OpenHarmony应用签名 - 厂商私有签名的配置和使用

概述

文档环境

开发环境:Windows 11

DevEco Studio 版本:DevEco Studio 3.1.1 Release(3.1.0.501)

SDK 版本:3.2.14.1(Full SDK)

开发板型号:DAYU 200

系统版本:OpenHarmony 3.2 Release(3.2.14.5)

涉及仓库:​​Hap包签名工具[developtools_hapsigner]​

功能简介

OpenHarmony应用签名 - 厂商私有签名文章介绍如何生成厂商私有签名和修改运行系统中的配置文件,使私有签名签出的应用可以正常在系统中安装和使用。

本文我们将介绍:

  • 私有签名信息和密钥如何在系统源码中进行配置,使系统原生支持私有厂商签名签出的应用安装。
  • 部分的系统应用是由编译子系统编译成hap装入系统中,如何配置这些系统应用的签名。
  • 如何使用Debug级别的签名文件给应用签名。
  • 厂商私有签名如何在DevEco Studio的工程中进行配置。

说明:本文档使用的签名文件和密钥等信息已由OpenHarmony应用签名 - 厂商私有签名文档生成。

配置源码私有签名验证信息

1. 配置trusted_apps_sources.json文件,增加私有签名信息。注意“,”符号后面需要加入空格才可正常匹配。文件源码位置:

base/security/appverify/interfaces/innerkits/appverify/config/OpenHarmony/trusted_apps_sources.json

{
    "name":"OpenHarmony-Tizi apps",
    "app-signing-cert":"C=CN, O=OpenHarmony-Tizi-app-cert, OU=OpenHarmony-Tizi-app-cert Community, CN=OpenHarmony Application Release",
    "profile-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Release",
    "profile-debug-signing-certificate":"C=CN, O=OpenHarmony-Tizi-profile-cert, OU=OpenHarmony-Tizi-profile-cert Community, CN=OpenHarmony Application Profile Debug",
    "issuer-ca":"C=CN, O=OpenHarmony-Tizi-subCA, OU=OpenHarmony-Tizi-subCA Community, CN=OpenHarmony Application CA",
    "max-certs-path":3,
    "critialcal-cert-extension":["keyusage"]
}

2. 配置trusted_root_ca.json文件,将OpenHarmony-Tizi-rootCA.cer密钥信息处理后加入到文件中。文件源码位置:

base/security/appverify/interfaces/innerkits/appverify/config/OpenHarmony/trusted_root_ca.json\

"C=CN, O=OpenHarmony-Tizi-rootCA, OU=OpenHarmony-Tizi-rootCA Community, CN=OpenHarmony Application Root CA":"-----BEGIN CERTIFICATE-----\nMIICQzCCAemgAwIBAgIEUwKY8TAKBggqhkjOPQQDAjCBhTELMAkGA1UEBhMCQ04x\nIDAeBgNVBAoMF09wZW5IYXJtb255LVRpemktcm9vdENBMSowKAYDVQQLDCFPcGVu\nSGFybW9ueS1UaXppLXJvb3RDQSBDb21tdW5pdHkxKDAmBgNVBAMMH09wZW5IYXJt\nb255IEFwcGxpY2F0aW9uIFJvb3QgQ0EwHhcNMjMwNTIxMTQwNTI2WhcNMjQwNTIw\nMTQwNTI2WjCBhTELMAkGA1UEBhMCQ04xIDAeBgNVBAoMF09wZW5IYXJtb255LVRp\nemktcm9vdENBMSowKAYDVQQLDCFPcGVuSGFybW9ueS1UaXppLXJvb3RDQSBDb21t\ndW5pdHkxKDAmBgNVBAMMH09wZW5IYXJtb255IEFwcGxpY2F0aW9uIFJvb3QgQ0Ew\nWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARoC3C5WijOQkLq/AjmtEWkZ+Ooso1p\nRl34qPpEPH0b6iun5wpAlDe20bcCvsiFda2RNXFsqHIl+cj59bnLh83Ro0UwQzAd\nBgNVHQ4EFgQUAIpcSDCk3q3hZ+qwobekzT9vLHAwEgYDVR0TAQH/BAgwBgEB/wIB\nADAOBgNVHQ8BAf8EBAMCAQYwCgYIKoZIzj0EAwIDSAAwRQIhANKbxPqFT5PwURVf\n1Oxa8cf1udcgO0ntULei/GhaQIobAiBH787oVyJtKxMuPw9K6zzhJjBNjZzW0DrK\n/NOyuKLetw==\n-----END CERTIFICATE-----\n"

3. 重新编译系统镜像,烧录至设备,使用私有签名签出的应用安装测试。

配置源码编译应用的签名文件

以权限管理应用(com.ohos.permissionmanager)为例,其他应用可根据需求配置。

应用源码位置:applications/standard/permission_manager

应用编译信息:

// 	applications/standard/permission_manager/permissionmanager/BUILD.gn
ohos_hap("permission_manager") {
  hap_profile = "src/main/module.json"
  deps = [
    ":permission_manager_js_assets",
    ":permission_manager_resources",
  ]
  certificate_profile = "../signature/pm.p7b"
  hap_name = "permission_manager"
  part_name = "prebuilt_hap"
  subsystem_name = "applications"
  js_build_mode = "debug"
  module_install_dir = "app/com.ohos.permissionmanager"
}

1. 使用hap-sign-tool.jar查看原权限管理应用p7b签名文件信息对应的Profile签名证书信息。

p7b文件位置:applications/standard/permission_manager/signature/pm.p7b

java -jar hap-sign-tool.jar verify-profile -inFile pm.p7b -outFil

e pm.json

2. 将bundle-nameaplapp-featureallowed-acls字段分别复制到UnsgnedReleasedProfileTemplate.json文件中。

3. 通过文本查看的方式打开p7b文件,把app-privilege-capabilities字段信息拷贝到UnsgnedReleasedProfileTemplate.json文件中。

说明:验签JSON未输出app-privilege-capabilities字段,已与开发反馈,步骤3为临时方案,后续如有修改会进行文档更新。

4. 替换distribution-certificate为私有签名OpenHarmony-Tizi-app-cert.pem文件中第一部分的密钥。把回车转换为\n字符,替换UnsgnedReleasedProfileTemplate.json文件的distribution-certificate字段。例如:

转换前:

-----BEGIN CERTIFICATE-----
MIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO
MR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu
SGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v
bnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0
MDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp
LWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv
bW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz
ZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul
7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp
MB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud
DwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME
CDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay
gjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=
-----END CERTIFICATE-----

转换后:

-----BEGIN CERTIFICATE-----\nMIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO\nMR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu\nSGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v\nbnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0\nMDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp\nLWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv\nbW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz\nZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul\n7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp\nMB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud\nDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME\nCDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay\ngjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=\n-----END CERTIFICATE-----\n

完整的UnsgnedReleasedProfileTemplate.json文件:

{
    "version-name": "2.0.0",
    "version-code": 2,
    "app-distribution-type": "os_integration",
    "uuid": "5027b99e-5f9e-465d-9508-a9e0134ffe18",
    "validity": {
        "not-before": 1594865258,
        "not-after": 1689473258
    },
    "type": "release",
    "bundle-info": {
        "developer-id": "OpenHarmony",
        "distribution-certificate": "-----BEGIN CERTIFICATE-----\nMIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO\nMR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu\nSGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v\nbnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0\nMDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp\nLWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv\nbW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz\nZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul\n7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp\nMB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud\nDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME\nCDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay\ngjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=\n-----END CERTIFICATE-----\n",
        "bundle-name": "com.ohos.permissionmanager",
        "apl": "normal",
        "app-feature": "hos_system_app"
    },
    "acls": {
        "allowed-acls": [
            "ohos.permission.GET_SENSITIVE_PERMISSIONS",
            "ohos.permission.GRANT_SENSITIVE_PERMISSIONS",
            "ohos.permission.REVOKE_SENSITIVE_PERMISSIONS",
            "ohos.permission.PERMISSION_USED_STATS",
            "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED",
            "ohos.permission.GET_BUNDLE_INFO",
            "ohos.permission.MANAGE_AUDIO_CONFIG",
            "ohos.permission.MANAGE_CAMERA_CONFIG"
        ]
    },
    "permissions": {
        "restricted-permissions": []
    },
    "issuer": "pki_internal",
    "app-privilege-capabilities": [
        "AllowAppDesktopIconHide",
        "AllowAbilityExcludeFromMissions",
        "AllowAppUsePrivilegeExtension"
    ]
}

5. ProvisionProfile文件签名,生成权限管理应用的p7b文件。

java -jar hap-sign-tool.jar sign-profile -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -mode "localSign" -profileCertFile "OpenHarmony-Tizi-profile-cert-release.pem" -inFile "UnsgnedReleasedProfileTemplate.json" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "pm.p7b" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2"

6. 将pm.p7b文件替换源码中原p7b文件。

7. 修改编译签名信息。

通过build/ohos/app/app_internal.gni文件查看应用签名需要的编译参数。

_private_key_path = default_hap_private_key_path
if (defined(private_key_path)) {
_private_key_path = private_key_path
}
_signature_algorithm = default_signature_algorithm
if (defined(signature_algorithm)) {
_signature_algorithm = signature_algorithm
}
_key_alias = default_key_alias
if (defined(key_alias)) {
_key_alias = key_alias
}
_keystore_path = default_keystore_path
if (defined(keystore_path)) {
_keystore_path = keystore_path
}
_keystore_password = default_keystore_password
if (defined(keystore_password)) {
_keystore_password = keystore_password
}
_certificate_file = default_hap_certificate_file
if (defined(certificate_file)) {
_certificate_file = certificate_file
}

默认编译签名信息位于源码位置build/ohos_var.gni。

default_hap_private_key_path = "OpenHarmony Application Release"
default_signature_algorithm = "SHA256withECDSA"
default_key_alias = "123456"
default_keystore_password = "123456"
default_keystore_path = "//developtools/hapsigner/dist/OpenHarmony.p12"
default_hap_certificate_file =
    "//developtools/hapsigner/dist/OpenHarmonyApplication.pem"

编译配置字段

hap-sign-tool.jar字段

签名信息

default_hap_private_key_path

keyAlias

OpenHarmony-Tizi-subCA

default_signature_algorithm

signAlg

SHA256withECDSA

default_key_alias

keyPwd

Pwd-Tizi-4

default_keystore_password

keystorePwd

Pwd-Tizi-2

default_keystore_path

keystoreFile

OpenHarmony-Tizi.p12

default_hap_certificate_file

appCertFile 

OpenHarmony-Tizi-app-cert.pem

说明:编译字段default_hap_private_key_path和default_key_alias的命名与hap-sign-tool.jar字段的命名有出入,但是与build/scripts/hapbuilder.py中sign_hap函数中的取值相对应,需注意,目前已与开发反馈,后续如有修改会进行文档更新。

def sign_hap(hapsigner, private_key_path, sign_algo, certificate_profile,
             keystore_path, keystorepasswd, keyalias, certificate_file,
             unsigned_hap_path, signed_hap_path):
    cmd = ['java', '-jar', hapsigner, 'sign-app']
    cmd.extend(['-mode', 'localsign'])
    cmd.extend(['-signAlg', sign_algo])
    cmd.extend(['-keyAlias', private_key_path])
    cmd.extend(['-inFile', unsigned_hap_path])
    cmd.extend(['-outFile', signed_hap_path])
    cmd.extend(['-profileFile', certificate_profile])
    cmd.extend(['-keystoreFile', keystore_path])
    cmd.extend(['-keystorePwd', keystorepasswd])
    cmd.extend(['-keyPwd', keyalias])
    cmd.extend(['-appCertFile', certificate_file])
    cmd.extend(['-profileSigned', '1'])
    cmd.extend(['-inForm','zip'])
    child = subprocess.Popen(cmd,
                             stdout=subprocess.PIPE,
                             stderr=subprocess.PIPE)
    stdout, stderr = child.communicate()
    if child.returncode:
        print(stdout.decode(), stderr.decode())
        raise Exception("Failed to sign hap")

此处如果修改默认签名配置,则全部由系统编译生成的应用都需要替换p7b文件。本文档仅替换了权限管理应用的p7b文件,所以单独配置权限管理应用的编译配置。

// 	applications/standard/permission_manager/permissionmanager/BUILD.gn
ohos_hap("permission_manager") {
  hap_profile = "src/main/module.json"
  deps = [
    ":permission_manager_js_assets",
    ":permission_manager_resources",
  ]
  certificate_profile = "../signature/pm.p7b"
  hap_name = "permission_manager"
  part_name = "prebuilt_hap"
  subsystem_name = "applications"
  js_build_mode = "debug"
  module_install_dir = "app/com.ohos.permissionmanager"
  private_key_path = "OpenHarmony-Tizi-subCA"      // 增加的签名配置信息
  signature_algorithm = "SHA256withECDSA"      // 增加的签名配置信息
  key_alias = "Pwd-Tizi-4"      // 增加的签名配置信息
  keystore_path = "//developtools/hapsigner/dist/OpenHarmony-Tizi.p12"      // 增加的签名配置信息
  keystore_password = "Pwd-Tizi-2"      // 增加的签名配置信息
  certificate_file = "//developtools/hapsigner/dist/OpenHarmony-Tizi-app-cert.pem"      // 增加的签名配置信息
}

8. 将p12文件和pem文件放到步骤7中编译配置的源码目录中。

9. 由于p7b文件的替换,所以预安装配置文件中的app_signature也会被改变,需要重新生成,生成方法可以参考OpenHarmony应用开发技巧 - 如何获取证书指纹

权限管理应用生成app_signature

app_signature:F433242143C463C5931D84E127DA67A6B00B02C5625C17AA2EAA77A393400A33

替换install_list_capability.json文件,权限管理应用指纹信息。

// vendor/hihope/rk3568/preinstall-config/install_list_capability.json
{
  "bundleName": "com.ohos.permissionmanager",
  "app_signature": ["F433242143C463C5931D84E127DA67A6B00B02C5625C17AA2EAA77A393400A33"],
  "allowAppUsePrivilegeExtension": true
},

10. 重新编译系统镜像,烧录至设备,查看权限管理应用是否被正确安装,并验证指纹信息是否与新生成的指纹信息一致。

bm dump -n com.ohos.permissionmanager | grep finger

如何签出Debug等级权限应用

生成Debug等级的p7b文件需要用到UnsgnedDebugProfileTemplate.json和OpenHarmony-Tizi-profile-cert-debug.pem文件。

未修改的UnsgnedDebugProfileTemplate.json:

Release配置文件区别在Debug配置文件增加了debug-info字段,Debug签名需要指定安装设备的udid

1. 获取设备udid。

hdc shell "bm get --udid"

3BCB000C4E2B33075C2759B3A454AF51D7BFF3D2AA489879F70D829E272F03F3

2. 配置UnsgnedDebugProfileTemplate.json文件,将设备udiddevelopment-certificate信息配置进文件。development-certificate的配置方式与Release配置文件相同,可以参考“配置源码编译应用的签名文件”章节的步骤4

配置后的UnsgnedDebugProfileTemplate.json文件

{
    "version-name": "2.0.0",
    "version-code": 2,
    "uuid": "fe686e1b-3770-4824-a938-961b140a7c98",
    "validity": {
        "not-before": 1610519532,
        "not-after": 1705127532
    },
    "type": "debug",
    "bundle-info": {
        "developer-id": "OpenHarmony",
        "development-certificate": "-----BEGIN CERTIFICATE-----\nMIICazCCAhGgAwIBAgIFAPERF2IwCgYIKoZIzj0EAwIwgYIxCzAJBgNVBAYTAkNO\nMR8wHQYDVQQKDBZPcGVuSGFybW9ueS1UaXppLXN1YkNBMSkwJwYDVQQLDCBPcGVu\nSGFybW9ueS1UaXppLXN1YkNBIENvbW11bml0eTEnMCUGA1UEAwweT3Blbkhhcm1v\nbnkgQXBwbGljYXRpb24gU3ViIENBMB4XDTIzMDUyMTE0MDU0M1oXDTI0MDUyMDE0\nMDU0M1owgYkxCzAJBgNVBAYTAkNOMSIwIAYDVQQKDBlPcGVuSGFybW9ueS1UaXpp\nLWFwcC1jZXJ0MSwwKgYDVQQLDCNPcGVuSGFybW9ueS1UaXppLWFwcC1jZXJ0IENv\nbW11bml0eTEoMCYGA1UEAwwfT3Blbkhhcm1vbnkgQXBwbGljYXRpb24gUmVsZWFz\nZTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABN0OL1RqzWXQWCXpT0tt54aFR0Ul\n7pqZYBJaCKT049xUYcfwCHLd0q0IzktNo9nqKIjE5BxOk76w7kHhxwowI2qjazBp\nMB0GA1UdDgQWBBQAW6LlxgLrPko7kHS/jbcsqnh4WTAJBgNVHRMEAjAAMA4GA1Ud\nDwEB/wQEAwIHgDATBgNVHSUEDDAKBggrBgEFBQcDAzAYBgwrBgEEAY9bAoJ4AQME\nCDAGAgEBCgEAMAoGCCqGSM49BAMCA0gAMEUCIQDHIWx4AELONvCoKaQnHQAW0bay\ngjR168gmlnGfnFGowAIgfMV5/nIvmRAbpapqO3a2pBKeHFfeU5zel/T1Bgty198=\n-----END CERTIFICATE-----\n",
        "bundle-name": "com.openharmony.signtest",
        "apl": "normal",
        "app-feature": "hos_normal_app"
    },
    "acls": {
        "allowed-acls": [
            ""
        ]
    },
    "permissions": {
        "restricted-permissions": [
            ""
        ]
    },
    "debug-info": {
        "device-ids": [
            "3BCB000C4E2B33075C2759B3A454AF51D7BFF3D2AA489879F70D829E272F03F3"
        ],
        "device-id-type": "udid"
    },
    "issuer": "pki_internal"
}

说明:如果不配置udid,在应用安装时报错,error: failed to install bundle. error: signature verification failed due to not trusted app source.

3. ProvisionProfile文件签名,注意需使用OpenHarmony-Tizi-profile-cert-debug.pem配合UnsgnedDebugProfileTemplate.json进行签名。

java -jar hap-sign-tool.jar sign-profile -keyAlias "OpenHarmony-Tizi-profileCA" -signAlg "SHA256withECDSA" -mode "localSign" -profileCertFile "OpenHarmony-Tizi-profile-cert-debug.pem" -inFile "UnsgnedDebugProfileTemplate.json" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "com.openharmony.signtest.debug.p7b" -keyPwd "Pwd-Tizi-5" -keystorePwd "Pwd-Tizi-2"

4. hap应用包签名,appCertFile参数与Release版本签名不变,profileFile使用Debug签出的p7b文件。

java -jar hap-sign-tool.jar sign-app -keyAlias "OpenHarmony-Tizi-subCA" -signAlg "SHA256withECDSA" -mode "localSign" -appCertFile "OpenHarmony-Tizi-app-cert.pem" -profileFile "com.openharmony.signtest.debug.p7b" -inFile "entry-default-unsigned.hap" -keystoreFile "OpenHarmony-Tizi.p12" -outFile "entry-default-signed-debug.hap" -keyPwd "Pwd-Tizi-4" -keystorePwd "Pwd-Tizi-2"

5. 安装应用。

DevEco Studio配置厂商私有签名

以com.openharmony.signtest工程为例。

1. 在工程根路径创建signature文件夹,把应用签名所需文件放入此文件夹下,包括OpenHarmony-Tizi-app-cert.pemOpenHarmony-Tizi.p12com.openharmony.signtest.p7b文件。

2. 更改OpenHarmony-Tizi-app-cert.pem后缀为cer。

3. 单击File > Project Structure > Project > SigningConfigs进入签名配置界面,如果勾选Automatically generate signature则需取消勾选。选取签名文件和配置密钥,点击OK保存配置。

Store file(*.p12):OpenHarmony-Tizi.p12

Store password:Pwd-Tizi-2

Key alias:OpenHarmony-Tizi-subCA

Key password:Pwd-Tizi-4

Sign alg:SHA256withECDSA

Profile file(*.p7b):com.openharmony.signtest.p7b

Certpath file(*.cer):OpenHarmony-Tizi-app-cert.cer

4. 构建安装验证。

参考文档

​​​OpenHarmony Docs - 应用特权配置指南​

​​​OpenHarmony Docs - HarmonyAppProvision配置文件的说明

  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 打赏
    打赏
  • 1
    评论
在 Objective-C 中,可以通过在.m文件中实现类别(Category)或者扩展(Extension)的方式来实现私有变量和私有方法。 1. 类别(Category)实现私有变量和私有方法 类别(Category)是 Objective-C 的一个特性,它允许在不修改原有类代码的情况下,向一个已有的类添加方法。在类别中,可以定义私有变量和私有方法,这些变量和方法只能在类别内部访问。 示例代码: ``` // MyClass.h @interface MyClass : NSObject // 公有方法 - (void)publicMethod; @end // MyClass.m @interface MyClass (Private) // 私有变量 @property (nonatomic, strong) NSString *privateVar; // 私有方法 - (void)privateMethod; @end @implementation MyClass (Private) - (void)setPrivateVar:(NSString *)privateVar { objc_setAssociatedObject(self, @selector(privateVar), privateVar, OBJC_ASSOCIATION_RETAIN_NONATOMIC); } - (NSString *)privateVar { return objc_getAssociatedObject(self, @selector(privateVar)); } - (void)privateMethod { NSLog(@"Private Method"); } @end @implementation MyClass - (void)publicMethod { // 在公有方法中调用私有变量和私有方法 self.privateVar = @"Private Variable"; [self privateMethod]; } @end ``` 2. 扩展(Extension)实现私有变量和私有方法 扩展(Extension)也是 Objective-C 的一个特性,它允许在类的实现文件中定义私有变量和私有方法。扩展与类别不同的是,它可以访问类的私有成员变量。 示例代码: ``` // MyClass.h @interface MyClass : NSObject // 公有方法 - (void)publicMethod; @end // MyClass.m @interface MyClass () // 私有变量 @property (nonatomic, strong) NSString *privateVar; // 私有方法 - (void)privateMethod; @end @implementation MyClass - (void)publicMethod { // 在公有方法中调用私有变量和私有方法 self.privateVar = @"Private Variable"; [self privateMethod]; } - (void)privateMethod { NSLog(@"Private Method"); } @end ```

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

TiZizzz

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值