diff --git a/dist/hap-sign-tool.jar b/dist/hap-sign-tool.jar index 24e55cec53e630f760964aebfaea5642c1ac8de1..9ded46c8bbcde7b56275d406b5876c3e929896a6 100644 Binary files a/dist/hap-sign-tool.jar and b/dist/hap-sign-tool.jar differ diff --git a/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/CmdUtil.java b/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/CmdUtil.java index 6072a8cc6cc69eb9bece0d0e5499f663eeec9fdf..1f2ba20e2418dff45e1234c38b4c77797d74097c 100644 --- a/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/CmdUtil.java +++ b/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/CmdUtil.java @@ -56,10 +56,14 @@ public final class CmdUtil { Params params = new Params(); params.setMethod(args[0]); String keyStandBy = null; + List trustLists = TrustlistDocument.getTrustlist(args[0]); for (int i = 1; i < args.length; i++) { String value = args[i]; + boolean isTrust = trustLists.contains(value); // prepare key if (value != null && (value.startsWith("-"))) { + ValidateUtils.throwIfNotMatches(isTrust, + ERROR.COMMAND_PARAM_ERROR,"Not support command param:" + value); keyStandBy = value.substring(1); } else { // prepare value diff --git a/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/TrustlistDocument.java b/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/TrustlistDocument.java new file mode 100644 index 0000000000000000000000000000000000000000..c224d478f414730bbe27019d176550c61a0a8a20 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/java/com/ohos/hapsigntoolcmd/TrustlistDocument.java @@ -0,0 +1,41 @@ +package com.ohos.hapsigntoolcmd; + +import com.ohos.hapsigntool.error.CustomException; +import com.ohos.hapsigntool.error.ERROR; + +import java.io.*; +import java.nio.file.Path; +import java.util.ArrayList; +import java.util.List; + +/** + * 入参白名单获取类 + */ +public final class TrustlistDocument { + private TrustlistDocument() { + } + public static List getTrustlist(String command) { + ClassLoader classLoader = TrustlistDocument.class.getClassLoader(); + if (classLoader == null) { + return null; + } + String page = "trustlist/"+command+".txt"; + String str = ""; + ArrayList trustLists = new ArrayList<>(); + try (InputStream inputStream = classLoader.getResourceAsStream(page)) { + if (inputStream == null) { + return null; + } + InputStreamReader isr = new InputStreamReader(inputStream); + BufferedReader br = new BufferedReader(isr); + while ((str=br.readLine()) != null) { + trustLists.add(str); + } + } catch (IOException ioe) { + CustomException.throwException(ERROR.READ_FILE_ERROR, "Failed to read " + page + " resource"); + } + System.out.println(trustLists); + return trustLists; + } + +} diff --git a/hapsigntool/hap_sign_tool/src/main/resources/help.txt b/hapsigntool/hap_sign_tool/src/main/resources/help.txt index a34d71a98b13daca6d99244da5325714a93d5fd7..04c6466f040ba55d904878a4ae4a896c5c2c0c8a 100644 --- a/hapsigntool/hap_sign_tool/src/main/resources/help.txt +++ b/hapsigntool/hap_sign_tool/src/main/resources/help.txt @@ -23,6 +23,7 @@ USAGE: [options] -keySize : key size, required fields, the size of the RSA algorithm is 2048/3072/4096, and the size of the ECC algorithm is NIST-P-256/NIST-P-384; -keystoreFile : keystore file, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; + -extCfgFile : Extend Profile, optional fields; EXAMPLE: generate-keypair -keyAlias "oh-app1-key-v1" -keyPwd ****** -keyAlg ECC -keySize NIST-P-256 -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** @@ -36,6 +37,7 @@ USAGE: [options] -keystoreFile : keystore file, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; -outFile : output file, optional fields, if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; EXAMPLE: generate-csr -keyAlias "oh-app1-key-v1" -keyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Release" -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\oh-app1-key-v1.csr" @@ -60,6 +62,9 @@ USAGE: [options] -keystoreFile : keystore file, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; -outFile : output file, optional fields, if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; + -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; + -issuerKeystorePwd : issuer keystore password, optional fields; EXAMPLE: generate-cert -keyAlias "oh-app1-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Application Signature Service CA" -issuerKeyAlias "oh-app-sign-srv-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Release" -validity 365 -keyUsage digitalSignature -extKeyUsage codeSignature -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\app1.cer" @@ -79,6 +84,9 @@ USAGE: [options] -keystoreFile : keystore file, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; -outFile : output file, optional fields, if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; + -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; + -issuerKeystorePwd : issuer keystore password, optional fields; EXAMPLE: generate-ca -keyAlias "oh-root-ca-key-v1" -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -validity 365 -signAlg SHA384withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\root-ca.cer" -keyAlg RSA -keySize 2048 @@ -100,6 +108,9 @@ USAGE: [options] -rootCaCertFile : root CA certificate file, required when outForm is certChain; -subCaCertFile : secondary sub-CA certificate file, required when outForm is certChain; -outFile : output certificate file (certificate or certificate chain), optional fields, if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; + -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; + -issuerKeystorePwd : issuer keystore password, optional fields; EXAMPLE: generate-app-cert -keyAlias "oh-app1-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Application Debug Signature Service CA" -issuerKeyAlias "oh-app-sign-debug-srv-ca-key-v1" -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=App1 Debug" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-app-sign-srv-ca.cer" -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\app-debug-cert.cer" @@ -120,6 +131,9 @@ USAGE: [options] -rootCaCertFile : root CA certificate file, required when outForm is certChain; -subCaCertFile : secondary sub-CA certificate file, required when outForm is certChain; -outFile : output file, optional fields, if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; + -issuerKeystoreFile : issuer keystore file, optional fields, JKS or P12 format; + -issuerKeystorePwd : issuer keystore password, optional fields; EXAMPLE: generate-profile-cert -keyAlias "oh-profile-key-v1" -keyPwd ****** -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Debug Signature Service CA" -issuerKeyAlias "oh-profile-sign-debug-srv-ca-key-v1" -issuerKeyPwd ****** -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Provision Profile Debug" -validity 365 -signAlg SHA256withECDSA -rootCaCertFile "D:\OH\root-ca.cer" -subCaCertFile "D:\OH\sub-profile-sign-srv-ca.cer" -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outForm certChain -outFile "D:\OH\provision-profile-debug.cer" @@ -135,6 +149,7 @@ USAGE: [options] -keystoreFile : keystore file, if signature mode is localSign, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; -outFile : output the signed Provision Profile file, p7b format, required fields; + -extCfgFile : Extend Profile, optional fields; EXAMPLE: sign-profile -mode localSign -keyAlias "oh-profile-key-v1" -keyPwd ****** -profileCertFile "D:\OH\provision-profile-release.cer" -inFile "D:\OH\app1-profile-release.json" -signAlg SHA256withECDSA -keystoreFile "D:\OH\profile-keypair.jks" -keystorePwd ****** -outFile "D:\OH\signed-profile.p7b" @@ -142,6 +157,7 @@ USAGE: [options] verify-profile [options]: -inFile : signed Provision Profile file, p7b format, required fields; -outFile : Verification result file (including verification result and profile content), json format, optional; if not filled, it will be directly output to the console; + -extCfgFile : Extend Profile, optional fields; EXAMPLE: verify-profile -inFile "D:\OH\signed-profile.p7b" -outFile "D:\OH\VerifyResult.json" @@ -150,13 +166,16 @@ USAGE: [options] -mode : signature mode, required fields, including localSign/remoteSign/remoteResign; -keyAlias : key alias, required fields; -keyPwd : key password, optional fields; - -appCertFIle : application signature certificate file, required fields; + -appCertFile : application signature certificate file, required fields; -profileFile : signed Provision Profile file, p7b format, required fields; + -profileSigned : indicates whether the profile file has a signture.The options are as follows: 1:yes; 0:no; defalut value:1. optional fields; -inFile : input original application package file, hap or bin format, required fields; -signAlg : signature algorithm, required fields, including SHA256withRSA/SHA384withRSA/SHA256withECDSA/SHA384withECDSA; -keystoreFile : keystore file, if signature mode is localSign, required fields, JKS or P12 format; -keystorePwd : keystore password, optional fields; -outFile : output the signed Provision Profile file, required fields; + -extCfgFile : Extend Profile, optional fields; + -inForm : enter the format of the origianl file, the format is .zip or .bin; EXAMPLE: sign-app -mode localSign -keyAlias "oh-app1-key-v1" -appCertFile "D:\OH\app-release-cert.cer" -profileFile "D:\OH\signed-profile.p7b" -inFile "D:\OH\app1-unsigned.hap" -signAlg SHA256withECDSA -keystoreFile "D:\OH\app-keypair.jks" -keystorePwd ****** -outFile "D:\OH\app1-signed.hap" @@ -165,6 +184,7 @@ USAGE: [options] -inFile : signed application package file, hap or bin format, required fields; -outCertchain : signed certificate chain file, required fields; -outProfile : profile file in application package, required fields; + -extCfgFile : Extend Profile, optional fields; EXAMPLE: verify-app -inFile "D:\OH\app1-signed.hap" -outcertchain "outCertchain.cer" -outProfile "outprofile.p7b" diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-app-cert.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-app-cert.txt new file mode 100644 index 0000000000000000000000000000000000000000..ebf02d968f7be24f6942606fadc191d9d43999d2 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-app-cert.txt @@ -0,0 +1,17 @@ +-keyAlias +-keyPwd +-issuer +-issuerKeyAlias +-issuerKeyPwd +-subject +-validity +-signAlg +-issuerKeystoreFile +-issuerKeystorePwd +-keystoreFile +-keystorePwd +-outForm +-rootCaCertFile +-subCaCertFile +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-ca.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-ca.txt new file mode 100644 index 0000000000000000000000000000000000000000..b9d241164a4268552f01af4fc05ff2a510bea6ec --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-ca.txt @@ -0,0 +1,17 @@ +-keyAlias +-keyPwd +-keyAlg +-keySize +-issuer +-issuerKeyAlias +-issuerKeyPwd +-subject +-validity +-signAlg +-basicConstraintsPathLen +-keystoreFile +-keystorePwd +-issuerKeystoreFile +-issuerKeystorePwd +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-cert.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-cert.txt new file mode 100644 index 0000000000000000000000000000000000000000..96950e4e12a0602eb83c1b98c6496fcf066e8091 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-cert.txt @@ -0,0 +1,22 @@ +-keyAlias +-keyPwd +-issuer +-issuerKeyAlias +-issuerKeyPwd +-subject +-validity +-keyUsage +-keyUsageCritical +-extKeyUsage +-extKeyUsageCritical +-signAlg +-basicConstraints +-basicConstraintsCritical +-basicConstraintsCa +-basicConstraintsPathLen +-issuerKeystoreFile +-issuerKeystorePwd +-keystoreFile +-keystorePwd +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-csr.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-csr.txt new file mode 100644 index 0000000000000000000000000000000000000000..c37b7b7e1219cd4601bbc5de1a69f6ec02aa31fa --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-csr.txt @@ -0,0 +1,8 @@ +-keyAlias +-keyPwd +-subject +-signAlg +-keystoreFile +-keystorePwd +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-keypair.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-keypair.txt new file mode 100644 index 0000000000000000000000000000000000000000..095e30c745a56d8301144cdf11a25435d504da9e --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-keypair.txt @@ -0,0 +1,7 @@ +-keyAlias +-keyPwd +-keyAlg +-keySize +-keystoreFile +-keystorePwd +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-profile-cert.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-profile-cert.txt new file mode 100644 index 0000000000000000000000000000000000000000..ebf02d968f7be24f6942606fadc191d9d43999d2 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/generate-profile-cert.txt @@ -0,0 +1,17 @@ +-keyAlias +-keyPwd +-issuer +-issuerKeyAlias +-issuerKeyPwd +-subject +-validity +-signAlg +-issuerKeystoreFile +-issuerKeystorePwd +-keystoreFile +-keystorePwd +-outForm +-rootCaCertFile +-subCaCertFile +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-app.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-app.txt new file mode 100644 index 0000000000000000000000000000000000000000..c6d7100f5403d17d8307caaf9e623c6d5dba4d6d --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-app.txt @@ -0,0 +1,13 @@ +-mode +-keyAlias +-keyPwd +-appCertFile +-profileFile +-profileSigned +-inForm +-inFile +-signAlg +-keystoreFile +-keystorePwd +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-profile.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-profile.txt new file mode 100644 index 0000000000000000000000000000000000000000..0e0cca0bd7c8ce51d3ef7dc722e7f976f951d6b8 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/sign-profile.txt @@ -0,0 +1,10 @@ +-mode +-keyAlias +-keyPwd +-profileCertFile +-inFile +-signAlg +-keystoreFile +-keystorePwd +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-app.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-app.txt new file mode 100644 index 0000000000000000000000000000000000000000..973ed57f774a0f3c1de24b3701759cf3607ded41 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-app.txt @@ -0,0 +1,4 @@ +-inFile +-outCertchain +-outProfile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-profile.txt b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-profile.txt new file mode 100644 index 0000000000000000000000000000000000000000..b087851daf2e6288ab5ee95062d36c541dfd7bc3 --- /dev/null +++ b/hapsigntool/hap_sign_tool/src/main/resources/trustlist/verify-profile.txt @@ -0,0 +1,3 @@ +-inFile +-outFile +-extCfgFile \ No newline at end of file diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/error/ERROR.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/error/ERROR.java index e3819527ef6a3ed9029e2bd3aaf1b944a73aaffd..203f14a050eef05860d6681d48bb0bd7ce76018c 100644 --- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/error/ERROR.java +++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/error/ERROR.java @@ -56,7 +56,11 @@ public enum ERROR { /** * Enum constant ACCESS_ERROR. */ - ACCESS_ERROR(109); + ACCESS_ERROR(109), + /** + * Enum constant COMMAND_PARAM_ERROR. + */ + COMMAND_PARAM_ERROR(110); /** * Field errorCode. diff --git a/tools/commands.config b/tools/commands.config index ef6b2f6720418d2c0a3d7e74fc00fa6ce1864cad..4f5da296f12dfdae87aeda1682551c8333ff34a5 100644 --- a/tools/commands.config +++ b/tools/commands.config @@ -38,7 +38,6 @@ 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', - 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity**() -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen OK0 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', @@ -182,6 +181,7 @@ 'generate-ca -keyAlias -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', + 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity**() -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd "@#$%&" -keyAlg ECC -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"', 'generate-ca -keyAlias "oh-profile-sign-srv-ca-key-v1" -keyPwd 123456 -keyAlg -keySize NIST-P-256 -issuer "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN=Root CA" -issuerKeyAlias "oh-root-ca-key-v1" -issuerKeyPwd 123456 -subject "C=CN,O=OpenHarmony,OU=OpenHarmony Community,CN= Application Signature Service CA" -validity 365 -signAlg SHA256withECDSA -basicConstraintsPathLen 1 -keystoreFile "ohtest.jks" -keystorePwd 123456 -extCfgFile "111.txt" -outFile "profile-sign-srv-ca.cer"',