更新时间:2026-06-17 GMT+08:00
校验HTTP(S)签名证书
SMN服务推送的HTTP(S)协议消息体内携带signing_cert_url字段,该字段用于标识消息签名证书的外部下载路径。通过该外部路径获取证书时,存在中间人攻击导致证书内容被篡改的安全风险。为保障签名校验安全性,建议您直接采用本页面公示的HTTP(S)消息签名证书(cert.pem)完成消息签名校验工作。本页面公示的HTTP(S)消息签名证书由华为自有PKI CA签发;同时本页面同步对外公示对应CA证书公钥,可配套用于证书合法性核验。
HTTP(S)消息签名证书(cert.pem)
-----BEGIN CERTIFICATE----- MIIDWTCCAkGgAwIBAgIIdv23u/vU1zcwDQYJKoZIhvcNAQELBQAwODELMAkGA1UE BhMCQ04xDzANBgNVBAoTBkh1YXdlaTEYMBYGA1UEAxMPSHVhd2VpIENsb3VkIENB MB4XDTIwMDkwOTA2NDAwNFoXDTMwMDkwNzA2NDAwNFowPzELMAkGA1UEBhMCQ04x DzANBgNVBAoTBkh1YXdlaTEfMB0GA1UEAxMWSHVhd2VpLUNsb3VkLVNNTi1NZXRl cjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOunOsnncSp53UP4xetr A4tHiRj6kldrmyx5gYB/zbGblfwHDvh7Pw9633iq0y1ZwfE0yVu7mNAwdAAo1u7X lvO+ZLJkBsOjg2BU/BD7VfsVV7YJ51u467G0D7U8Qz8gIqsTbU1iT3koyNuUPmKe 9J0bhKdR8wy6xuROWh/5Ec0y2n28FqIDXP91udkYgrXhasmejLwx4saRFaVl6nPE MOOWyrFDtU5bKWj8wZUwhRAuIeUVxu4TRxLu+zyuXk1Y4mG1RCDpIf5XsgDeitMr TsrdjuxEsgRTDCVl6WVEojzBv/AccLoBrbHFa+Pppp8/RDvDhuQrxizp+K4zSunQ iukCAwEAAaNgMF4wHwYDVR0jBBgwFoAU9JLn3OgwPepGkfxQ4xg4L8UVUSswDAYD VR0TBAUwAwEBADAOBgNVHQ8BAf8EBAMCA6gwHQYDVR0lBBYwFAYIKwYBBQUHAwEG CCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQALQt+Fy2yOs/Z7PL0xq2g8lWx0 7zNaUcYYdFcZeiwfuLSTOeFJiPFKyAsN7Bl7wIjFT8ZsHDhBJE5bkYnjdYxO1jnq xCeNDErlP0nD7j+p5YZMtMWv/vPod3EBQ4z5ThNvAljeSx9iQKL0HL7lxOJ4ssId zsFlSZCdkRbNQb4Vb8r72J0Yu8hiSUTvvIMERTBzYtTFUTTmJz4oX5HvBj4KEycF RWjrNp6g82RRcSEPQl8XeoqOAiCSr1ddsTLQDqWgKWA68Tc64LPMxG3BC2cl0GrK Ilqom+ZuaR05jslMr7jSCQwUcLIk0Loxv2YYrE9Yqju/v2s8LKXwiLVsxxTU -----END CERTIFICATE-----
CA证书(ca.pem)
# Issuer: CN=Huawei Equipment CA,O=Huawei,C=CN # Subject: CN=Huawei Cloud CA,O=Huawei,C=CN # Label: "Huawei Cloud CA" # Serial: 76666a0a296170cd981e6ebaf9a4808c3f # SHA256 Fingerprint: B8:14:1F:4A:8B:93:4A:E5:8C:01:06:49:4A:9D:00:48:94:DB:A8:8B:44:63:C8:13:C5:0E:24:2C:1D:89:F4:D3 -----BEGIN CERTIFICATE----- MIIErDCCApSgAwIBAgIRdmZqCilhcM2YHm66+aSAjD8wDQYJKoZIhvcNAQELBQAw PDELMAkGA1UEBhMCQ04xDzANBgNVBAoTBkh1YXdlaTEcMBoGA1UEAxMTSHVhd2Vp IEVxdWlwbWVudCBDQTAeFw0xNzA4MzExMjEzMTRaFw00MTEwMTIxMjEzMTRaMDgx CzAJBgNVBAYTAkNOMQ8wDQYDVQQKEwZIdWF3ZWkxGDAWBgNVBAMTD0h1YXdlaSBD bG91ZCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKvJNCZTjMj8 nCmfWE2B9XMOLHWAZkXk0hAY4pby6Nt+lVqqcBp3UBJqCNSn4LzkgcFe2q46aBUt lik1k49S8eo5zmVx2eWWTKGiofJncakvDVR4Co3zBDJTOPxxwuSR0fRb8O3KNaYm Tf62zYiJ0snokW+iDO+1NqQGy0WELZ8N4utHzMOC4gYB9A+9QmFArDB/6bxxEYmy AG2txm8HNQBn5hCvEDLEEuSbVWHbih4F4ftyebho0oHIeKIfNK48voeOeBPFQe9L 0tBU8EOmND05psqphRhojytqmrZUY/YnqQpTWpeykeI1MbVW0YZ5HRbSC6mgoyvo Nuiya+WZ2f0CAwEAAaOBrDCBqTAfBgNVHSMEGDAWgBQq+BBZJ4A1H6d8ujufKuRK qpuS6jBGBgNVHSAEPzA9MDsGBFUdIAAwMzAxBggrBgEFBQcCARYlaHR0cDovL3N1 cHBvcnQuaHVhd2VpLmNvbS9zdXBwb3J0L3BraTAPBgNVHRMECDAGAQH/AgEAMA4G A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU9JLn3OgwPepGkfxQ4xg4L8UVUSswDQYJ KoZIhvcNAQELBQADggIBAJx9817HslSMkxX/Dcs2GX8nGIbXl72/71pl9Hf9lWOY cqh3W8gz7HxEDYrgpl5+nIw8jKxi3PbBfoSXQnaTYz0DOesNwkHx7Dn9jb6usovc wjxcZbB/7GedLriiCrG/RX0CoSlkFFo2V0jkUa6sMonmaA+E5kpjqgXymvfdW1C7 q+B/6rB/ISZP+RYUsRqoWRHXWDxgaB7h5moKPw0R88jwfrkl7m0gk1GICc1QM4f5 CDC0tIjBxfr2WBH4ypkSdzzFwH6wO/bPhOqH1clw7ULwsnY/olSBEqncayIoE6+b Klxr3TS1NLOw4p7JowJ3T5BaEndu22BoDotiVGnaTDdP1kSZFZFXbXORKL1vvk1b 49fWeUqSsN5ZfFv77feOnTqZhqLC9pXYWF0bhH6cQgY82pUeqQuuznYR7wMzBIaU Dfc/RlTB5Cjsz4LCApeXCC+bFz0Z0fkYfj64jK9dg5uG+kQlO3iCcrSkhQzTwZXX Oi1oPbSEBVlCxb+5f4B2doV5LOwZPErmxBkOWRD60jOS4sQfs6AwzXH9JclzAkF+ 5Fmi9AYzeZuigdndEm4cGyuq04xtAwSx0TQppyTtyWsOs1wQ9wYgOG6MbJm1qMoJ xJSl6+m5J8ImH2VH3SUQcO7fI3fgvoPh57tfaf8rv3cOj6EY2xzNniTpUaDxw4Cj -----END CERTIFICATE----- # Issuer: CN=Huawei Equipment CA,O=Huawei,C=CN # Subject: CN=Huawei Equipment CA,O=Huawei,C=CN # Label: "Huawei Equipment CA" # Serial: 762560022a475eeca62b7c68ac9b3f2986 # SHA256 Fingerprint: DA:2A:BE:92:25:D7:95:A3:80:E2:89:9D:53:0E:F0:31:8A:5B:32:BC:81:AA:FD:44:88:BA:96:1D:DF:75:02:D4 -----BEGIN CERTIFICATE----- MIIFPzCCAyegAwIBAgIRdiVgAipHXuymK3xorJs/KYYwDQYJKoZIhvcNAQELBQAw PDELMAkGA1UEBhMCQ04xDzANBgNVBAoTBkh1YXdlaTEcMBoGA1UEAxMTSHVhd2Vp IEVxdWlwbWVudCBDQTAeFw0xMTEyMDYwNzM0MjNaFw00MTExMjgwNzM0MjNaMDwx CzAJBgNVBAYTAkNOMQ8wDQYDVQQKEwZIdWF3ZWkxHDAaBgNVBAMTE0h1YXdlaSBF cXVpcG1lbnQgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCiiYQn C/Mp9obmAnXmu/Nj6rccSkEQJXlZipOv8tIjvr0B8ObpFUnU+qLojZUYlNmXH8Rg RgFB1sBSyOuGiiP0uNtJ0lPLbylsc+2fr2Rlt/qbYs1oQGz+oNl+UdAOtm/lPzgg UOVVst15Ovf0Yf6LQ3CQalN2VJWgKpFUudDKWQ2fzbFT5YSfvhFxvtvWfgdntKAJ t3sFvkKr9Qw+0EYNpQiw5EALeLWCZSYU7A939puqYR6aNA447S1K8SgWoav82P4U Y/ykLXjcgTeCnvRRtUga1gdIwm5d/vRlB5il5wspGLLes4SomzUYrvnvHio555NZ PpvmpIXNolwvYW5opAyYzE05pVSOmHf/RY/dHto8XWexOJq/UAFBMyiH4NT4cZpW jYWR7W9GxRXApmQrrLXte1CF/IzXWBMA2tSL0WnRJz5HRcKzsOC6FksiqsYstFjc CE7J7Nicr3Bwq5FrZiqGSdLmLRn97XqVlWdN31HX16fzRhZMiOkvQe+uYT+BXbhU 1fZIh6RRAH3V1APobVlCXh5PDq8Ca4dClHNHYp5RP0Pb5zBowTqBzSv7ssHrNceQ sWDeNjX9t59NwviaIlXIlPiWEEJc22XtMm4sc/+8mgOFMNXr4FWu8vdG2fgRpeWJ O0E035D6TClu4So2GlN/fIccp5wVYAWF1WhxSQIDAQABozwwOjAMBgNVHRMEBTAD AQH/MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUKvgQWSeANR+nfLo7nyrkSqqbkuow DQYJKoZIhvcNAQELBQADggIBAEDHZJ4vvx2kPmHEsN3OJOeF2nV6chjF1QZcUwlo jhUtIv9jte9mci5qllvYRU5mia9rYZiP61XfdrwORf8QdJcI63QgrIj7MtnJULcU Ukk0Sj9Fz6rswfhlaqtRjDp2ljizCl9bmUzKZTl40m/SMbItbSyYXvKrgSPTwgPo /MralqpJcuoUkf+JDZIP3AaIy+vecksJwmoFIc0OqwP7uNC55kr8kx70eH3QKaiA U+8CL3N7gtMFBL2MALlk3vFEICEAhWvMGrYNtSzBUEJNTspx+qVxERBqxJImBsPG D7LhLOaPlSzfbU6CD3C8G92Y7r4nCcQ+SOQv4k6TTRn8pOj5c0oy3Z28DeZGuzSX NPsWur3aRVwE0mOY8cLBkgio7AQjqIAmdbo5vie7X1zshyEcA7FaE1mJdNS3WVCv lMwTFwygq13svLQ5MwGPSexsHudZ5JP55tHXkQyPRqxdhFr+gxDw5oiv/LlxApB8 5MwEfTTs/uzS6FSWAUC0IAxWyZ3MytVAAL7SiwZp/eODWBwLXETlIKcu/fdhTfN5 q1Mm9TjMjJmDEoqzIDRjDuVR4v/3czRxMOkKtUHJt2ixeiidh9hjY6ae669BqpBR W0d5dyNozy+IJcUo7Gg2+F1AhTLwvPiYlJLsNGZZvqXfhplpwcAnvtoGJvAj+QkL iW4z -----END CERTIFICATE-----
签名证书校验示例
以下代码演示如何通过CA证书(ca.pem)验证 HTTP(S)消息签名证书(cert.pem)的合法性。
public static void main(String[] args) {
boolean result = verify("ca.pem", "cert.pem");
if (result) {
System.out.println("Verify success");
} else {
System.out.println("Verify failed");
}
}
public static boolean verify(String caPath, String certPath) {
try {
X509Certificate cert = loadX509Cert(certPath);
X509Certificate ca = loadX509Cert(caPath);
cert.verify(ca.getPublicKey());
return true;
} catch (Exception e) {
System.err.println(String.format("Failed to verify certificate: %s", e.getMessage()));
return false;
}
}
public static X509Certificate loadX509Cert(String path) throws CertificateException {
try (InputStream in = Files.newInputStream(Paths.get(path))) {
CertificateFactory cf = CertificateFactory.getInstance("X.509");
return (X509Certificate) cf.generateCertificate(in);
} catch (Exception e) {
throw new CertificateException(String.format("Failed to load certificate from: %s", path), e);
}
} 父主题: HTTP(S)终端节点使用样例
