diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
index 54944b4b9be7440aa554fc7545dabdc3c94c2305..c2c6846305aa814b0a323190ce0153425cd22540 100644
--- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
+++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/VerifyHelper.java
@@ -18,7 +18,6 @@ package com.ohos.hapsigntool.profile;
 import com.ohos.hapsigntool.error.CustomException;
 import com.ohos.hapsigntool.error.ERROR;
 import com.ohos.hapsigntool.hap.verify.VerifyUtils;
-import com.ohos.hapsigntool.profile.model.Provision;
 import com.ohos.hapsigntool.profile.model.VerificationResult;
 import com.ohos.hapsigntool.utils.CertChainUtils;
 import com.ohos.hapsigntool.utils.CertUtils;
@@ -26,6 +25,10 @@ import com.ohos.hapsigntool.utils.FileUtils;
 import com.ohos.hapsigntool.utils.ValidateUtils;
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
+import org.bouncycastle.asn1.ASN1Encodable;
+import org.bouncycastle.asn1.ASN1Set;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.Time;
 import org.bouncycastle.cert.X509CertificateHolder;
 import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
 import org.bouncycastle.cms.CMSException;
@@ -44,10 +47,14 @@ import java.security.Signature;
 import java.security.SignatureException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.time.LocalDateTime;
+import java.time.ZoneId;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Iterator;
 import java.util.List;
+import java.util.Map;
+import java.util.Date;
 
 /**
  * Signed provision profile verifier.
@@ -134,15 +141,27 @@ public class VerifyHelper implements IProvisionVerifier {
             SignerInformationStore signerInfos = cmsSignedData.getSignerInfos();
             Collection<SignerInformation> signers = signerInfos.getSigners();
 
+            Date signTime = Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant());
+
             for (SignerInformation signer : signers) {
                 SignerId sid = signer.getSID();
+
+                ASN1Set attrValues = signer.getSignedAttributes().get(PKCSObjectIdentifiers.pkcs_9_at_signingTime)
+                        .getAttrValues();
+
+                if (attrValues.size() > 0) {
+                    ASN1Encodable objectAt = attrValues.getObjectAt(0);
+                    signTime = Time.getInstance(objectAt).getDate();
+                } else {
+                    LOGGER.warn("get sign time false, use local datetime verify cert chain");
+                }
                 X500Principal principal = new X500Principal(sid.getIssuer().getEncoded());
                 CertChainUtils.verifyCertChain(certificates, principal, sid.getSerialNumber(),
-                        certificates.get(certificates.size() - 1));
+                        certificates.get(certificates.size() - 1), signTime);
             }
 
             result.setContent(FileUtils.GSON.fromJson(new String((byte[]) (cmsSignedData
-                    .getSignedContent().getContent()), StandardCharsets.UTF_8), Provision.class));
+                    .getSignedContent().getContent()), StandardCharsets.UTF_8), Map.class));
             result.setMessage("OK");
             result.setVerifiedPassed(true);
             return result;
diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/model/VerificationResult.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/model/VerificationResult.java
index f1dbc98aef5bbcb29fd2c7951cdc7b27626f927e..ce6c50b32c0c67d4a38b5e8be94cf8a15c63d896 100644
--- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/model/VerificationResult.java
+++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/profile/model/VerificationResult.java
@@ -15,6 +15,8 @@
 
 package com.ohos.hapsigntool.profile.model;
 
+import java.util.Map;
+
 /**
  * VerificationResult.
  *
@@ -34,7 +36,7 @@ public class VerificationResult {
     /**
      * Field content.
      */
-    private Provision content;
+    private Map content;
 
     public boolean isVerifiedPassed() {
         return verifiedPassed;
@@ -52,11 +54,11 @@ public class VerificationResult {
         this.message = string;
     }
 
-    public Provision getContent() {
+    public Map getContent() {
         return content;
     }
 
-    public void setContent(Provision provision) {
+    public void setContent(Map provision) {
         this.content = provision;
     }
 
diff --git a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
index 8ef733caf18275e297744f54647ff5e4e697efb7..7bfb0653e6d85a25216da3caba0a6488d218100d 100644
--- a/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
+++ b/hapsigntool/hap_sign_tool_lib/src/main/java/com/ohos/hapsigntool/utils/CertChainUtils.java
@@ -59,7 +59,7 @@ public class CertChainUtils {
     }
 
     private static CertPath getCertPath(List<X509Certificate> certificates, KeyStore trustStore, X500Principal issuer,
-                                        BigInteger serial) throws KeyStoreException, InvalidAlgorithmParameterException,
+                                        BigInteger serial, Date signTime) throws KeyStoreException, InvalidAlgorithmParameterException,
             NoSuchAlgorithmException, CertPathBuilderException, CertificateException {
         if (certificates.size() != 1 && (issuer != null || serial != null)) {
             X509CertSelector targetCertSelector = new X509CertSelector();
@@ -69,7 +69,7 @@ public class CertChainUtils {
             CertStore certStore = CertStore.getInstance("Collection",
                     new CollectionCertStoreParameters(certificates));
             params.addCertStore(certStore);
-            params.setDate(Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()));
+            params.setDate(signTime);
             params.setRevocationEnabled(false);
             CertPathBuilder certPathBuilder = CertPathBuilder.getInstance("PKIX");
             PKIXCertPathBuilderResult result = (PKIXCertPathBuilderResult) certPathBuilder.build(params);
@@ -90,15 +90,15 @@ public class CertChainUtils {
      * @param root         root cert
      */
     public static void verifyCertChain(List<X509Certificate> certificates, X500Principal issuer, BigInteger serial,
-                                       X509Certificate root) {
+                                       X509Certificate root, Date signTime) {
         try {
             KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());
             trustStore.load(null, null);
             trustStore.setCertificateEntry("root", root);
-            CertPath certPath = getCertPath(certificates, trustStore, issuer, serial);
+            CertPath certPath = getCertPath(certificates, trustStore, issuer, serial, signTime);
             PKIXParameters params = new PKIXParameters(trustStore);
             params.setRevocationEnabled(false);
-            params.setDate(Date.from(LocalDateTime.now().atZone(ZoneId.systemDefault()).toInstant()));
+            params.setDate(signTime);
             CertStore certStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters());
             params.addCertStore(certStore);
             CertPathValidator validator = CertPathValidator.getInstance("PKIX");