cert.profile.outFile=OpenHarmonyProfileRelease.pem
+
+// Sign profile
+sign.profile.inFile=UnsgnedReleasedProfileTemplate.json
+sign.profile.outFile=app1-profile.p7b
+
+// Default config. Do not change it
+cert.app.keyAlias=$app.keypair.keyAlias
+cert.app.issuer=$sub-ca.app.subject
+cert.app.issuerKeyAlias=$sub-ca.app.keyAlias
+cert.app.rootCaCertFile=$root-ca.outFile
+cert.app.subCaCertFile=$sub-ca.app.outFile
+
+sign.profile.keyAlias=$profile.keypair.keyAlias
+sign.profile.profileCertFile=$cert.profile.outFile
diff --git a/autosign/createRootAndSubCert.config b/autosign/createRootAndSubCert.config
new file mode 100644
index 0000000000000000000000000000000000000000..841d3ef79b44bd5873079a819d528092c1aec575
--- /dev/null
+++ b/autosign/createRootAndSubCert.config
@@ -0,0 +1,56 @@
+// Base configuration
+//
+// Location of signtool.jar
+
+config.signtool=../hapsigntool/hap_sign_tool/build/libs/hap-sign-tool.jar
+
+// All products would be put into folder
+config.targetDir=result
+
+// Common configuration, will be overwrite by detail config
+common.keystoreFile=ohtest.jks
+common.keystorePwd=123456
+common.keyAlg=ECC
+common.keySize=NIST-P-256
+common.signAlg=SHA256withECDSA
+common.validity=365
+common.outForm=certChain
+
+// You must change this instead of using default
+common.keyPwd=123456
+common.issuerKeyPwd=123456
+
+// keypair of profile signature
+profile.keypair.keyAlias=oh-profile-key-v1
+profile.keypair.keyPwd=123456
+
+// Root CA
+root-ca.keyAlias=oh-root-ca-key-v1
+root-ca.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA
+root-ca.outFile=root-ca1.cer
+
+// Sub APP CA
+sub-ca.app.keyAlias=oh-app-sign-srv-ca-key-v1
+sub-ca.app.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA
+sub-ca.app.outFile=app-sign-srv-ca1.cer
+
+// Sub Profile CA
+sub-ca.profile.keyAlias=oh-profile-sign-srv-ca-key-v1
+sub-ca.profile.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Profile Signature Service CA
+sub-ca.profile.outFile=profile-sign-srv-ca1.cer
+
+// Profile signature cert
+cert.profile.subject=C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Profile1 Release
+cert.profile.outFile=profile1.pem
+
+// Default config. Do not change it
+sub-ca.app.issuer=$root-ca.subject
+sub-ca.app.issuerKeyAlias=$root-ca.keyAlias
+sub-ca.profile.issuer=$root-ca.subject
+sub-ca.profile.issuerKeyAlias=$root-ca.keyAlias
+
+cert.profile.keyAlias=$profile.keypair.keyAlias
+cert.profile.issuer=$sub-ca.profile.subject
+cert.profile.issuerKeyAlias=$sub-ca.profile.keyAlias
+cert.profile.rootCaCertFile=$root-ca.outFile
+cert.profile.subCaCertFile=$sub-ca.profile.outFile
diff --git a/autosign/create_appcert_sign_profile.bat b/autosign/create_appcert_sign_profile.bat
new file mode 100644
index 0000000000000000000000000000000000000000..0cb6e4af45fb59676bb27cd594b1628dc0ce7270
--- /dev/null
+++ b/autosign/create_appcert_sign_profile.bat
@@ -0,0 +1,15 @@
+@rem Copyright (c) 2021-2022 Huawei Device Co., Ltd.
+@rem Licensed under the Apache License, Version 2.0 (the "License");
+@rem you may not use this file except in compliance with the License.
+@rem You may obtain a copy of the License at
+@rem
+@rem http://www.apache.org/licenses/LICENSE-2.0
+@rem
+@rem Unless required by applicable law or agreed to in writing, software
+@rem distributed under the License is distributed on an "AS IS" BASIS,
+@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+@rem See the License for the specific language governing permissions and
+@rem limitations under the License.
+
+python autosign.py createAppCertAndProfile
+pause
\ No newline at end of file
diff --git a/autosign/create_appcert_sign_profile.sh b/autosign/create_appcert_sign_profile.sh
new file mode 100644
index 0000000000000000000000000000000000000000..dc19361c717c5fa3cd2f5bf870aad7297a689d77
--- /dev/null
+++ b/autosign/create_appcert_sign_profile.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+# Copyright (c) 2021-2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+python3 autosign.py createAppCertAndProfile
\ No newline at end of file
diff --git a/autosign/start_create.bat b/autosign/create_root.bat
similarity index 94%
rename from autosign/start_create.bat
rename to autosign/create_root.bat
index d43c1fafd7c8367eed2519ec0243c7580163c6a2..9d21ab903862957c35568ce753c8f23d5a035222 100644
--- a/autosign/start_create.bat
+++ b/autosign/create_root.bat
@@ -11,5 +11,5 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
-python autosign.py generate
+python autosign.py createRootAndSubCert
pause
\ No newline at end of file
diff --git a/autosign/start_create.sh b/autosign/create_root.sh
similarity index 93%
rename from autosign/start_create.sh
rename to autosign/create_root.sh
index abe4940c6786f6f64bfb3ea24e0c0a126497df35..ce2f13439a93835f15dcf345edc6420ff84458e5 100644
--- a/autosign/start_create.sh
+++ b/autosign/create_root.sh
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-python3 autosign.py generate
\ No newline at end of file
+python3 autosign.py createRootAndSubCert
\ No newline at end of file
diff --git a/autosign/result/OpenHarmony.p12 b/autosign/result/OpenHarmony.p12
new file mode 100644
index 0000000000000000000000000000000000000000..60f9bb48e677960e9dd7257e9f55c80915417ecf
Binary files /dev/null and b/autosign/result/OpenHarmony.p12 differ
diff --git a/autosign/result/OpenHarmonyProfileRelease.pem b/autosign/result/OpenHarmonyProfileRelease.pem
new file mode 100644
index 0000000000000000000000000000000000000000..129a1378fa2301a3eeea6cf356ecf8841e8909f0
--- /dev/null
+++ b/autosign/result/OpenHarmonyProfileRelease.pem
@@ -0,0 +1,44 @@
+-----BEGIN CERTIFICATE-----
+MIICRDCCAcmgAwIBAgIED+E4izAMBggqhkjOPQQDAwUAMGgxCzAJBgNVBAYTAkNO
+MRQwEgYDVQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVh
+bTEoMCYGA1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTAeFw0y
+MTAyMDIxMjE0MThaFw00OTEyMzExMjE0MThaMGgxCzAJBgNVBAYTAkNOMRQwEgYD
+VQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVhbTEoMCYG
+A1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABE023XmRaw2DnO8NSsb+KG/uY0FtS3u5LQucdr3qWVnRW5ui
+QIL6ttNZBEeLTUeYcJZCpayg9Llf+1SmDA7dY4iP2EcRo4UN3rilovtfFfsmH4ty
+3SApHVFzWUl+NwdH8KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFBc6EKGrGXzlAE+s0Zgnsphadw7NMAwGCCqGSM49BAMDBQAD
+ZwAwZAIwd1p3JzHN93eoPped1li0j64npgqNzwy4OrkehYAqNXpcpaEcLZ7UxW8E
+I2lZJ3SbAjAkqySHb12sIwdSFKSN9KCMMEo/eUT5dUXlcKR2nZz0MJdxT5F51qcX
+1CumzkcYhgU=
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICYTCCAeWgAwIBAgIEHmXAPTAMBggqhkjOPQQDAwUAMGgxCzAJBgNVBAYTAkNO
+MRQwEgYDVQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVh
+bTEoMCYGA1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTAeFw0y
+MTAyMDIxMjE1MzJaFw00OTEyMzExMjE1MzJaMGMxCzAJBgNVBAYTAkNOMRQwEgYD
+VQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVhbTEjMCEG
+A1UEAxMaT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gQ0EwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQhnu7Hna8XNa2KyqRf5+lBJScE4xqf89N0g0OuqAb2re8nGsvWkw26
+uDekfnBYicd+G3Cydqa2zFIwV7Talyg2ULW3r8KbGpyl84mJEPPRmCGJ+H9gtCsf
++OrJ4Y76LVWjYzBhMB8GA1UdIwQYMBaAFBc6EKGrGXzlAE+s0Zgnsphadw7NMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTbhrciFtUL
+oUu33SV7ufEFfaItRzAMBggqhkjOPQQDAwUAA2gAMGUCMG3cXjiDmXTvf7D4Omhf
+qcc2nuO+EMfWE+N9ZhBP5UhV34mAGWi3SfLU6rcV0urWEQIxAMYIb3epOnKhUrcm
+Lfu1WKzFlpYQwmw73RaCHP2I3k6NcuWOYeNwWXSNZ8o0nzvaLg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIICPDCCAb+gAwIBAgIEN6dtvjAMBggqhkjOPQQDAwUAMGMxCzAJBgNVBAYTAkNO
+MRQwEgYDVQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVh
+bTEjMCEGA1UEAxMaT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gQ0EwHhcNMjEwMjAy
+MTIyMTA1WhcNNDkxMjMxMTIyMTA1WjBwMQswCQYDVQQGEwJDTjEUMBIGA1UEChML
+T3Blbkhhcm1vbnkxGTAXBgNVBAsTEE9wZW5IYXJtb255IFRlYW0xMDAuBgNVBAMT
+J09wZW5IYXJtb255IEFwcGxpY2F0aW9uIFByb2ZpbGUgUmVsZWFzZTBZMBMGByqG
+SM49AgEGCCqGSM49AwEHA0IABFfPAuu5prLiQXG+FcmSKJqtRjeDDZgfAeitKsSM
+3tzhHk2oN/UD0vHGbgIrVD8fv8igUZEJFsOTNM4DbovGGJqjUjBQMB8GA1UdIwQY
+MBaAFNuGtyIW1QuhS7fdJXu58QV9oi1HMA4GA1UdDwEB/wQEAwIHgDAdBgNVHQ4E
+FgQUy2Hpvad6TtTPlbOE7AX99l8NAVIwDAYIKoZIzj0EAwMFAANpADBmAjEArI6u
+CYJiea5IJBFC7JBluWgGshKdEHdGPv3sopi34kKPZNxm9eGn9OGNBjZg/qqdAjEA
+oIZqet/+DDpB7CRdTAUhisGmgE8w3ETgiibdUhrAAUOo6SSzozUQeKn+c37l5A+z
+-----END CERTIFICATE-----
diff --git a/autosign/result/rootCA.cer b/autosign/result/rootCA.cer
new file mode 100644
index 0000000000000000000000000000000000000000..20f68eac36a41853bee648aaeb97e7bef1c043a9
--- /dev/null
+++ b/autosign/result/rootCA.cer
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICRDCCAcmgAwIBAgIED+E4izAMBggqhkjOPQQDAwUAMGgxCzAJBgNVBAYTAkNO
+MRQwEgYDVQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVh
+bTEoMCYGA1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTAeFw0y
+MTAyMDIxMjE0MThaFw00OTEyMzExMjE0MThaMGgxCzAJBgNVBAYTAkNOMRQwEgYD
+VQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVhbTEoMCYG
+A1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTB2MBAGByqGSM49
+AgEGBSuBBAAiA2IABE023XmRaw2DnO8NSsb+KG/uY0FtS3u5LQucdr3qWVnRW5ui
+QIL6ttNZBEeLTUeYcJZCpayg9Llf+1SmDA7dY4iP2EcRo4UN3rilovtfFfsmH4ty
+3SApHVFzWUl+NwdH8KNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFBc6EKGrGXzlAE+s0Zgnsphadw7NMAwGCCqGSM49BAMDBQAD
+ZwAwZAIwd1p3JzHN93eoPped1li0j64npgqNzwy4OrkehYAqNXpcpaEcLZ7UxW8E
+I2lZJ3SbAjAkqySHb12sIwdSFKSN9KCMMEo/eUT5dUXlcKR2nZz0MJdxT5F51qcX
+1CumzkcYhgU=
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/autosign/result/subCA.cer b/autosign/result/subCA.cer
new file mode 100644
index 0000000000000000000000000000000000000000..6adeca77900241fe594729ffc75d51b1a7c40896
--- /dev/null
+++ b/autosign/result/subCA.cer
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICYTCCAeWgAwIBAgIEHmXAPTAMBggqhkjOPQQDAwUAMGgxCzAJBgNVBAYTAkNO
+MRQwEgYDVQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVh
+bTEoMCYGA1UEAxMfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUm9vdCBDQTAeFw0y
+MTAyMDIxMjE1MzJaFw00OTEyMzExMjE1MzJaMGMxCzAJBgNVBAYTAkNOMRQwEgYD
+VQQKEwtPcGVuSGFybW9ueTEZMBcGA1UECxMQT3Blbkhhcm1vbnkgVGVhbTEjMCEG
+A1UEAxMaT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gQ0EwdjAQBgcqhkjOPQIBBgUr
+gQQAIgNiAAQhnu7Hna8XNa2KyqRf5+lBJScE4xqf89N0g0OuqAb2re8nGsvWkw26
+uDekfnBYicd+G3Cydqa2zFIwV7Talyg2ULW3r8KbGpyl84mJEPPRmCGJ+H9gtCsf
++OrJ4Y76LVWjYzBhMB8GA1UdIwQYMBaAFBc6EKGrGXzlAE+s0Zgnsphadw7NMA8G
+A1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTbhrciFtUL
+oUu33SV7ufEFfaItRzAMBggqhkjOPQQDAwUAA2gAMGUCMG3cXjiDmXTvf7D4Omhf
+qcc2nuO+EMfWE+N9ZhBP5UhV34mAGWi3SfLU6rcV0urWEQIxAMYIb3epOnKhUrcm
+Lfu1WKzFlpYQwmw73RaCHP2I3k6NcuWOYeNwWXSNZ8o0nzvaLg==
+-----END CERTIFICATE-----
\ No newline at end of file
diff --git a/autosign/signHap.config b/autosign/signHap.config
new file mode 100644
index 0000000000000000000000000000000000000000..5b4693dda8d4ca7e6d1aba094ec373b3eea7f2e2
--- /dev/null
+++ b/autosign/signHap.config
@@ -0,0 +1,38 @@
+// Base configuration
+//
+// Location of signtool.jar
+
+config.signtool=../hapsigntool/hap_sign_tool/build/libs/hap-sign-tool.jar
+
+// All products would be put into folder
+config.targetDir=result
+
+// Common configuration, will be overwrite by detail config
+common.keystoreFile=OpenHarmony.p12
+common.keystorePwd=123456
+common.signAlg=SHA256withECDSA
+common.mode=localSign
+
+// You must change this instead of using default
+common.keyPwd=123456
+common.issuerKeyPwd=123456
+
+// keypair of app signature
+app.keypair.keyAlias=oh-app1-key-v1
+app.keypair.keyPwd=123456
+
+// App signature cert
+cert.app.outFile=app1.pem
+
+// Sign profile
+sign.profile.outFile=app1-profile.p7b
+
+// Sign app
+sign.app.inFile=app1-unsigned.hap
+sign.app.outFile=app1-signed.hap
+
+
+// Default config. Do not change it
+sign.app.keyAlias=$app.keypair.keyAlias
+sign.app.appCertFile=$cert.app.outFile
+sign.app.profileFile=$sign.profile.outFile
diff --git a/autosign/start_sign.bat b/autosign/sign_hap.bat
similarity index 95%
rename from autosign/start_sign.bat
rename to autosign/sign_hap.bat
index b8f9bcd51c648cbba6d675660067e7e631c432cc..afca3f3b43d453ae5e7482607ca2530557d9f098 100644
--- a/autosign/start_sign.bat
+++ b/autosign/sign_hap.bat
@@ -11,5 +11,5 @@
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
-python autosign.py sign
+python autosign.py signHap
pause
\ No newline at end of file
diff --git a/autosign/start_sign.sh b/autosign/sign_hap.sh
similarity index 95%
rename from autosign/start_sign.sh
rename to autosign/sign_hap.sh
index 9a56b7a7d10f8ce62ca9cd2343ffb533c1425b97..e85de1e37b1eed4ceff8993d12daa7fd48b5c919 100644
--- a/autosign/start_sign.sh
+++ b/autosign/sign_hap.sh
@@ -12,4 +12,4 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-python3 autosign.py sign
\ No newline at end of file
+python3 autosign.py signHap
\ No newline at end of file