1# @ohos.security.cert (Certificate) 2 3The certificate algorithm library framework provides certificate-related APIs. For details about the APIs for implementing the basic algorithm capabilities based on the cryptographic (crypto) framework, see [Crypto Framework](js-apis-cryptoFramework.md). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import certFramework from '@ohos.security.cert'; 13import cryptoFramework from '@ohos.security.cryptoFramework'; 14``` 15 16## CertResult 17 18 Enumerates the error codes. 19 20 **System capability**: SystemCapability.Security.Cert 21 22| Name | Value | Description | 23| --------------------------------------| -------- | -----------------------------| 24| INVALID_PARAMS | 401 | Invalid parameters. | 25| NOT_SUPPORT | 801 | This operation is not supported. | 26| ERR_OUT_OF_MEMORY | 19020001 | Memory error. | 27| ERR_RUNTIME_ERROR | 19020002 | Runtime error. | 28| ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error. | 29| ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed. | 30| ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect. | 31| ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired. | 32| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer. | 33| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate. | 34| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature. | 35 36## DataBlob 37Defines a binary data array. 38 **System capability**: SystemCapability.Security.Cert 39| Name | Type | Readable| Writable| Description | 40| -------------- | -------------- | ---- | ---- | ----------------| 41| data | Uint8Array | Yes | Yes | Data. | 42 43## DataArray 44 45Defines a list of data arrays. 46 **System capability**: SystemCapability.Security.Cert 47| Name | Type | Readable| Writable| Description | 48| -------------- | -------------- | ---- | ---- | ----------------| 49| data | Uint8Array | Yes | Yes | Data list. | 50 51## EncodingFormat 52 53 Enumerates the certificate encoding formats. 54 55 **System capability**: SystemCapability.Security.Cert 56 57| Name | Value| Description | 58| ---------- | ------ | --------- | 59| FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| 60| FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| 61| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS7 format.| 62 63## CertItemType<sup>10+</sup> 64 65 Enumerates the certificate fields that can be obtained. 66 67 **System capability**: SystemCapability.Security.Cert 68 69| Name | Value | Description | 70| -------------------------------- | ---- | ------------------------------ | 71| CERT_ITEM_TYPE_TBS | 0 | Information to be signed. | 72| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | Public key of the certificate. | 73| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | Unique ID of the certificate issuer.| 74| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | Unique ID of the certificate subject. | 75| CERT_ITEM_TYPE_EXTENSIONS | 4 | Certificate extensions, each of which is identified by a unique object identifier (OID). | 76 77## ExtensionOidType<sup>10+</sup> 78 79 Enumerates the OID types of the certificate extensions that can be obtained. 80 81 **System capability**: SystemCapability.Security.Cert 82 83| Name | Value | Description | 84| ----------------------------- | ---- | --------------------------------------------- | 85| EXTENSION_OID_TYPE_ALL | 0 | All object identifiers. | 86| EXTENSION_OID_TYPE_CRITICAL | 1 | Object identifier whose **critical** is **true**. | 87| EXTENSION_OID_TYPE_UNCRITICAL | 2 | Object identifier whose **critical** is **false**.| 88 89## ExtensionEntryType<sup>10+</sup> 90 91 Enumerates the object types in certificate extensions that can be obtained. 92 93 **System capability**: SystemCapability.Security.Cert 94 95| Name | Value | Description | 96| ----------------------------------- | ---- | ---------------------------- | 97| EXTENSION_ENTRY_TYPE_ENTRY | 0 | Entire object. | 98| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | Critical attribute of the object.| 99| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | Data of the object. | 100 101## EncodingBlob 102 103Defines a certificate binary array in encoding format. 104 105### Attributes 106 107**System capability**: SystemCapability.Security.Cert 108 109| Name | Type | Readable| Writable| Description | 110| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 111| data | Uint8Array | Yes | Yes | Certificate data.| 112| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 113 114 115## CertChainData 116 117Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. 118 119### Attributes 120 121**System capability**: SystemCapability.Security.Cert 122 123| Name | Type | Readable| Writable| Description | 124| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 125| data | Uint8Array | Yes | Yes | Certificate data, in the *length* (2 bytes) + *data* format. For example, **08ABCDEFGH07ABCDEFG**. The first two bytes indicate the length of the first certificate is eight bytes, and the following eight bytes indicate the certificate data. Then, the next two bytes indicate the length of another certificate is seven bytes, and the seven bytes followed indicate the certificate data.| 126| count | number | Yes | Yes | Number of certificates contained in the input data. | 127| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 128 129## X509CertMatchParameters<sup>11+</sup> 130 131Defines the parameters used to match a certificate. If no parameter is specified, all certificates are matched. 132 133**System capability**: SystemCapability.Security.Cert 134 135| Name | Type | Mandatory| Description | 136| -------------- | --------------------------------- | ---- | ------------------ | 137| x509Cert | [X509Cert](#x509cert) | No| Certificate object. | 138| validDate | string | No | Certificate validity period. | 139| issuer | Uint8Array | No | Certificate issuer, in DER format.| 140| keyUsage | Array\<boolean> | No | Key usage.| 141| serialNumber | bigint | No | Serial number of the certificate. | 142| subject | Uint8Array | No | Certificate subject, in DER format.| 143| publicKey | [DataBlob](#datablob) | No | Public key of the certificate, in DER format.| 144| publicKeyAlgID | string | No | Algorithm of the certificate public key.| 145 146## X509CRLMatchParameters<sup>11+</sup> 147 148Defines the parameters used to match a CRL. If no parameter is specified, all CRLs are matched. 149 150 151**System capability**: SystemCapability.Security.Cert 152 153| Name | Type | Mandatory| Description | 154| -------------- | --------------------------------- | ---- | ------------------ | 155| issuer | Array\<Uint8Array> | No | Issuers of the certificates. At least one issuer must be matched.| 156| x509Cert | [X509Cert](#x509cert) | No | Certificate object used to determine whether the certificate is in the CRL.| 157 158## X509TrustAnchor<sup>11+</sup> 159 160Represents an X.509 trust anchor, which is used to verify the certificate chain. The certificate or public key in the trust anchor is used as the trusted root to verify the certificate chain. 161 162**System capability**: SystemCapability.Security.Cert 163 164| Name | Type | Readable| Writable| Description | 165| --------- | --------------------- | ---- | ---- | --------------------------- | 166| CACert | [X509Cert](#x509cert) | Yes | Yes | Trusted CA certificate. | 167| CAPubKey | Uint8Array | Yes | Yes | Public key of the trusted CA certificate, in DER format.| 168| CASubject | Uint8Array | Yes | Yes | Subject of the trusted CA certificate, in DER format.| 169 170## CertChainValidationParameters<sup>11+</sup> 171 172Defines the parameters for certificate chain validation. 173 174**System capability**: SystemCapability.Security.Cert 175 176| Name | Type | Mandatory| Description | 177| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 178| date | string | No | Validity period of the certificate to validate. | 179| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | Yes | List of trusted anchors. | 180| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | No | Check whether the certificate is in a CRL.| 181 182## CertChainValidationResult<sup>11+</sup> 183 184Represents the return value of certificate chain validation. 185 186**System capability**: SystemCapability.Security.Cert 187 188| Name | Type | Readable| Writable| Description | 189| ----------- | ------------------------------------- | ---- | ---- | -------------- | 190| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | Yes | No | Trust anchor. | 191| entityCert | [X509Cert](#x509cert) | Yes | No | Entity certificate.| 192 193## cryptoCert.createX509Cert 194 195createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 196 197Creates an **X509Cert** instance. This API uses an asynchronous callback to return the result. 198 199**System capability**: SystemCapability.Security.Cert 200 201**Parameters** 202 203| Name | Type | Mandatory| Description | 204| -------- | ------------------------------------- | ---- | -------------------------- | 205| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 206| callback | AsyncCallback\<[X509Cert](#x509cert)> | Yes | Callback invoked to return the **X509Cert** instance created.| 207 208**Error codes** 209 210For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 211 212| ID| Error Message | 213| -------- | ------------- | 214| 19020001 | memory error. | 215 216**Example** 217 218```ts 219import certFramework from '@ohos.security.cert'; 220 221// Convert the string into a Uint8Array. 222function stringToUint8Array(str: string): Uint8Array { 223 let arr: Array<number> = []; 224 for (let i = 0, j = str.length; i < j; i++) { 225 arr.push(str.charCodeAt(i)); 226 } 227 return new Uint8Array(arr); 228} 229 230// Certificate binary data, which must be set based on the service. 231let certData = '-----BEGIN CERTIFICATE-----\n' + 232 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 233 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 234 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 235 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 236 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 237 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 238 'Qw==\n' + 239 '-----END CERTIFICATE-----\n'; 240 241let encodingBlob: certFramework.EncodingBlob = { 242 data: stringToUint8Array(certData), 243 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 244 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 245}; 246 247certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 248 if (error != null) { 249 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 250 } else { 251 console.log('createX509Cert success'); 252 } 253}); 254``` 255 256## cryptoCert.createX509Cert 257 258createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 259 260Creates an **X509Cert** instance. This API uses a promise to return the result. 261 262**System capability**: SystemCapability.Security.Cert 263 264**Parameters** 265 266| Name | Type | Mandatory| Description | 267| -------- | ----------------------------- | ---- | ------------------ | 268| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 269 270**Return value** 271 272| Type | Description | 273| ------- | ---------------- | 274| Promise\<[X509Cert](#x509cert)> | **X509Cert** instance created.| 275 276**Error codes** 277 278For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 279 280| ID| Error Message | 281| -------- | ------------- | 282| 19020001 | memory error. | 283 284**Example** 285 286```ts 287import certFramework from '@ohos.security.cert'; 288import { BusinessError } from '@ohos.base'; 289 290// Convert the string into a Uint8Array. 291function stringToUint8Array(str: string): Uint8Array { 292 let arr: Array<number> = []; 293 for (let i = 0, j = str.length; i < j; i++) { 294 arr.push(str.charCodeAt(i)); 295 } 296 return new Uint8Array(arr); 297} 298 299// Certificate binary data, which must be set based on the service. 300let certData = '-----BEGIN CERTIFICATE-----\n' + 301 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 302 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 303 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 304 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 305 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 306 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 307 'Qw==\n' + 308 '-----END CERTIFICATE-----\n'; 309 310let encodingBlob: certFramework.EncodingBlob = { 311 data: stringToUint8Array(certData), 312 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 313 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 314}; 315 316certFramework.createX509Cert(encodingBlob).then(x509Cert => { 317 console.log('createX509Cert success'); 318}).catch((error: BusinessError) => { 319 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 320}); 321``` 322 323## X509Cert 324 325Provides APIs for X.509 certificate operations. 326 327### verify 328 329verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 330 331Verifies the signature of an X.509 certificate. This API uses an asynchronous callback to return the result. 332 333**System capability**: SystemCapability.Security.Cert 334 335**Parameters** 336 337| Name | Type | Mandatory| Description | 338| -------- | --------------------- | ---- | ------------------------------------------------------------ | 339| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 340| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 341 342**Error codes** 343 344For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 345 346| ID| Error Message | 347| -------- | ------------------ | 348| 19030001 | crypto operation error. | 349 350**Example** 351 352```ts 353import certFramework from '@ohos.security.cert'; 354import { BusinessError } from '@ohos.base'; 355 356// Convert the string into a Uint8Array. 357function stringToUint8Array(str: string): Uint8Array { 358 let arr: Array<number> = []; 359 for (let i = 0, j = str.length; i < j; i++) { 360 arr.push(str.charCodeAt(i)); 361 } 362 return new Uint8Array(arr); 363} 364 365// Certificate binary data, which must be set based on the service. 366let certData = '-----BEGIN CERTIFICATE-----\n' + 367 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 368 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 369 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 370 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 371 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 372 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 373 'Qw==\n' + 374 '-----END CERTIFICATE-----\n'; 375 376let encodingBlob: certFramework.EncodingBlob = { 377 data: stringToUint8Array(certData), 378 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 379 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 380}; 381 382certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 383 if (error != null) { 384 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 385 } else { 386 console.log('createX509Cert success'); 387 388 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 389 try { 390 let pubKey = x509Cert.getPublicKey(); 391 392 // Verify the certificate signature. 393 x509Cert.verify(pubKey, (err, data) => { 394 if (err == null) { 395 console.log('verify success'); 396 } else { 397 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 398 } 399 }); 400 } catch (error) { 401 let e: BusinessError = error as BusinessError; 402 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 403 } 404 } 405}); 406``` 407 408### verify 409 410verify(key : cryptoFramework.PubKey) : Promise\<void> 411 412Verifies the signature of an X.509 certificate. This API uses a promise to return the result. 413 414**System capability**: SystemCapability.Security.Cert 415 416**Parameters** 417 418| Name| Type | Mandatory| Description | 419| ------ | ------ | ---- | ------------------ | 420| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 421 422**Return value** 423 424| Type | Description | 425| -------------- | ----------- | 426| Promise\<void> | Promise used to return the result.| 427 428**Error codes** 429 430For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 431 432| ID| Error Message | 433| -------- | ------------------ | 434| 19030001 | crypto operation error. | 435 436**Example** 437 438```ts 439import certFramework from '@ohos.security.cert'; 440import { BusinessError } from '@ohos.base'; 441 442// Convert the string into a Uint8Array. 443function stringToUint8Array(str: string): Uint8Array { 444 let arr: Array<number> = []; 445 for (let i = 0, j = str.length; i < j; i++) { 446 arr.push(str.charCodeAt(i)); 447 } 448 return new Uint8Array(arr); 449} 450 451// Certificate binary data, which must be set based on the service. 452let certData = '-----BEGIN CERTIFICATE-----\n' + 453 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 454 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 455 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 456 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 457 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 458 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 459 'Qw==\n' + 460 '-----END CERTIFICATE-----\n'; 461 462let encodingBlob: certFramework.EncodingBlob = { 463 data: stringToUint8Array(certData), 464 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 465 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 466}; 467 468certFramework.createX509Cert(encodingBlob).then(x509Cert => { 469 console.log('createX509Cert success'); 470 471 try { 472 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 473 let pubKey = x509Cert.getPublicKey(); 474 x509Cert.verify(pubKey).then(result => { 475 console.log('verify success'); 476 }).catch((error: BusinessError) => { 477 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 478 }); 479 } catch (err) { 480 console.error('get public key failed'); 481 } 482}).catch((error: BusinessError) => { 483 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 484}); 485``` 486 487### getEncoded 488 489getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 490 491Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. 492 493**System capability**: SystemCapability.Security.Cert 494 495**Parameters** 496 497| Name | Type | Mandatory| Description | 498| -------- | --------------------------------------------- | ---- | -------------------------------- | 499| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized X.509 certificate data obtained. | 500 501**Error codes** 502 503For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 504 505| ID| Error Message | 506| -------- | ------------------------------------------------- | 507| 19020001 | memory error. | 508| 19020002 | runtime error. | 509| 19030001 | crypto operation error.| 510 511**Example** 512 513```ts 514import certFramework from '@ohos.security.cert'; 515 516// Convert the string into a Uint8Array. 517function stringToUint8Array(str: string): Uint8Array { 518 let arr: Array<number> = []; 519 for (let i = 0, j = str.length; i < j; i++) { 520 arr.push(str.charCodeAt(i)); 521 } 522 return new Uint8Array(arr); 523} 524 525// Certificate binary data, which must be set based on the service. 526let certData = '-----BEGIN CERTIFICATE-----\n' + 527 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 528 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 529 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 530 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 531 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 532 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 533 'Qw==\n' + 534 '-----END CERTIFICATE-----\n'; 535 536let encodingBlob: certFramework.EncodingBlob = { 537 data: stringToUint8Array(certData), 538 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 539 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 540}; 541 542certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 543 if (error != null) { 544 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 545 } else { 546 console.log('createX509Cert success'); 547 x509Cert.getEncoded((error, data) => { 548 if (error != null) { 549 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 550 } else { 551 console.log('getEncoded success'); 552 } 553 }); 554 } 555}); 556``` 557 558### getEncoded 559 560getEncoded() : Promise\<EncodingBlob> 561 562Obtains the serialized X.509 certificate data. This API uses a promise to return the result. 563 564**System capability**: SystemCapability.Security.Cert 565 566**Return value** 567 568| Type | Description | 569| --------------------------------------- | ---------------------- | 570| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 certificate data obtained.| 571 572**Error codes** 573 574For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 575 576| ID| Error Message | 577| -------- | ------------------------------------------------- | 578| 19020001 | memory error. | 579| 19020002 | runtime error. | 580| 19030001 | crypto operation error.| 581 582**Example** 583 584```ts 585import certFramework from '@ohos.security.cert'; 586import { BusinessError } from '@ohos.base'; 587 588// Convert the string into a Uint8Array. 589function stringToUint8Array(str: string): Uint8Array { 590 let arr: Array<number> = []; 591 for (let i = 0, j = str.length; i < j; i++) { 592 arr.push(str.charCodeAt(i)); 593 } 594 return new Uint8Array(arr); 595} 596 597// Certificate binary data, which must be set based on the service. 598let certData = '-----BEGIN CERTIFICATE-----\n' + 599 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 600 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 601 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 602 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 603 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 604 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 605 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 606 '-----END CERTIFICATE-----\n'; 607 608// Certificate binary data, which must be set based on the service. 609let encodingBlob: certFramework.EncodingBlob = { 610 data: stringToUint8Array(certData), 611 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 612 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 613}; 614certFramework.createX509Cert(encodingBlob).then(x509Cert => { 615 console.log('createX509Cert success'); 616 x509Cert.getEncoded().then(result => { 617 console.log('getEncoded success'); 618 }).catch((error: BusinessError) => { 619 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 620 }); 621}).catch((error: BusinessError) => { 622 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 623}); 624``` 625 626### getPublicKey 627 628getPublicKey() : cryptoFramework.PubKey 629 630Obtains the public key of this X.509 certificate. This API uses an asynchronous callback to return the result. 631 632**System capability**: SystemCapability.Security.Cert 633 634**Return value** 635 636| Type | Description | 637| ------ | ---------------- | 638| cryptoFramework.PubKey | Public key of the X509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| 639 640**Error codes** 641 642For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 643 644| ID| Error Message | 645| -------- | ------------------------------------------------- | 646| 19020001 | memory error. | 647| 19030001 | crypto operation error.| 648 649**Example** 650 651```ts 652import certFramework from '@ohos.security.cert'; 653import { BusinessError } from '@ohos.base'; 654 655// Convert the string into a Uint8Array. 656function stringToUint8Array(str: string): Uint8Array { 657 let arr: Array<number> = []; 658 for (let i = 0, j = str.length; i < j; i++) { 659 arr.push(str.charCodeAt(i)); 660 } 661 return new Uint8Array(arr); 662} 663 664// Certificate binary data, which must be set based on the service. 665let certData = '-----BEGIN CERTIFICATE-----\n' + 666 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 667 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 668 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 669 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 670 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 671 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 672 'Qw==\n' + 673 '-----END CERTIFICATE-----\n'; 674 675let encodingBlob: certFramework.EncodingBlob = { 676 data: stringToUint8Array(certData), 677 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 678 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 679}; 680 681certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 682 if (error != null) { 683 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 684 } else { 685 console.log('createX509Cert success'); 686 try { 687 let pubKey = x509Cert.getPublicKey(); 688 } catch (error) { 689 let e: BusinessError = error as BusinessError; 690 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 691 } 692 } 693}); 694``` 695 696### checkValidityWithDate 697 698checkValidityWithDate(date: string) : void 699 700Checks the validity period of this X.509 certificate. This API uses an asynchronous callback to return the result. 701 702**System capability**: SystemCapability.Security.Cert 703 704**Parameters** 705 706| Name | Type | Mandatory| Description | 707| -------- | -------------- | ---- | ---------- | 708| date | string | Yes | Date in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The date must end with **Z**, which indicates the UTC.| 709 710**Error codes** 711 712For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 713 714| ID| Error Message | 715| -------- | ------------------------------------------------- | 716| 19020001 | memory error. | 717| 19030001 | crypto operation error.| 718| 19030003 | the certificate has not taken effect. | 719| 19030004 | the certificate has expired.| 720 721**Example** 722 723```ts 724import certFramework from '@ohos.security.cert'; 725import { BusinessError } from '@ohos.base'; 726 727// Convert the string into a Uint8Array. 728function stringToUint8Array(str: string): Uint8Array { 729 let arr: Array<number> = []; 730 for (let i = 0, j = str.length; i < j; i++) { 731 arr.push(str.charCodeAt(i)); 732 } 733 return new Uint8Array(arr); 734} 735 736// Certificate binary data, which must be set based on the service. 737let certData = '-----BEGIN CERTIFICATE-----\n' + 738 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 739 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 740 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 741 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 742 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 743 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 744 'Qw==\n' + 745 '-----END CERTIFICATE-----\n'; 746 747let encodingBlob: certFramework.EncodingBlob = { 748 data: stringToUint8Array(certData), 749 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 750 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 751}; 752 753certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 754 if (error != null) { 755 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 756 } else { 757 console.log('createX509Cert success'); 758 759 let date = '231001000001Z'; 760 // Verify the certificate validity period. 761 try { 762 x509Cert.checkValidityWithDate(date); 763 } catch (error) { 764 let e: BusinessError = error as BusinessError; 765 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 766 } 767 } 768}); 769``` 770 771### getVersion 772 773getVersion() : number 774 775Obtains the X.509 certificate version. 776 777**System capability**: SystemCapability.Security.Cert 778 779**Return value** 780 781| Type | Description | 782| ------ | ---------------- | 783| number | X.509 certificate version obtained.| 784 785**Example** 786 787```ts 788import certFramework from '@ohos.security.cert'; 789 790// Convert the string into a Uint8Array. 791function stringToUint8Array(str: string): Uint8Array { 792 let arr: Array<number> = []; 793 for (let i = 0, j = str.length; i < j; i++) { 794 arr.push(str.charCodeAt(i)); 795 } 796 return new Uint8Array(arr); 797} 798 799// Certificate binary data, which must be set based on the service. 800let certData = '-----BEGIN CERTIFICATE-----\n' + 801 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 802 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 803 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 804 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 805 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 806 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 807 'Qw==\n' + 808 '-----END CERTIFICATE-----\n'; 809 810let encodingBlob: certFramework.EncodingBlob = { 811 data: stringToUint8Array(certData), 812 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 813 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 814}; 815certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 816 if (error != null) { 817 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 818 } else { 819 console.log('createX509Cert success'); 820 let version = x509Cert.getVersion(); 821 } 822}); 823``` 824 825### getSerialNumber<sup>(deprecated)</sup> 826 827getSerialNumber() : number 828 829Obtains the X.509 certificate serial number. 830 831> **NOTE** 832> 833> This API is supported since API version 9 and deprecated since API version 10. You are advised to use [getCertSerialNumber](#getcertserialnumber10). 834 835**System capability**: SystemCapability.Security.Cert 836 837**Return value** 838 839| Type | Description | 840| ------ | ------------------ | 841| number | X.509 certificate serial number obtained.| 842 843**Example** 844 845```ts 846import certFramework from '@ohos.security.cert'; 847 848// Convert the string into a Uint8Array. 849function stringToUint8Array(str: string): Uint8Array { 850 let arr: Array<number> = []; 851 for (let i = 0, j = str.length; i < j; i++) { 852 arr.push(str.charCodeAt(i)); 853 } 854 return new Uint8Array(arr); 855} 856 857// Certificate binary data, which must be set based on the service. 858let certData = '-----BEGIN CERTIFICATE-----\n' + 859 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 860 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 861 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 862 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 863 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 864 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 865 'Qw==\n' + 866 '-----END CERTIFICATE-----\n'; 867 868let encodingBlob: certFramework.EncodingBlob = { 869 data: stringToUint8Array(certData), 870 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 871 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 872}; 873 874certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 875 if (error != null) { 876 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 877 } else { 878 console.log('createX509Cert success'); 879 let serialNumber = x509Cert.getSerialNumber(); 880 } 881}); 882``` 883 884### getCertSerialNumber<sup>10+</sup> 885 886getCertSerialNumber() : bigint 887 888Obtains the X.509 certificate serial number. 889 890**System capability**: SystemCapability.Security.Cert 891 892**Return value** 893 894| Type | Description | 895| ------ | ------------------ | 896| bigint | X.509 certificate serial number obtained.| 897 898**Error codes** 899 900For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 901 902| ID| Error Message | 903| -------- | ------------------------------------------------- | 904| 19020002 | runtime error. | 905 906**Example** 907 908```ts 909import certFramework from '@ohos.security.cert'; 910import { BusinessError } from '@ohos.base'; 911 912// Convert the string into a Uint8Array. 913function stringToUint8Array(str: string): Uint8Array { 914 let arr: Array<number> = []; 915 for (let i = 0, j = str.length; i < j; i++) { 916 arr.push(str.charCodeAt(i)); 917 } 918 return new Uint8Array(arr); 919} 920 921// Certificate binary data, which must be set based on the service. 922let certData = '-----BEGIN CERTIFICATE-----\n' + 923 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 924 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 925 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 926 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 927 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 928 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 929 'Qw==\n' + 930 '-----END CERTIFICATE-----\n'; 931 932let encodingBlob: certFramework.EncodingBlob = { 933 data: stringToUint8Array(certData), 934 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 935 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 936}; 937 938certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 939 if (error != null) { 940 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 941 } else { 942 console.log('createX509Cert success'); 943 try { 944 let serialNumber = x509Cert.getCertSerialNumber(); 945 } catch (err) { 946 let e: BusinessError = err as BusinessError; 947 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 948 } 949 } 950}); 951``` 952 953### getIssuerName 954 955getIssuerName() : DataBlob 956 957Obtains the X.509 certificate issuer. 958 959**System capability**: SystemCapability.Security.Cert 960 961**Return value** 962 963| Type | Description | 964| --------------------- | ---------------------- | 965| [DataBlob](#datablob) | X.509 certificate issuer obtained.| 966 967**Error codes** 968 969For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 970 971| ID| Error Message | 972| -------- | ------------------------------------------------- | 973| 19020001 | memory error. | 974| 19020002 | runtime error. | 975| 19030001 | crypto operation error.| 976 977**Example** 978 979```ts 980import certFramework from '@ohos.security.cert'; 981import { BusinessError } from '@ohos.base'; 982 983// Convert the string into a Uint8Array. 984function stringToUint8Array(str: string): Uint8Array { 985 let arr: Array<number> = []; 986 for (let i = 0, j = str.length; i < j; i++) { 987 arr.push(str.charCodeAt(i)); 988 } 989 return new Uint8Array(arr); 990} 991 992// Certificate binary data, which must be set based on the service. 993let certData = '-----BEGIN CERTIFICATE-----\n' + 994 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 995 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 996 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 997 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 998 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 999 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1000 'Qw==\n' + 1001 '-----END CERTIFICATE-----\n'; 1002 1003let encodingBlob: certFramework.EncodingBlob = { 1004 data: stringToUint8Array(certData), 1005 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1006 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1007}; 1008 1009certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1010 if (error != null) { 1011 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1012 } else { 1013 console.log('createX509Cert success'); 1014 try { 1015 let issuerName = x509Cert.getIssuerName(); 1016 } catch (err) { 1017 let e: BusinessError = err as BusinessError; 1018 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1019 } 1020 } 1021}); 1022``` 1023 1024### getSubjectName 1025 1026getSubjectName() : DataBlob 1027 1028Obtains the subject of this X.509 certificate. 1029 1030**System capability**: SystemCapability.Security.Cert 1031 1032**Return value** 1033 1034| Type | Description | 1035| --------------------- | -------------------- | 1036| [DataBlob](#datablob) | Subject name obtained.| 1037 1038**Error codes** 1039 1040For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1041 1042| ID| Error Message | 1043| -------- | ------------------------------------------------- | 1044| 19020001 | memory error. | 1045| 19020002 | runtime error. | 1046| 19030001 | crypto operation error.| 1047 1048**Example** 1049 1050```ts 1051import certFramework from '@ohos.security.cert'; 1052import { BusinessError } from '@ohos.base'; 1053 1054// Convert the string into a Uint8Array. 1055function stringToUint8Array(str: string): Uint8Array { 1056 let arr: Array<number> = []; 1057 for (let i = 0, j = str.length; i < j; i++) { 1058 arr.push(str.charCodeAt(i)); 1059 } 1060 return new Uint8Array(arr); 1061} 1062 1063// Certificate binary data, which must be set based on the service. 1064let certData = '-----BEGIN CERTIFICATE-----\n' + 1065 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1066 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1067 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1068 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1069 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1070 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1071 'Qw==\n' + 1072 '-----END CERTIFICATE-----\n'; 1073 1074let encodingBlob: certFramework.EncodingBlob = { 1075 data: stringToUint8Array(certData), 1076 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1077 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1078}; 1079 1080certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1081 if (error != null) { 1082 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1083 } else { 1084 console.log('createX509Cert success'); 1085 try { 1086 let subjectName = x509Cert.getSubjectName(); 1087 } catch (err) { 1088 let e: BusinessError = err as BusinessError; 1089 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1090 } 1091 } 1092}); 1093``` 1094 1095### getNotBeforeTime 1096 1097getNotBeforeTime() : string 1098 1099Obtains the start time of this X.509 certificate. 1100 1101**System capability**: SystemCapability.Security.Cert 1102 1103**Return value** 1104 1105| Type | Description | 1106| ------ | ------------------------------------------------------------ | 1107| string | Start time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 1108 1109**Error codes** 1110 1111For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1112 1113| ID| Error Message | 1114| -------- | ------------------------------------------------- | 1115| 19020001 | memory error. | 1116| 19020002 | runtime error. | 1117| 19030001 | crypto operation error.| 1118 1119**Example** 1120 1121```ts 1122import certFramework from '@ohos.security.cert'; 1123import { BusinessError } from '@ohos.base'; 1124 1125// Convert the string into a Uint8Array. 1126function stringToUint8Array(str: string): Uint8Array { 1127 let arr: Array<number> = []; 1128 for (let i = 0, j = str.length; i < j; i++) { 1129 arr.push(str.charCodeAt(i)); 1130 } 1131 return new Uint8Array(arr); 1132} 1133 1134// Certificate binary data, which must be set based on the service. 1135let certData = '-----BEGIN CERTIFICATE-----\n' + 1136 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1137 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1138 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1139 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1140 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1141 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1142 'Qw==\n' + 1143 '-----END CERTIFICATE-----\n'; 1144 1145let encodingBlob: certFramework.EncodingBlob = { 1146 data: stringToUint8Array(certData), 1147 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1148 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1149}; 1150 1151certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1152 if (error != null) { 1153 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1154 } else { 1155 console.log('createX509Cert success'); 1156 try { 1157 let notBefore = x509Cert.getNotBeforeTime(); 1158 } catch (err) { 1159 let e: BusinessError = err as BusinessError; 1160 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1161 } 1162 } 1163}); 1164``` 1165 1166### getNotAfterTime 1167 1168getNotAfterTime() : string 1169 1170Obtains the expiration time of this X.509 certificate. 1171 1172**System capability**: SystemCapability.Security.Cert 1173 1174**Return value** 1175 1176| Type | Description | 1177| ------ | ------------------------------------------------------------ | 1178| string | Expiration time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 1179 1180**Error codes** 1181 1182For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1183 1184| ID| Error Message | 1185| -------- | ------------------------------------------------- | 1186| 19020001 | memory error. | 1187| 19020002 | runtime error. | 1188| 19030001 | crypto operation error.| 1189 1190**Example** 1191 1192```ts 1193import certFramework from '@ohos.security.cert'; 1194 1195import { BusinessError } from '@ohos.base'; 1196 1197// Convert the string into a Uint8Array. 1198function stringToUint8Array(str: string): Uint8Array { 1199 let arr: Array<number> = []; 1200 for (let i = 0, j = str.length; i < j; i++) { 1201 arr.push(str.charCodeAt(i)); 1202 } 1203 return new Uint8Array(arr); 1204} 1205 1206// Certificate binary data, which must be set based on the service. 1207let certData = '-----BEGIN CERTIFICATE-----\n' + 1208 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1209 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1210 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1211 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1212 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1213 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1214 'Qw==\n' + 1215 '-----END CERTIFICATE-----\n'; 1216 1217let encodingBlob: certFramework.EncodingBlob = { 1218 data: stringToUint8Array(certData), 1219 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1220 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1221}; 1222 1223certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1224 if (error != null) { 1225 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1226 } else { 1227 console.log('createX509Cert success'); 1228 try { 1229 let notAfter = x509Cert.getNotAfterTime(); 1230 } catch (err) { 1231 let e: BusinessError = err as BusinessError; 1232 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1233 } 1234 } 1235}); 1236``` 1237 1238### getSignature 1239 1240getSignature() : DataBlob 1241 1242Obtains the signature data of this X.509 certificate. 1243 1244**System capability**: SystemCapability.Security.Cert 1245 1246**Return value** 1247 1248| Type | Description | 1249| --------------------- | -------------------- | 1250| [DataBlob](#datablob) | Signature data obtained.| 1251 1252**Error codes** 1253 1254For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1255 1256| ID| Error Message | 1257| -------- | ------------------------------------------------- | 1258| 19020001 | memory error. | 1259| 19020002 | runtime error. | 1260| 19030001 | crypto operation error.| 1261 1262**Example** 1263 1264```ts 1265import certFramework from '@ohos.security.cert'; 1266 1267import { BusinessError } from '@ohos.base'; 1268 1269// Convert the string into a Uint8Array. 1270function stringToUint8Array(str: string): Uint8Array { 1271 let arr: Array<number> = []; 1272 for (let i = 0, j = str.length; i < j; i++) { 1273 arr.push(str.charCodeAt(i)); 1274 } 1275 return new Uint8Array(arr); 1276} 1277 1278// Certificate binary data, which must be set based on the service. 1279let certData = '-----BEGIN CERTIFICATE-----\n' + 1280 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1281 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1282 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1283 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1284 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1285 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1286 'Qw==\n' + 1287 '-----END CERTIFICATE-----\n'; 1288 1289let encodingBlob: certFramework.EncodingBlob = { 1290 data: stringToUint8Array(certData), 1291 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1292 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1293}; 1294 1295certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1296 if (error != null) { 1297 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1298 } else { 1299 console.log('createX509Cert success'); 1300 try { 1301 let signature = x509Cert.getSignature(); 1302 } catch (err) { 1303 let e: BusinessError = err as BusinessError; 1304 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1305 } 1306 } 1307}); 1308``` 1309 1310### getSignatureAlgName 1311 1312getSignatureAlgName() : string 1313 1314Obtains the signing algorithm of this X.509 certificate. 1315 1316**System capability**: SystemCapability.Security.Cert 1317 1318**Return value** 1319 1320| Type | Description | 1321| ------ | ------------------------ | 1322| string | X.509 certificate signing algorithm obtained.| 1323 1324**Error codes** 1325 1326For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1327 1328| ID| Error Message | 1329| -------- | ------------------------------------------------- | 1330| 19020001 | memory error. | 1331| 19020002 | runtime error. | 1332| 19030001 | crypto operation error.| 1333 1334**Example** 1335 1336```ts 1337import certFramework from '@ohos.security.cert'; 1338 1339import { BusinessError } from '@ohos.base'; 1340 1341// Convert the string into a Uint8Array. 1342function stringToUint8Array(str: string): Uint8Array { 1343 let arr: Array<number> = []; 1344 for (let i = 0, j = str.length; i < j; i++) { 1345 arr.push(str.charCodeAt(i)); 1346 } 1347 return new Uint8Array(arr); 1348} 1349 1350// Certificate binary data, which must be set based on the service. 1351let certData = '-----BEGIN CERTIFICATE-----\n' + 1352 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1353 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1354 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1355 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1356 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1357 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1358 'Qw==\n' + 1359 '-----END CERTIFICATE-----\n'; 1360 1361let encodingBlob: certFramework.EncodingBlob = { 1362 data: stringToUint8Array(certData), 1363 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1364 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1365}; 1366 1367certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1368 if (error != null) { 1369 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1370 } else { 1371 console.log('createX509Cert success'); 1372 try { 1373 let sigAlgName = x509Cert.getSignatureAlgName(); 1374 } catch (err) { 1375 let e: BusinessError = err as BusinessError; 1376 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1377 } 1378 } 1379}); 1380``` 1381 1382### getSignatureAlgOid 1383 1384getSignatureAlgOid() : string 1385 1386Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 1387 1388**System capability**: SystemCapability.Security.Cert 1389 1390**Return value** 1391 1392| Type | Description | 1393| ------ | --------------------------------- | 1394| string | OID obtained.| 1395 1396**Error codes** 1397 1398For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1399 1400| ID| Error Message | 1401| -------- | ------------------------------------------------- | 1402| 19020001 | memory error. | 1403| 19020002 | runtime error. | 1404| 19030001 | crypto operation error.| 1405 1406**Example** 1407 1408```ts 1409import certFramework from '@ohos.security.cert'; 1410import { BusinessError } from '@ohos.base'; 1411 1412// Convert the string into a Uint8Array. 1413function stringToUint8Array(str: string): Uint8Array { 1414 let arr: Array<number> = []; 1415 for (let i = 0, j = str.length; i < j; i++) { 1416 arr.push(str.charCodeAt(i)); 1417 } 1418 return new Uint8Array(arr); 1419} 1420 1421// Certificate binary data, which must be set based on the service. 1422let certData = '-----BEGIN CERTIFICATE-----\n' + 1423 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1424 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1425 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1426 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1427 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1428 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1429 'Qw==\n' + 1430 '-----END CERTIFICATE-----\n'; 1431 1432let encodingBlob: certFramework.EncodingBlob = { 1433 data: stringToUint8Array(certData), 1434 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1435 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1436}; 1437 1438certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1439 if (error != null) { 1440 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1441 } else { 1442 console.log('createX509Cert success'); 1443 try { 1444 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1445 } catch (err) { 1446 let e: BusinessError = err as BusinessError; 1447 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1448 } 1449 } 1450}); 1451``` 1452 1453### getSignatureAlgParams 1454 1455getSignatureAlgParams() : DataBlob 1456 1457Obtains the signing algorithm parameters of this X.509 certificate. 1458 1459**System capability**: SystemCapability.Security.Cert 1460 1461**Return value** 1462 1463| Type | Description | 1464| --------------------- | ------------------------ | 1465| [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| 1466 1467**Error codes** 1468 1469For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1470 1471| ID| Error Message | 1472| -------- | ------------------------------------------------- | 1473| 19020001 | memory error. | 1474| 19020002 | runtime error. | 1475| 19030001 | crypto operation error.| 1476 1477**Example** 1478 1479```ts 1480import certFramework from '@ohos.security.cert'; 1481import { BusinessError } from '@ohos.base'; 1482 1483// Convert the string into a Uint8Array. 1484function stringToUint8Array(str: string): Uint8Array { 1485 let arr: Array<number> = []; 1486 for (let i = 0, j = str.length; i < j; i++) { 1487 arr.push(str.charCodeAt(i)); 1488 } 1489 return new Uint8Array(arr); 1490} 1491 1492// Certificate binary data, which must be set based on the service. 1493let certData = '-----BEGIN CERTIFICATE-----\n' + 1494 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1495 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1496 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1497 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1498 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1499 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1500 'Qw==\n' + 1501 '-----END CERTIFICATE-----\n'; 1502 1503let encodingBlob: certFramework.EncodingBlob = { 1504 data: stringToUint8Array(certData), 1505 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1506 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1507}; 1508 1509certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1510 if (error != null) { 1511 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1512 } else { 1513 console.log('createX509Cert success'); 1514 try { 1515 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1516 } catch (err) { 1517 let e: BusinessError = err as BusinessError; 1518 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1519 } 1520 } 1521}); 1522``` 1523 1524### getKeyUsage 1525 1526getKeyUsage() : DataBlob 1527 1528Obtains the key usage of this X.509 certificate. 1529 1530**System capability**: SystemCapability.Security.Cert 1531 1532**Return value** 1533 1534| Type | Description | 1535| --------------------- | -------------------- | 1536| [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| 1537 1538**Error codes** 1539 1540For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1541 1542| ID| Error Message | 1543| -------- | ------------------------------------------------- | 1544| 19020001 | memory error. | 1545| 19030001 | crypto operation error.| 1546 1547**Example** 1548 1549```ts 1550import certFramework from '@ohos.security.cert'; 1551import { BusinessError } from '@ohos.base'; 1552 1553// Convert the string into a Uint8Array. 1554function stringToUint8Array(str: string): Uint8Array { 1555 let arr: Array<number> = []; 1556 for (let i = 0, j = str.length; i < j; i++) { 1557 arr.push(str.charCodeAt(i)); 1558 } 1559 return new Uint8Array(arr); 1560} 1561 1562// Certificate binary data, which must be set based on the service. 1563let certData = '-----BEGIN CERTIFICATE-----\n' + 1564 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1565 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1566 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1567 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1568 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1569 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1570 'Qw==\n' + 1571 '-----END CERTIFICATE-----\n'; 1572 1573let encodingBlob: certFramework.EncodingBlob = { 1574 data: stringToUint8Array(certData), 1575 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1576 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1577}; 1578 1579certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1580 if (error != null) { 1581 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1582 } else { 1583 console.log('createX509Cert success'); 1584 try { 1585 let keyUsage = x509Cert.getKeyUsage(); 1586 } catch (err) { 1587 let e: BusinessError = err as BusinessError; 1588 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1589 } 1590 } 1591}); 1592``` 1593 1594### getExtKeyUsage 1595 1596getExtKeyUsage() : DataArray 1597 1598Obtains the usage of the extended key of this X.509 certificate. 1599 1600**System capability**: SystemCapability.Security.Cert 1601 1602**Return value** 1603 1604| Type | Description | 1605| ----------------------- | ------------------------ | 1606| [DataArray](#dataarray) | Usage of the extended key obtained.| 1607 1608**Error codes** 1609 1610For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1611 1612| ID| Error Message | 1613| -------- | ------------------------------------------------- | 1614| 19020001 | memory error. | 1615| 19020002 | runtime error. | 1616| 19030001 | crypto operation error.| 1617 1618**Example** 1619 1620```ts 1621import certFramework from '@ohos.security.cert'; 1622import { BusinessError } from '@ohos.base'; 1623 1624// Convert the string into a Uint8Array. 1625function stringToUint8Array(str: string): Uint8Array { 1626 let arr: Array<number> = []; 1627 for (let i = 0, j = str.length; i < j; i++) { 1628 arr.push(str.charCodeAt(i)); 1629 } 1630 return new Uint8Array(arr); 1631} 1632 1633// Certificate binary data, which must be set based on the service. 1634let certData = '-----BEGIN CERTIFICATE-----\n' + 1635 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1636 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1637 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1638 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1639 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1640 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1641 'Qw==\n' + 1642 '-----END CERTIFICATE-----\n'; 1643 1644let encodingBlob: certFramework.EncodingBlob = { 1645 data: stringToUint8Array(certData), 1646 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1647 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1648}; 1649 1650certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1651 if (error != null) { 1652 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1653 } else { 1654 console.log('createX509Cert success'); 1655 try { 1656 let extKeyUsage = x509Cert.getExtKeyUsage(); 1657 } catch (err) { 1658 let e: BusinessError = err as BusinessError; 1659 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1660 } 1661 } 1662}); 1663``` 1664 1665### getBasicConstraints 1666 1667getBasicConstraints() : number 1668 1669Obtains the basic constraints for obtaining this X.509 certificate. 1670 1671**System capability**: SystemCapability.Security.Cert 1672 1673**Return value** 1674 1675| Type | Description | 1676| ------ | -------------------- | 1677| number | Basic constraints obtained.| 1678 1679**Example** 1680 1681```ts 1682import certFramework from '@ohos.security.cert'; 1683 1684// Convert the string into a Uint8Array. 1685function stringToUint8Array(str: string): Uint8Array { 1686 let arr: Array<number> = []; 1687 for (let i = 0, j = str.length; i < j; i++) { 1688 arr.push(str.charCodeAt(i)); 1689 } 1690 return new Uint8Array(arr); 1691} 1692 1693// Certificate binary data, which must be set based on the service. 1694let certData = '-----BEGIN CERTIFICATE-----\n' + 1695 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1696 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1697 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1698 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1699 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1700 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1701 'Qw==\n' + 1702 '-----END CERTIFICATE-----\n'; 1703 1704let encodingBlob: certFramework.EncodingBlob = { 1705 data: stringToUint8Array(certData), 1706 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1707 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1708}; 1709 1710certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1711 if (error != null) { 1712 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1713 } else { 1714 console.log('createX509Cert success'); 1715 let basicConstraints = x509Cert.getBasicConstraints(); 1716 } 1717}); 1718``` 1719 1720### getSubjectAltNames 1721 1722getSubjectAltNames() : DataArray 1723 1724Obtains the Subject Alternative Names (SANs) of this X.509 certificate. 1725 1726**System capability**: SystemCapability.Security.Cert 1727 1728**Return value** 1729 1730| Type | Description | 1731| ----------------------- | ------------------------ | 1732| [DataArray](#dataarray) | SANs obtained.| 1733 1734**Error codes** 1735 1736For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1737 1738| ID| Error Message | 1739| -------- | ------------------------------------------------- | 1740| 19020001 | memory error. | 1741| 19020002 | runtime error. | 1742| 19030001 | crypto operation error.| 1743 1744**Example** 1745 1746```ts 1747import certFramework from '@ohos.security.cert'; 1748import { BusinessError } from '@ohos.base'; 1749 1750// Convert the string into a Uint8Array. 1751function stringToUint8Array(str: string): Uint8Array { 1752 let arr: Array<number> = []; 1753 for (let i = 0, j = str.length; i < j; i++) { 1754 arr.push(str.charCodeAt(i)); 1755 } 1756 return new Uint8Array(arr); 1757} 1758 1759// Certificate binary data, which must be set based on the service. 1760let certData = '-----BEGIN CERTIFICATE-----\n' + 1761 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1762 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1763 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1764 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1765 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1766 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1767 'Qw==\n' + 1768 '-----END CERTIFICATE-----\n'; 1769 1770let encodingBlob: certFramework.EncodingBlob = { 1771 data: stringToUint8Array(certData), 1772 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1773 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1774}; 1775 1776certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1777 if (error != null) { 1778 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1779 } else { 1780 console.log('createX509Cert success'); 1781 try { 1782 let subjectAltNames = x509Cert.getSubjectAltNames(); 1783 } catch (err) { 1784 let e: BusinessError = err as BusinessError; 1785 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1786 } 1787 } 1788}); 1789``` 1790 1791### getIssuerAltNames 1792 1793getIssuerAltNames() : DataArray 1794 1795Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. 1796 1797**System capability**: SystemCapability.Security.Cert 1798 1799**Return value** 1800 1801| Type | Description | 1802| ----------------------- | -------------------------- | 1803| [DataArray](#dataarray) | IANs obtained.| 1804 1805**Error codes** 1806 1807For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1808 1809| ID| Error Message | 1810| -------- | ------------------------------------------------- | 1811| 19020001 | memory error. | 1812| 19020002 | runtime error. | 1813| 19030001 | crypto operation error.| 1814 1815**Example** 1816 1817```ts 1818import certFramework from '@ohos.security.cert'; 1819import { BusinessError } from '@ohos.base'; 1820 1821// Convert the string into a Uint8Array. 1822function stringToUint8Array(str: string): Uint8Array { 1823 let arr: Array<number> = []; 1824 for (let i = 0, j = str.length; i < j; i++) { 1825 arr.push(str.charCodeAt(i)); 1826 } 1827 return new Uint8Array(arr); 1828} 1829 1830// Certificate binary data, which must be set based on the service. 1831let certData = '-----BEGIN CERTIFICATE-----\n' + 1832 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1833 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1834 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1835 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1836 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1837 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1838 'Qw==\n' + 1839 '-----END CERTIFICATE-----\n'; 1840 1841let encodingBlob: certFramework.EncodingBlob = { 1842 data: stringToUint8Array(certData), 1843 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1844 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1845}; 1846 1847certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1848 if (error != null) { 1849 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1850 } else { 1851 console.log('createX509Cert success'); 1852 try { 1853 let issuerAltNames = x509Cert.getIssuerAltNames(); 1854 } catch (err) { 1855 let e: BusinessError = err as BusinessError; 1856 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1857 } 1858 } 1859}); 1860``` 1861 1862### getItem<sup>10+</sup> 1863 1864getItem(itemType: CertItemType) : DataBlob 1865 1866Obtains the fields in the X.509 certificate. 1867 1868**System capability**: SystemCapability.Security.Cert 1869 1870**Return value** 1871 1872| Type | Description | 1873| --------------------- | ----------------------------------------- | 1874| [DataBlob](#datablob) | Returns the obtained fields in DER format.| 1875 1876**Error codes** 1877 1878For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1879 1880| ID| Error Message | 1881| -------- | ----------------------- | 1882| 19020001 | memory error. | 1883| 19020002 | runtime error. | 1884| 19030001 | crypto operation error. | 1885 1886**Example** 1887 1888```ts 1889import certFramework from '@ohos.security.cert'; 1890import { BusinessError } from '@ohos.base'; 1891 1892// Convert the string into a Uint8Array. 1893function stringToUint8Array(str: string): Uint8Array { 1894 let arr: Array<number> = []; 1895 for (let i = 0, j = str.length; i < j; i++) { 1896 arr.push(str.charCodeAt(i)); 1897 } 1898 return new Uint8Array(arr); 1899} 1900 1901// Certificate binary data, which must be set based on the service. 1902let certData = '-----BEGIN CERTIFICATE-----\n' + 1903 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1904 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1905 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1906 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1907 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1908 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1909 'Qw==\n' + 1910 '-----END CERTIFICATE-----\n'; 1911 1912let encodingBlob: certFramework.EncodingBlob = { 1913 data: stringToUint8Array(certData), 1914 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1915 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1916}; 1917 1918certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1919 if (error != null) { 1920 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1921 } else { 1922 console.log('createX509Cert success'); 1923 try { 1924 let tbs = x509Cert.getItem(certFramework.CertItemType.CERT_ITEM_TYPE_TBS); 1925 let pubKey = x509Cert.getItem(certFramework.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 1926 } catch (err) { 1927 let e: BusinessError = err as BusinessError; 1928 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1929 } 1930 } 1931}); 1932``` 1933### match<sup>11+</sup> 1934 1935match(param: X509CertMatchParameters): boolean 1936 1937Matches a certificate. 1938 1939**System capability**: SystemCapability.Security.Cert 1940 1941**Parameters** 1942 1943| Name | Type | Mandatory| Description | 1944| --------- | ------ | ---- | ------------------------------------------ | 1945| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificate.| 1946 1947**Return value** 1948 1949| Type | Description | 1950| --------------------- | ----------------------------------------- | 1951| boolean | Returns **true** if a certificate is matched; returns **false** otherwise.| 1952 1953**Error codes** 1954 1955For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 1956 1957| ID| Error Message | 1958| -------- | ------------- | 1959| 19020001 | memory error. | 1960| 19030001 | crypto operation error. | 1961 1962**Example** 1963 1964```ts 1965import certFramework from '@ohos.security.cert'; 1966import { BusinessError } from '@ohos.base'; 1967 1968// Convert the string into a Uint8Array. 1969function stringToUint8Array(str: string): Uint8Array { 1970 let arr: Array<number> = []; 1971 for (let i = 0, j = str.length; i < j; i++) { 1972 arr.push(str.charCodeAt(i)); 1973 } 1974 return new Uint8Array(arr); 1975} 1976 1977async function createX509Cert(): Promise<certFramework.X509Cert> { 1978 let certData = '-----BEGIN CERTIFICATE-----\n' + 1979 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1980 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1981 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1982 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1983 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1984 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1985 'Qw==\n' + 1986 '-----END CERTIFICATE-----\n'; 1987 1988 let encodingBlob: certFramework.EncodingBlob = { 1989 data: stringToUint8Array(certData), 1990 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1991 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1992 }; 1993 1994 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 1995 try { 1996 x509Cert = await certFramework.createX509Cert(encodingBlob); 1997 } catch (err) { 1998 let e: BusinessError = err as BusinessError; 1999 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2000 } 2001 return x509Cert; 2002} 2003 2004async function matchX509Cert() { 2005 const x509Cert = await createX509Cert(); 2006 try { 2007 // The value should be assigned by the service side. 2008 const param: certFramework.X509CertMatchParameters = { 2009 x509Cert, 2010 validDate: '20231121074700Z', 2011 issuer: new Uint8Array([0x30, 0x64, 0x31]), // The values need to be assigned by the service side. 2012 keyUsage: [false, false, false, false, false, false, true, true, true], 2013 serialNumber: BigInt('232100834349818463'), 2014 subject: new Uint8Array([0x30, 0x6c, 0x31]), // The values need to be assigned by the service side. 2015 publicKey: { 2016 data: new Uint8Array([0x30, 0x82, 0x01]) // The values need to be assigned by the service side. 2017 }, 2018 publicKeyAlgID: '1.2.840.113549.1.1.1' 2019 }; 2020 const result = x509Cert.match(param); 2021 console.log('call x509Cert match success'); 2022 } catch (err) { 2023 console.error('call x509Cert match failed'); 2024 } 2025} 2026``` 2027## cryptoCert.createCertExtension<sup>10+</sup> 2028 2029createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 2030 2031Creates a **CertExtension** instance. This API uses an asynchronous callback to return the result. 2032 2033**System capability**: SystemCapability.Security.Cert 2034 2035**Parameters** 2036 2037| Name | Type | Mandatory| Description | 2038| -------- | ------------------------------------------------- | ---- | -------------------------- | 2039| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 2040| callback | AsyncCallback\<[CertExtension](#certextension10)> | Yes | Callback invoked to return the **CertExtension** instance created.| 2041 2042**Error codes** 2043 2044For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2045 2046| ID| Error Message | 2047| -------- | ------------- | 2048| 19020001 | memory error. | 2049 2050**Example** 2051 2052```ts 2053import certFramework from '@ohos.security.cert'; 2054 2055// Binary data of the certificate extensions, which must be assigned based on the service. 2056let extData = new Uint8Array([ 2057 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2058 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2059 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2060 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2061 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2062 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2063 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2064 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2065 0xD9, 0xE4 2066]); 2067 2068let encodingBlob: certFramework.EncodingBlob = { 2069 data: extData, 2070 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2071 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2072}; 2073 2074certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2075 if (error != null) { 2076 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2077 } else { 2078 console.log('createCertExtension success'); 2079 } 2080}); 2081``` 2082 2083## cryptoCert.createCertExtension<sup>10+</sup> 2084 2085createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 2086 2087Creates a **CertExtension** instance. This API uses a promise to return the result. 2088 2089**System capability**: SystemCapability.Security.Cert 2090 2091**Parameters** 2092 2093| Name | Type | Mandatory| Description | 2094| -------- | ----------------------------- | ---- | -------------------------- | 2095| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 2096 2097**Return value** 2098 2099| Type | Description | 2100| ------------------------------------------- | -------------------- | 2101| Promise\<[CertExtension](#certextension10)> | Promise used to return the **CertExtension** instance created.| 2102 2103**Error codes** 2104 2105For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2106 2107| ID| Error Message | 2108| -------- | ------------- | 2109| 19020001 | memory error. | 2110 2111**Example** 2112 2113```ts 2114import certFramework from '@ohos.security.cert'; 2115import { BusinessError } from '@ohos.base'; 2116 2117// Binary data of the certificate extensions, which must be assigned based on the service. 2118let extData = new Uint8Array([ 2119 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2120 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2121 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2122 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2123 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2124 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2125 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2126 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2127 0xD9, 0xE4 2128]); 2129 2130let encodingBlob: certFramework.EncodingBlob = { 2131 data: extData, 2132 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2133 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2134}; 2135 2136certFramework.createCertExtension(encodingBlob).then(certExt => { 2137 console.log('createCertExtension success'); 2138}).catch((error: BusinessError) => { 2139 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2140}); 2141``` 2142 2143## CertExtension<sup>10+</sup> 2144 2145Provides APIs for operating the certificate extensions. 2146 2147### getEncoded<sup>10+</sup> 2148 2149getEncoded() : EncodingBlob 2150 2151Obtains the serialized data of the certificate extensions. 2152 2153**System capability**: SystemCapability.Security.Cert 2154 2155**Return value** 2156 2157| Type | Description | 2158| ----------------------------- | ---------------------------- | 2159| [EncodingBlob](#encodingblob) | Serialized data obtained. | 2160 2161**Error codes** 2162 2163For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2164 2165| ID| Error Message | 2166| -------- | ----------------------- | 2167| 19020001 | memory error. | 2168| 19020002 | runtime error. | 2169| 19030001 | crypto operation error. | 2170 2171**Example** 2172 2173```ts 2174import certFramework from '@ohos.security.cert'; 2175import { BusinessError } from '@ohos.base'; 2176 2177// Binary data of the certificate extensions, which must be assigned based on the service. 2178let extData = new Uint8Array([ 2179 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2180 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2181 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2182 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2183 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2184 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2185 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2186 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2187 0xD9, 0xE4 2188]); 2189 2190let encodingBlob: certFramework.EncodingBlob = { 2191 data: extData, 2192 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2193 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2194}; 2195 2196certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2197 if (error != null) { 2198 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2199 } else { 2200 console.log('createCertExtension success'); 2201 try { 2202 let extEncodedBlob = certExt.getEncoded(); 2203 } catch (err) { 2204 let e: BusinessError = err as BusinessError; 2205 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2206 } 2207 } 2208}); 2209``` 2210 2211### getOidList<sup>10+</sup> 2212 2213getOidList(valueType : ExtensionOidType) : DataArray 2214 2215Obtains the OIDs of the certificate extensions. 2216 2217**System capability**: SystemCapability.Security.Cert 2218 2219**Parameters** 2220 2221| Name | Type | Mandatory| Description | 2222| --------- | ------------------------------------- | ---- | ------------------------------ | 2223| valueType | [ExtensionOidType](#extensionoidtype) | Yes | Type of the OIDs to obtain.| 2224 2225**Return value** 2226 2227| Type | Description | 2228| ----------------------- | -------------------------------- | 2229| [DataArray](#dataarray) | A list of the OIDs obtained. | 2230 2231**Error codes** 2232 2233For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2234 2235| ID| Error Message | 2236| -------- | ----------------------- | 2237| 19020001 | memory error. | 2238| 19020002 | runtime error. | 2239| 19030001 | crypto operation error. | 2240 2241**Example** 2242 2243```ts 2244import certFramework from '@ohos.security.cert'; 2245import { BusinessError } from '@ohos.base'; 2246 2247// Binary data of the certificate extensions, which must be assigned based on the service. 2248let extData = new Uint8Array([ 2249 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2250 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2251 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2252 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2253 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2254 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2255 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2256 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2257 0xD9, 0xE4 2258]); 2259 2260let encodingBlob: certFramework.EncodingBlob = { 2261 data: extData, 2262 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2263 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2264}; 2265 2266certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2267 if (error != null) { 2268 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2269 } else { 2270 console.log('createCertExtension success'); 2271 try { 2272 let oidList = certExt.getOidList(certFramework.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 2273 } catch (err) { 2274 let e: BusinessError = err as BusinessError; 2275 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2276 } 2277 } 2278}); 2279``` 2280 2281### getEntry<sup>10+</sup> 2282 2283getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 2284 2285Obtains the certificate extension object information. 2286 2287**System capability**: SystemCapability.Security.Cert 2288 2289**Parameters** 2290 2291| Name | Type | Mandatory| Description | 2292| --------- | ----------------------------------------- | ---- | -------------------------------- | 2293| valueType | [ExtensionEntryType](#extensionentrytype) | Yes | Type of the information to obtain. | 2294| oid | [DataBlob](#datablob) | Yes | OID of the certificate extension to obtain.| 2295 2296**Return value** 2297 2298| Type | Description | 2299| --------------------- | ---------------------------- | 2300| [DataBlob](#datablob) | Certificate extension object information obtained. | 2301 2302**Error codes** 2303 2304For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2305 2306| ID| Error Message | 2307| -------- | ----------------------- | 2308| 19020001 | memory error. | 2309| 19020002 | runtime error. | 2310| 19030001 | crypto operation error. | 2311 2312**Example** 2313 2314```ts 2315import certFramework from '@ohos.security.cert'; 2316import { BusinessError } from '@ohos.base'; 2317 2318// Binary data of the certificate extensions, which must be assigned based on the service. 2319let extData = new Uint8Array([ 2320 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2321 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2322 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2323 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2324 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2325 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2326 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2327 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2328 0xD9, 0xE4 2329]); 2330 2331let encodingBlob: certFramework.EncodingBlob = { 2332 data: extData, 2333 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2334 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2335}; 2336 2337certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2338 if (error != null) { 2339 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2340 } else { 2341 console.log('createCertExtension success'); 2342 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 2343 let oidBlob: certFramework.DataBlob = { 2344 data: oid 2345 } 2346 try { 2347 let entry = certExt.getEntry(certFramework.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 2348 } catch (err) { 2349 let e: BusinessError = err as BusinessError; 2350 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2351 } 2352 } 2353}); 2354``` 2355 2356 2357### checkCA<sup>10+</sup> 2358 2359checkCA() : number 2360 2361Checks whether the certificate is a CA certificate. 2362 2363**System capability**: SystemCapability.Security.Cert 2364 2365**Return value** 2366 2367| Type | Description | 2368| ------ | ------------------------------------------------------------ | 2369| number | If the key purpose in the certificate extension contains signing and the CA field in the basic constraints is **true**, the certificate is a CA certificate. Returns **-1** if the certificate is not a CA certificate; returns the path length in the basic constraints otherwise. Returns **-2** if the certificate is a CA certificate but the path length is not specified in the basic constraints, which means the path length is not limited.| 2370 2371**Error codes** 2372 2373For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2374 2375| ID| Error Message | 2376| -------- | ----------------------- | 2377| 19020001 | memory error. | 2378| 19020002 | runtime error. | 2379| 19030001 | crypto operation error. | 2380 2381**Example** 2382 2383```ts 2384import certFramework from '@ohos.security.cert'; 2385import { BusinessError } from '@ohos.base'; 2386 2387// Binary data of the certificate extensions, which must be assigned based on the service. 2388let extData = new Uint8Array([ 2389 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2390 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2391 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2392 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2393 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2394 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2395 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2396 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2397 0xD9, 0xE4 2398]); 2399 2400let encodingBlob: certFramework.EncodingBlob = { 2401 data: extData, 2402 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2403 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2404}; 2405certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2406 if (error != null) { 2407 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2408 } else { 2409 console.log('createCertExtension success'); 2410 try { 2411 let res = certExt.checkCA(); 2412 } catch (err) { 2413 let e: BusinessError = err as BusinessError; 2414 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2415 } 2416 } 2417}); 2418``` 2419 2420### hasUnsupportedCriticalExtension<sup>11+</sup> 2421 2422hasUnsupportedCriticalExtension(): boolean 2423 2424Checks whether there is critical extension that is not supported. 2425 2426**System capability**: SystemCapability.Security.Cert 2427 2428**Return value** 2429 2430| Type | Description | 2431| ------- | ------------------------------------------------------- | 2432| boolean | Returns **true** if unsupported critical extension is found; returns **false** otherwise.| 2433 2434**Error codes** 2435 2436For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2437 2438| ID| Error Message | 2439| -------- | ----------------------- | 2440| 19020001 | memory error. | 2441| 19020002 | runtime error. | 2442| 19030001 | crypto operation error. | 2443 2444**Example** 2445 2446```ts 2447import cert from "@ohos.security.cert"; 2448import { BusinessError } from '@ohos.base'; 2449 2450const encodingData = [ 2451 0x30, 0x40, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 2452 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x1d, 0x0f, 2453]; 2454let encodingBlob: cert.EncodingBlob = { 2455 data: new Uint8Array(encodingData), 2456 encodingFormat: cert.EncodingFormat.FORMAT_DER 2457}; 2458 2459cert.createCertExtension(encodingBlob).then((extensionObj) => { 2460 console.log('createCertExtension success!'); 2461 const result = extensionObj.hasUnsupportedCriticalExtension() 2462 console.log('has unsupported critical extension result is:' + result); 2463}).catch((err: BusinessError) => { 2464 console.error('createCertExtension failed'); 2465}); 2466``` 2467 2468## cryptoCert.createX509Crl<sup>(deprecated)</sup> 2469 2470createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 2471 2472Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 2473 2474> **NOTE** 2475> 2476> This API is deprecated since API version 11. You are advised to use [cryptoCert.createX509CRL](#cryptocertcreatex509crl11). 2477 2478**System capability**: SystemCapability.Security.Cert 2479 2480**Parameters** 2481 2482| Name | Type | Mandatory| Description | 2483| -------- | ----------------------------------- | ---- | ------------------------------ | 2484| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized certificate revocation list (CRL) data. | 2485| callback | AsyncCallback\<[X509Crl](#x509crl)> | Yes | Callback invoked to return the **X509Crl** instance created. | 2486 2487**Error codes** 2488 2489For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2490 2491| ID| Error Message | 2492| -------- | ------------- | 2493| 19020001 | memory error. | 2494 2495**Example** 2496 2497```ts 2498import certFramework from '@ohos.security.cert'; 2499 2500// Convert the string into a Uint8Array. 2501function stringToUint8Array(str: string): Uint8Array { 2502 let arr: Array<number> = []; 2503 for (let i = 0, j = str.length; i < j; i++) { 2504 arr.push(str.charCodeAt(i)); 2505 } 2506 return new Uint8Array(arr); 2507} 2508 2509let crlData = '-----BEGIN X509 CRL-----\n' + 2510 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2511 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2512 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2513 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2514 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2515 'eavsH0Q3\n' + 2516 '-----END X509 CRL-----\n'; 2517 2518// Binary data of the CRL, which must be set based on the service. 2519let encodingBlob: certFramework.EncodingBlob = { 2520 data: stringToUint8Array(crlData), 2521 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2522 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2523}; 2524 2525certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2526 if (error != null) { 2527 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2528 } else { 2529 console.log('createX509Crl success'); 2530 } 2531}); 2532``` 2533 2534## cryptoCert.createX509Crl<sup>(deprecated)</sup> 2535 2536createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 2537 2538Creates an **X509Crl** instance. This API uses a promise to return the result. 2539 2540> **NOTE** 2541> 2542> This API is deprecated since API version 11. You are advised to use [cryptoCert.createX509CRL](#cryptocertcreatex509crl11-1). 2543 2544**System capability**: SystemCapability.Security.Cert 2545 2546**Parameters** 2547 2548| Name | Type | Mandatory| Description | 2549| -------- | ----------------------------- | ---- | -------------------------- | 2550| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 2551 2552**Return value** 2553 2554| Type | Description | 2555| ----------------------------- | -------------------- | 2556| Promise\<[X509Crl](#x509crl)> | Promise used to return the **X509Crl** instance created.| 2557 2558**Error codes** 2559 2560For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2561 2562| ID| Error Message | 2563| -------- | ------------- | 2564| 19020001 | memory error. | 2565 2566**Example** 2567 2568```ts 2569import certFramework from '@ohos.security.cert'; 2570import { BusinessError } from '@ohos.base'; 2571 2572// Convert the string into a Uint8Array. 2573function stringToUint8Array(str: string): Uint8Array { 2574 let arr: Array<number> = []; 2575 for (let i = 0, j = str.length; i < j; i++) { 2576 arr.push(str.charCodeAt(i)); 2577 } 2578 return new Uint8Array(arr); 2579} 2580 2581let crlData = '-----BEGIN X509 CRL-----\n' + 2582 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2583 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2584 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2585 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2586 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2587 'eavsH0Q3\n' + 2588 '-----END X509 CRL-----\n'; 2589 2590// Binary data of the CRL, which must be set based on the service. 2591let encodingBlob: certFramework.EncodingBlob = { 2592 data: stringToUint8Array(crlData), 2593 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2594 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2595}; 2596 2597certFramework.createX509Crl(encodingBlob).then(x509Crl => { 2598 console.log('createX509Crl success'); 2599}).catch((error: BusinessError) => { 2600 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2601}); 2602``` 2603 2604## cryptoCert.createX509CRL<sup>11+</sup> 2605 2606createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 2607 2608Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 2609 2610**System capability**: SystemCapability.Security.Cert 2611 2612**Parameters** 2613 2614| Name | Type | Mandatory| Description | 2615| -------- | ------------------------------------- | ---- | ------------------------------ | 2616| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized certificate revocation list (CRL) data. | 2617| callback | AsyncCallback\<[X509CRL](#x509crl11)> | Yes | Callback invoked to return the **X509Crl** instance created.| 2618 2619**Error codes** 2620 2621For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2622 2623| ID| Error Message | 2624| -------- | ------------- | 2625| 19020001 | memory error. | 2626 2627**Example** 2628 2629```ts 2630import certFramework from '@ohos.security.cert'; 2631 2632// Convert the string into a Uint8Array. 2633function stringToUint8Array(str: string): Uint8Array { 2634 let arr: Array<number> = []; 2635 for (let i = 0, j = str.length; i < j; i++) { 2636 arr.push(str.charCodeAt(i)); 2637 } 2638 return new Uint8Array(arr); 2639} 2640 2641let crlData = '-----BEGIN X509 CRL-----\n' + 2642 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2643 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2644 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2645 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2646 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2647 'eavsH0Q3\n' + 2648 '-----END X509 CRL-----\n'; 2649 2650// Binary data of the CRL, which must be set based on the service. 2651let encodingBlob: certFramework.EncodingBlob = { 2652 data: stringToUint8Array(crlData), 2653 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2654 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2655}; 2656 2657certFramework.createX509CRL(encodingBlob, (error, X509CRL) => { 2658 if (error != null) { 2659 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2660 } else { 2661 console.log('createX509CRL success'); 2662 } 2663}); 2664``` 2665 2666## cryptoCert.createX509CRL<sup>11+</sup> 2667 2668createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 2669 2670Creates an **X509Crl** instance. This API uses a promise to return the result. 2671 2672**System capability**: SystemCapability.Security.Cert 2673 2674**Parameters** 2675 2676| Name | Type | Mandatory| Description | 2677| -------- | ----------------------------- | ---- | -------------------------- | 2678| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 2679 2680**Return value** 2681 2682| Type | Description | 2683| ------------------------------- | -------------------- | 2684| Promise\<[X509CRL](#x509crl11)> | Promise used to return the **X509Crl** instance created.| 2685 2686**Error codes** 2687 2688For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2689 2690| ID| Error Message | 2691| -------- | ------------- | 2692| 19020001 | memory error. | 2693 2694**Example** 2695 2696```ts 2697import certFramework from '@ohos.security.cert'; 2698import { BusinessError } from '@ohos.base'; 2699 2700// Convert the string into a Uint8Array. 2701function stringToUint8Array(str: string): Uint8Array { 2702 let arr: Array<number> = []; 2703 for (let i = 0, j = str.length; i < j; i++) { 2704 arr.push(str.charCodeAt(i)); 2705 } 2706 return new Uint8Array(arr); 2707} 2708 2709let crlData = '-----BEGIN X509 CRL-----\n' + 2710 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2711 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2712 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2713 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2714 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2715 'eavsH0Q3\n' + 2716 '-----END X509 CRL-----\n'; 2717 2718// Binary data of the CRL, which must be set based on the service. 2719let encodingBlob: certFramework.EncodingBlob = { 2720 data: stringToUint8Array(crlData), 2721 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2722 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2723}; 2724 2725certFramework.createX509CRL(encodingBlob).then(X509CRL => { 2726 console.log('createX509CRL success'); 2727}).catch((error: BusinessError) => { 2728 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2729}); 2730``` 2731 2732## X509Crl<sup>(deprecated)</sup> 2733 2734Provides APIs for X.509 certificate CRL operations. 2735 2736> **NOTE** 2737> 2738> This API is deprecated since API version 11. You are advised to use [X509CRL](#x509crl11). 2739 2740### isRevoked<sup>(deprecated)</sup> 2741 2742isRevoked(cert : X509Cert) : boolean 2743 2744Checks whether an X.509 certificate is revoked. 2745 2746> **NOTE** 2747> 2748> This API is deprecated since API version 11. You are advised to use [X509CRL.isRevoked](#isrevoked11). 2749 2750**System capability**: SystemCapability.Security.Cert 2751 2752**Parameters** 2753 2754| Name| Type | Mandatory| Description | 2755| ------ | -------- | ---- | -------------------- | 2756| cert | X509Cert | Yes | X.509 certificate to check.| 2757 2758**Return value** 2759 2760| Type | Description | 2761| --------- | --------------------------------------------- | 2762| boolean | Returns **true** if the certificate is revoked; returns **false** otherwise. | 2763 2764**Example** 2765 2766```ts 2767import certFramework from '@ohos.security.cert'; 2768import { BusinessError } from '@ohos.base'; 2769 2770// Convert the string into a Uint8Array. 2771function stringToUint8Array(str: string): Uint8Array { 2772 let arr: Array<number> = []; 2773 for (let i = 0, j = str.length; i < j; i++) { 2774 arr.push(str.charCodeAt(i)); 2775 } 2776 return new Uint8Array(arr); 2777} 2778 2779let crlData = '-----BEGIN X509 CRL-----\n' + 2780 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2781 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2782 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2783 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2784 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2785 'eavsH0Q3\n' + 2786 '-----END X509 CRL-----\n'; 2787 2788let certData = '-----BEGIN CERTIFICATE-----\n' + 2789 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 2790 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 2791 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 2792 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 2793 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 2794 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 2795 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 2796 '-----END CERTIFICATE-----\n'; 2797 2798// Binary data of the CRL, which must be set based on the service. 2799let encodingBlob: certFramework.EncodingBlob = { 2800 data: stringToUint8Array(crlData), 2801 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2802 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2803}; 2804 2805let certEncodingBlob: certFramework.EncodingBlob = { 2806 data: stringToUint8Array(certData), 2807 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2808 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2809}; 2810 2811certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2812 if (error != null) { 2813 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2814 } else { 2815 console.log('createX509Crl success'); 2816 // Create an X509Cert instance. 2817 certFramework.createX509Cert(certEncodingBlob, (error, x509Cert) => { 2818 if (error == null) { 2819 try { 2820 let revokedFlag = x509Crl.isRevoked(x509Cert); 2821 } catch (error) { 2822 let e: BusinessError = error as BusinessError; 2823 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2824 } 2825 } 2826 }); 2827 } 2828}); 2829``` 2830 2831### getType<sup>(deprecated)</sup> 2832 2833getType() : string 2834 2835Obtains the CRL type. 2836 2837> **NOTE** 2838> 2839> This API is deprecated since API version 11. You are advised to use [X509CRL.getType](#gettype11). 2840 2841**System capability**: SystemCapability.Security.Cert 2842 2843**Return value** 2844 2845| Type | Description | 2846| ------ | -------------------- | 2847| string | CRL type obtained.| 2848 2849**Example** 2850 2851```ts 2852import certFramework from '@ohos.security.cert'; 2853 2854// Convert the string into a Uint8Array. 2855function stringToUint8Array(str: string): Uint8Array { 2856 let arr: Array<number> = []; 2857 for (let i = 0, j = str.length; i < j; i++) { 2858 arr.push(str.charCodeAt(i)); 2859 } 2860 return new Uint8Array(arr); 2861} 2862 2863let crlData = '-----BEGIN X509 CRL-----\n' + 2864 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2865 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2866 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2867 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2868 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2869 'eavsH0Q3\n' + 2870 '-----END X509 CRL-----\n'; 2871 2872// Binary data of the CRL, which must be set based on the service. 2873let encodingBlob: certFramework.EncodingBlob = { 2874 data: stringToUint8Array(crlData), 2875 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2876 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2877}; 2878 2879certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2880 if (error != null) { 2881 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2882 } else { 2883 console.log('createX509Crl success'); 2884 let type = x509Crl.getType(); 2885 } 2886}); 2887``` 2888 2889### getEncoded<sup>(deprecated)</sup> 2890 2891getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 2892 2893Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 2894 2895> **NOTE** 2896> 2897> This API is deprecated since API version 11. You are advised to use [X509CRL.getEncoded](#getencoded11). 2898 2899**System capability**: SystemCapability.Security.Cert 2900 2901**Parameters** 2902 2903| Name | Type | Mandatory| Description | 2904| -------- | ---------------------------- | ---- | ------------------------------------------ | 2905| callback | AsyncCallback\<EncodingBlob> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 2906 2907**Error codes** 2908 2909For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2910 2911| ID| Error Message | 2912| -------- | ----------------------- | 2913| 19020001 | memory error. | 2914| 19020002 | runtime error. | 2915| 19030001 | crypto operation error. | 2916 2917**Example** 2918 2919```ts 2920import certFramework from '@ohos.security.cert'; 2921 2922// Convert the string into a Uint8Array. 2923function stringToUint8Array(str: string): Uint8Array { 2924 let arr: Array<number> = []; 2925 for (let i = 0, j = str.length; i < j; i++) { 2926 arr.push(str.charCodeAt(i)); 2927 } 2928 return new Uint8Array(arr); 2929} 2930 2931let crlData = '-----BEGIN X509 CRL-----\n' + 2932 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2933 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2934 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2935 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2936 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2937 'eavsH0Q3\n' + 2938 '-----END X509 CRL-----\n'; 2939 2940// Binary data of the CRL, which must be set based on the service. 2941let encodingBlob: certFramework.EncodingBlob = { 2942 data: stringToUint8Array(crlData), 2943 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2944 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2945}; 2946 2947certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2948 if (error != null) { 2949 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2950 } else { 2951 console.log('createX509Crl success'); 2952 x509Crl.getEncoded((error, data) => { 2953 if (error != null) { 2954 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2955 } else { 2956 console.log('getEncoded success'); 2957 } 2958 }); 2959 } 2960}); 2961``` 2962 2963### getEncoded<sup>(deprecated)</sup> 2964 2965getEncoded() : Promise\<EncodingBlob> 2966 2967Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 2968 2969> **NOTE** 2970> 2971> This API is deprecated since API version 11. You are advised to use [X509CRL.getEncoded](#getencoded11-1). 2972 2973**System capability**: SystemCapability.Security.Cert 2974 2975**Return value** 2976 2977| Type | Description | 2978| ---------------------- | -------------------------------- | 2979| Promise\<EncodingBlob> | Promise used to return the serialized X.509 CRL data obtained.| 2980 2981**Error codes** 2982 2983For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 2984 2985| ID| Error Message | 2986| -------- | ----------------------- | 2987| 19020001 | memory error. | 2988| 19020002 | runtime error. | 2989| 19030001 | crypto operation error. | 2990 2991**Example** 2992 2993```ts 2994import certFramework from '@ohos.security.cert'; 2995import { BusinessError } from '@ohos.base'; 2996 2997// Convert the string into a Uint8Array. 2998function stringToUint8Array(str: string): Uint8Array { 2999 let arr: Array<number> = []; 3000 for (let i = 0, j = str.length; i < j; i++) { 3001 arr.push(str.charCodeAt(i)); 3002 } 3003 return new Uint8Array(arr); 3004} 3005 3006let crlData = '-----BEGIN X509 CRL-----\n' + 3007 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3008 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3009 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3010 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3011 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3012 'eavsH0Q3\n' + 3013 '-----END X509 CRL-----\n'; 3014 3015// Binary data of the CRL, which must be set based on the service. 3016let encodingBlob: certFramework.EncodingBlob = { 3017 data: stringToUint8Array(crlData), 3018 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3019 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3020}; 3021 3022certFramework.createX509Crl(encodingBlob).then(x509Crl => { 3023 console.log('createX509Crl success'); 3024 x509Crl.getEncoded().then(result => { 3025 console.log('getEncoded success'); 3026 }).catch((error: BusinessError) => { 3027 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3028 }); 3029}).catch((error: BusinessError) => { 3030 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3031}); 3032``` 3033 3034### verify<sup>(deprecated)</sup> 3035 3036verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 3037 3038Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 3039 3040> **NOTE** 3041> 3042> This API is deprecated since API version 11. You are advised to use [X509CRL.verify](#verify11). 3043 3044**System capability**: SystemCapability.Security.Cert 3045 3046**Parameters** 3047 3048| Name | Type | Mandatory| Description | 3049| -------- | -------------------- | ---- | ------------------------------------------------------------ | 3050| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 3051| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 3052 3053**Error codes** 3054 3055For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3056 3057| ID| Error Message | 3058| -------- | ----------------------- | 3059| 19030001 | crypto operation error. | 3060 3061**Example** 3062 3063```ts 3064import certFramework from '@ohos.security.cert'; 3065import cryptoFramework from '@ohos.security.cryptoFramework'; 3066import { BusinessError } from '@ohos.base'; 3067 3068// Convert the string into a Uint8Array. 3069function stringToUint8Array(str: string): Uint8Array { 3070 let arr: Array<number> = []; 3071 for (let i = 0, j = str.length; i < j; i++) { 3072 arr.push(str.charCodeAt(i)); 3073 } 3074 return new Uint8Array(arr); 3075} 3076 3077let crlData = '-----BEGIN X509 CRL-----\n' + 3078 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3079 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3080 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3081 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3082 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3083 'eavsH0Q3\n' + 3084 '-----END X509 CRL-----\n'; 3085 3086let pubKeyData = new Uint8Array([ 3087 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 3088 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 3089 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 3090 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 3091 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 3092 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 3093 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 3094 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 3095 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 3096 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 3097 0x00, 0x01 3098]); 3099 3100let priKeyData = new Uint8Array([ 3101 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 3102 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 3103 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 3104 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 3105 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 3106 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 3107 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 3108 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 3109 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 3110 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 3111 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 3112 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 3113 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 3114 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 3115 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 3116 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 3117 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 3118 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 3119 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 3120 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 3121 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 3122 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 3123 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 3124 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 3125 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 3126 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 3127 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 3128 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 3129 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 3130 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 3131 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 3132 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 3133 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 3134 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 3135 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 3136 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 3137 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 3138 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 3139 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 3140 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 3141]); 3142 3143// Binary data of the CRL, which must be set based on the service. 3144let encodingBlob: certFramework.EncodingBlob = { 3145 data: stringToUint8Array(crlData), 3146 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3147 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3148}; 3149 3150certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3151 if (error != null) { 3152 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3153 } else { 3154 console.log('createX509Crl success'); 3155 try { 3156 // Generate the public key by AsyKeyGenerator. 3157 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 3158 console.log('createAsyKeyGenerator success'); 3159 let priEncodingBlob: cryptoFramework.DataBlob = { 3160 data: priKeyData, 3161 }; 3162 let pubEncodingBlob: cryptoFramework.DataBlob = { 3163 data: pubKeyData, 3164 }; 3165 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 3166 if (e == null) { 3167 console.log('convert key success'); 3168 x509Crl.verify(keyPair.pubKey, (err, data) => { 3169 if (err == null) { 3170 console.log('verify success'); 3171 } else { 3172 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 3173 } 3174 }); 3175 } else { 3176 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 3177 } 3178 }) 3179 } catch (error) { 3180 let e: BusinessError = error as BusinessError; 3181 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3182 } 3183 } 3184}); 3185``` 3186 3187### verify<sup>(deprecated)</sup> 3188 3189verify(key : cryptoFramework.PubKey) : Promise\<void> 3190 3191Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 3192 3193> **NOTE** 3194> 3195> This API is deprecated since API version 11. You are advised to use [X509CRL.verify](#verify11-1). 3196 3197**System capability**: SystemCapability.Security.Cert 3198 3199**Parameters** 3200 3201| Name| Type | Mandatory| Description | 3202| ------ | ------ | ---- | ---------------------- | 3203| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 3204 3205**Return value** 3206 3207| Type| Description | 3208| ---- | ------------------------------------------------------------ | 3209| Promise\<void> | Promise used to return the result.| 3210 3211**Error codes** 3212 3213For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3214 3215| ID| Error Message | 3216| -------- | ----------------------- | 3217| 19030001 | crypto operation error. | 3218 3219**Example** 3220 3221```ts 3222import certFramework from '@ohos.security.cert'; 3223import cryptoFramework from '@ohos.security.cryptoFramework' 3224import { BusinessError } from '@ohos.base'; 3225 3226// Convert the string into a Uint8Array. 3227function stringToUint8Array(str: string): Uint8Array { 3228 let arr: Array<number> = []; 3229 for (let i = 0, j = str.length; i < j; i++) { 3230 arr.push(str.charCodeAt(i)); 3231 } 3232 return new Uint8Array(arr); 3233} 3234 3235let crlData = '-----BEGIN X509 CRL-----\n' + 3236 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3237 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3238 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3239 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3240 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3241 'eavsH0Q3\n' + 3242 '-----END X509 CRL-----\n'; 3243 3244let pubKeyData = new Uint8Array([ 3245 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 3246 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 3247 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 3248 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 3249 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 3250 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 3251 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 3252 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 3253 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 3254 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 3255 0x00, 0x01 3256]); 3257 3258let priKeyData = new Uint8Array([ 3259 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 3260 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 3261 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 3262 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 3263 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 3264 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 3265 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 3266 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 3267 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 3268 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 3269 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 3270 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 3271 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 3272 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 3273 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 3274 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 3275 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 3276 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 3277 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 3278 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 3279 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 3280 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 3281 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 3282 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 3283 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 3284 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 3285 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 3286 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 3287 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 3288 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 3289 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 3290 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 3291 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 3292 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 3293 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 3294 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 3295 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 3296 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 3297 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 3298 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 3299]); 3300 3301// Binary data of the CRL, which must be set based on the service. 3302let encodingBlob: certFramework.EncodingBlob = { 3303 data: stringToUint8Array(crlData), 3304 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3305 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3306}; 3307 3308certFramework.createX509Crl(encodingBlob).then(x509Crl => { 3309 console.log('createX509Crl success'); 3310 3311 try { 3312 // Generate a public key object. 3313 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 3314 console.log('createAsyKeyGenerator success'); 3315 let priEncodingBlob: cryptoFramework.DataBlob = { 3316 data: priKeyData, 3317 }; 3318 let pubEncodingBlob: cryptoFramework.DataBlob = { 3319 data: pubKeyData, 3320 }; 3321 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 3322 console.log('convert key success'); 3323 x509Crl.verify(keyPair.pubKey).then(result => { 3324 console.log('verify success'); 3325 }).catch((error: BusinessError) => { 3326 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3327 }); 3328 }).catch((error: BusinessError) => { 3329 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 3330 }); 3331 } catch (error) { 3332 let e: BusinessError = error as BusinessError; 3333 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3334 } 3335}).catch((error: BusinessError) => { 3336 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3337}); 3338``` 3339 3340### getVersion<sup>(deprecated)</sup> 3341 3342getVersion() : number 3343 3344Obtains the version of the X.509 CRL. 3345 3346> **NOTE** 3347> 3348> This API is deprecated since API version 11. You are advised to use [X509CRL.getVersion](#getversion11). 3349 3350**System capability**: SystemCapability.Security.Cert 3351 3352**Return value** 3353 3354| Type | Description | 3355| ------ | -------------------------------- | 3356| number | Version of the X.509 CRL obtained.| 3357 3358**Example** 3359 3360```ts 3361import certFramework from '@ohos.security.cert'; 3362 3363// Convert the string into a Uint8Array. 3364function stringToUint8Array(str: string): Uint8Array { 3365 let arr: Array<number> = []; 3366 for (let i = 0, j = str.length; i < j; i++) { 3367 arr.push(str.charCodeAt(i)); 3368 } 3369 return new Uint8Array(arr); 3370} 3371 3372let crlData = '-----BEGIN X509 CRL-----\n' + 3373 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3374 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3375 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3376 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3377 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3378 'eavsH0Q3\n' + 3379 '-----END X509 CRL-----\n'; 3380 3381// Binary data of the CRL, which must be set based on the service. 3382let encodingBlob: certFramework.EncodingBlob = { 3383 data: stringToUint8Array(crlData), 3384 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3385 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3386}; 3387 3388certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3389 if (error != null) { 3390 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3391 } else { 3392 console.log('createX509Crl success'); 3393 let version = x509Crl.getVersion(); 3394 } 3395}); 3396``` 3397 3398### getIssuerName<sup>(deprecated)</sup> 3399 3400getIssuerName() : DataBlob 3401 3402Obtains the issuer of the X.509 CRL. 3403 3404> **NOTE** 3405> 3406> This API is deprecated since API version 11. You are advised to use [X509CRL.getIssuerName](#getissuername11). 3407 3408**System capability**: SystemCapability.Security.Cert 3409 3410**Return value** 3411 3412| Type | Description | 3413| --------------------- | ------------------------------ | 3414| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 3415 3416**Error codes** 3417 3418For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3419 3420| ID| Error Message | 3421| -------- | ----------------------- | 3422| 19020001 | memory error. | 3423| 19020002 | runtime error. | 3424| 19030001 | crypto operation error. | 3425 3426**Example** 3427 3428```ts 3429import certFramework from '@ohos.security.cert'; 3430import { BusinessError } from '@ohos.base'; 3431 3432// Convert the string into a Uint8Array. 3433function stringToUint8Array(str: string): Uint8Array { 3434 let arr: Array<number> = []; 3435 for (let i = 0, j = str.length; i < j; i++) { 3436 arr.push(str.charCodeAt(i)); 3437 } 3438 return new Uint8Array(arr); 3439} 3440 3441let crlData = '-----BEGIN X509 CRL-----\n' + 3442 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3443 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3444 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3445 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3446 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3447 'eavsH0Q3\n' + 3448 '-----END X509 CRL-----\n'; 3449 3450// Binary data of the CRL, which must be set based on the service. 3451let encodingBlob: certFramework.EncodingBlob = { 3452 data: stringToUint8Array(crlData), 3453 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3454 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3455}; 3456 3457certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3458 if (error != null) { 3459 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3460 } else { 3461 console.log('createX509Crl success'); 3462 try { 3463 let issuerName = x509Crl.getIssuerName(); 3464 } catch (err) { 3465 let e: BusinessError = err as BusinessError; 3466 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3467 } 3468 } 3469}); 3470``` 3471 3472### getLastUpdate<sup>(deprecated)</sup> 3473 3474getLastUpdate() : string 3475 3476Obtains the date when the X.509 CRL was last updated. 3477 3478> **NOTE** 3479> 3480> This API is deprecated since API version 11. You are advised to use [X509CRL.getLastUpdate](#getlastupdate11). 3481 3482**System capability**: SystemCapability.Security.Cert 3483 3484**Return value** 3485 3486| Type | Description | 3487| ------ | ------------------------------------ | 3488| string | Last update date of the X.509 CRL.| 3489 3490**Error codes** 3491 3492For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3493 3494| ID| Error Message | 3495| -------- | ----------------------- | 3496| 19020001 | memory error. | 3497| 19020002 | runtime error. | 3498| 19030001 | crypto operation error. | 3499 3500**Example** 3501 3502```ts 3503import certFramework from '@ohos.security.cert'; 3504import { BusinessError } from '@ohos.base'; 3505 3506// Convert the string into a Uint8Array. 3507function stringToUint8Array(str: string): Uint8Array { 3508 let arr: Array<number> = []; 3509 for (let i = 0, j = str.length; i < j; i++) { 3510 arr.push(str.charCodeAt(i)); 3511 } 3512 return new Uint8Array(arr); 3513} 3514 3515let crlData = '-----BEGIN X509 CRL-----\n' + 3516 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3517 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3518 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3519 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3520 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3521 'eavsH0Q3\n' + 3522 '-----END X509 CRL-----\n'; 3523 3524// Binary data of the CRL, which must be set based on the service. 3525let encodingBlob: certFramework.EncodingBlob = { 3526 data: stringToUint8Array(crlData), 3527 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3528 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3529}; 3530 3531certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3532 if (error != null) { 3533 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3534 } else { 3535 console.log('createX509Crl success'); 3536 try { 3537 let lastUpdate = x509Crl.getLastUpdate(); 3538 } catch (err) { 3539 let e: BusinessError = err as BusinessError; 3540 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3541 } 3542 } 3543}); 3544``` 3545 3546### getNextUpdate<sup>(deprecated)</sup> 3547 3548getNextUpdate() : string 3549 3550Obtains the date when the CRL will be updated the next time. 3551 3552> **NOTE** 3553> 3554> This API is deprecated since API version 11. You are advised to use [X509CRL.getNextUpdate](#getnextupdate11). 3555 3556**System capability**: SystemCapability.Security.Cert 3557 3558**Return value** 3559 3560| Type | Description | 3561| ------ | ------------------------------------ | 3562| string | Next update date obtained.| 3563 3564**Error codes** 3565 3566For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3567 3568| ID| Error Message | 3569| -------- | ----------------------- | 3570| 19020001 | memory error. | 3571| 19020002 | runtime error. | 3572| 19030001 | crypto operation error. | 3573 3574**Example** 3575 3576```ts 3577import certFramework from '@ohos.security.cert'; 3578import { BusinessError } from '@ohos.base'; 3579 3580// Convert the string into a Uint8Array. 3581function stringToUint8Array(str: string): Uint8Array { 3582 let arr: Array<number> = []; 3583 for (let i = 0, j = str.length; i < j; i++) { 3584 arr.push(str.charCodeAt(i)); 3585 } 3586 return new Uint8Array(arr); 3587} 3588 3589let crlData = '-----BEGIN X509 CRL-----\n' + 3590 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3591 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3592 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3593 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3594 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3595 'eavsH0Q3\n' + 3596 '-----END X509 CRL-----\n'; 3597 3598// Binary data of the CRL, which must be set based on the service. 3599let encodingBlob: certFramework.EncodingBlob = { 3600 data: stringToUint8Array(crlData), 3601 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3602 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3603}; 3604 3605certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3606 if (error != null) { 3607 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3608 } else { 3609 console.log('createX509Crl success'); 3610 try { 3611 let nextUpdate = x509Crl.getNextUpdate(); 3612 } catch (err) { 3613 let e: BusinessError = err as BusinessError; 3614 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3615 } 3616 } 3617}); 3618``` 3619 3620### getRevokedCert<sup>(deprecated)</sup> 3621 3622getRevokedCert(serialNumber : number) : X509CrlEntry 3623 3624Obtains the revoked X.509 certificate based on the specified serial number of the certificate. This API uses an asynchronous callback to return the result. 3625 3626> **NOTE** 3627> 3628> This API is deprecated since API version 11. You are advised to use [X509CRL.getRevokedCert](#getrevokedcert11). 3629 3630**System capability**: SystemCapability.Security.Cert 3631 3632**Parameters** 3633 3634| Name | Type | Mandatory| Description | 3635| ------------ | ------ | ---- | -------------- | 3636| serialNumber | number | Yes | Serial number of the certificate.| 3637 3638**Return value** 3639 3640| Type | Description | 3641| ---------------------- | --------------------- | 3642| [X509CrlEntry](#x509crlentry) | Promise used to return the revoked X.509 certificate obtained.| 3643 3644**Error codes** 3645 3646For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3647 3648| ID| Error Message | 3649| -------- | ----------------------- | 3650| 19020001 | memory error. | 3651| 19030001 | crypto operation error. | 3652 3653**Example** 3654 3655```ts 3656import certFramework from '@ohos.security.cert'; 3657import { BusinessError } from '@ohos.base'; 3658 3659// Convert the string into a Uint8Array. 3660function stringToUint8Array(str: string): Uint8Array { 3661 let arr: Array<number> = []; 3662 for (let i = 0, j = str.length; i < j; i++) { 3663 arr.push(str.charCodeAt(i)); 3664 } 3665 return new Uint8Array(arr); 3666} 3667 3668let crlData = '-----BEGIN X509 CRL-----\n' + 3669 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3670 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3671 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3672 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3673 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3674 'eavsH0Q3\n' + 3675 '-----END X509 CRL-----\n'; 3676 3677// Binary data of the CRL, which must be set based on the service. 3678let encodingBlob: certFramework.EncodingBlob = { 3679 data: stringToUint8Array(crlData), 3680 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3681 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3682}; 3683 3684certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3685 if (error != null) { 3686 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3687 } else { 3688 console.log('createX509Crl success'); 3689 let serialNumber = 1000; 3690 try { 3691 let entry = x509Crl.getRevokedCert(serialNumber); 3692 } catch (error) { 3693 let e: BusinessError = error as BusinessError; 3694 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3695 } 3696 } 3697}); 3698``` 3699 3700### getRevokedCertWithCert<sup>(deprecated)</sup> 3701 3702getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 3703 3704Obtains the revoked X.509 certificate based on the specified certificate. This API uses an asynchronous callback to return the result. 3705 3706> **NOTE** 3707> 3708> This API is deprecated since API version 11. You are advised to use [X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11). 3709 3710**System capability**: SystemCapability.Security.Cert 3711 3712**Parameters** 3713 3714| Name| Type | Mandatory| Description | 3715| ------ | --------------------- | ---- | ------------ | 3716| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 3717 3718**Return value** 3719 3720| Type | Description | 3721| ------------ | -------------------- | 3722| [X509CrlEntry](#x509crlentry) | Promise used to return the revoked X.509 certificate obtained.| 3723 3724**Error codes** 3725 3726For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3727 3728| ID| Error Message | 3729| -------- | ----------------------- | 3730| 19020001 | memory error. | 3731| 19030001 | crypto operation error. | 3732 3733**Example** 3734 3735```ts 3736import certFramework from '@ohos.security.cert'; 3737import { BusinessError } from '@ohos.base'; 3738 3739// Convert the string into a Uint8Array. 3740function stringToUint8Array(str: string): Uint8Array { 3741 let arr: Array<number> = []; 3742 for (let i = 0, j = str.length; i < j; i++) { 3743 arr.push(str.charCodeAt(i)); 3744 } 3745 return new Uint8Array(arr); 3746} 3747 3748let crlData = '-----BEGIN X509 CRL-----\n' + 3749 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3750 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3751 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3752 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3753 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3754 'eavsH0Q3\n' + 3755 '-----END X509 CRL-----\n'; 3756 3757// Certificate binary data, which must be set based on the service. 3758let certData = '-----BEGIN CERTIFICATE-----\n' 3759 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' 3760 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' 3761 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' 3762 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' 3763 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' 3764 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' 3765 'Qw==\n' 3766 '-----END CERTIFICATE-----\n'; 3767 3768let certEncodingBlob: certFramework.EncodingBlob = { 3769 data: stringToUint8Array(certData), 3770 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3771 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3772}; 3773 3774// Binary data of the CRL, which must be set based on the service. 3775let encodingBlob: certFramework.EncodingBlob = { 3776 data: stringToUint8Array(crlData), 3777 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3778 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3779}; 3780 3781certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3782 if (error != null) { 3783 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3784 } else { 3785 console.log('createX509Crl success'); 3786 // Create an X.509 certificate object. 3787 certFramework.createX509Cert(certEncodingBlob).then((x509Cert) => { 3788 try { 3789 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 3790 } catch (error) { 3791 let e: BusinessError = error as BusinessError; 3792 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3793 } 3794 }).catch((error: BusinessError) => { 3795 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3796 }) 3797 } 3798}); 3799``` 3800 3801### getRevokedCerts<sup>(deprecated)</sup> 3802 3803getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 3804 3805Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 3806 3807> **NOTE** 3808> 3809> This API is deprecated since API version 11. You are advised to use [X509CRL.getRevokedCerts](#getrevokedcerts11). 3810 3811**System capability**: SystemCapability.Security.Cert 3812 3813**Parameters** 3814 3815| Name | Type | Mandatory| Description | 3816| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 3817| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentry)>> | Yes | Callback invoked to return a list of revoked X.509 certificates. | 3818 3819**Error codes** 3820 3821For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3822 3823| ID| Error Message | 3824| -------- | ----------------------- | 3825| 19020001 | memory error. | 3826| 19030001 | crypto operation error. | 3827 3828**Example** 3829 3830```ts 3831import certFramework from '@ohos.security.cert'; 3832import { BusinessError } from '@ohos.base'; 3833 3834// Convert the string into a Uint8Array. 3835function stringToUint8Array(str: string): Uint8Array { 3836 let arr: Array<number> = []; 3837 for (let i = 0, j = str.length; i < j; i++) { 3838 arr.push(str.charCodeAt(i)); 3839 } 3840 return new Uint8Array(arr); 3841} 3842 3843let crlData = '-----BEGIN X509 CRL-----\n' + 3844 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3845 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3846 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3847 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3848 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3849 'eavsH0Q3\n' + 3850 '-----END X509 CRL-----\n'; 3851 3852// Binary data of the CRL, which must be set based on the service. 3853let encodingBlob: certFramework.EncodingBlob = { 3854 data: stringToUint8Array(crlData), 3855 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3856 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3857}; 3858 3859certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3860 if (error != null) { 3861 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3862 } else { 3863 console.log('createX509Crl success'); 3864 x509Crl.getRevokedCerts((error, array) => { 3865 if (error != null) { 3866 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3867 } else { 3868 console.log('getRevokedCerts success'); 3869 } 3870 }); 3871 } 3872}); 3873``` 3874 3875### getRevokedCerts<sup>(deprecated)</sup> 3876 3877getRevokedCerts() : Promise<Array\<X509CrlEntry>> 3878 3879Obtains the revoked X.509 certificates. This API uses a promise to return the result. 3880 3881> **NOTE** 3882> 3883> This API is deprecated since API version 11. You are advised to use [X509CRL.getRevokedCerts](#getrevokedcerts11-1). 3884 3885**System capability**: SystemCapability.Security.Cert 3886 3887**Return value** 3888 3889| Type | Description | 3890| ---------------------------------------------- | ---------------------- | 3891| Promise<Array\<[X509CrlEntry](#x509crlentry)>> | Promise used to return a list of revoked X.509 certificates.| 3892 3893**Error codes** 3894 3895For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3896 3897| ID| Error Message | 3898| -------- | ----------------------- | 3899| 19020001 | memory error. | 3900| 19030001 | crypto operation error. | 3901 3902**Example** 3903 3904```ts 3905import certFramework from '@ohos.security.cert'; 3906import { BusinessError } from '@ohos.base'; 3907 3908// Convert the string into a Uint8Array. 3909function stringToUint8Array(str: string): Uint8Array { 3910 let arr: Array<number> = []; 3911 for (let i = 0, j = str.length; i < j; i++) { 3912 arr.push(str.charCodeAt(i)); 3913 } 3914 return new Uint8Array(arr); 3915} 3916 3917let crlData = '-----BEGIN X509 CRL-----\n' + 3918 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3919 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3920 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3921 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3922 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3923 'eavsH0Q3\n' + 3924 '-----END X509 CRL-----\n'; 3925 3926// Binary data of the CRL, which must be set based on the service. 3927let encodingBlob: certFramework.EncodingBlob = { 3928 data: stringToUint8Array(crlData), 3929 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3930 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3931}; 3932 3933certFramework.createX509Crl(encodingBlob).then(x509Crl => { 3934 console.log('createX509Crl success'); 3935 x509Crl.getRevokedCerts().then(array => { 3936 console.log('getRevokedCerts success'); 3937 }).catch((error: BusinessError) => { 3938 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3939 }); 3940}).catch((error: BusinessError) => { 3941 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3942}); 3943``` 3944 3945### getTbsInfo<sup>(deprecated)</sup> 3946 3947getTbsInfo() : DataBlob 3948 3949Obtains the DER-encoded CRL information, the **tbsCertList** from this CRL. This API uses an asynchronous callback to return the result. 3950 3951> **NOTE** 3952> 3953> This API is deprecated since API version 11. You are advised to use [X509CRL.getTBSInfo](#gettbsinfo11). 3954 3955**System capability**: SystemCapability.Security.Cert 3956 3957**Return value** 3958 3959| Type | Description | 3960| --------------------- | ------------------------------- | 3961| [DataBlob](#datablob) | **tbsCertList** information obtained. | 3962 3963**Error codes** 3964 3965For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 3966 3967| ID| Error Message | 3968| -------- | ----------------------- | 3969| 19020001 | memory error. | 3970| 19020002 | runtime error. | 3971| 19030001 | crypto operation error. | 3972 3973**Example** 3974 3975```ts 3976import certFramework from '@ohos.security.cert'; 3977import { BusinessError } from '@ohos.base'; 3978 3979// Convert the string into a Uint8Array. 3980function stringToUint8Array(str: string): Uint8Array { 3981 let arr: Array<number> = []; 3982 for (let i = 0, j = str.length; i < j; i++) { 3983 arr.push(str.charCodeAt(i)); 3984 } 3985 return new Uint8Array(arr); 3986} 3987 3988let crlData = '-----BEGIN X509 CRL-----\n' + 3989 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3990 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3991 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3992 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3993 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3994 'eavsH0Q3\n' + 3995 '-----END X509 CRL-----\n'; 3996 3997// Binary data of the CRL, which must be set based on the service. 3998let encodingBlob: certFramework.EncodingBlob = { 3999 data: stringToUint8Array(crlData), 4000 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4001 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4002}; 4003 4004certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 4005 if (error != null) { 4006 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4007 } else { 4008 console.log('createX509Crl success'); 4009 try { 4010 let tbsInfo = x509Crl.getTbsInfo(); 4011 } catch (error) { 4012 let e: BusinessError = error as BusinessError; 4013 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4014 } 4015 } 4016}); 4017``` 4018 4019### getSignature<sup>(deprecated)</sup> 4020 4021getSignature() : DataBlob 4022 4023Obtains the signature data of the X.509 CRL. 4024 4025> **NOTE** 4026> 4027> This API is deprecated since API version 11. You are advised to use [X509CRL.getSignature](#getsignature11). 4028 4029**System capability**: SystemCapability.Security.Cert 4030 4031**Return value** 4032 4033| Type | Description | 4034| --------------------- | ------------------------------ | 4035| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 4036 4037**Error codes** 4038 4039For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4040 4041| ID| Error Message | 4042| -------- | ----------------------- | 4043| 19020001 | memory error. | 4044| 19020002 | runtime error. | 4045| 19030001 | crypto operation error. | 4046 4047**Example** 4048 4049```ts 4050import certFramework from '@ohos.security.cert'; 4051import { BusinessError } from '@ohos.base'; 4052 4053// Convert the string into a Uint8Array. 4054function stringToUint8Array(str: string): Uint8Array { 4055 let arr: Array<number> = []; 4056 for (let i = 0, j = str.length; i < j; i++) { 4057 arr.push(str.charCodeAt(i)); 4058 } 4059 return new Uint8Array(arr); 4060} 4061 4062let crlData = '-----BEGIN X509 CRL-----\n' + 4063 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4064 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4065 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4066 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4067 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4068 'eavsH0Q3\n' + 4069 '-----END X509 CRL-----\n'; 4070 4071// Binary data of the CRL, which must be set based on the service. 4072let encodingBlob: certFramework.EncodingBlob = { 4073 data: stringToUint8Array(crlData), 4074 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4075 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4076}; 4077 4078certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 4079 if (error != null) { 4080 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4081 } else { 4082 console.log('createX509Crl success'); 4083 try { 4084 let signature = x509Crl.getSignature(); 4085 } catch (err) { 4086 let e: BusinessError = err as BusinessError; 4087 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4088 } 4089 } 4090}); 4091``` 4092 4093### getSignatureAlgName<sup>(deprecated)</sup> 4094 4095getSignatureAlgName() : string 4096 4097Obtains the signing algorithm of the X.509 CRL. 4098 4099> **NOTE** 4100> 4101> This API is deprecated since API version 11. You are advised to use [X509CRL.getSignatureAlgName](#getsignaturealgname11). 4102 4103**System capability**: SystemCapability.Security.Cert 4104 4105**Return value** 4106 4107| Type | Description | 4108| ------ | -------------------------------- | 4109| string | Signing algorithm obtained.| 4110 4111**Error codes** 4112 4113For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4114 4115| ID| Error Message | 4116| -------- | ----------------------- | 4117| 19020001 | memory error. | 4118| 19020002 | runtime error. | 4119| 19030001 | crypto operation error. | 4120 4121**Example** 4122 4123```ts 4124import certFramework from '@ohos.security.cert'; 4125import { BusinessError } from '@ohos.base'; 4126 4127// Convert the string into a Uint8Array. 4128function stringToUint8Array(str: string): Uint8Array { 4129 let arr: Array<number> = []; 4130 for (let i = 0, j = str.length; i < j; i++) { 4131 arr.push(str.charCodeAt(i)); 4132 } 4133 return new Uint8Array(arr); 4134} 4135 4136let crlData = '-----BEGIN X509 CRL-----\n' + 4137 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4138 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4139 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4140 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4141 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4142 'eavsH0Q3\n' + 4143 '-----END X509 CRL-----\n'; 4144 4145// Binary data of the CRL, which must be set based on the service. 4146let encodingBlob: certFramework.EncodingBlob = { 4147 data: stringToUint8Array(crlData), 4148 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4149 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4150}; 4151 4152certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 4153 if (error != null) { 4154 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4155 } else { 4156 console.log('createX509Crl success'); 4157 try { 4158 let sigAlgName = x509Crl.getSignatureAlgName(); 4159 } catch (err) { 4160 let e: BusinessError = err as BusinessError; 4161 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4162 } 4163 } 4164}); 4165``` 4166 4167### getSignatureAlgOid<sup>(deprecated)</sup> 4168 4169getSignatureAlgOid() : string 4170 4171Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 4172 4173> **NOTE** 4174> 4175> This API is deprecated since API version 11. You are advised to use [X509CRL.getSignatureAlgOid](#getsignaturealgoid11). 4176 4177**System capability**: SystemCapability.Security.Cert 4178 4179**Return value** 4180 4181| Type | Description | 4182| ------ | --------------------------------------------- | 4183| string | OID of the X.509 CRL signing algorithm obtained.| 4184 4185**Error codes** 4186 4187For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4188 4189| ID| Error Message | 4190| -------- | ----------------------- | 4191| 19020001 | memory error. | 4192| 19020002 | runtime error. | 4193| 19030001 | crypto operation error. | 4194 4195**Example** 4196 4197```ts 4198import certFramework from '@ohos.security.cert'; 4199import { BusinessError } from '@ohos.base'; 4200 4201// Convert the string into a Uint8Array. 4202function stringToUint8Array(str: string): Uint8Array { 4203 let arr: Array<number> = []; 4204 for (let i = 0, j = str.length; i < j; i++) { 4205 arr.push(str.charCodeAt(i)); 4206 } 4207 return new Uint8Array(arr); 4208} 4209 4210let crlData = '-----BEGIN X509 CRL-----\n' + 4211 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4212 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4213 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4214 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4215 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4216 'eavsH0Q3\n' + 4217 '-----END X509 CRL-----\n'; 4218 4219// Binary data of the CRL, which must be set based on the service. 4220let encodingBlob: certFramework.EncodingBlob = { 4221 data: stringToUint8Array(crlData), 4222 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4223 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4224}; 4225 4226certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 4227 if (error != null) { 4228 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4229 } else { 4230 console.log('createX509Crl success'); 4231 try { 4232 let sigAlgOid = x509Crl.getSignatureAlgOid(); 4233 } catch (err) { 4234 let e: BusinessError = err as BusinessError; 4235 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4236 } 4237 } 4238}); 4239``` 4240 4241### getSignatureAlgParams<sup>(deprecated)</sup> 4242 4243getSignatureAlgParams() : DataBlob 4244 4245Obtains the parameters of the X.509 CRL signing algorithm. 4246 4247> **NOTE** 4248> 4249> This API is deprecated since API version 11. You are advised to use [X509CRL.getSignatureAlgParams](#getsignaturealgparams11). 4250 4251**System capability**: SystemCapability.Security.Cert 4252 4253**Return value** 4254 4255| Type | Description | 4256| --------------------- | ---------------------------------- | 4257| [DataBlob](#datablob) | Algorithm parameters obtained.| 4258 4259**Error codes** 4260 4261For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4262 4263| ID| Error Message | 4264| -------- | ----------------------- | 4265| 19020001 | memory error. | 4266| 19020002 | runtime error. | 4267| 19030001 | crypto operation error. | 4268 4269**Example** 4270 4271```ts 4272import certFramework from '@ohos.security.cert'; 4273import { BusinessError } from '@ohos.base'; 4274 4275// Convert the string into a Uint8Array. 4276function stringToUint8Array(str: string): Uint8Array { 4277 let arr: Array<number> = []; 4278 for (let i = 0, j = str.length; i < j; i++) { 4279 arr.push(str.charCodeAt(i)); 4280 } 4281 return new Uint8Array(arr); 4282} 4283 4284let crlData = '-----BEGIN X509 CRL-----\n' + 4285 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4286 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4287 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4288 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4289 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4290 'eavsH0Q3\n' + 4291 '-----END X509 CRL-----\n'; 4292 4293// Binary data of the CRL, which must be set based on the service. 4294let encodingBlob: certFramework.EncodingBlob = { 4295 data: stringToUint8Array(crlData), 4296 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4297 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4298}; 4299 4300certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 4301 if (error != null) { 4302 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4303 } else { 4304 console.log('createX509Crl success'); 4305 try { 4306 let sigAlgParams = x509Crl.getSignatureAlgParams(); 4307 } catch (err) { 4308 let e: BusinessError = error as BusinessError; 4309 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4310 } 4311 } 4312}); 4313``` 4314## X509CRL<sup>11+</sup> 4315 4316Provides APIs for managing a CRL object. 4317 4318### isRevoked<sup>11+</sup> 4319 4320isRevoked(cert : X509Cert) : boolean 4321 4322Checks whether an X.509 certificate is revoked. 4323 4324**System capability**: SystemCapability.Security.Cert 4325 4326**Parameters** 4327 4328| Name| Type | Mandatory| Description | 4329| ------ | -------- | ---- | -------------------- | 4330| cert | [X509Cert](#x509cert) | Yes | X.509 certificate to check.| 4331 4332**Return value** 4333 4334| Type | Description | 4335| ------- | ------------------------------------------------- | 4336| boolean | Returns **true** if the certificate is revoked; returns **false** otherwise.| 4337 4338**Example** 4339 4340```ts 4341import certFramework from '@ohos.security.cert'; 4342import { BusinessError } from '@ohos.base'; 4343 4344// Convert the string into a Uint8Array. 4345function stringToUint8Array(str: string): Uint8Array { 4346 let arr: Array<number> = []; 4347 for (let i = 0, j = str.length; i < j; i++) { 4348 arr.push(str.charCodeAt(i)); 4349 } 4350 return new Uint8Array(arr); 4351} 4352 4353let crlData = '-----BEGIN X509 CRL-----\n' + 4354 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4355 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4356 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4357 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4358 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4359 'eavsH0Q3\n' + 4360 '-----END X509 CRL-----\n'; 4361 4362let certData = '-----BEGIN CERTIFICATE-----\n' + 4363 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 4364 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 4365 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 4366 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 4367 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 4368 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 4369 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 4370 '-----END CERTIFICATE-----\n'; 4371 4372// Binary data of the CRL, which must be set based on the service. 4373let encodingBlob: certFramework.EncodingBlob = { 4374 data: stringToUint8Array(crlData), 4375 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4376 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4377}; 4378 4379let certEncodingBlob: certFramework.EncodingBlob = { 4380 data: stringToUint8Array(certData), 4381 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4382 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4383}; 4384 4385certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4386 if (error != null) { 4387 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4388 } else { 4389 console.log('createX509CRL success'); 4390 // Create an X509Cert instance. 4391 certFramework.createX509Cert(certEncodingBlob, (error, x509Cert) => { 4392 if (error == null) { 4393 try { 4394 let revokedFlag = x509CRL.isRevoked(x509Cert); 4395 } catch (error) { 4396 let e: BusinessError = error as BusinessError; 4397 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4398 } 4399 } 4400 }); 4401 } 4402}); 4403``` 4404 4405### getType<sup>11+</sup> 4406 4407getType() : string 4408 4409Obtains the CRL type. 4410 4411**System capability**: SystemCapability.Security.Cert 4412 4413**Return value** 4414 4415| Type | Description | 4416| ------ | -------------------- | 4417| string | CRL type obtained.| 4418 4419**Example** 4420 4421```ts 4422import certFramework from '@ohos.security.cert'; 4423 4424// Convert the string into a Uint8Array. 4425function stringToUint8Array(str: string): Uint8Array { 4426 let arr: Array<number> = []; 4427 for (let i = 0, j = str.length; i < j; i++) { 4428 arr.push(str.charCodeAt(i)); 4429 } 4430 return new Uint8Array(arr); 4431} 4432 4433let crlData = '-----BEGIN X509 CRL-----\n' + 4434 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4435 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4436 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4437 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4438 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4439 'eavsH0Q3\n' + 4440 '-----END X509 CRL-----\n'; 4441 4442// Binary data of the CRL, which must be set based on the service. 4443let encodingBlob: certFramework.EncodingBlob = { 4444 data: stringToUint8Array(crlData), 4445 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4446 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4447}; 4448 4449certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4450 if (error != null) { 4451 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4452 } else { 4453 console.log('createX509CRL success'); 4454 let type = x509CRL.getType(); 4455 } 4456}); 4457``` 4458 4459### getEncoded<sup>11+</sup> 4460 4461getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 4462 4463Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 4464 4465**System capability**: SystemCapability.Security.Cert 4466 4467**Parameters** 4468 4469| Name | Type | Mandatory| Description | 4470| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 4471| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 4472 4473**Error codes** 4474 4475For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4476 4477| ID| Error Message | 4478| -------- | ----------------------- | 4479| 19020001 | memory error. | 4480| 19020002 | runtime error. | 4481| 19030001 | crypto operation error. | 4482 4483**Example** 4484 4485```ts 4486import certFramework from '@ohos.security.cert'; 4487 4488// Convert the string into a Uint8Array. 4489function stringToUint8Array(str: string): Uint8Array { 4490 let arr: Array<number> = []; 4491 for (let i = 0, j = str.length; i < j; i++) { 4492 arr.push(str.charCodeAt(i)); 4493 } 4494 return new Uint8Array(arr); 4495} 4496 4497let crlData = '-----BEGIN X509 CRL-----\n' + 4498 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4499 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4500 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4501 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4502 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4503 'eavsH0Q3\n' + 4504 '-----END X509 CRL-----\n'; 4505 4506// Binary data of the CRL, which must be set based on the service. 4507let encodingBlob: certFramework.EncodingBlob = { 4508 data: stringToUint8Array(crlData), 4509 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4510 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4511}; 4512 4513certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4514 if (error != null) { 4515 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4516 } else { 4517 console.log('createX509CRL success'); 4518 x509CRL.getEncoded((error, data) => { 4519 if (error != null) { 4520 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4521 } else { 4522 console.log('getEncoded success'); 4523 } 4524 }); 4525 } 4526}); 4527``` 4528 4529### getEncoded<sup>11+</sup> 4530 4531getEncoded() : Promise\<EncodingBlob> 4532 4533Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 4534 4535**System capability**: SystemCapability.Security.Cert 4536 4537**Return value** 4538 4539| Type | Description | 4540| --------------------------------------- | -------------------------------- | 4541| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 CRL data obtained.| 4542**Error codes** 4543 4544For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4545 4546| ID| Error Message | 4547| -------- | ----------------------- | 4548| 19020001 | memory error. | 4549| 19020002 | runtime error. | 4550| 19030001 | crypto operation error. | 4551 4552**Example** 4553 4554```ts 4555import certFramework from '@ohos.security.cert'; 4556import { BusinessError } from '@ohos.base'; 4557 4558// Convert the string into a Uint8Array. 4559function stringToUint8Array(str: string): Uint8Array { 4560 let arr: Array<number> = []; 4561 for (let i = 0, j = str.length; i < j; i++) { 4562 arr.push(str.charCodeAt(i)); 4563 } 4564 return new Uint8Array(arr); 4565} 4566 4567let crlData = '-----BEGIN X509 CRL-----\n' + 4568 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4569 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4570 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4571 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4572 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4573 'eavsH0Q3\n' + 4574 '-----END X509 CRL-----\n'; 4575 4576// Binary data of the CRL, which must be set based on the service. 4577let encodingBlob: certFramework.EncodingBlob = { 4578 data: stringToUint8Array(crlData), 4579 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4580 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4581}; 4582 4583certFramework.createX509CRL(encodingBlob).then(x509CRL => { 4584 console.log('createX509CRL success'); 4585 x509CRL.getEncoded().then(result => { 4586 console.log('getEncoded success'); 4587 }).catch((error: BusinessError) => { 4588 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4589 }); 4590}).catch((error: BusinessError) => { 4591 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4592}); 4593``` 4594 4595### verify<sup>11+</sup> 4596 4597verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 4598 4599Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 4600 4601**System capability**: SystemCapability.Security.Cert 4602 4603**Parameters** 4604 4605| Name | Type | Mandatory| Description | 4606| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 4607| key | [cryptoFramework.PubKey](js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 4608| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 4609 4610**Error codes** 4611 4612For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4613 4614| ID| Error Message | 4615| -------- | ----------------------- | 4616| 19030001 | crypto operation error. | 4617 4618**Example** 4619 4620```ts 4621import certFramework from '@ohos.security.cert'; 4622import cryptoFramework from '@ohos.security.cryptoFramework'; 4623import { BusinessError } from '@ohos.base'; 4624 4625// Convert the string into a Uint8Array. 4626function stringToUint8Array(str: string): Uint8Array { 4627 let arr: Array<number> = []; 4628 for (let i = 0, j = str.length; i < j; i++) { 4629 arr.push(str.charCodeAt(i)); 4630 } 4631 return new Uint8Array(arr); 4632} 4633 4634let crlData = '-----BEGIN X509 CRL-----\n' + 4635 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4636 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4637 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4638 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4639 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4640 'eavsH0Q3\n' + 4641 '-----END X509 CRL-----\n'; 4642 4643let pubKeyData = new Uint8Array([ 4644 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4645 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4646 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4647]); 4648 4649let priKeyData = new Uint8Array([ 4650 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4651 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4652 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4653]); 4654 4655// Binary data of the CRL, which must be set based on the service. 4656let encodingBlob: certFramework.EncodingBlob = { 4657 data: stringToUint8Array(crlData), 4658 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4659 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4660}; 4661 4662certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4663 if (error != null) { 4664 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4665 } else { 4666 console.log('createX509Crl success'); 4667 try { 4668 // Generate the public key by AsyKeyGenerator. 4669 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4670 console.log('createAsyKeyGenerator success'); 4671 let priEncodingBlob: cryptoFramework.DataBlob = { 4672 data: priKeyData, 4673 }; 4674 let pubEncodingBlob: cryptoFramework.DataBlob = { 4675 data: pubKeyData, 4676 }; 4677 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 4678 if (e == null) { 4679 console.log('convert key success'); 4680 x509CRL.verify(keyPair.pubKey, (err, data) => { 4681 if (err == null) { 4682 console.log('verify success'); 4683 } else { 4684 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4685 } 4686 }); 4687 } else { 4688 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 4689 } 4690 }) 4691 } catch (error) { 4692 let e: BusinessError = error as BusinessError; 4693 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4694 } 4695 } 4696}); 4697``` 4698 4699### verify<sup>11+</sup> 4700 4701verify(key : cryptoFramework.PubKey) : Promise\<void> 4702 4703Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 4704 4705**System capability**: SystemCapability.Security.Cert 4706 4707**Parameters** 4708 4709| Name| Type | Mandatory| Description | 4710| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 4711| key | [cryptoFramework.PubKey](js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 4712 4713**Return value** 4714 4715| Type | Description | 4716| -------------- | ----------- | 4717| Promise\<void> | Promise used to return the result.| 4718 4719**Error codes** 4720 4721For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4722 4723| ID| Error Message | 4724| -------- | ----------------------- | 4725| 19030001 | crypto operation error. | 4726 4727**Example** 4728 4729```ts 4730import certFramework from '@ohos.security.cert'; 4731import cryptoFramework from '@ohos.security.cryptoFramework' 4732import { BusinessError } from '@ohos.base'; 4733 4734// Convert the string into a Uint8Array. 4735function stringToUint8Array(str: string): Uint8Array { 4736 let arr: Array<number> = []; 4737 for (let i = 0, j = str.length; i < j; i++) { 4738 arr.push(str.charCodeAt(i)); 4739 } 4740 return new Uint8Array(arr); 4741} 4742 4743let crlData = '-----BEGIN X509 CRL-----\n' + 4744 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4745 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4746 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4747 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4748 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4749 'eavsH0Q3\n' + 4750 '-----END X509 CRL-----\n'; 4751 4752let pubKeyData = new Uint8Array([ 4753 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4754 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4755 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4756]); 4757 4758let priKeyData = new Uint8Array([ 4759 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4760 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4761 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4762]); 4763 4764// Binary data of the CRL, which must be set based on the service. 4765let encodingBlob: certFramework.EncodingBlob = { 4766 data: stringToUint8Array(crlData), 4767 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4768 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4769}; 4770 4771certFramework.createX509CRL(encodingBlob).then(x509CRL => { 4772 console.log('createX509Crl success'); 4773 4774 try { 4775 // Generate a public key object. 4776 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4777 console.log('createAsyKeyGenerator success'); 4778 let priEncodingBlob: cryptoFramework.DataBlob = { 4779 data: priKeyData, 4780 }; 4781 let pubEncodingBlob: cryptoFramework.DataBlob = { 4782 data: pubKeyData, 4783 }; 4784 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4785 console.log('convert key success'); 4786 x509CRL.verify(keyPair.pubKey).then(result => { 4787 console.log('verify success'); 4788 }).catch((error: BusinessError) => { 4789 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4790 }); 4791 }).catch((error: BusinessError) => { 4792 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4793 }); 4794 } catch (error) { 4795 let e: BusinessError = error as BusinessError; 4796 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4797 } 4798}).catch((error: BusinessError) => { 4799 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4800}); 4801``` 4802 4803### getVersion<sup>11+</sup> 4804 4805getVersion() : number 4806 4807Obtains the version of the X.509 CRL. 4808 4809**System capability**: SystemCapability.Security.Cert 4810 4811**Return value** 4812 4813| Type | Description | 4814| ------ | -------------------------------- | 4815| number | Version of the X.509 CRL obtained.| 4816 4817**Example** 4818 4819```ts 4820import certFramework from '@ohos.security.cert'; 4821 4822// Convert the string into a Uint8Array. 4823function stringToUint8Array(str: string): Uint8Array { 4824 let arr: Array<number> = []; 4825 for (let i = 0, j = str.length; i < j; i++) { 4826 arr.push(str.charCodeAt(i)); 4827 } 4828 return new Uint8Array(arr); 4829} 4830 4831let crlData = '-----BEGIN X509 CRL-----\n' + 4832 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4833 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4834 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4835 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4836 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4837 'eavsH0Q3\n' + 4838 '-----END X509 CRL-----\n'; 4839 4840// Binary data of the CRL, which must be set based on the service. 4841let encodingBlob: certFramework.EncodingBlob = { 4842 data: stringToUint8Array(crlData), 4843 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4844 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4845}; 4846 4847certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4848 if (error != null) { 4849 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4850 } else { 4851 console.log('createX509CRL success'); 4852 let version = x509CRL.getVersion(); 4853 } 4854}); 4855``` 4856 4857### getIssuerName<sup>11+</sup> 4858 4859getIssuerName() : DataBlob 4860 4861Obtains the issuer of the X.509 CRL. 4862 4863**System capability**: SystemCapability.Security.Cert 4864 4865**Return value** 4866 4867| Type | Description | 4868| --------------------- | ------------------------------ | 4869| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 4870 4871**Error codes** 4872 4873For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4874 4875| ID| Error Message | 4876| -------- | ----------------------- | 4877| 19020001 | memory error. | 4878| 19020002 | runtime error. | 4879| 19030001 | crypto operation error. | 4880 4881**Example** 4882 4883```ts 4884import certFramework from '@ohos.security.cert'; 4885import { BusinessError } from '@ohos.base'; 4886 4887// Convert the string into a Uint8Array. 4888function stringToUint8Array(str: string): Uint8Array { 4889 let arr: Array<number> = []; 4890 for (let i = 0, j = str.length; i < j; i++) { 4891 arr.push(str.charCodeAt(i)); 4892 } 4893 return new Uint8Array(arr); 4894} 4895 4896let crlData = '-----BEGIN X509 CRL-----\n' + 4897 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4898 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4899 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4900 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4901 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4902 'eavsH0Q3\n' + 4903 '-----END X509 CRL-----\n'; 4904 4905// Binary data of the CRL, which must be set based on the service. 4906let encodingBlob: certFramework.EncodingBlob = { 4907 data: stringToUint8Array(crlData), 4908 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4909 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4910}; 4911 4912certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4913 if (error != null) { 4914 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4915 } else { 4916 console.log('createX509CRL success'); 4917 try { 4918 let issuerName = x509CRL.getIssuerName(); 4919 } catch (err) { 4920 let e: BusinessError = err as BusinessError; 4921 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4922 } 4923 } 4924}); 4925``` 4926 4927### getLastUpdate<sup>11+</sup> 4928 4929getLastUpdate() : string 4930 4931Obtains the date when the X.509 CRL was last updated. 4932 4933**System capability**: SystemCapability.Security.Cert 4934 4935**Return value** 4936 4937| Type | Description | 4938| ------ | ------------------------------------ | 4939| string | Last update date of the X.509 CRL.| 4940 4941**Error codes** 4942 4943For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 4944 4945| ID| Error Message | 4946| -------- | ----------------------- | 4947| 19020001 | memory error. | 4948| 19020002 | runtime error. | 4949| 19030001 | crypto operation error. | 4950 4951**Example** 4952 4953```ts 4954import certFramework from '@ohos.security.cert'; 4955import { BusinessError } from '@ohos.base'; 4956 4957// Convert the string into a Uint8Array. 4958function stringToUint8Array(str: string): Uint8Array { 4959 let arr: Array<number> = []; 4960 for (let i = 0, j = str.length; i < j; i++) { 4961 arr.push(str.charCodeAt(i)); 4962 } 4963 return new Uint8Array(arr); 4964} 4965 4966let crlData = '-----BEGIN X509 CRL-----\n' + 4967 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4968 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4969 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4970 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4971 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4972 'eavsH0Q3\n' + 4973 '-----END X509 CRL-----\n'; 4974 4975// Binary data of the CRL, which must be set based on the service. 4976let encodingBlob: certFramework.EncodingBlob = { 4977 data: stringToUint8Array(crlData), 4978 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4979 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4980}; 4981 4982certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 4983 if (error != null) { 4984 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4985 } else { 4986 console.log('createX509CRL success'); 4987 try { 4988 let lastUpdate = x509CRL.getLastUpdate(); 4989 } catch (err) { 4990 let e: BusinessError = err as BusinessError; 4991 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4992 } 4993 } 4994}); 4995``` 4996 4997### getNextUpdate<sup>11+</sup> 4998 4999getNextUpdate() : string 5000 5001Obtains the date when the CRL will be updated the next time. 5002 5003**System capability**: SystemCapability.Security.Cert 5004 5005**Return value** 5006 5007| Type | Description | 5008| ------ | ------------------------------------ | 5009| string | Next update date obtained.| 5010 5011**Error codes** 5012 5013For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5014 5015| ID| Error Message | 5016| -------- | ----------------------- | 5017| 19020001 | memory error. | 5018| 19020002 | runtime error. | 5019| 19030001 | crypto operation error. | 5020 5021**Example** 5022 5023```ts 5024import certFramework from '@ohos.security.cert'; 5025import { BusinessError } from '@ohos.base'; 5026 5027// Convert the string into a Uint8Array. 5028function stringToUint8Array(str: string): Uint8Array { 5029 let arr: Array<number> = []; 5030 for (let i = 0, j = str.length; i < j; i++) { 5031 arr.push(str.charCodeAt(i)); 5032 } 5033 return new Uint8Array(arr); 5034} 5035 5036let crlData = '-----BEGIN X509 CRL-----\n' + 5037 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5038 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5039 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5040 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5041 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5042 'eavsH0Q3\n' + 5043 '-----END X509 CRL-----\n'; 5044 5045// Binary data of the CRL, which must be set based on the service. 5046let encodingBlob: certFramework.EncodingBlob = { 5047 data: stringToUint8Array(crlData), 5048 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5049 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5050}; 5051 5052certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5053 if (error != null) { 5054 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5055 } else { 5056 console.log('createX509CRL success'); 5057 try { 5058 let nextUpdate = x509CRL.getNextUpdate(); 5059 } catch (err) { 5060 let e: BusinessError = err as BusinessError; 5061 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5062 } 5063 } 5064}); 5065``` 5066 5067### getRevokedCert<sup>11+</sup> 5068 5069getRevokedCert(serialNumber : bigint) : X509CRLEntry 5070 5071Obtains the revoked X.509 certificate based on the specified serial number of the certificate. 5072 5073**System capability**: SystemCapability.Security.Cert 5074 5075**Parameters** 5076 5077| Name | Type | Mandatory| Description | 5078| ------------ | ------ | ---- | -------------- | 5079| serialNumber | bigint | Yes | Serial number of the certificate.| 5080 5081**Return value** 5082 5083| Type | Description | 5084| ------------------------------- | ---------------------- | 5085| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained. | 5086 5087**Error codes** 5088 5089For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5090 5091| ID| Error Message | 5092| -------- | ----------------------- | 5093| 19020001 | memory error. | 5094| 19030001 | crypto operation error. | 5095 5096**Example** 5097 5098```ts 5099import certFramework from '@ohos.security.cert'; 5100import { BusinessError } from '@ohos.base'; 5101 5102// Convert the string into a Uint8Array. 5103function stringToUint8Array(str: string): Uint8Array { 5104 let arr: Array<number> = []; 5105 for (let i = 0, j = str.length; i < j; i++) { 5106 arr.push(str.charCodeAt(i)); 5107 } 5108 return new Uint8Array(arr); 5109} 5110 5111let crlData = '-----BEGIN X509 CRL-----\n' + 5112 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5113 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5114 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5115 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5116 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5117 'eavsH0Q3\n' + 5118 '-----END X509 CRL-----\n'; 5119 5120// Binary data of the CRL, which must be set based on the service. 5121let encodingBlob: certFramework.EncodingBlob = { 5122 data: stringToUint8Array(crlData), 5123 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5124 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5125}; 5126 5127certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5128 if (error != null) { 5129 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5130 } else { 5131 console.log('createX509CRL success'); 5132 let serialNumber = BigInt(1000); 5133 try { 5134 let entry = x509CRL.getRevokedCert(serialNumber); 5135 } catch (error) { 5136 let e: BusinessError = error as BusinessError; 5137 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5138 } 5139 } 5140}); 5141``` 5142 5143### getRevokedCertWithCert<sup>11+</sup> 5144 5145getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 5146 5147Obtains the revoked X.509 certificate based on the specified certificate. 5148 5149**System capability**: SystemCapability.Security.Cert 5150 5151**Parameters** 5152 5153| Name| Type | Mandatory| Description | 5154| ------ | --------------------- | ---- | ------------ | 5155| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 5156 5157**Return value** 5158 5159| Type | Description | 5160| ------------------------------- | ---------------------- | 5161| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained. | 5162 5163**Error codes** 5164 5165For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5166 5167| ID| Error Message | 5168| -------- | ----------------------- | 5169| 19020001 | memory error. | 5170| 19030001 | crypto operation error. | 5171 5172**Example** 5173 5174```ts 5175import certFramework from '@ohos.security.cert'; 5176import { BusinessError } from '@ohos.base'; 5177 5178// Convert the string into a Uint8Array. 5179function stringToUint8Array(str: string): Uint8Array { 5180 let arr: Array<number> = []; 5181 for (let i = 0, j = str.length; i < j; i++) { 5182 arr.push(str.charCodeAt(i)); 5183 } 5184 return new Uint8Array(arr); 5185} 5186 5187let crlData = '-----BEGIN X509 CRL-----\n' + 5188 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5189 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5190 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5191 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5192 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5193 'eavsH0Q3\n' + 5194 '-----END X509 CRL-----\n'; 5195 5196// Certificate binary data, which must be set based on the service. 5197let certData = '-----BEGIN CERTIFICATE-----\n' 5198'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' 5199'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' 5200'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' 5201'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' 5202'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' 5203'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' 5204'Qw==\n' 5205'-----END CERTIFICATE-----\n'; 5206 5207let certEncodingBlob: certFramework.EncodingBlob = { 5208 data: stringToUint8Array(certData), 5209 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5210 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5211}; 5212 5213// Binary data of the CRL, which must be set based on the service. 5214let encodingBlob: certFramework.EncodingBlob = { 5215 data: stringToUint8Array(crlData), 5216 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5217 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5218}; 5219 5220certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5221 if (error != null) { 5222 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5223 } else { 5224 console.log('createX509CRL success'); 5225 // Create an X.509 certificate object. 5226 certFramework.createX509Cert(certEncodingBlob).then((x509Cert) => { 5227 try { 5228 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 5229 } catch (error) { 5230 let e: BusinessError = error as BusinessError; 5231 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5232 } 5233 }).catch((error: BusinessError) => { 5234 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5235 }) 5236 } 5237}); 5238``` 5239 5240### getRevokedCerts<sup>11+</sup> 5241 5242getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 5243 5244Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 5245 5246**System capability**: SystemCapability.Security.Cert 5247 5248**Parameters** 5249 5250| Name | Type | Mandatory| Description | 5251| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 5252| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | Yes | Callback invoked to return a list of revoked X.509 certificates. | 5253 5254**Error codes** 5255 5256For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5257 5258| ID| Error Message | 5259| -------- | ----------------------- | 5260| 19020001 | memory error. | 5261| 19030001 | crypto operation error. | 5262 5263**Example** 5264 5265```ts 5266import certFramework from '@ohos.security.cert'; 5267import { BusinessError } from '@ohos.base'; 5268 5269// Convert the string into a Uint8Array. 5270function stringToUint8Array(str: string): Uint8Array { 5271 let arr: Array<number> = []; 5272 for (let i = 0, j = str.length; i < j; i++) { 5273 arr.push(str.charCodeAt(i)); 5274 } 5275 return new Uint8Array(arr); 5276} 5277 5278let crlData = '-----BEGIN X509 CRL-----\n' + 5279 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5280 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5281 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5282 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5283 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5284 'eavsH0Q3\n' + 5285 '-----END X509 CRL-----\n'; 5286 5287// Binary data of the CRL, which must be set based on the service. 5288let encodingBlob: certFramework.EncodingBlob = { 5289 data: stringToUint8Array(crlData), 5290 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5291 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5292}; 5293 5294certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5295 if (error != null) { 5296 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5297 } else { 5298 console.log('createX509CRL success'); 5299 x509CRL.getRevokedCerts((error, array) => { 5300 if (error != null) { 5301 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5302 } else { 5303 console.log('getRevokedCerts success'); 5304 } 5305 }); 5306 } 5307}); 5308``` 5309 5310### getRevokedCerts<sup>11+</sup> 5311 5312getRevokedCerts() : Promise<Array\<X509CRLEntry>> 5313 5314Obtains the revoked X.509 certificates. This API uses a promise to return the result. 5315 5316**System capability**: SystemCapability.Security.Cert 5317 5318**Return value** 5319 5320| Type | Description | 5321| ------------------------------------------------ | ---------------------- | 5322| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | Promise used to return a list of revoked X.509 certificates.| 5323 5324**Error codes** 5325 5326For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5327 5328| ID| Error Message | 5329| -------- | ----------------------- | 5330| 19020001 | memory error. | 5331| 19030001 | crypto operation error. | 5332 5333**Example** 5334 5335```ts 5336import certFramework from '@ohos.security.cert'; 5337import { BusinessError } from '@ohos.base'; 5338 5339// Convert the string into a Uint8Array. 5340function stringToUint8Array(str: string): Uint8Array { 5341 let arr: Array<number> = []; 5342 for (let i = 0, j = str.length; i < j; i++) { 5343 arr.push(str.charCodeAt(i)); 5344 } 5345 return new Uint8Array(arr); 5346} 5347 5348let crlData = '-----BEGIN X509 CRL-----\n' + 5349 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5350 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5351 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5352 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5353 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5354 'eavsH0Q3\n' + 5355 '-----END X509 CRL-----\n'; 5356 5357// Binary data of the CRL, which must be set based on the service. 5358let encodingBlob: certFramework.EncodingBlob = { 5359 data: stringToUint8Array(crlData), 5360 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5361 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5362}; 5363 5364certFramework.createX509CRL(encodingBlob).then(x509CRL => { 5365 console.log('createX509CRL success'); 5366 x509CRL.getRevokedCerts().then(array => { 5367 console.log('getRevokedCerts success'); 5368 }).catch((error: BusinessError) => { 5369 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5370 }); 5371}).catch((error: BusinessError) => { 5372 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5373}); 5374``` 5375 5376### getSignature<sup>11+</sup> 5377 5378getSignature() : DataBlob 5379 5380Obtains the signature data of the X.509 CRL. 5381 5382**System capability**: SystemCapability.Security.Cert 5383 5384**Return value** 5385 5386| Type | Description | 5387| --------------------- | ------------------------------ | 5388| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 5389 5390**Error codes** 5391 5392For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5393 5394| ID| Error Message | 5395| -------- | ----------------------- | 5396| 19020001 | memory error. | 5397| 19020002 | runtime error. | 5398| 19030001 | crypto operation error. | 5399 5400**Example** 5401 5402```ts 5403import certFramework from '@ohos.security.cert'; 5404import { BusinessError } from '@ohos.base'; 5405 5406// Convert the string into a Uint8Array. 5407function stringToUint8Array(str: string): Uint8Array { 5408 let arr: Array<number> = []; 5409 for (let i = 0, j = str.length; i < j; i++) { 5410 arr.push(str.charCodeAt(i)); 5411 } 5412 return new Uint8Array(arr); 5413} 5414 5415let crlData = '-----BEGIN X509 CRL-----\n' + 5416 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5417 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5418 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5419 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5420 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5421 'eavsH0Q3\n' + 5422 '-----END X509 CRL-----\n'; 5423 5424// Binary data of the CRL, which must be set based on the service. 5425let encodingBlob: certFramework.EncodingBlob = { 5426 data: stringToUint8Array(crlData), 5427 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5428 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5429}; 5430 5431certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5432 if (error != null) { 5433 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5434 } else { 5435 console.log('createX509CRL success'); 5436 try { 5437 let signature = x509CRL.getSignature(); 5438 } catch (err) { 5439 let e: BusinessError = err as BusinessError; 5440 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5441 } 5442 } 5443}); 5444``` 5445 5446### getSignatureAlgName<sup>11+</sup> 5447 5448getSignatureAlgName() : string 5449 5450Obtains the signing algorithm of the X.509 CRL. 5451 5452**System capability**: SystemCapability.Security.Cert 5453 5454**Return value** 5455 5456| Type | Description | 5457| ------ | -------------------------------- | 5458| string | Signing algorithm obtained.| 5459 5460**Error codes** 5461 5462For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5463 5464| ID| Error Message | 5465| -------- | ----------------------- | 5466| 19020001 | memory error. | 5467| 19020002 | runtime error. | 5468| 19030001 | crypto operation error. | 5469 5470**Example** 5471 5472```ts 5473import certFramework from '@ohos.security.cert'; 5474import { BusinessError } from '@ohos.base'; 5475 5476// Convert the string into a Uint8Array. 5477function stringToUint8Array(str: string): Uint8Array { 5478 let arr: Array<number> = []; 5479 for (let i = 0, j = str.length; i < j; i++) { 5480 arr.push(str.charCodeAt(i)); 5481 } 5482 return new Uint8Array(arr); 5483} 5484 5485let crlData = '-----BEGIN X509 CRL-----\n' + 5486 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5487 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5488 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5489 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5490 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5491 'eavsH0Q3\n' + 5492 '-----END X509 CRL-----\n'; 5493 5494// Binary data of the CRL, which must be set based on the service. 5495let encodingBlob: certFramework.EncodingBlob = { 5496 data: stringToUint8Array(crlData), 5497 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5498 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5499}; 5500 5501certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5502 if (error != null) { 5503 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5504 } else { 5505 console.log('createX509CRL success'); 5506 try { 5507 let sigAlgName = x509CRL.getSignatureAlgName(); 5508 } catch (err) { 5509 let e: BusinessError = err as BusinessError; 5510 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5511 } 5512 } 5513}); 5514``` 5515 5516### getSignatureAlgOid<sup>11+</sup> 5517 5518getSignatureAlgOid() : string 5519 5520Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 5521 5522**System capability**: SystemCapability.Security.Cert 5523 5524**Return value** 5525 5526| Type | Description | 5527| ------ | --------------------------------------------- | 5528| string | OID of the X.509 CRL signing algorithm obtained.| 5529 5530**Error codes** 5531 5532For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5533 5534| ID| Error Message | 5535| -------- | ----------------------- | 5536| 19020001 | memory error. | 5537| 19020002 | runtime error. | 5538| 19030001 | crypto operation error. | 5539 5540**Example** 5541 5542```ts 5543import certFramework from '@ohos.security.cert'; 5544import { BusinessError } from '@ohos.base'; 5545 5546// Convert the string into a Uint8Array. 5547function stringToUint8Array(str: string): Uint8Array { 5548 let arr: Array<number> = []; 5549 for (let i = 0, j = str.length; i < j; i++) { 5550 arr.push(str.charCodeAt(i)); 5551 } 5552 return new Uint8Array(arr); 5553} 5554 5555let crlData = '-----BEGIN X509 CRL-----\n' + 5556 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5557 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5558 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5559 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5560 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5561 'eavsH0Q3\n' + 5562 '-----END X509 CRL-----\n'; 5563 5564// Binary data of the CRL, which must be set based on the service. 5565let encodingBlob: certFramework.EncodingBlob = { 5566 data: stringToUint8Array(crlData), 5567 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5568 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5569}; 5570 5571certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5572 if (error != null) { 5573 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5574 } else { 5575 console.log('createX509CRL success'); 5576 try { 5577 let sigAlgOid = x509CRL.getSignatureAlgOid(); 5578 } catch (err) { 5579 let e: BusinessError = err as BusinessError; 5580 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5581 } 5582 } 5583}); 5584``` 5585 5586### getSignatureAlgParams<sup>11+</sup> 5587 5588getSignatureAlgParams() : DataBlob 5589 5590Obtains the parameters of the X.509 CRL signing algorithm. 5591 5592**System capability**: SystemCapability.Security.Cert 5593 5594**Return value** 5595 5596| Type | Description | 5597| --------------------- | ---------------------------------- | 5598| [DataBlob](#datablob) | Algorithm parameters obtained.| 5599 5600**Error codes** 5601 5602For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5603 5604| ID| Error Message | 5605| -------- | ----------------------- | 5606| 19020001 | memory error. | 5607| 19020002 | runtime error. | 5608| 19030001 | crypto operation error. | 5609 5610**Example** 5611 5612```ts 5613import certFramework from '@ohos.security.cert'; 5614import { BusinessError } from '@ohos.base'; 5615 5616// Convert the string into a Uint8Array. 5617function stringToUint8Array(str: string): Uint8Array { 5618 let arr: Array<number> = []; 5619 for (let i = 0, j = str.length; i < j; i++) { 5620 arr.push(str.charCodeAt(i)); 5621 } 5622 return new Uint8Array(arr); 5623} 5624 5625let crlData = '-----BEGIN X509 CRL-----\n' + 5626 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5627 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5628 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5629 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5630 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5631 'eavsH0Q3\n' + 5632 '-----END X509 CRL-----\n'; 5633 5634// Binary data of the CRL, which must be set based on the service. 5635let encodingBlob: certFramework.EncodingBlob = { 5636 data: stringToUint8Array(crlData), 5637 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5638 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5639}; 5640 5641certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5642 if (error != null) { 5643 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5644 } else { 5645 console.log('createX509CRL success'); 5646 try { 5647 let sigAlgParams = x509CRL.getSignatureAlgParams(); 5648 } catch (err) { 5649 let e: BusinessError = error as BusinessError; 5650 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5651 } 5652 } 5653}); 5654``` 5655 5656### getTBSInfo<sup>11+</sup> 5657 5658getTBSInfo() : DataBlob 5659 5660Obtains the DER-encoded CRL information, the **tbsCertList** from this CRL. 5661 5662**System capability**: SystemCapability.Security.Cert 5663 5664**Return value** 5665 5666| Type | Description | 5667| --------------------- | --------------------------------- | 5668| [DataBlob](#datablob) | **tbsCertList** information obtained.| 5669 5670**Error codes** 5671 5672For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5673 5674| ID| Error Message | 5675| -------- | ----------------------- | 5676| 19020001 | memory error. | 5677| 19020002 | runtime error. | 5678| 19030001 | crypto operation error. | 5679 5680**Example** 5681 5682```ts 5683import certFramework from '@ohos.security.cert'; 5684import { BusinessError } from '@ohos.base'; 5685 5686// Convert the string into a Uint8Array. 5687function stringToUint8Array(str: string): Uint8Array { 5688 let arr: Array<number> = []; 5689 for (let i = 0, j = str.length; i < j; i++) { 5690 arr.push(str.charCodeAt(i)); 5691 } 5692 return new Uint8Array(arr); 5693} 5694 5695let crlData = '-----BEGIN X509 CRL-----\n' + 5696 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5697 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5698 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5699 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5700 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5701 'eavsH0Q3\n' + 5702 '-----END X509 CRL-----\n'; 5703 5704// Binary data of the CRL, which must be set based on the service. 5705let encodingBlob: certFramework.EncodingBlob = { 5706 data: stringToUint8Array(crlData), 5707 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5708 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5709}; 5710 5711certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5712 if (error != null) { 5713 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5714 } else { 5715 console.log('createX509CRL success'); 5716 try { 5717 let tbsInfo = x509CRL.getTBSInfo(); 5718 } catch (error) { 5719 let e: BusinessError = error as BusinessError; 5720 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5721 } 5722 } 5723}); 5724``` 5725 5726### getExtensions<sup>11+</sup> 5727 5728getExtensions(): DataBlob 5729 5730Obtains the CRL extensions. 5731 5732**System capability**: SystemCapability.Security.Cert 5733 5734**Return value** 5735 5736| Type | Description | 5737| --------------------- | ------------------- | 5738| [DataBlob](#datablob) | X.509 CRL extensions obtained.| 5739 5740**Error codes** 5741 5742For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5743 5744| ID| Error Message | 5745| -------- | ----------------------- | 5746| 19020001 | memory error. | 5747| 19020002 | runtime error. | 5748| 19030001 | crypto operation error. | 5749 5750**Example** 5751 5752```ts 5753import certFramework from '@ohos.security.cert'; 5754import { BusinessError } from '@ohos.base'; 5755 5756// Convert the string into a Uint8Array. 5757function stringToUint8Array(str: string): Uint8Array { 5758 let arr: Array<number> = []; 5759 for (let i = 0, j = str.length; i < j; i++) { 5760 arr.push(str.charCodeAt(i)); 5761 } 5762 return new Uint8Array(arr); 5763} 5764 5765let crlData = '-----BEGIN X509 CRL-----\n' + 5766 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5767 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5768 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5769 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5770 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5771 'eavsH0Q3\n' + 5772 '-----END X509 CRL-----\n'; 5773 5774// Binary data of the CRL, which must be set based on the service. 5775let encodingBlob: certFramework.EncodingBlob = { 5776 data: stringToUint8Array(crlData), 5777 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5778 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5779}; 5780 5781certFramework.createX509CRL(encodingBlob, (error, x509CRL) => { 5782 if (error != null) { 5783 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5784 } else { 5785 console.log('createX509CRL success'); 5786 try { 5787 let extensions = x509CRL.getExtensions(); 5788 } catch (error) { 5789 let e: BusinessError = error as BusinessError; 5790 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5791 } 5792 } 5793}); 5794``` 5795 5796### match<sup>11+</sup> 5797 5798match(param: X509CRLMatchParameters): boolean 5799 5800Matches a CRL. 5801 5802**System capability**: SystemCapability.Security.Cert 5803 5804**Parameters** 5805 5806| Name | Type | Mandatory| Description | 5807| --------- | ------ | ---- | ------------------------------------------ | 5808| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| Yes | Parameters specified for matching the CRL.| 5809 5810**Return value** 5811 5812| Type | Description | 5813| --------------------- | ----------------------------------------- | 5814| boolean | Returns **true** if a CRL is matched; returns **false** otherwise.| 5815 5816**Error codes** 5817 5818For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5819 5820| ID| Error Message | 5821| -------- | -------------- | 5822| 19020001 | memory error. | 5823| 19030001 | crypto operation error. | 5824 5825**Example** 5826 5827```ts 5828import certFramework from '@ohos.security.cert'; 5829import { BusinessError } from '@ohos.base'; 5830 5831// Convert the string into a Uint8Array. 5832function stringToUint8Array(str: string): Uint8Array { 5833 let arr: Array<number> = []; 5834 for (let i = 0, j = str.length; i < j; i++) { 5835 arr.push(str.charCodeAt(i)); 5836 } 5837 return new Uint8Array(arr); 5838} 5839 5840let crlData = '-----BEGIN X509 CRL-----\n' + 5841 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5842 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5843 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5844 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5845 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5846 'eavsH0Q3\n' + 5847 '-----END X509 CRL-----\n'; 5848 5849// Binary data of the CRL, which must be set based on the service. 5850let crlEncodingBlob: certFramework.EncodingBlob = { 5851 data: stringToUint8Array(crlData), 5852 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5853 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 5854}; 5855 5856const certData = "-----BEGIN CERTIFICATE-----\r\n" + 5857 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 5858 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 5859 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 5860 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 5861 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 5862 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 5863 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 5864 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 5865 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 5866 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 5867 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 5868 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 5869 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 5870 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 5871 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 5872 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 5873 "-----END CERTIFICATE-----\r\n"; 5874const certEncodingBlob: certFramework.EncodingBlob = { 5875 data: stringToUint8Array(certData), 5876 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM, 5877}; 5878 5879async function crlMatch() { 5880 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 5881 try { 5882 x509Cert = await certFramework.createX509Cert(certEncodingBlob); 5883 console.log('createX509Cert success'); 5884 } catch (err) { 5885 console.error('createX509Cert failed'); 5886 } 5887 5888 certFramework.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 5889 if (error != null) { 5890 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5891 } else { 5892 console.log('createX509CRL success'); 5893 try { 5894 const param: certFramework.X509CRLMatchParameters = { 5895 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 5896 x509Cert: x509Cert 5897 } 5898 const result = x509CRL.match(param); 5899 } catch (error) { 5900 let e: BusinessError = error as BusinessError; 5901 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5902 } 5903 } 5904 }); 5905} 5906``` 5907 5908## cryptoCert.createCertChainValidator 5909 5910createCertChainValidator(algorithm :string) : CertChainValidator 5911 5912Creates a **CertChainValidator** object. 5913 5914**System capability**: SystemCapability.Security.Cert 5915 5916**Parameters** 5917 5918| Name | Type | Mandatory| Description | 5919| --------- | ------ | ---- | ------------------------------------------ | 5920| algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| 5921 5922**Return value** 5923 5924| Type | Description | 5925| ------------------ | -------------------- | 5926| CertChainValidator | **CertChainValidator** object created.| 5927 5928**Error codes** 5929 5930For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5931 5932| ID| Error Message | 5933| -------- | ----------------------- | 5934| 19020001 | memory error. | 5935| 19020002 | runtime error. | 5936| 19030001 | crypto operation error. | 5937 5938**Example** 5939 5940```ts 5941import certFramework from '@ohos.security.cert'; 5942import { BusinessError } from '@ohos.base'; 5943 5944try { 5945 let validator = certFramework.createCertChainValidator('PKIX'); 5946} catch (error) { 5947 let e: BusinessError = error as BusinessError; 5948 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5949} 5950``` 5951 5952## CertChainValidator 5953 5954Provides APIs for certificate chain validator operations. 5955 5956 5957### Attributes 5958 5959**System capability**: SystemCapability.Security.Cert 5960 5961| Name | Type | Readable| Writable| Description | 5962| ------- | ------ | ---- | ---- | -------------------------- | 5963| algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| 5964 5965 5966### validate 5967 5968validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 5969 5970Validates an X.509 certificate chain. This API uses an asynchronous callback to return the result. 5971The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 5972 5973**System capability**: SystemCapability.Security.Cert 5974 5975**Parameters** 5976 5977| Name | Type | Mandatory| Description | 5978| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 5979| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | 5980| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the X.509 certificate chain is valid. If **error** is not **null**, the X.509 certificate chain is not valid.| 5981 5982**Error codes** 5983 5984For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 5985 5986| ID| Error Message | 5987| -------- | ------------------------------------------------- | 5988| 19020001 | memory error. | 5989| 19020002 | runtime error. | 5990| 19030001 | crypto operation error. | 5991| 19030002 | the certificate signature verification failed. | 5992| 19030003 | the certificate has not taken effect. | 5993| 19030004 | the certificate has expired. | 5994| 19030005 | failed to obtain the certificate issuer. | 5995| 19030006 | the key cannot be used for signing a certificate. | 5996| 19030007 | the key cannot be used for digital signature. | 5997 5998**Example** 5999 6000```ts 6001import certFramework from '@ohos.security.cert'; 6002import { BusinessError } from '@ohos.base'; 6003 6004// Certificate chain binary data, which must be set based on the service. 6005let certChainBuff = new Uint8Array([0x30, 0x82, 0x44]); 6006 6007let certChainData: certFramework.CertChainData = { 6008 data: certChainBuff, 6009 // Number of certificates in the certificate chain. It must be set based on the service. 6010 count: 2, 6011 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6012 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6013}; 6014 6015try { 6016 let validator = certFramework.createCertChainValidator('PKIX'); 6017 validator.validate(certChainData, (error, data) => { 6018 if (error != null) { 6019 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6020 } else { 6021 console.log('validate success'); 6022 } 6023 }); 6024} catch (error) { 6025 let e: BusinessError = error as BusinessError; 6026 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6027} 6028``` 6029 6030### validate 6031 6032validate(certChain : CertChainData) : Promise\<void> 6033 6034Validates the X.509 certificate chain. This API uses a promise to return the result. 6035The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 6036 6037**System capability**: SystemCapability.Security.Cert 6038 6039**Parameters** 6040 6041| Name | Type | Mandatory| Description | 6042| --------- | ------------------------------- | ---- | -------------------------- | 6043| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| 6044 6045**Return value** 6046 6047| Type | Description | 6048| -------------- | ----------- | 6049| Promise\<void> | Promise used to return the result.| 6050 6051**Error codes** 6052 6053For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6054 6055| ID| Error Message | 6056| -------- | ------------------------------------------------- | 6057| 19020001 | memory error. | 6058| 19020002 | runtime error. | 6059| 19030001 | crypto operation error. | 6060| 19030002 | the certificate signature verification failed. | 6061| 19030003 | the certificate has not taken effect. | 6062| 19030004 | the certificate has expired. | 6063| 19030005 | failed to obtain the certificate issuer. | 6064| 19030006 | the key cannot be used for signing a certificate. | 6065| 19030007 | the key cannot be used for digital signature. | 6066 6067**Example** 6068 6069```ts 6070import certFramework from '@ohos.security.cert'; 6071import { BusinessError } from '@ohos.base'; 6072 6073// Certificate chain binary data, which must be set based on the service. 6074let certChainBuff = new Uint8Array([0x30, 0x82, 0x44]); 6075 6076let certChainData: certFramework.CertChainData = { 6077 data: certChainBuff, 6078 // Number of certificates in the certificate chain. It must be set based on the service. 6079 count: 2, 6080 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6081 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6082}; 6083 6084try { 6085 let validator = certFramework.createCertChainValidator('PKIX'); 6086 validator.validate(certChainData).then(result => { 6087 console.log('validate success'); 6088 }).catch((error: BusinessError) => { 6089 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6090 }); 6091} catch (error) { 6092 let e: BusinessError = error as BusinessError; 6093 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6094} 6095``` 6096 6097### algorithm 6098 6099algorithm : string 6100 6101Obtains the algorithm of the X.509 certificate chain validator. 6102 6103**System capability**: SystemCapability.Security.Cert 6104 6105**Return value** 6106 6107| Type | Description | 6108| ------ | ------------------------ | 6109| string | Algorithm of the X.509 certificate chain validator obtained.| 6110 6111**Example** 6112 6113```ts 6114import certFramework from '@ohos.security.cert'; 6115import { BusinessError } from '@ohos.base'; 6116 6117try { 6118 let validator = certFramework.createCertChainValidator('PKIX'); 6119 let algorithm = validator.algorithm; 6120} catch (error) { 6121 let e: BusinessError = error as BusinessError; 6122 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6123} 6124``` 6125 6126 6127## X509CrlEntry<sup>(deprecated)</sup> 6128 6129Provides APIs for operating the revoked certificates. 6130 6131> **NOTE** 6132> 6133> This API is deprecated since API version 11. You are advised to use[X509CrlEntry](#x509crlentry11). 6134 6135### getEncoded<sup>(deprecated)</sup> 6136 6137getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 6138 6139Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 6140 6141> **NOTE** 6142> 6143> This API is deprecated since API version 11. You are advised to use[X509CRLEntry.getEncoded](#getencoded11-2). 6144 6145**System capability**: SystemCapability.Security.Cert 6146 6147**Parameters** 6148 6149| Name | Type | Mandatory| Description | 6150| -------- | --------------------------------------------- | ---- | ------------------------------------ | 6151| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized data of the revoked certificate obtained. | 6152 6153**Error codes** 6154 6155For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6156 6157| ID| Error Message | 6158| -------- | ----------------------- | 6159| 19020001 | memory error. | 6160| 19020002 | runtime error. | 6161| 19030001 | crypto operation error. | 6162 6163**Example** 6164 6165```ts 6166import certFramework from '@ohos.security.cert'; 6167import { BusinessError } from '@ohos.base'; 6168 6169// Convert the string into a Uint8Array. 6170function stringToUint8Array(str: string): Uint8Array { 6171 let arr: Array<number> = []; 6172 for (let i = 0, j = str.length; i < j; i++) { 6173 arr.push(str.charCodeAt(i)); 6174 } 6175 return new Uint8Array(arr); 6176} 6177 6178let crlData = '-----BEGIN X509 CRL-----\n' + 6179 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6180 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6181 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6182 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6183 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6184 'eavsH0Q3\n' + 6185 '-----END X509 CRL-----\n' 6186 6187let encodingBlob: certFramework.EncodingBlob = { 6188 data: stringToUint8Array(crlData), 6189 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6190 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6191}; 6192 6193certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 6194 if (err != null) { 6195 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6196 } else { 6197 console.log('create x509 crl success'); 6198 6199 try { 6200 let serialNumber = 1000; 6201 let crlEntry = x509Crl.getRevokedCert(serialNumber); 6202 crlEntry.getEncoded((error, data) => { 6203 if (error != null) { 6204 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6205 } else { 6206 console.log('getEncoded success'); 6207 } 6208 }); 6209 } catch (error) { 6210 let e: BusinessError = error as BusinessError; 6211 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6212 } 6213 } 6214}) 6215``` 6216 6217### getEncoded<sup>(deprecated)</sup> 6218 6219getEncoded() : Promise\<EncodingBlob> 6220 6221Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 6222 6223> **NOTE** 6224> 6225> This API is deprecated since API version 11. You are advised to use[X509CRLEntry.getEncoded](#getencoded11-3). 6226 6227**System capability**: SystemCapability.Security.Cert 6228 6229**Return value** 6230 6231| Type | Description | 6232| --------------------------------------- | -------------------------- | 6233| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 6234 6235**Error codes** 6236 6237For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6238 6239| ID| Error Message | 6240| -------- | ----------------------- | 6241| 19020001 | memory error. | 6242| 19020002 | runtime error. | 6243| 19030001 | crypto operation error. | 6244 6245**Example** 6246 6247```ts 6248import certFramework from '@ohos.security.cert'; 6249import { BusinessError } from '@ohos.base'; 6250 6251// Convert the string into a Uint8Array. 6252function stringToUint8Array(str: string): Uint8Array { 6253 let arr: Array<number> = []; 6254 for (let i = 0, j = str.length; i < j; i++) { 6255 arr.push(str.charCodeAt(i)); 6256 } 6257 return new Uint8Array(arr); 6258} 6259 6260let crlData = '-----BEGIN X509 CRL-----\n' + 6261 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6262 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6263 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6264 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6265 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6266 'eavsH0Q3\n' + 6267 '-----END X509 CRL-----\n' 6268 6269let encodingBlob: certFramework.EncodingBlob = { 6270 data: stringToUint8Array(crlData), 6271 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6272 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6273}; 6274 6275certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 6276 if (err != null) { 6277 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6278 } else { 6279 console.log('create x509 crl success'); 6280 6281 try { 6282 let serialNumber = 1000; 6283 let crlEntry = x509Crl.getRevokedCert(serialNumber); 6284 crlEntry.getEncoded().then(result => { 6285 console.log('getEncoded success'); 6286 }).catch((error: BusinessError) => { 6287 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6288 }); 6289 } catch (error) { 6290 let e: BusinessError = error as BusinessError; 6291 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6292 } 6293 } 6294}) 6295``` 6296 6297### getSerialNumber<sup>(deprecated)</sup> 6298 6299getSerialNumber() : number 6300 6301Obtains the serial number of this revoked certificate. 6302 6303> **NOTE** 6304> 6305> This API is deprecated since API version 11. You are advised to use[X509CRLEntry.getSerialNumber](#getserialnumber11). 6306 6307**System capability**: SystemCapability.Security.Cert 6308 6309**Return value** 6310 6311| Type | Description | 6312| ------ | ---------------------- | 6313| number | Serial number of the revoked certificate obtained.| 6314 6315**Example** 6316 6317```ts 6318import certFramework from '@ohos.security.cert'; 6319import { BusinessError } from '@ohos.base'; 6320 6321// Convert the string into a Uint8Array. 6322function stringToUint8Array(str: string): Uint8Array { 6323 let arr: Array<number> = []; 6324 for (let i = 0, j = str.length; i < j; i++) { 6325 arr.push(str.charCodeAt(i)); 6326 } 6327 return new Uint8Array(arr); 6328} 6329 6330let crlData = '-----BEGIN X509 CRL-----\n' + 6331 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6332 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6333 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6334 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6335 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6336 'eavsH0Q3\n' + 6337 '-----END X509 CRL-----\n' 6338 6339let encodingBlob: certFramework.EncodingBlob = { 6340 data: stringToUint8Array(crlData), 6341 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6342 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6343}; 6344 6345certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 6346 if (err != null) { 6347 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6348 } else { 6349 console.log('create x509 crl success'); 6350 6351 try { 6352 let serialNumber = 1000; 6353 let crlEntry = x509Crl.getRevokedCert(serialNumber); 6354 serialNumber = crlEntry.getSerialNumber(); 6355 } catch (error) { 6356 let e: BusinessError = error as BusinessError; 6357 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6358 } 6359 } 6360}) 6361``` 6362 6363### getCertIssuer<sup>(deprecated)</sup> 6364 6365getCertIssuer() : DataBlob 6366 6367Obtains the issuer of this revoked certificate. This API uses an asynchronous callback to return the result. 6368 6369> **NOTE** 6370> 6371> This API is deprecated since API version 11. You are advised to use[X509CRLEntry.getCertIssuer](#getcertissuer11). 6372 6373**System capability**: SystemCapability.Security.Cert 6374 6375**Return value** 6376 6377| Type | Description | 6378| --------------------- | ----------------------- | 6379| [DataBlob](#datablob) | Promise used to return the issuer of the revoked certificate obtained.| 6380 6381**Error codes** 6382 6383For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6384 6385| ID| Error Message | 6386| -------- | -------------- | 6387| 19020001 | memory error. | 6388| 19020002 | runtime error. | 6389 6390**Example** 6391 6392```ts 6393import certFramework from '@ohos.security.cert'; 6394import { BusinessError } from '@ohos.base'; 6395 6396// Convert the string into a Uint8Array. 6397function stringToUint8Array(str: string): Uint8Array { 6398 let arr: Array<number> = []; 6399 for (let i = 0, j = str.length; i < j; i++) { 6400 arr.push(str.charCodeAt(i)); 6401 } 6402 return new Uint8Array(arr); 6403} 6404 6405let crlData = '-----BEGIN X509 CRL-----\n' + 6406 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6407 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6408 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6409 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6410 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6411 'eavsH0Q3\n' + 6412 '-----END X509 CRL-----\n' 6413 6414let encodingBlob: certFramework.EncodingBlob = { 6415 data: stringToUint8Array(crlData), 6416 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6417 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6418}; 6419 6420certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 6421 if (err != null) { 6422 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6423 } else { 6424 console.log('create x509 crl success'); 6425 6426 try { 6427 let serialNumber = 1000; 6428 let crlEntry = x509Crl.getRevokedCert(serialNumber); 6429 let issuer = crlEntry.getCertIssuer(); 6430 } catch (error) { 6431 let e: BusinessError = error as BusinessError; 6432 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6433 } 6434 } 6435}) 6436``` 6437 6438### getRevocationDate<sup>(deprecated)</sup> 6439 6440getRevocationDate() : string 6441 6442Obtains the date when the certificate was revoked. This API uses an asynchronous callback to return the result. 6443 6444> **NOTE** 6445> 6446> This API is deprecated since API version 11. You are advised to use[X509CRLEntry.getRevocationDate](#getrevocationdate11). 6447 6448**System capability**: SystemCapability.Security.Cert 6449 6450**Return value** 6451 6452| Type | Description | 6453| ------ | ------------------ | 6454| string | Promise used to return the certificate revocation date obtained.| 6455 6456**Error codes** 6457 6458For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6459 6460| ID| Error Message | 6461| -------- | ----------------------- | 6462| 19020001 | memory error. | 6463| 19020002 | runtime error. | 6464| 19030001 | crypto operation error. | 6465 6466**Example** 6467 6468```ts 6469import certFramework from '@ohos.security.cert'; 6470import { BusinessError } from '@ohos.base'; 6471 6472// Convert the string into a Uint8Array. 6473function stringToUint8Array(str: string): Uint8Array { 6474 let arr: Array<number> = []; 6475 for (let i = 0, j = str.length; i < j; i++) { 6476 arr.push(str.charCodeAt(i)); 6477 } 6478 return new Uint8Array(arr); 6479} 6480 6481let crlData = '-----BEGIN X509 CRL-----\n' + 6482 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6483 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6484 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6485 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6486 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6487 'eavsH0Q3\n' + 6488 '-----END X509 CRL-----\n' 6489 6490let encodingBlob: certFramework.EncodingBlob = { 6491 data: stringToUint8Array(crlData), 6492 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6493 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6494}; 6495 6496certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 6497 if (err != null) { 6498 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6499 } else { 6500 console.log('create x509 crl success'); 6501 6502 try { 6503 let serialNumber = 1000; 6504 let crlEntry = x509Crl.getRevokedCert(serialNumber); 6505 let date = crlEntry.getRevocationDate(); 6506 } catch (error) { 6507 let e: BusinessError = error as BusinessError; 6508 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6509 } 6510 } 6511}) 6512``` 6513 6514## X509CRLEntry<sup>11+</sup> 6515 6516Provides APIs for operating the revoked certificates. 6517 6518### getEncoded<sup>11+</sup> 6519 6520getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 6521 6522Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 6523 6524**System capability**: SystemCapability.Security.Cert 6525 6526**Parameters** 6527 6528| Name | Type | Mandatory| Description | 6529| -------- | --------------------------------------------- | ---- | ------------------------------------ | 6530| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized data of the revoked certificate obtained. | 6531 6532**Error codes** 6533 6534For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6535 6536| ID| Error Message | 6537| -------- | ----------------------- | 6538| 19020001 | memory error. | 6539| 19020002 | runtime error. | 6540| 19030001 | crypto operation error. | 6541 6542**Example** 6543 6544```ts 6545import certFramework from '@ohos.security.cert'; 6546import { BusinessError } from '@ohos.base'; 6547 6548// Convert the string into a Uint8Array. 6549function stringToUint8Array(str: string): Uint8Array { 6550 let arr: Array<number> = []; 6551 for (let i = 0, j = str.length; i < j; i++) { 6552 arr.push(str.charCodeAt(i)); 6553 } 6554 return new Uint8Array(arr); 6555} 6556 6557let crlData = '-----BEGIN X509 CRL-----\n' + 6558 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6559 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6560 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6561 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6562 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6563 'eavsH0Q3\n' + 6564 '-----END X509 CRL-----\n' 6565 6566let encodingBlob: certFramework.EncodingBlob = { 6567 data: stringToUint8Array(crlData), 6568 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6569 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6570}; 6571 6572certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6573 if (err != null) { 6574 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6575 } else { 6576 console.log('create x509 CRL success'); 6577 6578 try { 6579 let serialNumber = BigInt(1000); 6580 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6581 crlEntry.getEncoded((error, data) => { 6582 if (error != null) { 6583 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6584 } else { 6585 console.log('getEncoded success'); 6586 } 6587 }); 6588 } catch (error) { 6589 let e: BusinessError = error as BusinessError; 6590 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6591 } 6592 } 6593}) 6594``` 6595 6596### getEncoded<sup>11+</sup> 6597 6598getEncoded() : Promise\<EncodingBlob> 6599 6600Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 6601 6602**System capability**: SystemCapability.Security.Cert 6603 6604**Return value** 6605 6606| Type | Description | 6607| --------------------------------------- | -------------------------- | 6608| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 6609 6610**Error codes** 6611 6612For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6613 6614| ID| Error Message | 6615| -------- | ----------------------- | 6616| 19020001 | memory error. | 6617| 19020002 | runtime error. | 6618| 19030001 | crypto operation error. | 6619 6620**Example** 6621 6622```ts 6623import certFramework from '@ohos.security.cert'; 6624import { BusinessError } from '@ohos.base'; 6625 6626// Convert the string into a Uint8Array. 6627function stringToUint8Array(str: string): Uint8Array { 6628 let arr: Array<number> = []; 6629 for (let i = 0, j = str.length; i < j; i++) { 6630 arr.push(str.charCodeAt(i)); 6631 } 6632 return new Uint8Array(arr); 6633} 6634 6635let crlData = '-----BEGIN X509 CRL-----\n' + 6636 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6637 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6638 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6639 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6640 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6641 'eavsH0Q3\n' + 6642 '-----END X509 CRL-----\n' 6643 6644let encodingBlob: certFramework.EncodingBlob = { 6645 data: stringToUint8Array(crlData), 6646 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6647 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6648}; 6649 6650certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6651 if (err != null) { 6652 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6653 } else { 6654 console.log('create x509 CRL success'); 6655 6656 try { 6657 let serialNumber = BigInt(1000); 6658 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6659 crlEntry.getEncoded().then(result => { 6660 console.log('getEncoded success'); 6661 }).catch((error: BusinessError) => { 6662 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6663 }); 6664 } catch (error) { 6665 let e: BusinessError = error as BusinessError; 6666 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6667 } 6668 } 6669}) 6670``` 6671 6672### getSerialNumber<sup>11+</sup> 6673 6674getSerialNumber() : bigint 6675 6676Obtains the serial number of this revoked certificate. 6677 6678**System capability**: SystemCapability.Security.Cert 6679 6680**Return value** 6681 6682| Type | Description | 6683| ------ | ---------------------- | 6684| bigint | Serial number of the revoked certificate obtained.| 6685 6686**Error codes** 6687 6688For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6689 6690| ID| Error Message | 6691| -------- | ----------------------- | 6692| 19020001 | memory error. | 6693| 19020002 | runtime error. | 6694| 19030001 | crypto operation error. | 6695 6696**Example** 6697 6698```ts 6699import certFramework from '@ohos.security.cert'; 6700import { BusinessError } from '@ohos.base'; 6701 6702// Convert the string into a Uint8Array. 6703function stringToUint8Array(str: string): Uint8Array { 6704 let arr: Array<number> = []; 6705 for (let i = 0, j = str.length; i < j; i++) { 6706 arr.push(str.charCodeAt(i)); 6707 } 6708 return new Uint8Array(arr); 6709} 6710 6711let crlData = '-----BEGIN X509 CRL-----\n' + 6712 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6713 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6714 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6715 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6716 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6717 'eavsH0Q3\n' + 6718 '-----END X509 CRL-----\n' 6719 6720let encodingBlob: certFramework.EncodingBlob = { 6721 data: stringToUint8Array(crlData), 6722 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6723 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6724}; 6725 6726certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6727 if (err != null) { 6728 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6729 } else { 6730 console.log('create x509 crl success'); 6731 6732 try { 6733 let serialNumber = BigInt(1000); 6734 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6735 serialNumber = crlEntry.getSerialNumber(); 6736 } catch (error) { 6737 let e: BusinessError = error as BusinessError; 6738 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6739 } 6740 } 6741}) 6742``` 6743 6744### getCertIssuer<sup>11+</sup> 6745 6746getCertIssuer() : DataBlob 6747 6748Obtains the issuer of this revoked certificate. 6749 6750**System capability**: SystemCapability.Security.Cert 6751 6752**Return value** 6753 6754| Type | Description | 6755| --------------------- | -------------------------- | 6756| [DataBlob](#datablob) | Issuer of the revoked certificate obtained. | 6757 6758**Error codes** 6759 6760For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6761 6762| ID| Error Message | 6763| -------- | ----------------------- | 6764| 19020001 | memory error. | 6765| 19020002 | runtime error. | 6766| 19030001 | crypto operation error. | 6767 6768**Example** 6769 6770```ts 6771import certFramework from '@ohos.security.cert'; 6772import { BusinessError } from '@ohos.base'; 6773 6774// Convert the string into a Uint8Array. 6775function stringToUint8Array(str: string): Uint8Array { 6776 let arr: Array<number> = []; 6777 for (let i = 0, j = str.length; i < j; i++) { 6778 arr.push(str.charCodeAt(i)); 6779 } 6780 return new Uint8Array(arr); 6781} 6782 6783let crlData = '-----BEGIN X509 CRL-----\n' + 6784 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6785 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6786 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6787 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6788 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6789 'eavsH0Q3\n' + 6790 '-----END X509 CRL-----\n' 6791 6792let encodingBlob: certFramework.EncodingBlob = { 6793 data: stringToUint8Array(crlData), 6794 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6795 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6796}; 6797 6798certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6799 if (err != null) { 6800 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6801 } else { 6802 console.log('create x509 CRL success'); 6803 6804 try { 6805 let serialNumber = BigInt(1000); 6806 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6807 let issuer = crlEntry.getCertIssuer(); 6808 } catch (error) { 6809 let e: BusinessError = error as BusinessError; 6810 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6811 } 6812 } 6813}) 6814``` 6815 6816### getRevocationDate<sup>11+</sup> 6817 6818getRevocationDate() : string 6819 6820Obtains the date when the certificate was revoked. 6821 6822**System capability**: SystemCapability.Security.Cert 6823 6824**Return value** 6825 6826| Type | Description | 6827| ------ | -------------------- | 6828| string | Certificate revocation date obtained. | 6829 6830**Error codes** 6831 6832For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6833 6834| ID| Error Message | 6835| -------- | ----------------------- | 6836| 19020001 | memory error. | 6837| 19020002 | runtime error. | 6838| 19030001 | crypto operation error. | 6839 6840**Example** 6841 6842```ts 6843import certFramework from '@ohos.security.cert'; 6844import { BusinessError } from '@ohos.base'; 6845 6846// Convert the string into a Uint8Array. 6847function stringToUint8Array(str: string): Uint8Array { 6848 let arr: Array<number> = []; 6849 for (let i = 0, j = str.length; i < j; i++) { 6850 arr.push(str.charCodeAt(i)); 6851 } 6852 return new Uint8Array(arr); 6853} 6854 6855let crlData = '-----BEGIN X509 CRL-----\n' + 6856 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6857 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6858 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6859 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6860 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6861 'eavsH0Q3\n' + 6862 '-----END X509 CRL-----\n' 6863 6864let encodingBlob: certFramework.EncodingBlob = { 6865 data: stringToUint8Array(crlData), 6866 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6867 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6868}; 6869 6870certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6871 if (err != null) { 6872 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6873 } else { 6874 console.log('create x509 CRL success'); 6875 6876 try { 6877 let serialNumber = BigInt(1000); 6878 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6879 let date = crlEntry.getRevocationDate(); 6880 } catch (error) { 6881 let e: BusinessError = error as BusinessError; 6882 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6883 } 6884 } 6885}) 6886``` 6887 6888### getExtensions<sup>11+</sup> 6889 6890getExtensions(): DataBlob 6891 6892Obtains the CRL extensions. 6893 6894**System capability**: SystemCapability.Security.Cert 6895 6896**Return value** 6897 6898| Type | Description | 6899| --------------------- | ------------------------ | 6900| [DataBlob](#datablob) | CRL extensions obtained. | 6901 6902**Error codes** 6903 6904For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6905 6906| ID| Error Message | 6907| -------- | ----------------------- | 6908| 19020001 | memory error. | 6909| 19020002 | runtime error. | 6910| 19030001 | crypto operation error. | 6911 6912**Example** 6913 6914```ts 6915import certFramework from '@ohos.security.cert'; 6916import { BusinessError } from '@ohos.base'; 6917 6918// Convert the string into a Uint8Array. 6919function stringToUint8Array(str: string): Uint8Array { 6920 let arr: Array<number> = []; 6921 for (let i = 0, j = str.length; i < j; i++) { 6922 arr.push(str.charCodeAt(i)); 6923 } 6924 return new Uint8Array(arr); 6925} 6926 6927let crlData = '-----BEGIN X509 CRL-----\n' + 6928 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6929 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6930 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6931 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6932 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6933 'eavsH0Q3\n' + 6934 '-----END X509 CRL-----\n' 6935 6936let encodingBlob: certFramework.EncodingBlob = { 6937 data: stringToUint8Array(crlData), 6938 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6939 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 6940}; 6941 6942certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 6943 if (err != null) { 6944 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 6945 } else { 6946 console.log('create x509 CRL success'); 6947 6948 try { 6949 let serialNumber = BigInt(1000); 6950 let crlEntry = x509CRL.getRevokedCert(serialNumber); 6951 let extensions = crlEntry.getExtensions(); 6952 } catch (error) { 6953 let e: BusinessError = error as BusinessError; 6954 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6955 } 6956 } 6957}) 6958``` 6959 6960### hasExtensions<sup>11+</sup> 6961 6962hasExtensions(): boolean 6963 6964Checks whether this CRL entry has extensions. 6965 6966**System capability**: SystemCapability.Security.Cert 6967 6968**Return value** 6969 6970| Type | Description | 6971| ------- | ---------------------------------------------------- | 6972| boolean | Returns **true** if the CRL entry has extension; returns **false** otherwise.| 6973 6974**Error codes** 6975 6976For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 6977 6978| ID| Error Message | 6979| -------- | ----------------------- | 6980| 19020001 | memory error. | 6981| 19020002 | runtime error. | 6982| 19030001 | crypto operation error. | 6983 6984**Example** 6985 6986```ts 6987import certFramework from '@ohos.security.cert'; 6988import { BusinessError } from '@ohos.base'; 6989 6990// Convert the string into a Uint8Array. 6991function stringToUint8Array(str: string): Uint8Array { 6992 let arr: Array<number> = []; 6993 for (let i = 0, j = str.length; i < j; i++) { 6994 arr.push(str.charCodeAt(i)); 6995 } 6996 return new Uint8Array(arr); 6997} 6998 6999let crlData = '-----BEGIN X509 CRL-----\n' + 7000 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7001 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7002 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7003 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7004 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7005 'eavsH0Q3\n' + 7006 '-----END X509 CRL-----\n' 7007 7008let encodingBlob: certFramework.EncodingBlob = { 7009 data: stringToUint8Array(crlData), 7010 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7011 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7012}; 7013 7014certFramework.createX509CRL(encodingBlob, (err, x509CRL) => { 7015 if (err != null) { 7016 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7017 } else { 7018 console.log('create x509 CRL success'); 7019 7020 try { 7021 let serialNumber = BigInt(1000); 7022 let crlEntry = x509CRL.getRevokedCert(serialNumber); 7023 let hasExtensions = crlEntry.hasExtensions(); 7024 } catch (error) { 7025 let e: BusinessError = error as BusinessError; 7026 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7027 } 7028 } 7029}) 7030``` 7031## cryptoCert.createCertCRLCollection<sup>11+</sup> 7032 7033createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 7034 7035Creates an object for a collection of X.509 certificates and CRLs. 7036 7037**System capability**: SystemCapability.Security.Cert 7038 7039**Parameters** 7040 7041| Name | Type | Mandatory| Description | 7042| -------- | ------------------------------------- | ---- | ------------------------------ | 7043| certs | Array\<[X509Cert](#x509cert)> | Yes | X.509 certificates. | 7044| crls | Array\<[X509CRL](#x509crl11)> | No | X.509 CRLs. | 7045 7046**Return value** 7047 7048| Type | Description | 7049| ------------------ | -------------------- | 7050| [CertCRLCollection](#certcrlcollection11) | **CertCRLCollection** object created.| 7051 7052**Error codes** 7053 7054For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7055 7056| ID| Error Message | 7057| -------- | ----------------------- | 7058| 19020001 | memory error. | 7059 7060**Example** 7061 7062```ts 7063import certFramework from '@ohos.security.cert'; 7064import { BusinessError } from '@ohos.base'; 7065 7066// Convert the string into a Uint8Array. 7067function stringToUint8Array(str: string): Uint8Array { 7068 let arr: Array<number> = []; 7069 for (let i = 0, j = str.length; i < j; i++) { 7070 arr.push(str.charCodeAt(i)); 7071 } 7072 return new Uint8Array(arr); 7073} 7074 7075async function createX509CRL(): Promise<certFramework.X509CRL> { 7076 let crlData = '-----BEGIN X509 CRL-----\n' + 7077 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7078 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7079 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7080 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7081 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7082 'eavsH0Q3\n' + 7083 '-----END X509 CRL-----\n'; 7084 7085 // Binary data of the CRL, which must be set based on the service. 7086 let encodingBlob: certFramework.EncodingBlob = { 7087 data: stringToUint8Array(crlData), 7088 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7089 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7090 }; 7091 let x509CRL: certFramework.X509CRL = {} as certFramework.X509CRL; 7092 try { 7093 x509CRL = await certFramework.createX509CRL(encodingBlob); 7094 } catch (err) { 7095 let e: BusinessError = err as BusinessError; 7096 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7097 } 7098 return x509CRL; 7099} 7100 7101async function createX509Cert(): Promise<certFramework.X509Cert> { 7102 let certData = '-----BEGIN CERTIFICATE-----\n' + 7103 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 7104 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 7105 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 7106 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 7107 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 7108 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 7109 'Qw==\n' + 7110 '-----END CERTIFICATE-----\n'; 7111 7112 let encodingBlob: certFramework.EncodingBlob = { 7113 data: stringToUint8Array(certData), 7114 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7115 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7116 }; 7117 7118 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7119 try { 7120 x509Cert = await certFramework.createX509Cert(encodingBlob); 7121 } catch (err) { 7122 let e: BusinessError = err as BusinessError; 7123 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7124 } 7125 return x509Cert; 7126} 7127 7128async function createCollection() { 7129 const x509Cert = await createX509Cert(); 7130 const x509CRL = await createX509CRL(); 7131 try { 7132 const collection: certFramework.CertCRLCollection = certFramework.createCertCRLCollection([x509Cert], [x509CRL]); 7133 console.log('createCertCRLCollection success'); 7134 } catch (err) { 7135 console.error('createCertCRLCollection failed'); 7136 } 7137} 7138``` 7139 7140## CertCRLCollection<sup>11+</sup> 7141 7142Provides APIs for locating certificates or CRLs in a **CertCRLCollection** object. 7143 7144### selectCerts<sup>11+</sup> 7145 7146selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 7147 7148Selects certificates that match the specified parameters. This API uses a promise to return the result. 7149 7150**System capability**: SystemCapability.Security.Cert 7151 7152**Parameters** 7153 7154| Name | Type | Mandatory| Description | 7155| --------- | ------------------------------- | ---- | ------------ | 7156| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 7157 7158**Return value** 7159 7160| Type | Description | 7161| --------------------------------------- | --------------------------------------- | 7162| Promise\<Array\<[X509Cert](#x509cert)>> | Promise used to return the matched certificates.| 7163 7164**Error codes** 7165 7166For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7167 7168| ID| Error Message | 7169| -------- | ----------------------- | 7170| 19020001 | memory error. | 7171| 19030001 | crypto operation error. | 7172 7173**Example** 7174 7175```ts 7176import certFramework from '@ohos.security.cert'; 7177import { BusinessError } from '@ohos.base'; 7178 7179// Convert the string into a Uint8Array. 7180function stringToUint8Array(str: string): Uint8Array { 7181 let arr: Array<number> = []; 7182 for (let i = 0, j = str.length; i < j; i++) { 7183 arr.push(str.charCodeAt(i)); 7184 } 7185 return new Uint8Array(arr); 7186} 7187 7188async function createX509Cert(): Promise<certFramework.X509Cert> { 7189 let certData = '-----BEGIN CERTIFICATE-----\n' + 7190 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 7191 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 7192 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 7193 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 7194 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 7195 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 7196 'Qw==\n' + 7197 '-----END CERTIFICATE-----\n'; 7198 7199 let encodingBlob: certFramework.EncodingBlob = { 7200 data: stringToUint8Array(certData), 7201 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7202 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7203 }; 7204 7205 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7206 try { 7207 x509Cert = await certFramework.createX509Cert(encodingBlob); 7208 } catch (err) { 7209 let e: BusinessError = error as BusinessError; 7210 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7211 } 7212 return x509Cert; 7213} 7214 7215async function selectCerts() { 7216 const x509Cert = await createX509Cert(); 7217 const collection = certFramework.createCertCRLCollection([x509Cert]); 7218 7219 try { 7220 const param: certFramework.X509CertMatchParameters = { 7221 x509Cert, 7222 validDate: '20231121074700Z', 7223 issuer: new Uint8Array([0x30, 0x64, 0x31]), // The values must be assigned based on the service. 7224 keyUsage: [false, false, false, false, false, false, true, true, true], 7225 serialNumber: BigInt('232100834349818463'), 7226 subject: new Uint8Array([0x30, 0x6c, 0x31]), // The values must be assigned based on the service. 7227 publicKey: { 7228 data: new Uint8Array([0x30, 0x82, 0x01]) // The values must be assigned based on the service. 7229 }, 7230 publicKeyAlgID: '1.2.840.113549.1.1.1' 7231 }; 7232 const certs = await collection.selectCerts(param); 7233 console.log('call selectCerts success'); 7234 } catch (err) { 7235 console.error('call selectCerts failed'); 7236 } 7237} 7238``` 7239 7240### selectCerts<sup>11+</sup> 7241 7242selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 7243 7244Selects certificates that match the specified parameters. This API uses an asynchronous callback to return the result. 7245 7246**System capability**: SystemCapability.Security.Cert 7247 7248**Parameters** 7249 7250| Name | Type | Mandatory| Description | 7251| --------- | ------------------------------- | ---- | ----------------- | 7252| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 7253| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | Yes | Callback invoked to return the matched certificates.| 7254 7255**Error codes** 7256 7257For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7258 7259| ID| Error Message | 7260| -------- | ----------------------- | 7261| 19020001 | memory error. | 7262| 19030001 | crypto operation error. | 7263 7264**Example** 7265 7266```ts 7267import certFramework from '@ohos.security.cert'; 7268import { BusinessError } from '@ohos.base'; 7269 7270// Convert the string into a Uint8Array. 7271function stringToUint8Array(str: string): Uint8Array { 7272 let arr: Array<number> = []; 7273 for (let i = 0, j = str.length; i < j; i++) { 7274 arr.push(str.charCodeAt(i)); 7275 } 7276 return new Uint8Array(arr); 7277} 7278 7279async function createX509Cert(): Promise<certFramework.X509Cert> { 7280 let certData = '-----BEGIN CERTIFICATE-----\n' + 7281 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 7282 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 7283 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 7284 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 7285 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 7286 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 7287 'Qw==\n' + 7288 '-----END CERTIFICATE-----\n'; 7289 7290 let encodingBlob: certFramework.EncodingBlob = { 7291 data: stringToUint8Array(certData), 7292 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7293 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7294 }; 7295 7296 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7297 try { 7298 x509Cert = await certFramework.createX509Cert(encodingBlob); 7299 } catch (err) { 7300 let e: BusinessError = error as BusinessError; 7301 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7302 } 7303 return x509Cert; 7304} 7305 7306async function selectCerts() { 7307 const x509Cert = await createX509Cert(); 7308 const collection = certFramework.createCertCRLCollection([x509Cert]); 7309 // The values must be assigned based on the service. 7310 const param: certFramework.X509CertMatchParameters = { 7311 x509Cert, 7312 validDate: '20231121074700Z', 7313 issuer: new Uint8Array([0x30, 0x64, 0x31]), // The values must be assigned based on the service. 7314 keyUsage: [false, false, false, false, false, false, true, true, true], 7315 serialNumber: BigInt('232100834349818463'), 7316 subject: new Uint8Array([0x30, 0x6c, 0x31]), // The values must be assigned based on the service. 7317 publicKey: { 7318 data: new Uint8Array([0x30, 0x82, 0x01]) // The values must be assigned based on the service. 7319 }, 7320 publicKeyAlgID: '1.2.840.113549.1.1.1' 7321 }; 7322 collection.selectCerts(param, (err, certs) => { 7323 if (err != null) { 7324 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7325 } else { 7326 console.log('selectCerts success'); 7327 } 7328 }); 7329} 7330``` 7331 7332### selectCRLs<sup>11+</sup> 7333 7334selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 7335 7336Selects CRLs that match the specified parameters. This API uses a promise to return the result. 7337 7338**System capability**: SystemCapability.Security.Cert 7339 7340**Parameters** 7341 7342| Name | Type | Mandatory| Description | 7343| --------- | ------------------------------- | ---- | ------------ | 7344| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs. | 7345 7346**Return value** 7347 7348| Type | Description | 7349| -------------- | ----------- | 7350| Promise\<Array\<[X509CRL](#x509crl)>> | Promise used to return the matched CRLs.| 7351 7352**Error codes** 7353 7354For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7355 7356| ID| Error Message | 7357| -------- | ----------------------- | 7358| 19020001 | memory error. | 7359| 19030001 | crypto operation error. | 7360 7361**Example** 7362 7363```ts 7364import certFramework from '@ohos.security.cert'; 7365import { BusinessError } from '@ohos.base'; 7366 7367// Convert the string into a Uint8Array. 7368function stringToUint8Array(str: string): Uint8Array { 7369 let arr: Array<number> = []; 7370 for (let i = 0, j = str.length; i < j; i++) { 7371 arr.push(str.charCodeAt(i)); 7372 } 7373 return new Uint8Array(arr); 7374} 7375 7376async function createX509CRL(): Promise<certFramework.X509CRL> { 7377 let crlData = '-----BEGIN X509 CRL-----\n' + 7378 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7379 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7380 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7381 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7382 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7383 'eavsH0Q3\n' + 7384 '-----END X509 CRL-----\n'; 7385 7386 // Binary data of the CRL, which must be set based on the service. 7387 let encodingBlob: certFramework.EncodingBlob = { 7388 data: stringToUint8Array(crlData), 7389 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7390 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7391 }; 7392 let x509CRL: certFramework.X509CRL = {} as certFramework.X509CRL; 7393 try { 7394 x509CRL = await certFramework.createX509CRL(encodingBlob); 7395 } catch (err) { 7396 let e: BusinessError = error as BusinessError; 7397 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7398 } 7399 return x509CRL; 7400} 7401 7402async function createX509Cert(): Promise<certFramework.X509Cert> { 7403 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 7404 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 7405 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 7406 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 7407 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 7408 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 7409 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 7410 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 7411 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 7412 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 7413 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 7414 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 7415 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 7416 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 7417 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 7418 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 7419 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 7420 "-----END CERTIFICATE-----\r\n"; 7421 const certEncodingBlob: certFramework.EncodingBlob = { 7422 data: stringToUint8Array(certData), 7423 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM, 7424 }; 7425 7426 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7427 try { 7428 x509Cert = await certFramework.createX509Cert(certEncodingBlob); 7429 console.log('createX509Cert success'); 7430 } catch (err) { 7431 console.error('createX509Cert failed'); 7432 } 7433 return x509Cert; 7434} 7435 7436async function selectCRLs() { 7437 const x509CRL = await createX509CRL(); 7438 const x509Cert = await createX509Cert(); 7439 const collection = certFramework.createCertCRLCollection([], [x509CRL]); 7440 7441 const param: certFramework.X509CRLMatchParameters = { 7442 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 7443 x509Cert: x509Cert 7444 } 7445 try { 7446 const crls = await collection.selectCRLs(param); 7447 console.log('selectCRLs success'); 7448 } catch (err) { 7449 console.error('selectCRLs failed'); 7450 } 7451} 7452``` 7453 7454### selectCRLs<sup>11+</sup> 7455 7456selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 7457 7458Selects CRLs that match the specified parameters. This API uses an asynchronous callback to return the result. 7459 7460**System capability**: SystemCapability.Security.Cert 7461 7462**Parameters** 7463 7464| Name | Type | Mandatory| Description | 7465| --------- | ------------------------------- | ---- | ----------------- | 7466| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs.| 7467| callback | AsyncCallback\<Array\<[X509CRL](#x509crl)>> | Yes | Callback invoked to return the matched CRLs.| 7468 7469**Error codes** 7470 7471For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7472 7473| ID| Error Message | 7474| -------- | ----------------------- | 7475| 19020001 | memory error. | 7476| 19030001 | crypto operation error. | 7477 7478**Example** 7479 7480```ts 7481import certFramework from '@ohos.security.cert'; 7482import { BusinessError } from '@ohos.base'; 7483 7484// Convert the string into a Uint8Array. 7485function stringToUint8Array(str: string): Uint8Array { 7486 let arr: Array<number> = []; 7487 for (let i = 0, j = str.length; i < j; i++) { 7488 arr.push(str.charCodeAt(i)); 7489 } 7490 return new Uint8Array(arr); 7491} 7492 7493async function createX509CRL(): Promise<certFramework.X509CRL> { 7494 let crlData = '-----BEGIN X509 CRL-----\n' + 7495 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7496 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7497 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7498 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7499 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7500 'eavsH0Q3\n' + 7501 '-----END X509 CRL-----\n'; 7502 7503 // Binary data of the CRL, which must be set based on the service. 7504 let encodingBlob: certFramework.EncodingBlob = { 7505 data: stringToUint8Array(crlData), 7506 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7507 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7508 }; 7509 let x509CRL: certFramework.X509CRL = {} as certFramework.X509CRL; 7510 try { 7511 x509CRL = await certFramework.createX509CRL(encodingBlob); 7512 } catch (err) { 7513 let e: BusinessError = error as BusinessError; 7514 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7515 } 7516 return x509CRL; 7517} 7518 7519async function createX509Cert(): Promise<certFramework.X509Cert> { 7520 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 7521 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 7522 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 7523 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 7524 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 7525 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 7526 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 7527 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 7528 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 7529 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 7530 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 7531 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 7532 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 7533 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 7534 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 7535 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 7536 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 7537 "-----END CERTIFICATE-----\r\n"; 7538 const certEncodingBlob: certFramework.EncodingBlob = { 7539 data: stringToUint8Array(certData), 7540 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM, 7541 }; 7542 7543 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7544 try { 7545 x509Cert = await certFramework.createX509Cert(certEncodingBlob); 7546 console.log('createX509Cert success'); 7547 } catch (err) { 7548 console.error('createX509Cert failed'); 7549 } 7550 return x509Cert; 7551} 7552 7553async function selectCRLs() { 7554 const x509CRL = await createX509CRL(); 7555 const x509Cert = await createX509Cert(); 7556 const collection = certFramework.createCertCRLCollection([], [x509CRL]); 7557 7558 const param: certFramework.X509CRLMatchParameters = { 7559 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 7560 x509Cert: x509Cert 7561 } 7562 collection.selectCRLs(param, (err, crls) => { 7563 if (err != null) { 7564 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7565 } else { 7566 console.log('selectCRLs success'); 7567 } 7568 }); 7569} 7570``` 7571 7572## cryptoCert.createX509CertChain<sup>11+</sup> 7573 7574createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 7575 7576Creates an X.509 certificate chain instance. This API uses a promise to return the result. 7577 7578**System capability**: SystemCapability.Security.Cert 7579 7580**Parameters** 7581 7582| Name | Type | Mandatory| Description | 7583| -------- | ----------------------------- | ---- | -------------------- | 7584| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 7585 7586**Return value** 7587 7588| Type | Description | 7589| ------------------------------- | ---------------- | 7590| Promise\<[X509CertChain](#x509certchain11)> | Promise used to return the **X509CertChain** object created.| 7591 7592**Error codes** 7593 7594For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7595 7596| ID| Error Message | 7597| -------- | ------------- | 7598| 19020001 | memory error. | 7599| 19030001 | crypto operation error. | 7600 7601**Example** 7602 7603```ts 7604import certFramework from '@ohos.security.cert'; 7605import { BusinessError } from '@ohos.base'; 7606 7607// Convert the string into a Uint8Array. 7608function stringToUint8Array(str: string): Uint8Array { 7609 let arr: Array<number> = []; 7610 for (let i = 0, j = str.length; i < j; i++) { 7611 arr.push(str.charCodeAt(i)); 7612 } 7613 return new Uint8Array(arr); 7614} 7615 7616async function createX509CertChain(): Promise<certFramework.X509CertChain> { 7617 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 7618 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 7619 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 7620 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 7621 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 7622 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 7623 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 7624 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 7625 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 7626 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 7627 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 7628 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 7629 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 7630 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 7631 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 7632 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 7633 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 7634 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 7635 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 7636 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 7637 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 7638 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 7639 "-----END CERTIFICATE-----\n" + 7640 "-----BEGIN CERTIFICATE-----\n" + 7641 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7642 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7643 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 7644 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7645 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 7646 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 7647 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 7648 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 7649 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 7650 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 7651 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 7652 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 7653 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 7654 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 7655 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 7656 "uKPWR9dKBA==\n" + 7657 "-----END CERTIFICATE-----\n" + 7658 "-----BEGIN CERTIFICATE-----\n" + 7659 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7660 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7661 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 7662 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7663 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 7664 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 7665 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 7666 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 7667 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 7668 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 7669 "xjoE\n" + 7670 "-----END CERTIFICATE-----\n"; 7671 7672 // Certificate chain binary data, which must be set based on the service. 7673 let encodingBlob: certFramework.EncodingBlob = { 7674 data: stringToUint8Array(certChainData), 7675 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 7676 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7677 }; 7678 let x509CertChain: certFramework.X509CertChain = {} as certFramework.X509CertChain; 7679 try { 7680 x509CertChain = await certFramework.createX509CertChain(encodingBlob); 7681 } catch (error) { 7682 let e: BusinessError = error as BusinessError; 7683 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7684 } 7685 return x509CertChain; 7686} 7687 7688createX509CertChain(); 7689``` 7690 7691## cryptoCert.createX509CertChain<sup>11+</sup> 7692 7693createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 7694 7695Creates an X.509 certificate chain instance. This API uses an asynchronous callback to return the result. 7696 7697**System capability**: SystemCapability.Security.Cert 7698 7699**Parameters** 7700 7701| Name | Type | Mandatory| Description | 7702| -------- | ------------------------------------- | ---- | -------------------------- | 7703| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 7704| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | Yes | Callback invoked to return the **X509CertChain** object created.| 7705 7706**Error codes** 7707 7708For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7709 7710| ID| Error Message | 7711| -------- | ------------- | 7712| 19020001 | memory error. | 7713| 19030001 | crypto operation error. | 7714 7715**Example** 7716 7717```ts 7718import certFramework from '@ohos.security.cert'; 7719 7720// Convert the string into a Uint8Array. 7721function stringToUint8Array(str: string): Uint8Array { 7722 let arr: Array<number> = []; 7723 for (let i = 0, j = str.length; i < j; i++) { 7724 arr.push(str.charCodeAt(i)); 7725 } 7726 return new Uint8Array(arr); 7727} 7728 7729let certChainData = "-----BEGIN CERTIFICATE-----\n" + 7730 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 7731 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 7732 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 7733 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 7734 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 7735 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 7736 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 7737 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 7738 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 7739 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 7740 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 7741 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 7742 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 7743 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 7744 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 7745 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 7746 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 7747 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 7748 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 7749 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 7750 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 7751 "-----END CERTIFICATE-----\n" + 7752 "-----BEGIN CERTIFICATE-----\n" + 7753 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7754 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7755 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 7756 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7757 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 7758 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 7759 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 7760 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 7761 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 7762 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 7763 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 7764 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 7765 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 7766 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 7767 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 7768 "uKPWR9dKBA==\n" + 7769 "-----END CERTIFICATE-----\n" + 7770 "-----BEGIN CERTIFICATE-----\n" + 7771 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7772 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7773 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 7774 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7775 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 7776 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 7777 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 7778 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 7779 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 7780 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 7781 "xjoE\n" + 7782 "-----END CERTIFICATE-----\n"; 7783 7784// Certificate chain binary data, which must be set based on the service. 7785let encodingBlob: certFramework.EncodingBlob = { 7786 data: stringToUint8Array(certChainData), 7787 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 7788 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7789}; 7790 7791certFramework.createX509CertChain(encodingBlob, (err, certChain) => { 7792 if (err != null) { 7793 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7794 } else { 7795 console.log('createX509CertChain success'); 7796 } 7797}); 7798``` 7799 7800## cryptoCert.createX509CertChain<sup>11+</sup> 7801 7802createX509CertChain(certs: Array\<X509Cert>): X509CertChain 7803 7804Creates an X.509 certificate chain object based on the specified certificates. This API returns the result synchronously. 7805 7806**System capability**: SystemCapability.Security.Cert 7807 7808**Parameters** 7809 7810| Name | Type | Mandatory| Description | 7811| -------- | -------------------- | ---- | -------------------------- | 7812| certs | Array\<[X509Cert](#x509cert)> | Yes | Array of X.509 certificates.| 7813 7814**Return value** 7815 7816| Type | Description | 7817| --------------------------------- | -------------------- | 7818| [X509CertChain](#x509certchain11) | **X509CertChain** object created.| 7819 7820**Error codes** 7821 7822For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7823 7824| ID| Error Message | 7825| -------- | ------------- | 7826| 19020001 | memory error. | 7827| 19030001 | crypto operation error. | 7828 7829**Example** 7830 7831```ts 7832import certFramework from '@ohos.security.cert'; 7833import { BusinessError } from '@ohos.base'; 7834 7835// Convert the string into a Uint8Array. 7836function stringToUint8Array(str: string): Uint8Array { 7837 let arr: Array<number> = []; 7838 for (let i = 0, j = str.length; i < j; i++) { 7839 arr.push(str.charCodeAt(i)); 7840 } 7841 return new Uint8Array(arr); 7842} 7843 7844async function createX509Cert(): Promise<certFramework.X509Cert> { 7845 let certData = '-----BEGIN CERTIFICATE-----\n' + 7846 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 7847 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 7848 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 7849 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 7850 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 7851 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 7852 'Qw==\n' + 7853 '-----END CERTIFICATE-----\n'; 7854 7855 // Certificate binary data, which must be set based on the service. 7856 let encodingBlob: certFramework.EncodingBlob = { 7857 data: stringToUint8Array(certData), 7858 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7859 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7860 }; 7861 7862 let x509Cert: certFramework.X509Cert = {} as certFramework.X509Cert; 7863 try { 7864 x509Cert = await certFramework.createX509Cert(encodingBlob); 7865 } catch (error) { 7866 let e: BusinessError = error as BusinessError; 7867 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7868 } 7869 return x509Cert; 7870} 7871 7872async function createX509CertChain(): Promise<certFramework.X509CertChain> { 7873 const x509Cert = await createX509Cert(); 7874 let x509CertChain: certFramework.X509CertChain = {} as certFramework.X509CertChain; 7875 try { 7876 x509CertChain = certFramework.createX509CertChain([x509Cert]); 7877 } catch (error) { 7878 let e: BusinessError = error as BusinessError; 7879 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7880 } 7881 return x509CertChain; 7882} 7883 7884createX509CertChain(); 7885``` 7886 7887## X509CertChain<sup>11+</sup> 7888 7889Provides APIs for managing the X.509 certificate chain. 7890 7891### getCertList<sup>11+</sup> 7892 7893getCertList(): Array\<X509Cert> 7894 7895Obtains the X.509 certificate list. 7896 7897**System capability**: SystemCapability.Security.Cert 7898 7899**Return value** 7900 7901| Type | Description | 7902| -------------- | ----------- | 7903| Array\<[X509Cert](#x509cert)> | X.509 certificate list obtained.| 7904 7905**Error codes** 7906 7907For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 7908 7909| ID| Error Message | 7910| -------- | ----------------------- | 7911| 19020001 | memory error. | 7912| 19030001 | crypto operation error. | 7913 7914**Example** 7915 7916```ts 7917import certFramework from '@ohos.security.cert'; 7918import { BusinessError } from '@ohos.base'; 7919 7920// Convert the string into a Uint8Array. 7921function stringToUint8Array(str: string): Uint8Array { 7922 let arr: Array<number> = []; 7923 for (let i = 0, j = str.length; i < j; i++) { 7924 arr.push(str.charCodeAt(i)); 7925 } 7926 return new Uint8Array(arr); 7927} 7928 7929let certChainData = "-----BEGIN CERTIFICATE-----\n" + 7930 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 7931 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 7932 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 7933 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 7934 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 7935 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 7936 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 7937 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 7938 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 7939 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 7940 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 7941 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 7942 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 7943 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 7944 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 7945 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 7946 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 7947 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 7948 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 7949 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 7950 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 7951 "-----END CERTIFICATE-----\n" + 7952 "-----BEGIN CERTIFICATE-----\n" + 7953 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7954 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7955 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 7956 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7957 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 7958 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 7959 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 7960 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 7961 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 7962 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 7963 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 7964 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 7965 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 7966 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 7967 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 7968 "uKPWR9dKBA==\n" + 7969 "-----END CERTIFICATE-----\n" + 7970 "-----BEGIN CERTIFICATE-----\n" + 7971 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 7972 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 7973 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 7974 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 7975 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 7976 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 7977 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 7978 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 7979 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 7980 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 7981 "xjoE\n" + 7982 "-----END CERTIFICATE-----\n"; 7983 7984// Certificate chain binary data, which must be set based on the service. 7985let encodingBlob: certFramework.EncodingBlob = { 7986 data: stringToUint8Array(certChainData), 7987 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 7988 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 7989}; 7990 7991certFramework.createX509CertChain(encodingBlob, (err, certChain) => { 7992 if (err != null) { 7993 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7994 } else { 7995 console.log('createX509CertChain success'); 7996 try { 7997 let certList = certChain.getCertList(); 7998 } catch (err) { 7999 let e: BusinessError = err as BusinessError; 8000 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8001 } 8002 } 8003}); 8004``` 8005 8006### validate<sup>11+</sup> 8007 8008validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 8009 8010Validates a certificate chain. This API uses a promise to return the result. 8011 8012**System capability**: SystemCapability.Security.Cert 8013 8014**Parameters** 8015 8016| Name | Type | Mandatory| Description | 8017| --------- | ------------------------------- | ---- | ----------------- | 8018| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 8019 8020**Return value** 8021 8022| Type | Description | 8023| ------------------------------------------------------------ | --------------------------------- | 8024| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise used to return the result.| 8025 8026**Error codes** 8027 8028For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 8029 8030| ID| Error Message | 8031| -------- | ----------------------- | 8032| 19020001 | memory error. | 8033| 19020002 | runtime error. | 8034| 19030001 | crypto operation error. | 8035| 19030002 | the certificate signature verification failed. | 8036| 19030003 | the certificate has not taken effect. | 8037| 19030004 | the certificate has expired. | 8038| 19030005 | failed to obtain the certificate issuer. | 8039| 19030006 | the key cannot be used for signing a certificate. | 8040| 19030007 | the key cannot be used for digital signature. | 8041 8042**Example** 8043 8044```ts 8045import certFramework from '@ohos.security.cert'; 8046import { BusinessError } from '@ohos.base'; 8047 8048// Convert the string into a Uint8Array. 8049function stringToUint8Array(str: string): Uint8Array { 8050 let arr: Array<number> = []; 8051 for (let i = 0, j = str.length; i < j; i++) { 8052 arr.push(str.charCodeAt(i)); 8053 } 8054 return new Uint8Array(arr); 8055} 8056 8057async function createX509CertChain(): Promise<certFramework.X509CertChain> { 8058 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 8059 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 8060 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 8061 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 8062 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 8063 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 8064 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 8065 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 8066 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 8067 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 8068 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 8069 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 8070 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 8071 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 8072 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 8073 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 8074 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 8075 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 8076 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 8077 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 8078 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 8079 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 8080 "-----END CERTIFICATE-----\n" + 8081 "-----BEGIN CERTIFICATE-----\n" + 8082 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 8083 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 8084 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 8085 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 8086 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 8087 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 8088 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 8089 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 8090 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 8091 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 8092 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 8093 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 8094 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 8095 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 8096 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 8097 "uKPWR9dKBA==\n" + 8098 "-----END CERTIFICATE-----\n" + 8099 "-----BEGIN CERTIFICATE-----\n" + 8100 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 8101 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 8102 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 8103 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 8104 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 8105 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 8106 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 8107 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 8108 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 8109 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 8110 "xjoE\n" + 8111 "-----END CERTIFICATE-----\n"; 8112 8113 // Certificate chain binary data, which must be set based on the service. 8114 let encodingBlob: certFramework.EncodingBlob = { 8115 data: stringToUint8Array(certChainData), 8116 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 8117 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 8118 }; 8119 let x509CertChain: certFramework.X509CertChain = {} as certFramework.X509CertChain; 8120 try { 8121 x509CertChain = await certFramework.createX509CertChain(encodingBlob); 8122 } 8123 catch (error) { 8124 let e: BusinessError = error as BusinessError; 8125 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8126 } 8127 return x509CertChain; 8128} 8129 8130async function validate() { 8131 const certChain = await createX509CertChain(); 8132 // Certificate chain validation data, which must be assigned based on the service. 8133 const param: certFramework.CertChainValidationParameters = { 8134 date: '20231212080000Z', 8135 trustAnchors: [{ 8136 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 8137 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 8138 }] 8139 } 8140 try { 8141 const validationRes = await certChain.validate(param); 8142 console.log('X509CertChain validate success'); 8143 } 8144 catch (err) { 8145 console.error('X509CertChain validate failed'); 8146 } 8147} 8148 8149validate(); 8150``` 8151 8152### validate<sup>11+</sup> 8153 8154validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 8155 8156Validates a certificate chain. This API uses an asynchronous callback to return the result. 8157 8158**System capability**: SystemCapability.Security.Cert 8159 8160**Parameters** 8161 8162| Name | Type | Mandatory| Description | 8163| --------- | ------------------------------- | ---- | ------------ | 8164| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 8165| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | Yes | Callback invoked to return the certificate chain validation result.| 8166 8167**Error codes** 8168 8169For details about the error codes, see [Certificate Error Codes](../errorcodes/errorcode-cert.md). 8170 8171| ID| Error Message | 8172| -------- | ----------------------- | 8173| 19020001 | memory error. | 8174| 19020002 | runtime error. | 8175| 19030001 | crypto operation error. | 8176| 19030002 | the certificate signature verification failed. | 8177| 19030003 | the certificate has not taken effect. | 8178| 19030004 | the certificate has expired. | 8179| 19030005 | failed to obtain the certificate issuer. | 8180| 19030006 | the key cannot be used for signing a certificate. | 8181| 19030007 | the key cannot be used for digital signature. | 8182 8183**Example** 8184 8185```ts 8186import certFramework from '@ohos.security.cert'; 8187 8188// Convert the string into a Uint8Array. 8189function stringToUint8Array(str: string): Uint8Array { 8190 let arr: Array<number> = []; 8191 for (let i = 0, j = str.length; i < j; i++) { 8192 arr.push(str.charCodeAt(i)); 8193 } 8194 return new Uint8Array(arr); 8195} 8196 8197let certChainData = "-----BEGIN CERTIFICATE-----\n" + 8198 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 8199 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 8200 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 8201 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 8202 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 8203 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 8204 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 8205 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 8206 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 8207 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 8208 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 8209 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 8210 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 8211 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 8212 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 8213 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 8214 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 8215 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 8216 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 8217 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 8218 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 8219 "-----END CERTIFICATE-----\n" + 8220 "-----BEGIN CERTIFICATE-----\n" + 8221 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 8222 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 8223 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 8224 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 8225 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 8226 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 8227 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 8228 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 8229 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 8230 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 8231 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 8232 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 8233 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 8234 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 8235 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 8236 "uKPWR9dKBA==\n" + 8237 "-----END CERTIFICATE-----\n" + 8238 "-----BEGIN CERTIFICATE-----\n" + 8239 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 8240 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 8241 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 8242 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 8243 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 8244 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 8245 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 8246 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 8247 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 8248 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 8249 "xjoE\n" + 8250 "-----END CERTIFICATE-----\n"; 8251 8252// Certificate chain binary data, which must be set based on the service. 8253let encodingBlob: certFramework.EncodingBlob = { 8254 data: stringToUint8Array(certChainData), 8255 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 8256 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 8257}; 8258 8259// Certificate chain validation data, which must be assigned based on the service. 8260let param: certFramework.CertChainValidationParameters = { 8261 date: '20231212080000Z', 8262 trustAnchors: [{ 8263 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 8264 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 8265 }] 8266}; 8267 8268certFramework.createX509CertChain(encodingBlob, (err, certChain) => { 8269 if (err != null) { 8270 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8271 } else { 8272 console.log('createX509CertChain success'); 8273 certChain.validate(param, (error, validationRes) => { 8274 if (error != null) { 8275 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8276 } else { 8277 console.log('X509CertChain validate success'); 8278 } 8279 }); 8280 } 8281}); 8282``` 8283