HarmonyOS 证书链校验器报19030001错误

1、rcp请求进行证书双向认证,校验服务器返回证书

let request = new rcp.Request(HOST, 'POST')
request.headers = { 'Content-Type': 'application/json' }
request.content = `{"cywallid":"harmonyos3-f42f-4585-9bdb-69a99d6aa0e5","pubkey":"123456","token":"token-owner-01"}`
request.configuration = {
  security: {
    remoteValidation: selfDefinedRemoteValidation, // 自定义校验远程服务器证书
    certificate: {
      content: getRawFileContent('dck01.crt'),
      key: filesDir + '/private.key',
      type: 'PEM',
    },
  }
};

let session = rcp.createSession()
session.fetch(request).then((response:rcp.Response) => {
  if (response.statusCode == 200) {
    hilog.info(0x0000, 'wsrequest', 'get success %{public}s', response.toString())
  }
  // hilog.info(0x0000, 'wsrequest', 'get fail %{public}d', response.statusCode)
}).catch((err: BusinessError) => {
  console.info('get error:' + JSON.stringify(err));
})

2、创建证书链校验器进行校验

const selfDefinedRemoteValidation = async (context: rcp.ValidationContext) => {
  // 验证域名
  if (context.host != "dck.gdota.club") {
    return  false
  }
  checkCertChainValidator(false,context.pemCerts[0],context.pemCerts[1],(result) =>{
    console.error(`checkCertChainValidator state:${result}`);
    return result
  })
  return true
}
// 证书链校验器函数
function checkCertChainValidator(selfSigned:Boolean,caCertData:string,secondCaCertData:string,callBack:Callback): void {
  let textEncoder = new util.TextEncoder();
  // 证书链校验器算法。目前仅支持PKIX
  let algorithm = 'PKIX';

  // 创建一个证书链校验器实例
  let validator = cert.createCertChainValidator(algorithm);

  // CA证书数据
  let uint8ArrayOfCaCertData = textEncoder.encodeInto(caCertData);

  // CA证书数据的长度
  let uint8ArrayOfCaCertDataLen = new Uint8Array(new Uint16Array([uint8ArrayOfCaCertData.byteLength]).buffer);

  // 二级CA证书数据
  let uint8ArrayOf2ndCaCertData =  textEncoder.encodeInto(secondCaCertData);

  // 二级CA证书数据的长度
  let uint8ArrayOf2ndCaCertDataLen = new Uint8Array(new Uint16Array([uint8ArrayOf2ndCaCertData.byteLength]).buffer);

  // 证书链二进制数据:二级CA证书数据长度+二级CA证书数据+CA证书数据长度+CA证书数据(L-V格式)
  let encodingData = new Uint8Array(uint8ArrayOf2ndCaCertDataLen.length + uint8ArrayOf2ndCaCertData.length +
  uint8ArrayOfCaCertDataLen.length + uint8ArrayOfCaCertData.length);
  for (let i = 0; i < uint8ArrayOf2ndCaCertDataLen.length; i++) {
    encodingData[i] = uint8ArrayOf2ndCaCertDataLen[i];
  }
  for (let i = 0; i < uint8ArrayOf2ndCaCertData.length; i++) {
    encodingData[uint8ArrayOf2ndCaCertDataLen.length + i] = uint8ArrayOf2ndCaCertData[i];
  }
  for (let i = 0; i < uint8ArrayOfCaCertDataLen.length; i++) {
    encodingData[uint8ArrayOf2ndCaCertDataLen.length + uint8ArrayOf2ndCaCertData.length + i] = uint8ArrayOfCaCertDataLen[i];
  }
  for (let i = 0; i < uint8ArrayOfCaCertData.length; i++) {
    encodingData[uint8ArrayOf2ndCaCertDataLen.length + uint8ArrayOf2ndCaCertData.length +
    uint8ArrayOfCaCertDataLen.length + i] = uint8ArrayOfCaCertData[i];
  }

  let certChainData: cert.CertChainData = {
    // Uint8Array类型:L-V格式(证书数据长度-证书数据)
    data: encodingData,
    // 证书的数量。本例中为2
    count: 2,
    // 证书格式。仅支持 PEM 和 DER。在此示例中,证书为 PEM 格式
    encodingFormat: cert.EncodingFormat.FORMAT_PEM
  };

  // 验证证书链
  validator.validate(certChainData, (err, data) => {
    if (err != null) {
      // 校验失败
      console.dir(err)
      console.error(`validate failed, errCode: ${err.code}, errMsg: ${err.message}`);
      callBack(false)
    } else {
      // 校验成功
      console.log('validate success');
      callBack(true)
    }
  });
}

3、验证证书链时报错:validate failed, errCode: 19030001, errMsg: validate cert chain failed

HarmonyOS
2024-12-25 08:28:27
浏览
收藏 0
回答 1
待解决
回答 1
按赞同
/
按时间
FengTianYa

是由于caCertData 和 secondCaCertData 都是由顶级证书衍生的次级证书,缺少顶级的根证书,将caCertData 替换为 secondCaCertData 二级证书数据获取到的顶级的根证书,测试无问题。参考文档:

https://developer.huawei.com/consumer/cn/doc/harmonyos-guides-V5/create-verify-certchain-object-V5

分享
微博
QQ
微信
回复
2024-12-25 11:26:31
相关问题
HarmonyOS怎么校验服务SSL证书状态?
2940浏览 • 1回复 待解决
HarmonyOS 模拟位置服务 3301300错误
188浏览 • 1回复 待解决
HarmonyOS axios如何忽略证书校验
144浏览 • 1回复 待解决
HarmonyOS 网络请求跳过ssl证书校验
186浏览 • 1回复 待解决
http请求证书校验实现
647浏览 • 1回复 待解决
HarmonyOS 如何忽略掉https证书校验
147浏览 • 1回复 待解决
HarmonyOS 推送服务系统错误1000900010
143浏览 • 1回复 待解决
推送服务系统错误1000900010
1862浏览 • 1回复 待解决
HarmonyOS 加载图片跨域错误
43浏览 • 1回复 待解决
HarmonyOS https请求证书配置,2300058
30浏览 • 1回复 待解决