# @ohos.security.cert (è¯ä¹¦æ¨¡å—)
crypto frameworkæä¾›è¯ä¹¦ç›¸å…³æŽ¥å£ã€‚å…¶ä¸ï¼Œä¾èµ–åŠ è§£å¯†ç®—æ³•åº“æ¡†æž¶çš„åŸºç¡€ç®—æ³•èƒ½åŠ›çš„éƒ¨åˆ†ï¼Œè¯¦ç»†æŽ¥å£è¯´æ˜Žå¯å‚考[cryptoFramework APIå‚考](js-apis-cryptoFramework.md)。
> **说明:**
>
> 本模å—首批接å£ä»ŽAPI version 9开始支æŒã€‚
## 导入模å—
```javascript
import cryptoCert from '@ohos.security.cert';
import cryptoFramework from "@ohos.security.cryptoFramework"
```
## CertResult
表示执行结果的枚举。
**系统能力:** SystemCapability.Security.Cert
| å称 | 值 | 说明 |
| --------------------------------------| -------- | -----------------------------|
| INVALID_PARAMS | 401 | éžæ³•å…¥å‚。 |
| NOT_SUPPORT | 801 | æ“作ä¸æ”¯æŒã€‚ |
| ERR_OUT_OF_MEMORY | 19020001 | 内å˜é”™è¯¯ã€‚ |
| ERR_RUNTIME_ERROR | 19020002 | è¿è¡Œæ—¶å¤–部错误。 |
| ERR_CRYPTO_OPERATION | 19030001 | 调用三方算法库API出错。 |
| ERR_CERT_SIGNATURE_FAILURE | 19030002 | è¯ä¹¦ç¾å验è¯é”™è¯¯ã€‚ |
| ERR_CERT_NOT_YET_VALID | 19030003 | è¯ä¹¦å°šæœªç”Ÿæ•ˆã€‚ |
| ERR_CERT_HAS_EXPIRED | 19030004 | è¯ä¹¦è¿‡æœŸã€‚ |
| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | æ— æ³•èŽ·å–è¯ä¹¦çš„é¢å‘者。 |
| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | è¯ä¹¦çš„秘钥用途ä¸å«è¯ä¹¦ç¾å。 |
| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | è¯ä¹¦çš„秘钥用途ä¸å«æ•°å—ç¾å。 |
## DataBlob
buffer数组。
**系统能力:** SystemCapability.Security.Cert
| å称 | 类型 | å¯è¯» | å¯å†™ | 说明 |
| -------------- | -------------- | ---- | ---- | ----------------|
| data | Uint8Array | 是 | 是 | æ•°æ®ã€‚ |
## DataArray
buffer数组的列表。
**系统能力:** SystemCapability.Security.Cert
| å称 | 类型 | å¯è¯» | å¯å†™ | 说明 |
| -------------- | -------------- | ---- | ---- | ----------------|
| data | Uint8Array | 是 | 是 | æ•°æ®åˆ—表。 |
## EncodingFormat
表示è¯ä¹¦ç¼–ç æ ¼å¼çš„枚举。
**系统能力:** SystemCapability.Security.Cert
| å称 | 值 | 说明 |
| ---------- | ------ | --------- |
| FORMAT_DER | 0 | DERæ ¼å¼ã€‚ |
| FORMAT_PEM | 1 | PEMæ ¼å¼ã€‚ |
## EncodingBlob
带编ç æ ¼å¼çš„è¯ä¹¦äºŒè¿›åˆ¶æ•°ç»„。
### 属性
**系统能力:** SystemCapability.Security.Cert
| å称 | 类型 | å¯è¯» | å¯å†™ | 说明 |
| -------------- | --------------------------------- | ---- | ---- | ------------------------------ |
| data | Uint8Array | 是 | 是 | ä¼ å…¥çš„è¯ä¹¦æ•°æ®ã€‚ |
| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明è¯ä¹¦ç¼–ç æ ¼å¼ã€‚ |
## CertChainData
è¯ä¹¦é“¾æ•°æ®ï¼Œåœ¨è¯ä¹¦é“¾æ ¡éªŒæ—¶ï¼Œä½œä¸ºå…¥å‚ä¼ å…¥ã€‚
### 属性
**系统能力:** SystemCapability.Security.Cert
| å称 | 类型 | å¯è¯» | å¯å†™ | 说明 |
| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ |
| data | Uint8Array | 是 | 是 | è¯ä¹¦æ•°æ®ï¼ŒæŒ‰ç…§é•¿åº¦(2å—节)-æ•°æ®çš„å½¢å¼ä¼ 入,如:08ABCDEFGH07ABCDEFG,第一本è¯ä¹¦ï¼Œå‰2个å—节表示è¯ä¹¦çš„长度为8å—节,åŽé¢é™„åŠ 8å—节的è¯ä¹¦æ•°æ®ï¼›ç¬¬2本è¯ä¹¦å‰2个å—节表示è¯ä¹¦çš„长度为7å—节,åŽé¢é™„åŠ 7å—节的è¯ä¹¦æ•°æ®ã€‚ |
| count | number | 是 | 是 | ä¼ å…¥çš„æ•°æ®ä¸ï¼ŒåŒ…å«çš„è¯ä¹¦æ•°é‡ã€‚ |
| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明è¯ä¹¦ç¼–ç æ ¼å¼ã€‚ |
## cryptoCert.createX509Cert
createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void
表示创建X509è¯ä¹¦å¯¹è±¡ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚数:**
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ----------------------------- | ---- | -------------------------- |
| inStream | [EncodingBlob](#encodingblob) | 是 | X509è¯ä¹¦åºåˆ—åŒ–æ•°æ® |
| callback | AsyncCallback\<X509Cert> | 是 | 回调函数。表示X509è¯ä¹¦å¯¹è±¡ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------- |
| 19020001 | memory error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
}
});
```
## cryptoCert.createX509Cert
createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert>
表示创建X509è¯ä¹¦å¯¹è±¡ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚数:**
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ----------------------------- | ---- | ------------------ |
| inStream | [EncodingBlob](#encodingblob) | 是 | X509è¯ä¹¦åºåˆ—åŒ–æ•°æ® |
**返回值:**
| 类型 | 说明 |
| ------- | ---------------- |
| Promise\<X509Cert> | 表示X509è¯ä¹¦å¯¹è±¡ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------- |
| 19020001 | memory error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob).then(x509Cert => {
console.log("createX509Cert success");
}, error => {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
## X509Cert
X509è¯ä¹¦ç±»ã€‚
### verify
verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void
表示对è¯ä¹¦éªŒç¾ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚数:**
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | --------------------- | ---- | ------------------------------------------------------------ |
| key | cryptoFramework.PubKey | 是 | 用于验ç¾çš„公钥对象 |
| callback | AsyncCallback\<void> | 是 | 回调函数。使用AsyncCallback的第一个errorå‚数判æ–是å¦éªŒç¾æˆåŠŸï¼Œerror为null表示æˆåŠŸï¼Œä¸ä¸ºnull表示失败 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------ |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
// 业务需通过上级X509Certè¯ä¹¦å¯¹è±¡çš„getPublicKey获å–PubKey
let pubKey = null;
x509Cert.verify(pubKey, function (error, data) {
if (error != null) {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("verify success");
}
});
}
});
```
### verify
verify(key : cryptoFramework.PubKey) : Promise\<void>
表示对è¯ä¹¦éªŒç¾ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚数:**
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| ------ | ------ | ---- | ------------------ |
| key | cryptoFramework.PubKey | 是 | 用于验ç¾çš„公钥对象 |
**返回值:**
| 类型 | 说明 |
| -------------- | ----------- |
| Promise\<void> | Promise对象 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------ |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob).then(x509Cert => {
console.log("createX509Cert success");
// 业务å¯é€šè¿‡ä¸Šçº§X509Certè¯ä¹¦å¯¹è±¡çš„getPublicKey获å–PubKey
let pubKey = null;
x509Cert.verify(pubKey).then(result => {
console.log("verify success");
}, error => {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### getEncoded
getEncoded(callback : AsyncCallback\<EncodingBlob>) : void
表示获å–X509è¯ä¹¦åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | --------------------------------------------- | ---- | -------------------------------- |
| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示X509è¯ä¹¦åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
x509Cert.getEncoded(function (error, data) {
if (error != null) {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("getEncoded success");
}
});
}
});
```
### getEncoded
getEncoded() : Promise\<EncodingBlob>
表示获å–X509è¯ä¹¦åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------------------------- | ---------------------- |
| Promise\<[EncodingBlob](#encodingblob)> | 表示X509è¯ä¹¦åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob).then(x509Cert => {
console.log("createX509Cert success");
x509Cert.getEncoded().then(result => {
console.log("getEncoded success");
}, error => {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### getPublicKey
getPublicKey() : cryptoFramework.PubKey
表示获å–X509è¯ä¹¦å…¬é’¥ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ---------------- |
| cryptoFramework.PubKey | X509è¯ä¹¦å…¬é’¥å¯¹è±¡ï¼šä»…用于X509Certçš„verifyæŽ¥å£ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
import cryptoFramework from "@ohos.security.cryptoFramework"
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let pubKey = null;
try {
pubKey = x509Cert.getPublicKey();
} catch (error) {
console.log("getPublicKey failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### checkValidityWithDate
checkValidityWithDate(date: string) : void
表示检查X509è¯ä¹¦æœ‰æ•ˆæœŸã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | -------------- | ---- | ---------- |
| date | string | 是 | æ—¥æœŸï¼ˆæ ¼å¼ï¼šYYMMDDHHMMSSZ 或 YYYYMMDDHHMMSSZ,时间必须以Zç»“å°¾ï¼šè¡¨ç¤ºæ ‡å‡†æ—¶é—´ï¼‰ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error.|
| 19030003 | the certificate has not taken effect. |
| 19030004 | the certificate has expired.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let date = "150527000001Z";
// æ ¡éªŒè¯ä¹¦æœ‰æ•ˆæœŸ
try {
x509Cert.checkValidityWithDate(date);
} catch (error) {
console.log("checkValidityWithDate failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### getVersion
getVersion() : number
表示获å–X509è¯ä¹¦ç‰ˆæœ¬ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ---------------- |
| number | 表示X509è¯ä¹¦ç‰ˆæœ¬ |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let version = x509Cert.getVersion();
}
});
```
### getSerialNumber
getSerialNumber() : number
表示获å–X509è¯ä¹¦åºåˆ—å·ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------ |
| number | 表示X509è¯ä¹¦åºåˆ—å· |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let serialNumber = x509Cert.getSerialNumber();
}
});
```
### getIssuerName
getIssuerName() : DataBlob
表示获å–X509è¯ä¹¦é¢å‘者å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ---------------------- |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦é¢å‘者å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let issuerName = x509Cert.getIssuerName();
}
});
```
### getSubjectName
getSubjectName() : DataBlob
表示获å–X509è¯ä¹¦ä¸»ä½“å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | -------------------- |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦ä¸»ä½“å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let subjectName = x509Cert.getSubjectName();
}
});
```
### getNotBeforeTime
getNotBeforeTime() : string
表示获å–X509è¯ä¹¦æœ‰æ•ˆæœŸèµ·å§‹æ—¶é—´ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------------------------------------------ |
| string | 表示X509è¯ä¹¦æœ‰æ•ˆæœŸèµ·å§‹æ—¶é—´ï¼ˆæ ¼å¼ï¼šYYMMDDHHMMSSZ 或 YYYYMMDDHHMMSSZ,时间以Zç»“å°¾ï¼šè¡¨ç¤ºæ ‡å‡†æ—¶é—´ï¼‰ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let notBefore = x509Cert.getNotBeforeTime();
}
});
```
### getNotAfterTime
getNotAfterTime() : string
表示获å–X509è¯ä¹¦æœ‰æ•ˆæœŸæˆªæ¢æ—¶é—´ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------------------------------------------ |
| string | 表示X509è¯ä¹¦æœ‰æ•ˆæœŸæˆªæ¢æ—¶é—´ï¼ˆæ ¼å¼ï¼šYYMMDDHHMMSSZ 或 YYYYMMDDHHMMSSZ,时间以Zç»“å°¾ï¼šè¡¨ç¤ºæ ‡å‡†æ—¶é—´ï¼‰ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let notAfter = x509Cert.getNotAfterTime();
}
});
```
### getSignature
getSignature() : DataBlob
表示获å–X509è¯ä¹¦ç¾åæ•°æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | -------------------- |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦ç¾åæ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let signature = x509Cert.getSignature();
}
});
```
### getSignatureAlgName
getSignatureAlgName() : string
表示获å–X509è¯ä¹¦ç¾å算法å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------ |
| string | 表示X509è¯ä¹¦ç¾å算法å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let sigAlgName = x509Cert.getSignatureAlgName();
}
});
```
### getSignatureAlgOid
getSignatureAlgOid() : string
表示获å–X509è¯ä¹¦ç¾åç®—æ³•çš„å¯¹è±¡æ ‡å¿—ç¬¦OID(Object Identifier)。OIDæ˜¯ç”±å›½é™…æ ‡å‡†ç»„ç»‡(ISO)çš„å称注册机构分é…。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | --------------------------------- |
| string | 表示X509è¯ä¹¦ç¾åç®—æ³•å¯¹è±¡æ ‡å¿—ç¬¦OID |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let sigAlgOid = x509Cert.getSignatureAlgOid();
}
});
```
### getSignatureAlgParams
getSignatureAlgParams() : DataBlob
表示获å–X509è¯ä¹¦ç¾å算法å‚数。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ------------------------ |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦ç¾å算法å‚æ•° |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let sigAlgParams = x509Cert.getSignatureAlgParams();
}
});
```
### getKeyUsage
getKeyUsage() : DataBlob
表示获å–X509è¯ä¹¦ç§˜é’¥ç”¨é€”。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | -------------------- |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦ç§˜é’¥ç”¨é€” |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let keyUsage = x509Cert.getKeyUsage();
}
});
```
### getExtKeyUsage
getExtKeyUsage() : DataArray
表示获å–X509è¯ä¹¦æ‰©å±•ç§˜é’¥ç”¨é€”。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ----------------------- | ------------------------ |
| [DataArray](#dataarray) | 表示X509è¯ä¹¦æ‰©å±•ç§˜é’¥ç”¨é€” |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let extKeyUsage = x509Cert.getExtKeyUsage();
}
});
```
### getBasicConstraints
getBasicConstraints() : number
表示获å–X509è¯ä¹¦åŸºæœ¬çº¦æŸã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | -------------------- |
| number | 表示X509è¯ä¹¦åŸºæœ¬çº¦æŸ |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let basicConstraints = x509Cert.getBasicConstraints();
}
});
```
### getSubjectAltNames
getSubjectAltNames() : DataArray
表示获å–X509è¯ä¹¦ä¸»ä½“å¯é€‰å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ----------------------- | ------------------------ |
| [DataArray](#dataarray) | 表示X509è¯ä¹¦ä¸»ä½“å¯é€‰å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let subjectAltNames = x509Cert.getSubjectAltNames();
}
});
```
### getIssuerAltNames
getIssuerAltNames() : DataArray
表示获å–X509è¯ä¹¦é¢å‘者å¯é€‰å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ----------------------- | -------------------------- |
| [DataArray](#dataarray) | 表示X509è¯ä¹¦é¢å‘者å¯é€‰å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error.|
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Cert(encodingBlob, function (error, x509Cert) {
if (error != null) {
console.log("createX509Cert failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Cert success");
let issuerAltNames = x509Cert.getIssuerAltNames();
}
});
```
## cryptoCert.createX509Crl
createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void
表示创建X509è¯ä¹¦åŠé”€åˆ—表的对象。
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ----------------------------- | ---- | ------------------------------ |
| inStream | [EncodingBlob](#encodingblob) | 是 | 表示è¯ä¹¦åŠé”€åˆ—表åºåˆ—åŒ–æ•°æ® |
| callback | AsyncCallback\<X509Crl> | 是 | 回调函数。表示è¯ä¹¦åŠé”€åˆ—表对象 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------- |
| 19020001 | memory error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
}
});
```
## cryptoCert.createX509Crl
createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl>
表示创建X509è¯ä¹¦åŠé”€åˆ—表的对象。
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ----------------------------- | ---- | -------------------------- |
| inStream | [EncodingBlob](#encodingblob) | 是 | 表示è¯ä¹¦åŠé”€åˆ—表åºåˆ—åŒ–æ•°æ® |
**返回值**:
| 类型 | 说明 |
| ----------------- | -------------------- |
| Promise\<X509Crl> | 表示è¯ä¹¦åŠé”€åˆ—表对象 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------- |
| 19020001 | memory error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
console.log("createX509Crl success");
}, error => {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
## X509Crl
X509è¯ä¹¦åŠé”€åˆ—表对象。
### isRevoked
isRevoked(cert : X509Cert) : boolean
表示检查è¯ä¹¦æ˜¯å¦åŠé”€ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| ------ | -------- | ---- | -------------------- |
| cert | X509Cert | 是 | 表示被检查的è¯ä¹¦å¯¹è±¡ |
**返回值**:
| 类型 | 说明 |
| --------- | --------------------------------------------- |
| boolean | 表示è¯ä¹¦åŠé”€çŠ¶æ€ï¼Œtrue表示已åŠé”€ï¼Œfalse表示未åŠé”€ |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
// 业务需自行生æˆX509Certè¯ä¹¦å¯¹è±¡
let x509Cert = null;
try {
let revokedFlag = x509Crl.isRevoked(x509Cert);
} catch (error) {
console.log("isRevoked failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### getType
getType() : string
表示获å–è¯ä¹¦åŠé”€åˆ—表类型。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | -------------------- |
| string | 表示è¯ä¹¦åŠé”€åˆ—表类型 |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let type = x509Crl.getType();
}
});
```
### getEncoded
getEncoded(callback : AsyncCallback\<EncodingBlob>) : void
表示获å–X509è¯ä¹¦åŠé”€åˆ—表的åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ---------------------------- | ---- | ------------------------------------------ |
| callback | AsyncCallback\<EncodingBlob> | 是 | 回调函数,表示X509è¯ä¹¦åŠé”€åˆ—表的åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
x509Crl.getEncoded(function (error, data) {
if (error != null) {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("getEncoded success");
}
});
}
});
```
### getEncoded
getEncoded() : Promise\<EncodingBlob>
表示获å–X509è¯ä¹¦åŠé”€åˆ—表的åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ---------------------- | -------------------------------- |
| Promise\<EncodingBlob> | 表示X509è¯ä¹¦åŠé”€åˆ—表的åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
console.log("createX509Crl success");
x509Crl.getEncoded().then(result => {
console.log("getEncoded success");
}, error => {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### verify
verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void
表示对X509è¯ä¹¦åŠé”€åˆ—表进行验ç¾ã€‚验ç¾æ”¯æŒRSA算法。
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | -------------------- | ---- | ------------------------------------------------------------ |
| key | cryptoFramework.PubKey | 是 | 表示用于验ç¾çš„公钥对象 |
| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个errorå‚数判æ–是å¦éªŒç¾æˆåŠŸï¼Œerror为null表示æˆåŠŸï¼Œerrorä¸ä¸ºnull表示失败。 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
import cryptoFramework from "@ohos.security.cryptoFramework"
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
// 业务需通过AsyKeyGenerator生æˆPubKey
let pubKey = null;
x509Crl.verify(pubKey, function (error, data) {
if (error != null) {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("verify success");
}
});
}
});
```
### verify
verify(key : cryptoFramework.PubKey) : Promise\<void>
表示对X509è¯ä¹¦åŠé”€åˆ—表进行验ç¾ã€‚验ç¾æ”¯æŒRSA算法。
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| ------ | ------ | ---- | ---------------------- |
| key | cryptoFramework.PubKey | 是 | 表示用于验ç¾çš„公钥对象。 |
**返回值**:
| 类型 | 说明 |
| ---- | ------------------------------------------------------------ |
| Promise\<void> | Promise对象 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
import cryptoFramework from "@ohos.security.cryptoFramework"
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
console.log("createX509Crl success");
// 业务需通过AsyKeyGenerator生æˆPubKey
let pubKey = null;
x509Crl.verify(pubKey).then(result => {
console.log("verify success");
}, error => {
console.log("verify failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### getVersion
getVersion() : number
表示获å–X509è¯ä¹¦åŠé”€åˆ—表的版本å·ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | -------------------------------- |
| number | 表示获å–X509è¯ä¹¦åŠé”€åˆ—è¡¨çš„ç‰ˆæœ¬å· |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let version = x509Crl.getVersion();
}
});
```
### getIssuerName
getIssuerName() : DataBlob
表示获å–X509è¯ä¹¦åŠé”€åˆ—表é¢å‘者å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ------------------------------ |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦åŠé”€åˆ—表é¢å‘者å称 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let issuerName = x509Crl.getIssuerName();
}
});
```
### getLastUpdate
getLastUpdate() : string
表示获å–X509è¯ä¹¦åŠé”€åˆ—表最åŽä¸€æ¬¡æ›´æ–°æ—¥æœŸã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------------------ |
| string | 表示X509è¯ä¹¦åŠé”€åˆ—表最åŽä¸€æ¬¡æ›´æ–°æ—¥æœŸ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let lastUpdate = x509Crl.getLastUpdate();
}
});
```
### getNextUpdate
getNextUpdate() : string
表示获å–è¯ä¹¦åŠé”€åˆ—表下一次更新的日期。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------------------ |
| string | 表示X509è¯ä¹¦åŠé”€åˆ—表下一次更新的日期 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let nextUpdate = x509Crl.getNextUpdate();
}
});
```
### getRevokedCert
getRevokedCert(serialNumber : number) : X509CrlEntry
表示通过指定è¯ä¹¦åºåˆ—å·èŽ·å–被åŠé”€X509è¯ä¹¦å¯¹è±¡ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| ------------ | ------ | ---- | -------------- |
| serialNumber | number | 是 | 表示è¯ä¹¦åºåˆ—å· |
**返回值**:
| 类型 | 说明 |
| ---------------------- | --------------------- |
| X509CrlEntry | 表示被åŠé”€X509è¯ä¹¦å¯¹è±¡ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
// 业务需赋值为对应è¯ä¹¦çš„åºåˆ—å·
let serialNumber = 1000;
try {
let entry = x509Crl.getRevokedCert(serialNumber);
} catch (error) {
console.log("getRevokedCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### getRevokedCertWithCert
getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry
表示通过指定è¯ä¹¦å¯¹è±¡èŽ·å–被åŠé”€X509è¯ä¹¦å¯¹è±¡ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| ------ | -------- | ---- | ------------ |
| cert | X509Cert | 是 | 表示è¯ä¹¦å¯¹è±¡ |
**返回值**:
| 类型 | 说明 |
| ------------ | -------------------- |
| X509CrlEntry | 表示被åŠé”€X509è¯ä¹¦å¯¹è±¡ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
// 业务需自行生æˆX509Certè¯ä¹¦å¯¹è±¡
let x509Cert = null;
try {
let entry = x509Crl.getRevokedCertWithCert(x509Cert);
} catch (error) {
console.log("getRevokedCertWithCert failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### getRevokedCerts
getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void
表示获å–被åŠé”€X509è¯ä¹¦åˆ—表。
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | ----------------------------------- | ---- | -------------------------------- |
| callback | AsyncCallback<Array\<X509CrlEntry>> | 是 | 回调函数。表示被åŠé”€X509è¯ä¹¦åˆ—表 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
x509Crl.getRevokedCerts(function (error, array) {
if (error != null) {
console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("getRevokedCerts success");
}
});
}
});
```
### getRevokedCerts
getRevokedCerts() : Promise<Array\<X509CrlEntry>>
表示获å–被åŠé”€X509è¯ä¹¦åˆ—表。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ----------------------------- | ---------------------- |
| Promise<Array\<X509CrlEntry>> | 表示被åŠé”€X509è¯ä¹¦åˆ—表 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob).then(x509Crl => {
console.log("createX509Crl success");
x509Crl.getRevokedCerts().then(array => {
console.log("getRevokedCerts success");
}, error => {
console.log("getRevokedCerts failed, errCode: " + error.code + ", errMsg: " + error.message);
});
}, error => {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### getTbsInfo
getTbsInfo() : DataBlob
表示获å–è¯ä¹¦åŠé”€åˆ—表的tbsCertListä¿¡æ¯ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ------------------------------- |
| [DataBlob](#datablob) | 表示è¯ä¹¦åŠé”€åˆ—表的tbsCertListä¿¡æ¯ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
try {
let tbsInfo = x509Crl.getTbsInfo();
} catch (error) {
console.log("getTbsInfo failed, errCode: " + error.code + ", errMsg: " + error.message);
}
}
});
```
### getSignature
getSignature() : DataBlob
表示获å–X509è¯ä¹¦åŠé”€åˆ—表的ç¾åæ•°æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ------------------------------ |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦åŠé”€åˆ—表的ç¾åæ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let signature = x509Crl.getSignature();
}
});
```
### getSignatureAlgName
getSignatureAlgName() : string
表示获å–X509è¯ä¹¦åŠé”€åˆ—表ç¾å的算法å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | -------------------------------- |
| string | 表示X509è¯ä¹¦åŠé”€åˆ—表ç¾å的算法å |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let sigAlgName = x509Crl.getSignatureAlgName();
}
});
```
### getSignatureAlgOid
getSignatureAlgOid() : string
表示获å–X509è¯ä¹¦åŠé”€åˆ—表ç¾åç®—æ³•çš„å¯¹è±¡æ ‡å¿—ç¬¦OID(Object Identifier)。OIDæ˜¯ç”±å›½é™…æ ‡å‡†ç»„ç»‡(ISO)çš„å称注册机构分é…。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | --------------------------------------------- |
| string | 表示X509è¯ä¹¦åŠé”€åˆ—表ç¾åç®—æ³•çš„å¯¹è±¡æ ‡å¿—ç¬¦OID。 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let sigAlgOid = x509Crl.getSignatureAlgOid();
}
});
```
### getSignatureAlgParams
getSignatureAlgParams() : DataBlob
表示获å–X509è¯ä¹¦åŠé”€åˆ—表ç¾å的算法å‚数。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ---------------------------------- |
| [DataBlob](#datablob) | 表示X509è¯ä¹¦åŠé”€åˆ—表ç¾å的算法å‚æ•° |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// è¯ä¹¦åŠé”€åˆ—表二进制数æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
let encodingBlob = {
data: encodingData,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
cryptoCert.createX509Crl(encodingBlob, function (error, x509Crl) {
if (error != null) {
console.log("createX509Crl failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("createX509Crl success");
let sigAlgParams = x509Crl.getSignatureAlgParams();
}
});
```
## cryptoCert.createCertChainValidator
createCertChainValidator(algorithm :string) : CertChainValidator
表示创建è¯ä¹¦é“¾æ ¡éªŒå™¨å¯¹è±¡ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| --------- | ------ | ---- | ------------------------------------------ |
| algorithm | string | 是 | 表示è¯ä¹¦é“¾æ ¡éªŒå™¨ç®—法。当å‰ä»…支æŒè¾“入“PKIX†|
**返回值**:
| 类型 | 说明 |
| ------------------ | -------------------- |
| CertChainValidator | 表示è¯ä¹¦é“¾æ ¡éªŒå™¨å¯¹è±¡ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
let validator = cryptoCert.createCertChainValidator("PKIX");
```
## CertChainValidator
è¯ä¹¦é“¾æ ¡éªŒå™¨å¯¹è±¡ã€‚
### 属性
**系统能力:** SystemCapability.Security.Cert
| å称 | 类型 | å¯è¯» | å¯å†™ | 说明 |
| ------- | ------ | ---- | ---- | -------------------------- |
| algorithm | string | 是 | å¦ | X509è¯ä¹¦é“¾æ ¡éªŒå™¨ç®—法å称。 |
### validate
validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void
è¡¨ç¤ºæ ¡éªŒX509è¯ä¹¦é“¾ã€‚
由于端侧系统时间ä¸å¯ä¿¡ï¼Œè¯ä¹¦é“¾æ ¡éªŒä¸åŒ…å«å¯¹è¯ä¹¦æœ‰æ•ˆæ—¶é—´çš„æ ¡éªŒã€‚å¦‚æžœéœ€è¦æ£€æŸ¥è¯ä¹¦çš„时间有效性,å¯ä½¿ç”¨X509è¯ä¹¦çš„[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详è§[è¯ä¹¦è§„æ ¼](../../security/cert-overview.md#è¯ä¹¦è§„æ ¼)
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| --------- | ------------------------------- | ---- | ------------------------------------------------------------ |
| certChain | [CertChainData](#certchaindata) | 是 | 表示X509è¯ä¹¦é“¾åºåˆ—åŒ–æ•°æ® |
| callback | AsyncCallback\<void> | 是 | 回调函数。使用AsyncCallback的第一个errorå‚数判æ–是å¦æ ¡éªŒæˆåŠŸï¼Œerror为null表示æˆåŠŸï¼Œerrorä¸ä¸ºnull表示失败 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
| 19030002 | the certificate signature verification failed. |
| 19030003 | the certificate has not taken effect. |
| 19030004 | the certificate has expired. |
| 19030005 | failed to obtain the certificate issuer. |
| 19030006 | the key cannot be used for signing a certificate. |
| 19030007 | the key cannot be used for digital signature. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
let validator = cryptoCert.createCertChainValidator("PKIX");
// è¯ä¹¦é“¾äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
// è¯ä¹¦é“¾åŒ…å«çš„è¯ä¹¦ä¸ªæ•°ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let certCount = 2;
let certChainData = {
data: encodingData,
count: certCount,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
validator.validate(certChainData, function (error, data) {
if (error != null) {
console.log("validate failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("validate success");
}
});
```
### validate
validate(certChain : CertChainData) : Promise\<void>
è¡¨ç¤ºæ ¡éªŒX509è¯ä¹¦é“¾ã€‚
由于端侧系统时间ä¸å¯ä¿¡ï¼Œè¯ä¹¦é“¾æ ¡éªŒä¸åŒ…å«å¯¹è¯ä¹¦æœ‰æ•ˆæ—¶é—´çš„æ ¡éªŒã€‚å¦‚æžœéœ€è¦æ£€æŸ¥è¯ä¹¦çš„时间有效性,å¯ä½¿ç”¨X509è¯ä¹¦çš„[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详è§[è¯ä¹¦è§„æ ¼](../../security/cert-overview.md#è¯ä¹¦è§„æ ¼)
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| --------- | ------------------------------- | ---- | -------------------------- |
| certChain | [CertChainData](#certchaindata) | 是 | 表示X509è¯ä¹¦é“¾åºåˆ—化数æ®ã€‚ |
**返回值**:
| 类型 | 说明 |
| -------------- | ----------- |
| Promise\<void> | Promise对象 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ------------------------------------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
| 19030002 | the certificate signature verification failed. |
| 19030003 | the certificate has not taken effect. |
| 19030004 | the certificate has expired. |
| 19030005 | failed to obtain the certificate issuer. |
| 19030006 | the key cannot be used for signing a certificate. |
| 19030007 | the key cannot be used for digital signature. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
let validator = cryptoCert.createCertChainValidator("PKIX");
// è¯ä¹¦é“¾äºŒè¿›åˆ¶æ•°æ®ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let encodingData = null;
// è¯ä¹¦é“¾åŒ…å«çš„è¯ä¹¦ä¸ªæ•°ï¼Œéœ€ä¸šåŠ¡è‡ªè¡Œèµ‹å€¼
let certCount = 2;
let certChainData = {
data: encodingData,
count: certCount,
// æ ¹æ®encodingDataçš„æ ¼å¼è¿›è¡Œèµ‹å€¼ï¼Œæ”¯æŒFORMAT_PEMå’ŒFORMAT_DER
encodingFormat: cryptoCert.EncodingFormat.FORMAT_PEM
};
validator.validate(certChainData).then(result => {
console.log("validate success");
}, error => {
console.log("validate failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### algorithm
algorithm : string
表示X509è¯ä¹¦é“¾æ ¡éªŒå™¨ç®—法å称。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------------ |
| string | 表示è¯ä¹¦é“¾æ ¡éªŒå™¨ç®—法å称 |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
let validator = cryptoCert.createCertChainValidator("PKIX");
let algorithm = validator.algorithm;
```
## X509CrlEntry
被åŠé”€è¯ä¹¦å¯¹è±¡ã€‚
### getEncoded
getEncoded(callback : AsyncCallback\<EncodingBlob>) : void
表示获å–被åŠé”€è¯ä¹¦çš„åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**å‚æ•°**:
| å‚æ•°å | 类型 | å¿…å¡« | 说明 |
| -------- | --------------------------------------------- | ---- | ------------------------------------ |
| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数。表示被åŠé”€è¯ä¹¦çš„åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// 业务需通过X509Crlçš„getRevokedCert相关方法获å–X509CrlEntry
let x509CrlEntry = null;
x509CrlEntry.getEncoded(function (error, data) {
if (error != null) {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
} else {
console.log("getEncoded success");
}
});
```
### getEncoded
getEncoded() : Promise\<EncodingBlob>
表示获å–被åŠé”€è¯ä¹¦çš„åºåˆ—化数æ®ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------------------------- | -------------------------- |
| Promise\<[EncodingBlob](#encodingblob)> | 表示被åŠé”€è¯ä¹¦çš„åºåˆ—åŒ–æ•°æ® |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// 业务需通过X509Crlçš„getRevokedCert相关方法获å–X509CrlEntry
let x509CrlEntry = null;
x509CrlEntry.getEncoded().then(result => {
console.log("getEncoded success");
}, error => {
console.log("getEncoded failed, errCode: " + error.code + ", errMsg: " + error.message);
});
```
### getSerialNumber
getSerialNumber() : number
表示获å–被åŠé”€è¯ä¹¦çš„åºåˆ—å·ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ---------------------- |
| number | 表示被åŠé”€è¯ä¹¦çš„åºåˆ—å· |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// 业务需通过X509Crlçš„getRevokedCert相关方法获å–X509CrlEntry
let x509CrlEntry = null;
let serialNumber = x509CrlEntry.getSerialNumber();
```
### getCertIssuer
getCertIssuer() : DataBlob
表示获å–被åŠé”€è¯ä¹¦çš„é¢å‘者信æ¯ã€‚
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| --------------------- | ----------------------- |
| [DataBlob](#datablob) | 表示被åŠé”€è¯ä¹¦çš„é¢å‘è€…ä¿¡æ¯ |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | -------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// 业务需通过X509Crlçš„getRevokedCert相关方法获å–X509CrlEntry
let x509CrlEntry = null;
try {
let issuer = x509CrlEntry.getCertIssuer();
} catch (error) {
console.log("getCertIssuer failed, errCode: " + error.code + ", errMsg: " + error.message);
}
```
### getRevocationDate
getRevocationDate() : string
表示获å–è¯ä¹¦è¢«åŠé”€çš„日期。
**系统能力:** SystemCapability.Security.Cert
**返回值**:
| 类型 | 说明 |
| ------ | ------------------ |
| string | 表示è¯ä¹¦è¢«åŠé”€çš„日期 |
**错误ç :**
| 错误ç ID | é”™è¯¯ä¿¡æ¯ |
| -------- | ----------------------- |
| 19020001 | memory error. |
| 19020002 | runtime error. |
| 19030001 | crypto operation error. |
**示例:**
```js
import cryptoCert from '@ohos.security.cert';
// 业务需通过X509Crlçš„getRevokedCert相关方法获å–X509CrlEntry
let x509CrlEntry = null;
try {
let date = x509CrlEntry.getRevocationDate();
} catch (error) {
console.log("getRevocationDate failed, errCode: " + error.code + ", errMsg: " + error.message);
}
```