I am trying to enable Huawei AppGallery Connect App Signature functionality to support uploading my App Bundle. When I try to upload the signing key, AppGallery Connect gives me an error message saying that it failed to upload the public key.
I looked at the network response and the error message was “DSS Handle Fail”.
I’m using the pepk tool version from here: https://www.gstatic.com/play-apps-publisher-rapid/signing-tool/prod/pepk.jar
I followed the same command as outlined in the following article and on the Huawei AppGallery App Signature page here:
https://developer.huawei.com/consumer/en/doc/development/AppGallery-connect-Guides/agc-appsigning-releasedapp
Does anyone use the same tool, command and have the same error? Please share if you have a solution. Thanks.
If you use the App Signing service, please check as follows:
If you upload your own key signature, the supported encryption algorithms and key length are as follows:
RSA: 1024, 2048, 4096
EC: NIST P-256
For more details, see docs.
Related
[getToken] Error/Exception: {"nativeStackAndroid":[],"userInfo":null,"message":"6003: certificate fingerprint error","code":"907122045","line":2242,"column":45,"sourceURL":""} WHEN INSTALL APP in APPGALLERY
FYI: App Signing has already been applied for this app
In app signing function, it will replace the application signature.
You need to check the new signature is configured in Appgallery console:
https://developer.huawei.com/consumer/en/doc/development/HMSCore-Guides/config-agc-0000001050196065#section19713716202718
If it is missing, you will meet this error.
Error code 6003 is caused by inconsistent certificate fingerprint configurations. Check whether the correct certificate fingerprint is configured in AppGallery Connect. For details; see AppGallery Connect configuration in Development Preparations.
Check the following items:
Verify that the fingerprint has been configured, and the certificate for packing the signature on the local client is the same as the certificate for configuring the fingerprint on the server.
Check the fingerprint entries in the certificate. It is recommended that you use a single entry.
If error code 6003 persists when you run the local client after the fingerprint is configured, the debug certificate is running by default. Clear the cache of HMS Core (APK) and run the client again.
For details , please refer to FAQ:
https://developer.huawei.com/consumer/en/doc/development/HMS-Plugin-Guides/rn-faqs-0000001057278103
Please refer to below link for configuring fingerprint:
https://developer.huawei.com/consumer/en/doc/development/HMS-Plugin-Guides/config-agc-0000001053537946
I downloaded this project from git hub https://github.com/slem1/saml-angular
but I'm having trouble testing I updated the certificate but now I'm getting a return of "Reason: Invalid signature in Request." someone help me how should i proceed?
i'm trying to make the saml authentication process complete so i can adapt it in my project
Recently,I needed to access HUAWEI AppGallery Connect API
and create a product through the PMS API (server API). However, when Postman
was used for basic service interconnection tests,
the error message "403 client token authorization fail" was displayed.
how can i fix it?
Based on the error code included in your screen captures, the error was caused by an authentication failure.
To solve the problem, you first need to confirm that the client ID used for applying for the token has sufficient permission.
HMS official document suggested that the project associated with the API client be selected as N/A. You need to create an API client and associate it with a project. E.g. An app ID in the project was 100xxx591. However, the app ID in the Postman service request was 101xxx531, which would cause the authentication failure.
Also, to fix the above, you need to create an API client and selected N/A (indicating that all projects are supported), and use the client to request a token. The process should work well after this.
In general, if Huawei's 403 authentication failure occurs, you can verify the permission first, and then check the associated projects.
For more details about the PMS API, please refer to this link.
I am trying to deploy an application to a hololens with the Windows device Portal Rest API.
For some reasons I don't want to use the Microsoft Device portal wrapper.
In C#, with RestSharp, I can get the list of installed packages but when I try to deploy a new app, I get the error Forbidden because of CSRF token invalid.
Then I tried to add cookies from the previous request but I still get this error.
I tried to do the same with Postman but I have a different error: 413 Payload too large. The msix file is 154 MB but I have no problem to deploy it with the web device portal.
Thank you for your help.
[EDIT] I tried a smaller app on Postman and I get 403 CSRF token invalid
After analyzing the web device portal with wireshark I found that it is using a parameter with the name "X-CSRF-Token" while adding a cookie add the parameter "CSRF-Token".
Manually adding this parameter with the right value did the trick.
It may seem to be asked several times, but I could not find answers to my doubts.
As one needs to setup an MDM server, what are the things that need to be available or installed on this server. Is there a specific configuration?
Is SCEP (which I think needs to be available on the server) required to setup MDM. If yes, how to go about with it.
When I set the Server URL inb the MDM config profile to any of the servers I have, the profile fails to install with the error in console as "The identity certificate for com.abc.mdm.mdm1 could not be found."
It'll be helpful if anyone could redirect me to the detailed steps to setup MDM server. I could not find any such thing in Apple's WWDC 2010 video.
Edit: Some more stuff I've tried
I'm trying to configure MDM server for iPhone and have tried the following steps till now.
I have installed a trial certificate from RapidSSL. When I open my site as https://example.com, I can see a lock at the address bar - hence I believe that the certificate is valid and working.
In iPCU, I create a credentials payload and select my certificate from the list.
In the MDM payload, when I try to select an Identity, the dropdown list is disabled with a message as Add credentials in the credentials payload.
In the credentials payload when I select any other certificate from the list - VeriSign for example - in the MDM payload I get the Identity dropdown list enabled and can select the configured credential, but this is an Invalid certificate.
Edit: Images added
Edit: Moved further more
With some hits here and there, I'm now able to get the 'Identity' field enabled. But when I try to install the profile, I get an error as 'Profile failed to install' with the message in console as
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MDM|Cannot Authenticate. Error: NSError 0x1ddb8f50:
Desc : A transaction with the server at https://example.com has failed with the status 405.
US Desc: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCHTTPTransactionErrorDomain
Code : 23001
Type : MCFatalError
Params : (
"https://example.com",
405
)
Nov 22 15:15:11 Apple-iphone-4 profiled[1320] <Warning>: MC|Cannot install MDM com.example.ota.mdm2. Error: NSError 0x1ddb9120:
Desc : The payload com.example.ota.mdm2 could not be installed.
Sugg : A transaction with the server at https://example.com has failed with the status 405.
US Desc: The payload com.example.ota.mdm2 could not be installed.
US Sugg: A transaction with the server at https://example.com has failed with the status 405.
Domain : MCInstallationErrorDomain
Code : 4001
Type : MCFatalError
Params : (
"com.example.ota.mdm2"
)
Edit: Continuing after a long break
Here's a summary of what I've done till now.
Configured a Windows 2008 server with an SSL certificate from a CA. ie. The server can be accessed as https://example.com
Hosted a .Net webservice that listens to PUT.
Generated an MDM certificate from the iOS Developer portal.
Generated a Push certificate from Apple. The topic is something like com.apple.mgmt.External.035e7xxxxx
Added the server certificate to the Credentials payload of iPCU. This was done by
- Exporting the server side SSL as a .pfx file
- Adding this file to the Windows Certificate store
- Selecting this certificate in the credentials payload.
I've hosted this profile on the server. When I download it on the device, I'm presented with Profile Installation on the device. When I install this profile, I end up with an error saying "The profile MDM could not be installed". On looking at the device logs, I found
<Notice>: (Error) MDM: Cannot Authenticate. Error: NSError:
Desc : A transaction with the server at “https://example.com” has failed with the status “400”
IMP: I noticed that the Push certificate generated says "This certificate was signed by an unknown authority". There's also no private key associated with it.
I suspect something wrong is selecting the certificate in the Credentials payload (Step 5).
Also when the Profile Installation screen is presented, I get "Not Verified" just below the the profile name.
Solved
For the "unknown authority" issue I installed Apple's Application Integration certificate.
I'm now able to execute the MDM commands.
Complete Steps
https://drive.google.com/file/d/0B9vJDmfd2qb9RmdGNlp4OUR3eVk/view?usp=sharing
https://drive.google.com/file/d/0B9vJDmfd2qb9eGlkUk44ajZrWjg/view?usp=sharing
You need just 3 things
1) mdm payload with mdm url starting with https://
2) certificate which you download using apple developer portal. This is detailed on apple site
3) Link this certificate (.p12) file in the identity section of the mdm payload
Your server needs to have the necessary ports open - this is also documented. The server needs to listen on PUT method and not GET or POST.
If you do above - you will see that your device sends the deviceToken, pushMagic etc.
First up, the 405 status from the server means that you are attempting to POST to a URL that does not accept the POST method. It has nothing to do with the certificates at this point. The certificate in MDM is only used for signing the MDM messages so anything that is put in there is unused if you are not signing your MDM messages from the device (I would recommend not signing your MDM messages while you are testing/setting up) which is configured using the 'Sign Messages' tick-box in the iPCU.
The general idea with MDM is that you tell the device to 'phone home' to the 'Server URL' configured in the configuration profile when it receives an MDM APNS message. You will either have to write or purchase the code that lives on this server to respond to the device and do the right thing. You can also configure the 'Check In' and 'Check Out' URLs to talk to different URLs and, therefore, different code components on the server to handle the different messages.