OpenHarmony XTS 设备证明软证书验证30004报错原因及修复

4 月 ago

鸿蒙小菜

4 minutes

商用设备XTS认证填写完信息后，需要调测设备验证通过数量大于0才能进行下一步。这里我们需要按照官方的文档申请软证书，获取通过privatekey来获取token，然后将tokenA放入指定的目录进行联网检验。官方的文档一个很大的漏洞就是没有把校对的参数说清楚，导致大家会经常卡在-30004的报错，打印信息一般如下：

08-28 18:10:18.153  1673  1689 E C01800/DEVATTEST: [GetFileSize] Invalid path of /data/service/el1/public/device_attest/auth_status
08-28 18:10:18.153  1673  1689 E C01800/DEVATTEST: [IsAuthStatusChg] Load auth status failed or status file not exist
08-28 18:10:18.153  1673  1689 I C01800/DEVATTEST: [AttestStartup] Reset device.
08-28 18:10:18.153  1673  1689 E C01800/DEVATTEST: [IsFileExist] Invalid path of /data/service/el1/public/device_attest or file reset_flag not exist
08-28 18:10:18.444  1673  1689 E C01800/DEVATTEST: [CheckDomain] same domain
08-28 18:10:18.444  1673  1689 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 18:10:18.444  1673  1689 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 18:10:18.445  1673  1689 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 18:10:18.445  1673  1689 E C01800/DEVATTEST: [GetDecryptedTokenValue] Decrypt token value using Huks failed
08-28 18:10:18.447  1673  1689 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 18:10:18.447  1673  1689 E C01800/DEVATTEST: [GetTokenIdDecrypted] Decrypt token Id using Huks failed
08-28 18:10:18.723  1673  1689 E C01800/DEVATTEST: [ParseResetResult] -errorCode = -15003.
08-28 18:10:18.723  1673  1689 E C01800/DEVATTEST: [ResetDevice] Parse reset result message failed, ret = -15003.
08-28 18:10:18.723  1673  1689 I C01800/DEVATTEST: [AttestStartup] Auth device.
08-28 18:10:19.007  1673  1689 E C01800/DEVATTEST: [CheckDomain] same domain
08-28 18:10:19.007  1673  1689 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 18:10:19.007  1673  1689 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 18:10:19.008  1673  1689 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 18:10:19.008  1673  1689 E C01800/DEVATTEST: [GetDecryptedTokenValue] Decrypt token value using Huks failed
08-28 18:10:19.008  1673  1689 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 18:10:19.008  1673  1689 E C01800/DEVATTEST: [GetTokenIdDecrypted] Decrypt token Id using Huks failed
08-28 18:10:19.297  1673  1689 E C01800/DEVATTEST: [ParseAuthResultRespImpl] Invalid error code or get it failed, ret = -30004
08-28 18:10:19.297  1673  1689 E C01800/DEVATTEST: [AuthDevice] Parse auth result message failed, ret = -30004.
08-28 18:10:19.305  1673  1689 E C01800/DEVATTEST: [AttestStartup] Auth token failed, ret = -30004.
08-28 18:10:19.305  1673  1689 E C01800/DEVATTEST: [ProcAttest] Proc Attest failed, ret = -1.
08-28 18:10:19.305  1673  1689 I C01800/DEVATTEST: [PrintCurrentTime] Hours: 10, Minutes: 10, Seconds: 19
08-28 18:10:19.305  1673  1689 E C01800/DEVATTEST: [AttestTask] Proc failed ret = -1.
08-28 18:10:19.305  1673  1689 I C01800/DEVATTEST: [AttestTask] End.
08-28 18:10:19.307  1673  1689 I C01800/DEVATTEST: [OnIdle] reason 0
08-28 18:10:19.307  1673  1689 I C01800/DEVATTEST: Thread exited...
08-28 18:10:19.308  1673  1690 I C01800/DEVATTEST: [OnStop] DevAttestService OnStop

去校验设备信息都是对的，但就是卡在这个30004。官方的文档没有说一个关键信息，那就是设备上begetctl dump api信息中GetDevUdid要和平台上授权验证管理->管理调测设备中与对应productid的设备的UDID要一致。如果设备的信息有修改，需要删除对应的调测设备然后重新添加一遍，只有这样设备的UDID才会刷新，不然设备信息怎么改都没用。

一般来说UDID一致后，设备信息就全对了，需要注意一点的是 “用户管理” > “账户管理”>企业简称（英文）与UDID是关联的大小写不能错，这个值对应了const.product.manufacturer 需要完全一致。测试通过的打印如下：

08-28 19:45:43.291  1597  1599 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 19:45:43.291  1597  1599 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 19:45:43.291  1597  1599 E C01800/DEVATTEST: [CheckAuthResult] auth result is ATTEST_ERR.
08-28 19:45:43.291  1597  1599 E C01800/DEVATTEST: [IsAuthStatusChg] Check auth result failed
08-28 19:45:43.291  1597  1599 I C01800/DEVATTEST: [AttestStartup] Reset device.
08-28 19:45:43.291  1597  1599 E C01800/DEVATTEST: [IsFileExist] Invalid path of /data/service/el1/public/device_attest or file reset_flag not exist
08-28 19:45:44.584  1597  1599 E C01800/DEVATTEST: [CheckDomain] same domain
08-28 19:45:44.584  1597  1599 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 19:45:44.584  1597  1599 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 19:45:44.586  1597  1599 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 19:45:44.586  1597  1599 E C01800/DEVATTEST: [GetDecryptedTokenValue] Decrypt token value using Huks failed
08-28 19:45:44.587  1597  1599 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 19:45:44.587  1597  1599 E C01800/DEVATTEST: [GetTokenIdDecrypted] Decrypt token Id using Huks failed


08-28 19:46:50.317  1597  1599 E C01800/DEVATTEST: [ParseResetResult] -errorCode = -15003.
08-28 19:46:50.317  1597  1599 E C01800/DEVATTEST: [ResetDevice] Parse reset result message failed, ret = -15003.
08-28 19:46:50.317  1597  1599 I C01800/DEVATTEST: [AttestStartup] Auth device.
08-28 19:46:51.654  1597  1599 E C01800/DEVATTEST: [CheckDomain] same domain
08-28 19:46:51.654  1597  1599 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 19:46:51.654  1597  1599 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 19:46:51.656  1597  1599 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 19:46:51.657  1597  1599 E C01800/DEVATTEST: [GetDecryptedTokenValue] Decrypt token value using Huks failed
08-28 19:46:51.659  1597  1599 E C01800/DEVATTEST: [DecryptHks] Hks key doesn't exist
08-28 19:46:51.659  1597  1599 E C01800/DEVATTEST: [GetTokenIdDecrypted] Decrypt token Id using Huks failed
08-28 19:46:51.977  1597  1599 I C01800/DEVATTEST: [AttestStartup] Flush auth result.
08-28 19:46:51.985  1597  1599 I C01800/DEVATTEST: [EncryptHks] HksKeyExist or HksGenerateKey success
08-28 19:46:51.997  1597  1599 I C01800/DEVATTEST: [AttestStartup] Active token.
08-28 19:46:52.000  1597  1599 I C01800/DEVATTEST: [EncryptHks] HksKeyExist or HksGenerateKey success
08-28 19:46:52.008  1597  1599 I C01800/DEVATTEST: [EncryptHks] HksKeyExist or HksGenerateKey success
08-28 19:46:52.332  1597  1599 E C01800/DEVATTEST: [CheckDomain] same domain
08-28 19:46:52.332  1597  1599 W C01800/DEVATTEST: [InitNetworkServerInfo] already init g_attestNetworkList
08-28 19:46:52.332  1597  1599 E C01800/DEVATTEST: [UpdateNetConfig] update new domain failed
08-28 19:46:52.334  1597  1599 I C01800/DEVATTEST: [GetDecryptedTokenValue] Decrypt token value using Huks success!
08-28 19:46:52.336  1597  1599 I C01800/DEVATTEST: [GetTokenIdDecrypted] Decrypt token Id using Huks success!
08-28 19:46:52.651  1597  1599 I C01800/DEVATTEST: [PrintCurrentTime] Hours: 11, Minutes: 46, Seconds: 52
08-28 19:46:52.651  1597  1599 I C01800/DEVATTEST: [AttestTask] End.
08-28 19:46:52.652  1597  1599 I C01800/DEVATTEST: [NetCapabilitiesChange] Skip the same operation

08-28 19:47:24.985  1597  1608 I C01800/DEVATTEST: [OnIdle] reason 0
08-28 19:47:24.987  1597  1827 I C01800/DEVATTEST: [OnStop] DevAttestService OnStop

# attesttestclient
[DEVATTEST]attestResultInfo authResult [0] softwareResult [0]
[DEVATTEST]attestResultInfo ticketLength [32] ticket [2pLKkMpP0SC6sP2BiXKtduRUppAowzau]
[DEVATTEST]attestResultInfo softwareResultDetail[0] 0
[DEVATTEST]attestResultInfo softwareResultDetail[1] 0
[DEVATTEST]attestResultInfo softwareResultDetail[2] 0
[DEVATTEST]attestResultInfo softwareResultDetail[3] 0
[DEVATTEST]attestResultInfo softwareResultDetail[4] -2
[DEVATTEST]Test client main ended successfully!

#鸿蒙