1# @ohos.security.cert (Certificate) 2 3The **certificate** module provides APIs for performing certificate operations. For details about the APIs for implementing the basic algorithm capabilities based on the cryptographic (crypto) framework, see [Crypto Framework](js-apis-cryptoFramework.md). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 9. 8 9## Modules to Import 10 11```javascript 12import cryptoCert from '@ohos.security.cert'; 13import cryptoFramework from "@ohos.security.cryptoFramework" 14``` 15 16## CertResult 17 18 Enumerates the error codes. 19 20 **System capability**: SystemCapability.Security.Cert 21 22| Name | Value | Description | 23| --------------------------------------| -------- | -----------------------------| 24| INVALID_PARAMS | 401 | Invalid parameters. | 25| NOT_SUPPORT | 801 | This operation is not supported. | 26| ERR_OUT_OF_MEMORY | 19020001 | Memory error. | 27| ERR_RUNTIME_ERROR | 19020002 | Runtime error. | 28| ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error. | 29| ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed. | 30| ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect. | 31| ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired. | 32| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer. | 33| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate. | 34| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature. | 35 36## DataBlob 37Defines a binary data array. 38 **System capability**: SystemCapability.Security.Cert 39| Name | Type | Readable| Writable| Description | 40| -------------- | -------------- | ---- | ---- | ----------------| 41| data | Uint8Array | Yes | Yes | Data. | 42 43## DataArray 44 45Defines a list of data arrays. 46 **System capability**: SystemCapability.Security.Cert 47| Name | Type | Readable| Writable| Description | 48| -------------- | -------------- | ---- | ---- | ----------------| 49| data | Uint8Array | Yes | Yes | Data list. | 50 51## EncodingFormat 52 53 Enumerates the certificate encoding formats. 54 55 **System capability**: SystemCapability.Security.Cert 56 57| Name | Value| Description | 58| ---------- | ------ | --------- | 59| FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| 60| FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| 61 62 63## EncodingBlob 64 65Defines a certificate binary array in encoding format. 66 67### Attributes 68 69**System capability**: SystemCapability.Security.Cert 70 71| Name | Type | Readable| Writable| Description | 72| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 73| data | Uint8Array | Yes | Yes | Certificate data.| 74| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 75 76 77## CertChainData 78 79Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. 80 81### Attributes 82 83**System capability**: SystemCapability.Security.Cert 84 85| Name | Type | Readable| Writable| Description | 86| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 87| data | Uint8Array | Yes | Yes | Certificate data, in the *length* (2 bytes) + *data* format. For example, **08ABCDEFGH07ABCDEFG**. The first two bytes indicate the length of the first certificate is eight bytes, and the following eight bytes indicate the certificate data. Then, the next two bytes indicate the length of another certificate is seven bytes, and the seven bytes followed indicate the certificate data.| 88| count | number | Yes | Yes | Number of certificates contained in the input data. | 89| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 90 91 92## cryptoCert.createX509Cert 93 94createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 95 96Creates an **X509Cert** instance. This API uses an asynchronous callback to return the result. 97 98**System capability**: SystemCapability.Security.Cert 99 100**Parameters** 101 102| Name | Type | Mandatory| Description | 103| -------- | ----------------------------- | ---- | -------------------------- | 104| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 105| callback | AsyncCallback\<X509Cert> | Yes | Callback invoked to return the result. **X509Cert** instance created.| 106 107**Error codes** 108 109| ID| Error Message | 110| -------- | ------------- | 111| 19020001 | Memory error. | 112 113**Example** 114 115```js 116import cryptoCert from '@ohos.security.cert'; 117 118// Certificate binary data, which must be set based on the service. 119let encodingData = null; 120let encodingBlob = { 121 data: encodingData, 122 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 123 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 124}; 125cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 126 if (error != null) { 127 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 128 } else { 129 console.log("createX509Cert success"); 130 } 131}); 132``` 133 134## cryptoCert.createX509Cert 135 136createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 137 138Creates an **X509Cert** instance. This API uses a promise to return the result. 139 140**System capability**: SystemCapability.Security.Cert 141 142**Parameters** 143 144| Name | Type | Mandatory| Description | 145| -------- | ----------------------------- | ---- | ------------------ | 146| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 147 148**Return value** 149 150| Type | Description | 151| ------- | ---------------- | 152| Promise\<X509Cert> | **X509Cert** instance created.| 153 154**Error codes** 155 156| ID| Error Message | 157| -------- | ------------- | 158| 19020001 | Memory error. | 159 160**Example** 161 162```js 163import cryptoCert from '@ohos.security.cert'; 164 165// Certificate binary data, which must be set based on the service. 166let encodingData = null; 167let encodingBlob = { 168 data: encodingData, 169 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 170 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 171}; 172cryptoCert.createX509Cert(encodingBlob).then(x509Cert => { 173 console.log("createX509Cert success"); 174}, error => { 175 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 176}); 177``` 178 179## X509Cert 180 181Provides APIs for X.509 certificate operations. 182 183### verify 184 185verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 186 187Verifies the certificate signature. This API uses an asynchronous callback to return the result. 188 189**System capability**: SystemCapability.Security.Cert 190 191**Parameters** 192 193| Name | Type | Mandatory| Description | 194| -------- | --------------------- | ---- | ------------------------------------------------------------ | 195| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 196| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 197 198**Error codes** 199 200| ID| Error Message | 201| -------- | ------------------ | 202| 19030001 | Crypto operation error. | 203 204**Example** 205 206```js 207import cryptoCert from '@ohos.security.cert'; 208 209// Certificate binary data, which must be set based on the service. 210let encodingData = null; 211let encodingBlob = { 212 data: encodingData, 213 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 214 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 215}; 216cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 217 if (error != null) { 218 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 219 } else { 220 console.log("createX509Cert success"); 221 // The service needs to call getPublicKey() of the upper-level X509Cert object to obtain the public key. 222 let pubKey = null; 223 x509Cert.verify(pubKey, function (error, data) { 224 if (error != null) { 225 console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message); 226 } else { 227 console.log("verify success"); 228 } 229 }); 230 } 231}); 232``` 233 234### verify 235 236verify(key : cryptoFramework.PubKey) : Promise\<void> 237 238Verifies the certificate signature. This API uses a promise to return the result. 239 240**System capability**: SystemCapability.Security.Cert 241 242**Parameters** 243 244| Name| Type | Mandatory| Description | 245| ------ | ------ | ---- | ------------------ | 246| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 247 248**Return value** 249 250| Type | Description | 251| -------------- | ----------- | 252| Promise\<void> | Promise used to return the result.| 253 254**Error codes** 255 256| ID| Error Message | 257| -------- | ------------------ | 258| 19030001 | Crypto operation error. | 259 260**Example** 261 262```js 263import cryptoCert from '@ohos.security.cert'; 264 265// Certificate binary data, which must be set based on the service. 266let encodingData = null; 267let encodingBlob = { 268 data: encodingData, 269 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 270 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 271}; 272cryptoCert.createX509Cert(encodingBlob).then(x509Cert => { 273 console.log("createX509Cert success"); 274 // The service can call getPublicKey() of the upper-level X509Cert object to obtain the public key. 275 let pubKey = null; 276 x509Cert.verify(pubKey).then(result => { 277 console.log("verify success"); 278 }, error => { 279 console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message); 280 }); 281}, error => { 282 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 283}); 284``` 285 286### getEncoded 287 288getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 289 290Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. 291 292**System capability**: SystemCapability.Security.Cert 293 294**Parameters** 295 296| Name | Type | Mandatory| Description | 297| -------- | --------------------------------------------- | ---- | -------------------------------- | 298| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the result. Promise used to return the serialized X.509 certificate data obtained.| 299 300**Error codes** 301 302| ID| Error Message | 303| -------- | ------------------------------------------------- | 304| 19020001 | Memory error. | 305| 19020002 | Runtime error. | 306| 19030001 | Crypto operation error.| 307 308**Example** 309 310```js 311import cryptoCert from '@ohos.security.cert'; 312 313// Certificate binary data, which must be set based on the service. 314let encodingData = null; 315let encodingBlob = { 316 data: encodingData, 317 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 318 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 319}; 320cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 321 if (error != null) { 322 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 323 } else { 324 console.log("createX509Cert success"); 325 x509Cert.getEncoded(function (error, data) { 326 if (error != null) { 327 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 328 } else { 329 console.log("getEncoded success"); 330 } 331 }); 332 } 333}); 334``` 335 336### getEncoded 337 338getEncoded() : Promise\<EncodingBlob> 339 340Obtains the serialized X.509 certificate data. This API uses a promise to return the result. 341 342**System capability**: SystemCapability.Security.Cert 343 344**Return value** 345 346| Type | Description | 347| --------------------------------------- | ---------------------- | 348| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 certificate data obtained.| 349 350**Error codes** 351 352| ID| Error Message | 353| -------- | ------------------------------------------------- | 354| 19020001 | Memory error. | 355| 19020002 | Runtime error. | 356| 19030001 | Crypto operation error.| 357 358**Example** 359 360```js 361import cryptoCert from '@ohos.security.cert'; 362 363// Certificate binary data, which must be set based on the service. 364let encodingData = null; 365let encodingBlob = { 366 data: encodingData, 367 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 368 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 369}; 370cryptoCert.createX509Cert(encodingBlob).then(x509Cert => { 371 console.log("createX509Cert success"); 372 x509Cert.getEncoded().then(result => { 373 console.log("getEncoded success"); 374 }, error => { 375 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 376 }); 377}, error => { 378 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 379}); 380``` 381 382### getPublicKey 383 384getPublicKey() : cryptoFramework.PubKey 385 386Obtains the public key of this X.509 certificate. This API uses an asynchronous callback to return the result. 387 388**System capability**: SystemCapability.Security.Cert 389 390**Return value** 391 392| Type | Description | 393| ------ | ---------------- | 394| cryptoFramework.PubKey | Public key of the X509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| 395 396**Error codes** 397 398| ID| Error Message | 399| -------- | ------------------------------------------------- | 400| 19020001 | Memory error. | 401| 19030001 | Crypto operation error.| 402 403**Example** 404 405```js 406import cryptoCert from '@ohos.security.cert'; 407import cryptoFramework from "@ohos.security.cryptoFramework" 408 409// Certificate binary data, which must be set based on the service. 410let encodingData = null; 411let encodingBlob = { 412 data: encodingData, 413 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 414 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 415}; 416cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 417 if (error != null) { 418 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 419 } else { 420 console.log("createX509Cert success"); 421 let pubKey = null; 422 try { 423 pubKey = x509Cert.getPublicKey(); 424 } catch (error) { 425 console.log("getPublicKey failed, errCode: " + error.code + ", errMsg: " + error.message); 426 } 427 } 428}); 429``` 430 431### checkValidityWithDate 432 433checkValidityWithDate(date: string) : void 434 435Checks the validity period of this X.509 certificate. This API uses an asynchronous callback to return the result. 436 437**System capability**: SystemCapability.Security.Cert 438 439**Parameters** 440 441| Name | Type | Mandatory| Description | 442| -------- | -------------- | ---- | ---------- | 443| date | string | Yes | Date in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The date must end with **Z**, which indicates the UTC.| 444 445**Error codes** 446 447| ID| Error Message | 448| -------- | ------------------------------------------------- | 449| 19020001 | Memory error. | 450| 19030001 | Crypto operation error.| 451| 19030003 | The certificate has not taken effect. | 452| 19030004 | The certificate has expired.| 453 454**Example** 455 456```js 457import cryptoCert from '@ohos.security.cert'; 458 459// Certificate binary data, which must be set based on the service. 460let encodingData = null; 461let encodingBlob = { 462 data: encodingData, 463 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 464 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 465}; 466cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 467 if (error != null) { 468 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 469 } else { 470 console.log("createX509Cert success"); 471 let date = "150527000001Z"; 472 473 // Verify the certificate validity period. 474 try { 475 x509Cert.checkValidityWithDate(date); 476 } catch (error) { 477 console.log("checkValidityWithDate failed, errCode: " + error.code + ", errMsg: " + error.message); 478 } 479 } 480}); 481``` 482 483### getVersion 484 485getVersion() : number 486 487Obtains the X.509 certificate version. 488 489**System capability**: SystemCapability.Security.Cert 490 491**Return value** 492 493| Type | Description | 494| ------ | ---------------- | 495| number | X.509 certificate version obtained.| 496 497**Example** 498 499```js 500import cryptoCert from '@ohos.security.cert'; 501 502// Certificate binary data, which must be set based on the service. 503let encodingData = null; 504let encodingBlob = { 505 data: encodingData, 506 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 507 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 508}; 509cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 510 if (error != null) { 511 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 512 } else { 513 console.log("createX509Cert success"); 514 let version = x509Cert.getVersion(); 515 } 516}); 517``` 518 519### getSerialNumber 520 521getSerialNumber() : number 522 523Obtains the X.509 certificate serial number. 524 525**System capability**: SystemCapability.Security.Cert 526 527**Return value** 528 529| Type | Description | 530| ------ | ------------------ | 531| number | X.509 certificate serial number obtained.| 532 533**Example** 534 535```js 536import cryptoCert from '@ohos.security.cert'; 537 538// Certificate binary data, which must be set based on the service. 539let encodingData = null; 540let encodingBlob = { 541 data: encodingData, 542 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 543 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 544}; 545cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 546 if (error != null) { 547 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 548 } else { 549 console.log("createX509Cert success"); 550 let serialNumber = x509Cert.getSerialNumber(); 551 } 552}); 553``` 554 555### getIssuerName 556 557getIssuerName() : DataBlob 558 559Obtains the X.509 certificate issuer. 560 561**System capability**: SystemCapability.Security.Cert 562 563**Return value** 564 565| Type | Description | 566| --------------------- | ---------------------- | 567| [DataBlob](#datablob) | X.509 certificate issuer obtained.| 568 569**Error codes** 570 571| ID| Error Message | 572| -------- | ------------------------------------------------- | 573| 19020001 | Memory error. | 574| 19020002 | Runtime error. | 575| 19030001 | Crypto operation error.| 576 577**Example** 578 579```js 580import cryptoCert from '@ohos.security.cert'; 581 582// Certificate binary data, which must be set based on the service. 583let encodingData = null; 584let encodingBlob = { 585 data: encodingData, 586 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 587 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 588}; 589cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 590 if (error != null) { 591 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 592 } else { 593 console.log("createX509Cert success"); 594 let issuerName = x509Cert.getIssuerName(); 595 } 596}); 597``` 598 599### getSubjectName 600 601getSubjectName() : DataBlob 602 603Obtains the subject of this X.509 certificate. 604 605**System capability**: SystemCapability.Security.Cert 606 607**Return value** 608 609| Type | Description | 610| --------------------- | -------------------- | 611| [DataBlob](#datablob) | Subject name obtained.| 612 613**Error codes** 614 615| ID| Error Message | 616| -------- | ------------------------------------------------- | 617| 19020001 | Memory error. | 618| 19020002 | Runtime error. | 619| 19030001 | Crypto operation error.| 620 621**Example** 622 623```js 624import cryptoCert from '@ohos.security.cert'; 625 626// Certificate binary data, which must be set based on the service. 627let encodingData = null; 628let encodingBlob = { 629 data: encodingData, 630 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 631 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 632}; 633cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 634 if (error != null) { 635 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 636 } else { 637 console.log("createX509Cert success"); 638 let subjectName = x509Cert.getSubjectName(); 639 } 640}); 641``` 642 643### getNotBeforeTime 644 645getNotBeforeTime() : string 646 647Obtains the start time of this X.509 certificate. 648 649**System capability**: SystemCapability.Security.Cert 650 651**Return value** 652 653| Type | Description | 654| ------ | ------------------------------------------------------------ | 655| string | Start time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 656 657**Error codes** 658 659| ID| Error Message | 660| -------- | ------------------------------------------------- | 661| 19020001 | Memory error. | 662| 19020002 | Runtime error. | 663| 19030001 | Crypto operation error.| 664 665**Example** 666 667```js 668import cryptoCert from '@ohos.security.cert'; 669 670// Certificate binary data, which must be set based on the service. 671let encodingData = null; 672let encodingBlob = { 673 data: encodingData, 674 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 675 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 676}; 677cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 678 if (error != null) { 679 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 680 } else { 681 console.log("createX509Cert success"); 682 let notBefore = x509Cert.getNotBeforeTime(); 683 } 684}); 685``` 686 687### getNotAfterTime 688 689getNotAfterTime() : string 690 691Obtains the expiration time of this X.509 certificate. 692 693**System capability**: SystemCapability.Security.Cert 694 695**Return value** 696 697| Type | Description | 698| ------ | ------------------------------------------------------------ | 699| string | Expiration time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 700 701**Error codes** 702 703| ID| Error Message | 704| -------- | ------------------------------------------------- | 705| 19020001 | Memory error. | 706| 19020002 | Runtime error. | 707| 19030001 | Crypto operation error.| 708 709**Example** 710 711```js 712import cryptoCert from '@ohos.security.cert'; 713 714// Certificate binary data, which must be set based on the service. 715let encodingData = null; 716let encodingBlob = { 717 data: encodingData, 718 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 719 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 720}; 721cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 722 if (error != null) { 723 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 724 } else { 725 console.log("createX509Cert success"); 726 let notAfter = x509Cert.getNotAfterTime(); 727 } 728}); 729``` 730 731### getSignature 732 733getSignature() : DataBlob 734 735Obtains the signature data of this X.509 certificate. 736 737**System capability**: SystemCapability.Security.Cert 738 739**Return value** 740 741| Type | Description | 742| --------------------- | -------------------- | 743| [DataBlob](#datablob) | Signature data obtained.| 744 745**Error codes** 746 747| ID| Error Message | 748| -------- | ------------------------------------------------- | 749| 19020001 | Memory error. | 750| 19020002 | Runtime error. | 751| 19030001 | Crypto operation error.| 752 753**Example** 754 755```js 756import cryptoCert from '@ohos.security.cert'; 757 758// Certificate binary data, which must be set based on the service. 759let encodingData = null; 760let encodingBlob = { 761 data: encodingData, 762 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 763 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 764}; 765cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 766 if (error != null) { 767 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 768 } else { 769 console.log("createX509Cert success"); 770 let signature = x509Cert.getSignature(); 771 } 772}); 773``` 774 775### getSignatureAlgName 776 777getSignatureAlgName() : string 778 779Obtains the signing algorithm of this X.509 certificate. 780 781**System capability**: SystemCapability.Security.Cert 782 783**Return value** 784 785| Type | Description | 786| ------ | ------------------------ | 787| string | X.509 certificate signing algorithm obtained.| 788 789**Error codes** 790 791| ID| Error Message | 792| -------- | ------------------------------------------------- | 793| 19020001 | Memory error. | 794| 19020002 | Runtime error. | 795| 19030001 | Crypto operation error.| 796 797**Example** 798 799```js 800import cryptoCert from '@ohos.security.cert'; 801 802// Certificate binary data, which must be set based on the service. 803let encodingData = null; 804let encodingBlob = { 805 data: encodingData, 806 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 807 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 808}; 809cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 810 if (error != null) { 811 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 812 } else { 813 console.log("createX509Cert success"); 814 let sigAlgName = x509Cert.getSignatureAlgName(); 815 } 816}); 817``` 818 819### getSignatureAlgOid 820 821getSignatureAlgOid() : string 822 823Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 824 825**System capability**: SystemCapability.Security.Cert 826 827**Return value** 828 829| Type | Description | 830| ------ | --------------------------------- | 831| string | OID obtained.| 832 833**Error codes** 834 835| ID| Error Message | 836| -------- | ------------------------------------------------- | 837| 19020001 | Memory error. | 838| 19020002 | Runtime error. | 839| 19030001 | Crypto operation error.| 840 841**Example** 842 843```js 844import cryptoCert from '@ohos.security.cert'; 845 846// Certificate binary data, which must be set based on the service. 847let encodingData = null; 848let encodingBlob = { 849 data: encodingData, 850 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 851 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 852}; 853cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 854 if (error != null) { 855 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 856 } else { 857 console.log("createX509Cert success"); 858 let sigAlgOid = x509Cert.getSignatureAlgOid(); 859 } 860}); 861``` 862 863### getSignatureAlgParams 864 865getSignatureAlgParams() : DataBlob 866 867Obtains the signing algorithm parameters of this X.509 certificate. 868 869**System capability**: SystemCapability.Security.Cert 870 871**Return value** 872 873| Type | Description | 874| --------------------- | ------------------------ | 875| [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| 876 877**Error codes** 878 879| ID| Error Message | 880| -------- | ------------------------------------------------- | 881| 19020001 | Memory error. | 882| 19020002 | Runtime error. | 883| 19030001 | Crypto operation error.| 884 885**Example** 886 887```js 888import cryptoCert from '@ohos.security.cert'; 889 890// Certificate binary data, which must be set based on the service. 891let encodingData = null; 892let encodingBlob = { 893 data: encodingData, 894 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 895 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 896}; 897cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 898 if (error != null) { 899 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 900 } else { 901 console.log("createX509Cert success"); 902 let sigAlgParams = x509Cert.getSignatureAlgParams(); 903 } 904}); 905``` 906 907### getKeyUsage 908 909getKeyUsage() : DataBlob 910 911Obtains the key usage of this X.509 certificate. 912 913**System capability**: SystemCapability.Security.Cert 914 915**Return value** 916 917| Type | Description | 918| --------------------- | -------------------- | 919| [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| 920 921**Error codes** 922 923| ID| Error Message | 924| -------- | ------------------------------------------------- | 925| 19020001 | Memory error. | 926| 19030001 | Crypto operation error.| 927 928**Example** 929 930```js 931import cryptoCert from '@ohos.security.cert'; 932 933// Certificate binary data, which must be set based on the service. 934let encodingData = null; 935let encodingBlob = { 936 data: encodingData, 937 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 938 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 939}; 940cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 941 if (error != null) { 942 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 943 } else { 944 console.log("createX509Cert success"); 945 let keyUsage = x509Cert.getKeyUsage(); 946 } 947}); 948``` 949 950### getExtKeyUsage 951 952getExtKeyUsage() : DataArray 953 954Obtains the usage of the extended key of this X.509 certificate. 955 956**System capability**: SystemCapability.Security.Cert 957 958**Return value** 959 960| Type | Description | 961| ----------------------- | ------------------------ | 962| [DataArray](#dataarray) | Usage of the extended key obtained.| 963 964**Error codes** 965 966| ID| Error Message | 967| -------- | ------------------------------------------------- | 968| 19020001 | Memory error. | 969| 19020002 | Runtime error. | 970| 19030001 | Crypto operation error.| 971 972**Example** 973 974```js 975import cryptoCert from '@ohos.security.cert'; 976 977// Certificate binary data, which must be set based on the service. 978let encodingData = null; 979let encodingBlob = { 980 data: encodingData, 981 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 982 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 983}; 984cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 985 if (error != null) { 986 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 987 } else { 988 console.log("createX509Cert success"); 989 let extKeyUsage = x509Cert.getExtKeyUsage(); 990 } 991}); 992``` 993 994### getBasicConstraints 995 996getBasicConstraints() : number 997 998Obtains the basic constraints for obtaining this X.509 certificate. 999 1000**System capability**: SystemCapability.Security.Cert 1001 1002**Return value** 1003 1004| Type | Description | 1005| ------ | -------------------- | 1006| number | Basic constraints obtained.| 1007 1008**Example** 1009 1010```js 1011import cryptoCert from '@ohos.security.cert'; 1012 1013// Certificate binary data, which must be set based on the service. 1014let encodingData = null; 1015let encodingBlob = { 1016 data: encodingData, 1017 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1018 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1019}; 1020cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 1021 if (error != null) { 1022 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 1023 } else { 1024 console.log("createX509Cert success"); 1025 let basicConstraints = x509Cert.getBasicConstraints(); 1026 } 1027}); 1028``` 1029 1030### getSubjectAltNames 1031 1032getSubjectAltNames() : DataArray 1033 1034Obtains the Subject Alternative Names (SANs) of this X.509 certificate. 1035 1036**System capability**: SystemCapability.Security.Cert 1037 1038**Return value** 1039 1040| Type | Description | 1041| ----------------------- | ------------------------ | 1042| [DataArray](#dataarray) | SANs obtained.| 1043 1044**Error codes** 1045 1046| ID| Error Message | 1047| -------- | ------------------------------------------------- | 1048| 19020001 | Memory error. | 1049| 19020002 | Runtime error. | 1050| 19030001 | Crypto operation error.| 1051 1052**Example** 1053 1054```js 1055import cryptoCert from '@ohos.security.cert'; 1056 1057// Certificate binary data, which must be set based on the service. 1058let encodingData = null; 1059let encodingBlob = { 1060 data: encodingData, 1061 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1062 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1063}; 1064cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 1065 if (error != null) { 1066 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 1067 } else { 1068 console.log("createX509Cert success"); 1069 let subjectAltNames = x509Cert.getSubjectAltNames(); 1070 } 1071}); 1072``` 1073 1074### getIssuerAltNames 1075 1076getIssuerAltNames() : DataArray 1077 1078Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. 1079 1080**System capability**: SystemCapability.Security.Cert 1081 1082**Return value** 1083 1084| Type | Description | 1085| ----------------------- | -------------------------- | 1086| [DataArray](#dataarray) | IANs obtained.| 1087 1088**Error codes** 1089 1090| ID| Error Message | 1091| -------- | ------------------------------------------------- | 1092| 19020001 | Memory error. | 1093| 19020002 | Runtime error. | 1094| 19030001 | Crypto operation error.| 1095 1096**Example** 1097 1098```js 1099import cryptoCert from '@ohos.security.cert'; 1100 1101// Certificate binary data, which must be set based on the service. 1102let encodingData = null; 1103let encodingBlob = { 1104 data: encodingData, 1105 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1106 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1107}; 1108cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) { 1109 if (error != null) { 1110 console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message); 1111 } else { 1112 console.log("createX509Cert success"); 1113 let issuerAltNames = x509Cert.getIssuerAltNames(); 1114 } 1115}); 1116``` 1117 1118## cryptoCert.createX509Crl 1119 1120createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 1121 1122Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 1123 1124**System capability**: SystemCapability.Security.Cert 1125 1126**Parameters** 1127 1128| Name | Type | Mandatory| Description | 1129| -------- | ----------------------------- | ---- | ------------------------------ | 1130| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized certificate revocation list (CRL) data. | 1131| callback | AsyncCallback\<X509Crl> | Yes | Callback invoked to return the result. Promise used to return the **X509Crl** instance created.| 1132 1133**Error codes** 1134 1135| ID| Error Message | 1136| -------- | ------------- | 1137| 19020001 | Memory error. | 1138 1139**Example** 1140 1141```js 1142import cryptoCert from '@ohos.security.cert'; 1143 1144// Binary data of the CRL, which must be set based on the service. 1145let encodingData = null; 1146let encodingBlob = { 1147 data: encodingData, 1148 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1149 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1150}; 1151cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1152 if (error != null) { 1153 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1154 } else { 1155 console.log("createX509Crl success"); 1156 } 1157}); 1158``` 1159 1160## cryptoCert.createX509Crl 1161 1162createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 1163 1164Creates an **X509Crl** instance. This API uses a promise to return the result. 1165 1166**System capability**: SystemCapability.Security.Cert 1167 1168**Parameters** 1169 1170| Name | Type | Mandatory| Description | 1171| -------- | ----------------------------- | ---- | -------------------------- | 1172| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 1173 1174**Return value** 1175 1176| Type | Description | 1177| ----------------- | -------------------- | 1178| Promise\<X509Crl> | Promise used to return the **X509Crl** instance created.| 1179 1180**Error codes** 1181 1182| ID| Error Message | 1183| -------- | ------------- | 1184| 19020001 | Memory error. | 1185 1186**Example** 1187 1188```js 1189import cryptoCert from '@ohos.security.cert'; 1190 1191// Binary data of the CRL, which must be set based on the service. 1192let encodingData = null; 1193let encodingBlob = { 1194 data: encodingData, 1195 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1196 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1197}; 1198cryptoCert.createX509Crl(encodingBlob).then(x509Crl => { 1199 console.log("createX509Crl success"); 1200}, error => { 1201 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1202}); 1203``` 1204 1205## X509Crl 1206 1207Provides APIs for X.509 certificate CRL operations. 1208 1209### isRevoked 1210 1211isRevoked(cert : X509Cert) : boolean 1212 1213Checks whether an X.509 certificate is revoked. This API uses an asynchronous callback to return the result. 1214 1215**System capability**: SystemCapability.Security.Cert 1216 1217**Parameters** 1218 1219| Name| Type | Mandatory| Description | 1220| ------ | -------- | ---- | -------------------- | 1221| cert | X509Cert | Yes | X.509 certificate to check.| 1222 1223**Return value** 1224 1225| Type | Description | 1226| --------- | --------------------------------------------- | 1227| boolean | Promise used to return the result. The value **true** indicates the certificate is revoked; the value **false** indicates the opposite.| 1228 1229**Example** 1230 1231```js 1232import cryptoCert from '@ohos.security.cert'; 1233 1234// Binary data of the CRL, which must be set based on the service. 1235let encodingData = null; 1236let encodingBlob = { 1237 data: encodingData, 1238 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1239 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1240}; 1241cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1242 if (error != null) { 1243 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1244 } else { 1245 console.log("createX509Crl success"); 1246 // Create an X509Cert instance. 1247 let x509Cert = null; 1248 try { 1249 let revokedFlag = x509Crl.isRevoked(x509Cert); 1250 } catch (error) { 1251 console.log("isRevoked failed, errCode: " + error.code + ", errMsg: " + error.message); 1252 } 1253 } 1254}); 1255``` 1256 1257### getType 1258 1259getType() : string 1260 1261Obtains the CRL type. 1262 1263**System capability**: SystemCapability.Security.Cert 1264 1265**Return value** 1266 1267| Type | Description | 1268| ------ | -------------------- | 1269| string | CRL type obtained.| 1270 1271**Example** 1272 1273```js 1274import cryptoCert from '@ohos.security.cert'; 1275 1276// Binary data of the CRL, which must be set based on the service. 1277let encodingData = null; 1278let encodingBlob = { 1279 data: encodingData, 1280 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1281 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1282}; 1283cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1284 if (error != null) { 1285 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1286 } else { 1287 console.log("createX509Crl success"); 1288 let type = x509Crl.getType(); 1289 } 1290}); 1291``` 1292 1293### getEncoded 1294 1295getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 1296 1297Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 1298 1299**System capability**: SystemCapability.Security.Cert 1300 1301**Parameters** 1302 1303| Name | Type | Mandatory| Description | 1304| -------- | ---------------------------- | ---- | ------------------------------------------ | 1305| callback | AsyncCallback\<EncodingBlob> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 1306 1307**Error codes** 1308 1309| ID| Error Message | 1310| -------- | ----------------------- | 1311| 19020001 | Memory error. | 1312| 19020002 | Runtime error. | 1313| 19030001 | Crypto operation error. | 1314 1315**Example** 1316 1317```js 1318import cryptoCert from '@ohos.security.cert'; 1319 1320// Binary data of the CRL, which must be set based on the service. 1321let encodingData = null; 1322let encodingBlob = { 1323 data: encodingData, 1324 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1325 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1326}; 1327cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1328 if (error != null) { 1329 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1330 } else { 1331 console.log("createX509Crl success"); 1332 x509Crl.getEncoded(function (error, data) { 1333 if (error != null) { 1334 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 1335 } else { 1336 console.log("getEncoded success"); 1337 } 1338 }); 1339 } 1340}); 1341``` 1342 1343### getEncoded 1344 1345getEncoded() : Promise\<EncodingBlob> 1346 1347Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 1348 1349**System capability**: SystemCapability.Security.Cert 1350 1351**Return value** 1352 1353| Type | Description | 1354| ---------------------- | -------------------------------- | 1355| Promise\<EncodingBlob> | Promise used to return the serialized X.509 CRL data obtained.| 1356 1357**Error codes** 1358 1359| ID| Error Message | 1360| -------- | ----------------------- | 1361| 19020001 | Memory error. | 1362| 19020002 | Runtime error. | 1363| 19030001 | Crypto operation error. | 1364 1365**Example** 1366 1367```js 1368import cryptoCert from '@ohos.security.cert'; 1369 1370// Binary data of the CRL, which must be set based on the service. 1371let encodingData = null; 1372let encodingBlob = { 1373 data: encodingData, 1374 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1375 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1376}; 1377cryptoCert.createX509Crl(encodingBlob).then(x509Crl => { 1378 console.log("createX509Crl success"); 1379 x509Crl.getEncoded().then(result => { 1380 console.log("getEncoded success"); 1381 }, error => { 1382 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 1383 }); 1384}, error => { 1385 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1386}); 1387``` 1388 1389### verify 1390 1391verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 1392 1393Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 1394 1395**System capability**: SystemCapability.Security.Cert 1396 1397**Parameters** 1398 1399| Name | Type | Mandatory| Description | 1400| -------- | -------------------- | ---- | ------------------------------------------------------------ | 1401| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 1402| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 1403 1404**Error codes** 1405 1406| ID| Error Message | 1407| -------- | ----------------------- | 1408| 19030001 | Crypto operation error. | 1409 1410**Example** 1411 1412```js 1413import cryptoCert from '@ohos.security.cert'; 1414import cryptoFramework from "@ohos.security.cryptoFramework" 1415 1416// Binary data of the CRL, which must be set based on the service. 1417let encodingData = null; 1418let encodingBlob = { 1419 data: encodingData, 1420 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1421 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1422}; 1423cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1424 if (error != null) { 1425 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1426 } else { 1427 console.log("createX509Crl success"); 1428 // Generate the public key by AsyKeyGenerator. 1429 let pubKey = null; 1430 x509Crl.verify(pubKey, function (error, data) { 1431 if (error != null) { 1432 console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message); 1433 } else { 1434 console.log("verify success"); 1435 } 1436 }); 1437 } 1438}); 1439``` 1440 1441### verify 1442 1443verify(key : cryptoFramework.PubKey) : Promise\<void> 1444 1445Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 1446 1447**System capability**: SystemCapability.Security.Cert 1448 1449**Parameters** 1450 1451| Name| Type | Mandatory| Description | 1452| ------ | ------ | ---- | ---------------------- | 1453| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 1454 1455**Return value** 1456 1457| Type| Description | 1458| ---- | ------------------------------------------------------------ | 1459| Promise\<void> | Promise used to return the result.| 1460 1461**Error codes** 1462 1463| ID| Error Message | 1464| -------- | ----------------------- | 1465| 19030001 | Crypto operation error. | 1466 1467**Example** 1468 1469```js 1470import cryptoCert from '@ohos.security.cert'; 1471import cryptoFramework from "@ohos.security.cryptoFramework" 1472 1473// Binary data of the CRL, which must be set based on the service. 1474let encodingData = null; 1475let encodingBlob = { 1476 data: encodingData, 1477 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1478 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1479}; 1480cryptoCert.createX509Crl(encodingBlob).then(x509Crl => { 1481 console.log("createX509Crl success"); 1482 // Generate the public key by AsyKeyGenerator. 1483 let pubKey = null; 1484 x509Crl.verify(pubKey).then(result => { 1485 console.log("verify success"); 1486 }, error => { 1487 console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message); 1488 }); 1489}, error => { 1490 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1491}); 1492``` 1493 1494### getVersion 1495 1496getVersion() : number 1497 1498Obtains the version of the X.509 CRL. 1499 1500**System capability**: SystemCapability.Security.Cert 1501 1502**Return value** 1503 1504| Type | Description | 1505| ------ | -------------------------------- | 1506| number | Version of the X.509 CRL obtained.| 1507 1508**Example** 1509 1510```js 1511import cryptoCert from '@ohos.security.cert'; 1512 1513// Binary data of the CRL, which must be set based on the service. 1514let encodingData = null; 1515let encodingBlob = { 1516 data: encodingData, 1517 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1518 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1519}; 1520cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1521 if (error != null) { 1522 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1523 } else { 1524 console.log("createX509Crl success"); 1525 let version = x509Crl.getVersion(); 1526 } 1527}); 1528``` 1529 1530### getIssuerName 1531 1532getIssuerName() : DataBlob 1533 1534Obtains the issuer of the X.509 CRL. 1535 1536**System capability**: SystemCapability.Security.Cert 1537 1538**Return value** 1539 1540| Type | Description | 1541| --------------------- | ------------------------------ | 1542| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 1543 1544**Error codes** 1545 1546| ID| Error Message | 1547| -------- | ----------------------- | 1548| 19020001 | Memory error. | 1549| 19020002 | Runtime error. | 1550| 19030001 | Crypto operation error. | 1551 1552**Example** 1553 1554```js 1555import cryptoCert from '@ohos.security.cert'; 1556 1557// Binary data of the CRL, which must be set based on the service. 1558let encodingData = null; 1559let encodingBlob = { 1560 data: encodingData, 1561 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1562 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1563}; 1564cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1565 if (error != null) { 1566 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1567 } else { 1568 console.log("createX509Crl success"); 1569 let issuerName = x509Crl.getIssuerName(); 1570 } 1571}); 1572``` 1573 1574### getLastUpdate 1575 1576getLastUpdate() : string 1577 1578Obtains the date when the X.509 CRL was last updated. 1579 1580**System capability**: SystemCapability.Security.Cert 1581 1582**Return value** 1583 1584| Type | Description | 1585| ------ | ------------------------------------ | 1586| string | Last update date of the X.509 CRL.| 1587 1588**Error codes** 1589 1590| ID| Error Message | 1591| -------- | ----------------------- | 1592| 19020001 | Memory error. | 1593| 19020002 | Runtime error. | 1594| 19030001 | Crypto operation error. | 1595 1596**Example** 1597 1598```js 1599import cryptoCert from '@ohos.security.cert'; 1600 1601// Binary data of the CRL, which must be set based on the service. 1602let encodingData = null; 1603let encodingBlob = { 1604 data: encodingData, 1605 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1606 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1607}; 1608cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1609 if (error != null) { 1610 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1611 } else { 1612 console.log("createX509Crl success"); 1613 let lastUpdate = x509Crl.getLastUpdate(); 1614 } 1615}); 1616``` 1617 1618### getNextUpdate 1619 1620getNextUpdate() : string 1621 1622Obtains the date when the CRL will be updated the next time. 1623 1624**System capability**: SystemCapability.Security.Cert 1625 1626**Return value** 1627 1628| Type | Description | 1629| ------ | ------------------------------------ | 1630| string | Next update date obtained.| 1631 1632**Error codes** 1633 1634| ID| Error Message | 1635| -------- | ----------------------- | 1636| 19020001 | Memory error. | 1637| 19020002 | Runtime error. | 1638| 19030001 | Crypto operation error. | 1639 1640**Example** 1641 1642```js 1643import cryptoCert from '@ohos.security.cert'; 1644 1645// Binary data of the CRL, which must be set based on the service. 1646let encodingData = null; 1647let encodingBlob = { 1648 data: encodingData, 1649 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1650 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1651}; 1652cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1653 if (error != null) { 1654 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1655 } else { 1656 console.log("createX509Crl success"); 1657 let nextUpdate = x509Crl.getNextUpdate(); 1658 } 1659}); 1660``` 1661 1662### getRevokedCert 1663 1664getRevokedCert(serialNumber : number) : X509CrlEntry 1665 1666Obtains the revoked X.509 certificate based on the specified serial number of the certificate. This API uses an asynchronous callback to return the result. 1667 1668**System capability**: SystemCapability.Security.Cert 1669 1670**Parameters** 1671 1672| Name | Type | Mandatory| Description | 1673| ------------ | ------ | ---- | -------------- | 1674| serialNumber | number | Yes | Serial number of the certificate.| 1675 1676**Return value** 1677 1678| Type | Description | 1679| ---------------------- | --------------------- | 1680| X509CrlEntry | Promise used to return the revoked X.509 certificate obtained.| 1681 1682**Error codes** 1683 1684| ID| Error Message | 1685| -------- | ----------------------- | 1686| 19020001 | Memory error. | 1687| 19030001 | Crypto operation error. | 1688 1689**Example** 1690 1691```js 1692import cryptoCert from '@ohos.security.cert'; 1693 1694// Binary data of the CRL, which must be set based on the service. 1695let encodingData = null; 1696let encodingBlob = { 1697 data: encodingData, 1698 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1699 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1700}; 1701cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1702 if (error != null) { 1703 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1704 } else { 1705 console.log("createX509Crl success"); 1706 // Set the serial number of the corresponding certificate. 1707 let serialNumber = 1000; 1708 try { 1709 let entry = x509Crl.getRevokedCert(serialNumber); 1710 } catch (error) { 1711 console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message); 1712 } 1713 } 1714}); 1715``` 1716 1717### getRevokedCertWithCert 1718 1719getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 1720 1721Obtains the revoked X.509 certificate based on the specified certificate. This API uses an asynchronous callback to return the result. 1722 1723**System capability**: SystemCapability.Security.Cert 1724 1725**Parameters** 1726 1727| Name| Type | Mandatory| Description | 1728| ------ | -------- | ---- | ------------ | 1729| cert | X509Cert | Yes | Certificate based on which the revoked certificate is obtained.| 1730 1731**Return value** 1732 1733| Type | Description | 1734| ------------ | -------------------- | 1735| X509CrlEntry | Promise used to return the revoked X.509 certificate obtained.| 1736 1737**Error codes** 1738 1739| ID| Error Message | 1740| -------- | ----------------------- | 1741| 19020001 | Memory error. | 1742| 19030001 | Crypto operation error. | 1743 1744**Example** 1745 1746```js 1747import cryptoCert from '@ohos.security.cert'; 1748 1749// Binary data of the CRL, which must be set based on the service. 1750let encodingData = null; 1751let encodingBlob = { 1752 data: encodingData, 1753 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1754 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1755}; 1756cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1757 if (error != null) { 1758 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1759 } else { 1760 console.log("createX509Crl success"); 1761 // Create an X509Cert instance. 1762 let x509Cert = null; 1763 try { 1764 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 1765 } catch (error) { 1766 console.log("getRevokedCertWithCert failed, errCode: " + error.code + ", errMsg: " + error.message); 1767 } 1768 } 1769}); 1770``` 1771 1772### getRevokedCerts 1773 1774getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 1775 1776Obtains all the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 1777 1778**System capability**: SystemCapability.Security.Cert 1779 1780**Parameters** 1781 1782| Name | Type | Mandatory| Description | 1783| -------- | ----------------------------------- | ---- | -------------------------------- | 1784| callback | AsyncCallback<Array\<X509CrlEntry>> | Yes | Callback invoked to return the result. Promise used to return a list of revoked X.509 certificates.| 1785 1786**Error codes** 1787 1788| ID| Error Message | 1789| -------- | ----------------------- | 1790| 19020001 | Memory error. | 1791| 19030001 | Crypto operation error. | 1792 1793**Example** 1794 1795```js 1796import cryptoCert from '@ohos.security.cert'; 1797 1798// Binary data of the CRL, which must be set based on the service. 1799let encodingData = null; 1800let encodingBlob = { 1801 data: encodingData, 1802 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1803 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1804}; 1805cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1806 if (error != null) { 1807 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1808 } else { 1809 console.log("createX509Crl success"); 1810 x509Crl.getRevokedCerts(function (error, array) { 1811 if (error != null) { 1812 console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message); 1813 } else { 1814 console.log("getRevokedCerts success"); 1815 } 1816 }); 1817 } 1818}); 1819``` 1820 1821### getRevokedCerts 1822 1823getRevokedCerts() : Promise<Array\<X509CrlEntry>> 1824 1825Obtains all the revoked X.509 certificates. This API uses a promise to return the result. 1826 1827**System capability**: SystemCapability.Security.Cert 1828 1829**Return value** 1830 1831| Type | Description | 1832| ----------------------------- | ---------------------- | 1833| Promise<Array\<X509CrlEntry>> | Promise used to return a list of revoked X.509 certificates.| 1834 1835**Error codes** 1836 1837| ID| Error Message | 1838| -------- | ----------------------- | 1839| 19020001 | Memory error. | 1840| 19030001 | Crypto operation error. | 1841 1842**Example** 1843 1844```js 1845import cryptoCert from '@ohos.security.cert'; 1846 1847// Binary data of the CRL, which must be set based on the service. 1848let encodingData = null; 1849let encodingBlob = { 1850 data: encodingData, 1851 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1852 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1853}; 1854cryptoCert.createX509Crl(encodingBlob).then(x509Crl => { 1855 console.log("createX509Crl success"); 1856 x509Crl.getRevokedCerts().then(array => { 1857 console.log("getRevokedCerts success"); 1858 }, error => { 1859 console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message); 1860 }); 1861}, error => { 1862 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1863}); 1864``` 1865 1866### getTbsInfo 1867 1868getTbsInfo() : DataBlob 1869 1870Obtains the DER-encoded CRL information, the **tbsCertList** from this CRL. This API uses an asynchronous callback to return the result. 1871 1872**System capability**: SystemCapability.Security.Cert 1873 1874**Return value** 1875 1876| Type | Description | 1877| --------------------- | ------------------------------- | 1878| [DataBlob](#datablob) | Promise used to return the **tbsCertList** information obtained.| 1879 1880**Error codes** 1881 1882| ID| Error Message | 1883| -------- | ----------------------- | 1884| 19020001 | Memory error. | 1885| 19020002 | Runtime error. | 1886| 19030001 | Crypto operation error. | 1887 1888**Example** 1889 1890```js 1891import cryptoCert from '@ohos.security.cert'; 1892 1893// Binary data of the CRL, which must be set based on the service. 1894let encodingData = null; 1895let encodingBlob = { 1896 data: encodingData, 1897 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1898 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1899}; 1900cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1901 if (error != null) { 1902 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1903 } else { 1904 console.log("createX509Crl success"); 1905 try { 1906 let tbsInfo = x509Crl.getTbsInfo(); 1907 } catch (error) { 1908 console.log("getTbsInfo failed, errCode: " + error.code + ", errMsg: " + error.message); 1909 } 1910 } 1911}); 1912``` 1913 1914### getSignature 1915 1916getSignature() : DataBlob 1917 1918Obtains the signature data of the X.509 CRL. 1919 1920**System capability**: SystemCapability.Security.Cert 1921 1922**Return value** 1923 1924| Type | Description | 1925| --------------------- | ------------------------------ | 1926| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 1927 1928**Error codes** 1929 1930| ID| Error Message | 1931| -------- | ----------------------- | 1932| 19020001 | Memory error. | 1933| 19020002 | Runtime error. | 1934| 19030001 | Crypto operation error. | 1935 1936**Example** 1937 1938```js 1939import cryptoCert from '@ohos.security.cert'; 1940 1941// Binary data of the CRL, which must be set based on the service. 1942let encodingData = null; 1943let encodingBlob = { 1944 data: encodingData, 1945 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1946 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1947}; 1948cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1949 if (error != null) { 1950 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1951 } else { 1952 console.log("createX509Crl success"); 1953 let signature = x509Crl.getSignature(); 1954 } 1955}); 1956``` 1957 1958### getSignatureAlgName 1959 1960getSignatureAlgName() : string 1961 1962Obtains the signing algorithm of the X.509 CRL. 1963 1964**System capability**: SystemCapability.Security.Cert 1965 1966**Return value** 1967 1968| Type | Description | 1969| ------ | -------------------------------- | 1970| string | Signing algorithm obtained.| 1971 1972**Error codes** 1973 1974| ID| Error Message | 1975| -------- | ----------------------- | 1976| 19020001 | Memory error. | 1977| 19020002 | Runtime error. | 1978| 19030001 | Crypto operation error. | 1979 1980**Example** 1981 1982```js 1983import cryptoCert from '@ohos.security.cert'; 1984 1985// Binary data of the CRL, which must be set based on the service. 1986let encodingData = null; 1987let encodingBlob = { 1988 data: encodingData, 1989 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1990 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 1991}; 1992cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 1993 if (error != null) { 1994 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 1995 } else { 1996 console.log("createX509Crl success"); 1997 let sigAlgName = x509Crl.getSignatureAlgName(); 1998 } 1999}); 2000``` 2001 2002### getSignatureAlgOid 2003 2004getSignatureAlgOid() : string 2005 2006Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 2007 2008**System capability**: SystemCapability.Security.Cert 2009 2010**Return value** 2011 2012| Type | Description | 2013| ------ | --------------------------------------------- | 2014| string | OID of the X.509 CRL signing algorithm obtained.| 2015 2016**Error codes** 2017 2018| ID| Error Message | 2019| -------- | ----------------------- | 2020| 19020001 | Memory error. | 2021| 19020002 | Runtime error. | 2022| 19030001 | Crypto operation error. | 2023 2024**Example** 2025 2026```js 2027import cryptoCert from '@ohos.security.cert'; 2028 2029// Binary data of the CRL, which must be set based on the service. 2030let encodingData = null; 2031let encodingBlob = { 2032 data: encodingData, 2033 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2034 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 2035}; 2036cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 2037 if (error != null) { 2038 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 2039 } else { 2040 console.log("createX509Crl success"); 2041 let sigAlgOid = x509Crl.getSignatureAlgOid(); 2042 } 2043}); 2044``` 2045 2046### getSignatureAlgParams 2047 2048getSignatureAlgParams() : DataBlob 2049 2050Obtains the parameters of the X.509 CRL signing algorithm. 2051 2052**System capability**: SystemCapability.Security.Cert 2053 2054**Return value** 2055 2056| Type | Description | 2057| --------------------- | ---------------------------------- | 2058| [DataBlob](#datablob) | Algorithm parameters obtained.| 2059 2060**Error codes** 2061 2062| ID| Error Message | 2063| -------- | ----------------------- | 2064| 19020001 | Memory error. | 2065| 19020002 | Runtime error. | 2066| 19030001 | Crypto operation error. | 2067 2068**Example** 2069 2070```js 2071import cryptoCert from '@ohos.security.cert'; 2072 2073// Binary data of the CRL, which must be set based on the service. 2074let encodingData = null; 2075let encodingBlob = { 2076 data: encodingData, 2077 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2078 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 2079}; 2080cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) { 2081 if (error != null) { 2082 console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message); 2083 } else { 2084 console.log("createX509Crl success"); 2085 let sigAlgParams = x509Crl.getSignatureAlgParams(); 2086 } 2087}); 2088``` 2089 2090## cryptoCert.createCertChainValidator 2091 2092createCertChainValidator(algorithm :string) : CertChainValidator 2093 2094Creates a **CertChainValidator** object. 2095 2096**System capability**: SystemCapability.Security.Cert 2097 2098**Parameters** 2099 2100| Name | Type | Mandatory| Description | 2101| --------- | ------ | ---- | ------------------------------------------ | 2102| algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| 2103 2104**Return value** 2105 2106| Type | Description | 2107| ------------------ | -------------------- | 2108| CertChainValidator | **CertChainValidator** object created.| 2109 2110**Error codes** 2111 2112| ID| Error Message | 2113| -------- | ----------------------- | 2114| 19020001 | Memory error. | 2115| 19020002 | Runtime error. | 2116| 19030001 | Crypto operation error. | 2117 2118**Example** 2119 2120```js 2121import cryptoCert from '@ohos.security.cert'; 2122 2123let validator = cryptoCert.createCertChainValidator("PKIX"); 2124``` 2125 2126## CertChainValidator 2127 2128Provides APIs for certificate chain validator operations. 2129 2130 2131### Attributes 2132 2133**System capability**: SystemCapability.Security.Cert 2134 2135| Name | Type | Readable| Writable| Description | 2136| ------- | ------ | ---- | ---- | -------------------------- | 2137| algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| 2138 2139 2140### validate 2141 2142validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 2143 2144Validates the X.509 certificate chain. This API uses an asynchronous callback to return the result. 2145The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 2146 2147**System capability**: SystemCapability.Security.Cert 2148 2149**Parameters** 2150 2151| Name | Type | Mandatory| Description | 2152| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 2153| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | 2154| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the X.509 certificate chain is valid. If **error** is not **null**, the X.509 certificate chain is not valid.| 2155 2156**Error codes** 2157 2158| ID| Error Message | 2159| -------- | ------------------------------------------------- | 2160| 19020001 | Memory error. | 2161| 19020002 | Runtime error. | 2162| 19030001 | Crypto operation error. | 2163| 19030002 | The certificate signature verification failed. | 2164| 19030003 | The certificate has not taken effect. | 2165| 19030004 | The certificate has expired. | 2166| 19030005 | Failed to obtain the certificate issuer. | 2167| 19030006 | The key cannot be used for signing a certificate. | 2168| 19030007 | The key cannot be used for digital signature. | 2169 2170**Example** 2171 2172```js 2173import cryptoCert from '@ohos.security.cert'; 2174 2175let validator = cryptoCert.createCertChainValidator("PKIX"); 2176// Certificate chain binary data, which must be set based on the service. 2177let encodingData = null; 2178// Number of certificates in the certificate chain. It must be set based on the service. 2179let certCount = 2; 2180let certChainData = { 2181 data: encodingData, 2182 count: certCount, 2183 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2184 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 2185}; 2186validator.validate(certChainData, function (error, data) { 2187 if (error != null) { 2188 console.log("validate failed, errCode: " + error.code + ", errMsg: " + error.message); 2189 } else { 2190 console.log("validate success"); 2191 } 2192}); 2193``` 2194 2195### validate 2196 2197validate(certChain : CertChainData) : Promise\<void> 2198 2199Validates the X.509 certificate chain. This API uses a promise to return the result. 2200The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 2201 2202**System capability**: SystemCapability.Security.Cert 2203 2204**Parameters** 2205 2206| Name | Type | Mandatory| Description | 2207| --------- | ------------------------------- | ---- | -------------------------- | 2208| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| 2209 2210**Return value** 2211 2212| Type | Description | 2213| -------------- | ----------- | 2214| Promise\<void> | Promise used to return the result.| 2215 2216**Error codes** 2217 2218| ID| Error Message | 2219| -------- | ------------------------------------------------- | 2220| 19020001 | Memory error. | 2221| 19020002 | Runtime error. | 2222| 19030001 | Crypto operation error. | 2223| 19030002 | The certificate signature verification failed. | 2224| 19030003 | The certificate has not taken effect. | 2225| 19030004 | The certificate has expired. | 2226| 19030005 | Failed to obtain the certificate issuer. | 2227| 19030006 | The key cannot be used for signing a certificate. | 2228| 19030007 | The key cannot be used for digital signature. | 2229 2230**Example** 2231 2232```js 2233import cryptoCert from '@ohos.security.cert'; 2234 2235let validator = cryptoCert.createCertChainValidator("PKIX"); 2236// Certificate chain binary data, which must be set based on the service. 2237let encodingData = null; 2238// Number of certificates in the certificate chain. It must be set based on the service. 2239let certCount = 2; 2240let certChainData = { 2241 data: encodingData, 2242 count: certCount, 2243 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2244 encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM 2245}; 2246validator.validate(certChainData).then(result => { 2247 console.log("validate success"); 2248}, error => { 2249 console.log("validate failed, errCode: " + error.code + ", errMsg: " + error.message); 2250}); 2251``` 2252 2253### algorithm 2254 2255algorithm : string 2256 2257Obtains the algorithm of the X.509 certificate chain validator. 2258 2259**System capability**: SystemCapability.Security.Cert 2260 2261**Return value** 2262 2263| Type | Description | 2264| ------ | ------------------------ | 2265| string | Algorithm of the X.509 certificate chain validator obtained.| 2266 2267**Example** 2268 2269```js 2270import cryptoCert from '@ohos.security.cert'; 2271 2272let validator = cryptoCert.createCertChainValidator("PKIX"); 2273let algorithm = validator.algorithm; 2274``` 2275 2276## X509CrlEntry 2277 2278Provides APIs for operating the revoked certificates. 2279 2280### getEncoded 2281 2282getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 2283 2284Obtains the serialized data of this revoked certificate. This API uses an asynchronous callback to return the result. 2285 2286**System capability**: SystemCapability.Security.Cert 2287 2288**Parameters** 2289 2290| Name | Type | Mandatory| Description | 2291| -------- | --------------------------------------------- | ---- | ------------------------------------ | 2292| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the result. Promise used to return the serialized data of the revoked certificate obtained.| 2293 2294**Error codes** 2295 2296| ID| Error Message | 2297| -------- | ----------------------- | 2298| 19020001 | Memory error. | 2299| 19020002 | Runtime error. | 2300| 19030001 | Crypto operation error. | 2301 2302**Example** 2303 2304```js 2305import cryptoCert from '@ohos.security.cert'; 2306 2307// Obtain X509CrlEntry by using getRevokedCert() of X509Crl. 2308let x509CrlEntry = null; 2309x509CrlEntry.getEncoded(function (error, data) { 2310 if (error != null) { 2311 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 2312 } else { 2313 console.log("getEncoded success"); 2314 } 2315}); 2316``` 2317 2318### getEncoded 2319 2320getEncoded() : Promise\<EncodingBlob> 2321 2322Obtains the serialized data of this revoked certificate. This API uses a promise to return the result. 2323 2324**System capability**: SystemCapability.Security.Cert 2325 2326**Return value** 2327 2328| Type | Description | 2329| --------------------------------------- | -------------------------- | 2330| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 2331 2332**Error codes** 2333 2334| ID| Error Message | 2335| -------- | ----------------------- | 2336| 19020001 | Memory error. | 2337| 19020002 | Runtime error. | 2338| 19030001 | Crypto operation error. | 2339 2340**Example** 2341 2342```js 2343import cryptoCert from '@ohos.security.cert'; 2344 2345// Obtain X509CrlEntry by using getRevokedCert() of X509Crl. 2346let x509CrlEntry = null; 2347x509CrlEntry.getEncoded().then(result => { 2348 console.log("getEncoded success"); 2349}, error => { 2350 console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message); 2351}); 2352``` 2353 2354### getSerialNumber 2355 2356getSerialNumber() : number 2357 2358Obtains the serial number of this revoked certificate. 2359 2360**System capability**: SystemCapability.Security.Cert 2361 2362**Return value** 2363 2364| Type | Description | 2365| ------ | ---------------------- | 2366| number | Serial number of the revoked certificate obtained.| 2367 2368**Example** 2369 2370```js 2371import cryptoCert from '@ohos.security.cert'; 2372 2373// Obtain X509CrlEntry by using getRevokedCert() of X509Crl. 2374let x509CrlEntry = null; 2375let serialNumber = x509CrlEntry.getSerialNumber(); 2376``` 2377 2378### getCertIssuer 2379 2380getCertIssuer() : DataBlob 2381 2382Obtains the issuer of this revoked certificate. This API uses an asynchronous callback to return the result. 2383 2384**System capability**: SystemCapability.Security.Cert 2385 2386**Return value** 2387 2388| Type | Description | 2389| --------------------- | ----------------------- | 2390| [DataBlob](#datablob) | Promise used to return the issuer of the revoked certificate obtained.| 2391 2392**Error codes** 2393 2394| ID| Error Message | 2395| -------- | -------------- | 2396| 19020001 | Memory error. | 2397| 19020002 | Runtime error. | 2398 2399**Example** 2400 2401```js 2402import cryptoCert from '@ohos.security.cert'; 2403 2404// Obtain X509CrlEntry by using getRevokedCert() of X509Crl. 2405let x509CrlEntry = null; 2406try { 2407 let issuer = x509CrlEntry.getCertIssuer(); 2408} catch (error) { 2409 console.log("getCertIssuer failed, errCode: " + error.code + ", errMsg: " + error.message); 2410} 2411``` 2412 2413### getRevocationDate 2414 2415getRevocationDate() : string 2416 2417Obtains the date when the certificate was revoked. This API uses an asynchronous callback to return the result. 2418 2419**System capability**: SystemCapability.Security.Cert 2420 2421**Return value** 2422 2423| Type | Description | 2424| ------ | ------------------ | 2425| string | Promise used to return the certificate revocation date obtained.| 2426 2427**Error codes** 2428 2429| ID| Error Message | 2430| -------- | ----------------------- | 2431| 19020001 | Memory error. | 2432| 19020002 | Runtime error. | 2433| 19030001 | Crypto operation error. | 2434 2435**Example** 2436 2437```js 2438import cryptoCert from '@ohos.security.cert'; 2439 2440// Obtain X509CrlEntry by using getRevokedCert() of X509Crl. 2441let x509CrlEntry = null; 2442try { 2443 let date = x509CrlEntry.getRevocationDate(); 2444} catch (error) { 2445 console.log("getRevocationDate failed, errCode: " + error.code + ", errMsg: " + error.message); 2446} 2447``` 2448