1# @ohos.security.cert (Certificate) 2 3The certificate algorithm library framework provides certificate-related APIs. The **certFramework** module depends on the basic algorithm capabilities of the Crypto framework. For details, see [Crypto Framework](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import { cert } from '@kit.DeviceCertificateKit'; 13import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 14``` 15 16## CertResult 17 18 Enumerates the error codes. 19 20 **Atomic service API**: This API can be used in atomic services since API version 12. 21 22 **System capability**: SystemCapability.Security.Cert 23 24| Name | Value | Description | 25| --------------------------------------| -------- | -----------------------------| 26| INVALID_PARAMS | 401 | Invalid parameters. | 27| NOT_SUPPORT | 801 | This operation is not supported. | 28| ERR_OUT_OF_MEMORY | 19020001 | Memory error. | 29| ERR_RUNTIME_ERROR | 19020002 | Runtime error. | 30| ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error. | 31| ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed. | 32| ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect. | 33| ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired. | 34| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer. | 35| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate. | 36| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature. | 37| ERR_MAYBE_WRONG_PASSWORD<sup>16+</sup> | 19030008 | The password for the private key is incorrect. | 38 39## DataBlob 40Defines a binary data array. 41 42 **Atomic service API**: This API can be used in atomic services since API version 12. 43 44 **System capability**: SystemCapability.Security.Cert 45| Name | Type | Readable| Writable| Description | 46| -------------- | -------------- | ---- | ---- | ----------------| 47| data | Uint8Array | Yes | Yes | Data. | 48 49## DataArray 50 51Defines a list of data arrays. 52 53 **Atomic service API**: This API can be used in atomic services since API version 12. 54 55 **System capability**: SystemCapability.Security.Cert 56| Name | Type | Readable| Writable| Description | 57| -------------- | -------------- | ---- | ---- | ----------------| 58| data | Uint8Array | Yes | Yes | Data list. | 59 60## EncodingFormat 61 62 Enumerates the certificate encoding formats. 63 64**Atomic service API**: This API can be used in atomic services since API version 12. 65 66 **System capability**: SystemCapability.Security.Cert 67 68| Name | Value| Description | 69| ---------- | ------ | --------- | 70| FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| 71| FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| 72| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS #7 format.| 73 74## EncodingBaseFormat<sup>16+</sup> 75 76 Enumerates the CSR encoding formats. 77 78**Atomic service API**: This API can be used in atomic services since API version 16. 79 80 **System capability**: SystemCapability.Security.Cert 81 82| Name | Value| Description | 83| ---------- | ------ | --------- | 84| PEM | 0 | Privacy-Enhanced Mail (PEM) format.| 85| DER | 1 | Distinguished Encoding Rules (DER) format.| 86 87## CsrAttribute<sup>16+</sup> 88Defines the extension attributes for the CSR encoding format configuration. 89 90OpenSSL defines extension types, such as challengePassword and keyUsage. 91 92**Atomic service API**: This API can be used in atomic services since API version 16. 93 94 **System capability**: SystemCapability.Security.Cert 95 96| Name | Value| Description | 97| ---------- | ------ | --------- | 98| type | Extension type.| Extension type defined by OpenSSL.| 99| value | Extension type value.| Extension type value.| 100 101## CsrGenerationConfig<sup>16+</sup> 102Represents the configuration for generating a CSR using an RSA private key, including the subject, extension, message digest algorithm, and output format. 103 104**Atomic service API**: This API can be used in atomic services since API version 16. 105 106**System capability**: SystemCapability.Security.Cert 107 108| Name | Type | Readable| Writable| Description | 109| ------- | ------ | ---- | ---- | ------------------------------------------------------------ | 110| subject | [X500DistinguishedName](#x500distinguishedname12) | Yes | Yes | DN object defined by X.509.| 111| mdName | string | Yes | Yes | MD algorithm name.| 112| attributes | [CsrAttribute](#csrattribute16) | Yes | Yes | Extension attributes.| 113| outFormat | [EncodingBaseFormat](#encodingbaseformat16) | Yes | Yes | Output format.| 114 115> **NOTE** 116> 117> - **subject** is an object of the Name type defined by X509. 118> 119> - **mdName** specifies the message digest algorithm. Currently, SHA-1, SHA-256, SHA-384, and SHA-512 are supported. 120> 121> - **attributes** is optional. You can specify the extension types and values defined in OpenSSL to generate a CSR, for example, **challengePassword** and **keyUsage**. 122> 123> - **outFormat** specifies the format of the CSR generated. If it is not specified, the PEM format is used by default. 124 125## CertItemType<sup>10+</sup> 126 127 Enumerates the certificate fields that can be obtained. 128 129**Atomic service API**: This API can be used in atomic services since API version 12. 130 131 **System capability**: SystemCapability.Security.Cert 132 133| Name | Value | Description | 134| -------------------------------- | ---- | ------------------------------ | 135| CERT_ITEM_TYPE_TBS | 0 | Information to be signed. | 136| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | Public key of the certificate. | 137| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | Unique ID of the certificate issuer.| 138| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | Unique ID of the certificate subject. | 139| CERT_ITEM_TYPE_EXTENSIONS | 4 | Certificate extensions, each of which is identified by a unique object identifier (OID). | 140 141## ExtensionOidType<sup>10+</sup> 142 143 Enumerates the OID types of the certificate extensions that can be obtained. 144 145 **Atomic service API**: This API can be used in atomic services since API version 12. 146 147 **System capability**: SystemCapability.Security.Cert 148 149| Name | Value | Description | 150| ----------------------------- | ---- | --------------------------------------------- | 151| EXTENSION_OID_TYPE_ALL | 0 | All object identifiers. | 152| EXTENSION_OID_TYPE_CRITICAL | 1 | Object identifier whose **critical** is **true**. | 153| EXTENSION_OID_TYPE_UNCRITICAL | 2 | Object identifier whose **critical** is **false**.| 154 155## ExtensionEntryType<sup>10+</sup> 156 157 Enumerates the object types in certificate extensions that can be obtained. 158 159 **Atomic service API**: This API can be used in atomic services since API version 12. 160 161 **System capability**: SystemCapability.Security.Cert 162 163| Name | Value | Description | 164| ----------------------------------- | ---- | ---------------------------- | 165| EXTENSION_ENTRY_TYPE_ENTRY | 0 | Entire object. | 166| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | Critical attribute of the object.| 167| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | Data of the object. | 168 169## EncodingType<sup>12+</sup> 170 171 Enumerates the encoding formats of the subject name in an X.509 certificate. 172 173**Atomic service API**: This API can be used in atomic services since API version 12. 174 175 **System capability**: SystemCapability.Security.Cert 176 177| Name | Value| Description | 178| ---------- | ------ | --------- | 179| ENCODING_UTF8 | 0 | UTF-8.| 180 181## EncodingBlob 182 183Defines a certificate binary array in encoding format. 184 185### Properties 186 187**Atomic service API**: This API can be used in atomic services since API version 12. 188 189**System capability**: SystemCapability.Security.Cert 190 191| Name | Type | Readable| Writable| Description | 192| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 193| data | Uint8Array | Yes | Yes | Certificate data.| 194| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 195 196 197## CertChainData 198 199Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. 200 201### Properties 202 203**Atomic service API**: This API can be used in atomic services since API version 12. 204 205**System capability**: SystemCapability.Security.Cert 206 207| Name | Type | Readable| Writable| Description | 208| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 209| data | Uint8Array | Yes | Yes | Certificate data, in the *length* (2 bytes) + *data* format. For example, **08ABCDEFGH07ABCDEFG**. The first two bytes indicate the length of the first certificate is eight bytes, and the following eight bytes indicate the certificate data. Then, the next two bytes indicate the length of another certificate is seven bytes, and the seven bytes followed indicate the certificate data.| 210| count | number | Yes | Yes | Number of certificates contained in the input data. | 211| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 212 213## GeneralNameType<sup>12+</sup> 214 215Enumerates the types of the common name (CN), which uniquely identifies the subject of the certificate. 216 217**Atomic service API**: This API can be used in atomic services since API version 12. 218 219**System capability**: SystemCapability.Security.Cert 220 221| Name | Value | Description | 222| -------------- | --------------------------------- | ------------------ | 223| GENERAL_NAME_TYPE_OTHER_NAME | 0 | Indicates others. | 224| GENERAL_NAME_TYPE_RFC822_NAME | 1 | Indicates an email address. | 225| GENERAL_NAME_TYPE_DNS_NAME | 2 | Indicates a DNS name. | 226| GENERAL_NAME_TYPE_X400_ADDRESS | 3 | Indicates an X.400 address. | 227| GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | Indicates a directory name. | 228| GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | Indicates an Electronic Data Interchange (EDI) entity. | 229| GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | Indicates a uniform resource identifier. | 230| GENERAL_NAME_TYPE_IP_ADDRESS | 7 | Indicates an IP address. | 231| GENERAL_NAME_TYPE_REGISTERED_ID | 8 | Indicates a registered object identifier. | 232 233## GeneralName<sup>12+</sup> 234 235Represents the CN information of a certificate. 236 237**Atomic service API**: This API can be used in atomic services since API version 12. 238 239**System capability**: SystemCapability.Security.Cert 240 241| Name | Type | Mandatory| Description | 242| -------------- | --------------------------------- | ---- | ------------------ | 243| type | [GeneralNameType](#generalname12) | Yes| Type of the certificate subject. | 244| name | Uint8Array | No | DER format of the certificate subject. | 245 246## X509CertMatchParameters<sup>11+</sup> 247 248Defines the parameters used to match a certificate. If no parameter is specified, all certificates are matched. 249 250**Atomic service API**: This API can be used in atomic services since API version 12. 251 252**System capability**: SystemCapability.Security.Cert 253 254| Name | Type | Mandatory| Description | 255| -------------- | --------------------------------- | ---- | ------------------ | 256| x509Cert | [X509Cert](#x509cert) | No| Certificate object. | 257| validDate | string | No | Certificate validity period. | 258| issuer | Uint8Array | No | Certificate issuer, in DER format.| 259| keyUsage | Array\<boolean> | No | Whether to match the key usage.| 260| serialNumber | bigint | No | Serial number of the certificate. | 261| subject | Uint8Array | No | Certificate subject, in DER format.| 262| publicKey | [DataBlob](#datablob) | No | Public key of the certificate, in DER format.| 263| publicKeyAlgID | string | No | Algorithm of the certificate public key.| 264| subjectAlternativeNames<sup>12+</sup> | Array\<[GeneralName](#generalname12)> | No | Subject Alternative Names (SANs) of the certificate.| 265| matchAllSubjectAltNames<sup>12+</sup> | boolean | No | Whether to match all SANs of the certificate.| 266| authorityKeyIdentifier<sup>12+</sup> | Uint8Array | No | Key of the certificate authority (CA).| 267| minPathLenConstraint<sup>12+</sup> | number | No | Minimum length of the certification path (chain of trust) that can be built from the certificate to a trusted root CA.| 268| extendedKeyUsage<sup>12+</sup> | Array\<string> | No | Usage of the certificate.| 269| nameConstraints<sup>12+</sup> | Uint8Array | No | Constraints on the subject names that can be included in certificates.| 270| certPolicy<sup>12+</sup> | Array\<string> | No | Certificate policy.| 271| privateKeyValid<sup>12+</sup> | string | No | Validity period of the certificate private key.| 272| subjectKeyIdentifier<sup>12+</sup> | Uint8Array | No | Identifier of the public key of the certificate's subject.| 273 274## X509CRLMatchParameters<sup>11+</sup> 275 276Represents the parameters used to match a certificate revocation list (CRL). If no parameter is specified, all CRLs are matched. 277 278**Atomic service API**: This API can be used in atomic services since API version 12. 279 280**System capability**: SystemCapability.Security.Cert 281 282| Name | Type | Mandatory| Description | 283| -------------- | --------------------------------- | ---- | ------------------ | 284| issuer | Array\<Uint8Array> | No | Issuers of the certificates. At least one issuer must be matched.| 285| x509Cert | [X509Cert](#x509cert) | No | Certificate object used to determine whether the certificate is in the CRL.| 286| updateDateTime<sup>12+</sup> | string | No | Certificate update time.| 287| maxCRL<sup>12+</sup> | bigint | No | Maximum number of CRLs.| 288| minCRL<sup>12+</sup> | bigint | No | Minimum number of CRLs.| 289 290## CertChainBuildParameters<sup>12+</sup> 291 292Represents the parameters for building a certificate chain. 293 294**Atomic service API**: This API can be used in atomic services since API version 12. 295 296**System capability**: SystemCapability.Security.Cert 297 298| Name | Type | Mandatory| Description | 299| -------------- | --------------------------------- | ---- | ------------------ | 300| certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Filter criteria.| 301| maxLength | number | No | Maximum length of the CA certificate in the certificate chain.| 302| validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for certificate chain validation.| 303 304## CertChainBuildResult<sup>12+</sup> 305 306Represents the certificate chain build result. 307 308**Atomic service API**: This API can be used in atomic services since API version 12. 309 310**System capability**: SystemCapability.Security.Cert 311 312| Name | Type | Mandatory| Description | 313| -------------- | --------------------------------- | ---- | ------------------ | 314| certChain | [X509CertChain](#x509certchain11) | Yes | Certificate chain object created.| 315| validationResult | [CertChainValidationResult](#certchainvalidationresult11) | Yes | Result of the certificate chain validation.| 316 317## X509TrustAnchor<sup>11+</sup> 318 319Represents an X.509 trust anchor, which is used to verify the certificate chain. The certificate or public key in the trust anchor is used as the trusted root to verify the certificate chain. 320 321**Atomic service API**: This API can be used in atomic services since API version 12. 322 323**System capability**: SystemCapability.Security.Cert 324 325| Name | Type | Readable| Writable| Description | 326| --------- | --------------------- | ---- | ---- | --------------------------- | 327| CACert | [X509Cert](#x509cert) | Yes | Yes | Trusted CA certificate. | 328| CAPubKey | Uint8Array | Yes | Yes | Public key of the trusted CA certificate, in DER format.| 329| CASubject | Uint8Array | Yes | Yes | Subject of the trusted CA certificate, in DER format.| 330| nameConstraints<sup>12+</sup> | Uint8Array | Yes | Yes | Name constraints, in DER format.| 331 332## RevocationCheckOptions<sup>12+</sup> 333 334 Enumerates the options for checking the certificate revocation status. 335 336 **Atomic service API**: This API can be used in atomic services since API version 12. 337 338 **System capability**: SystemCapability.Security.Cert 339 340| Name | Value | Description | 341| --------------------------------------| -------- | -----------------------------| 342| REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | Use OCSP over CRL (default).| 343| REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | Obtain the CRL/OCSP response over the network. By default, it is disabled.| 344| REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the alternative solution to be used to obtain the certificate revocation status if the preferred solution cannot be used due to network problems.| 345| REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the locally configured CRL/OCSP response to be used to check the certificate revocation status if the online CRL/OCSP response cannot be used due to network problems.| 346 347## ValidationPolicyType<sup>12+</sup> 348 349 Enumerates the types of the online certificate chain validation policy. 350 351 **Atomic service API**: This API can be used in atomic services since API version 12. 352 353 **System capability**: SystemCapability.Security.Cert 354 355| Name | Value | Description | 356| --------------------------------------| -------- | -----------------------------| 357| VALIDATION_POLICY_TYPE_X509 | 0 | Do not verify **sslHostname** or **dNSName** in the certificate. It is the default value.| 358| VALIDATION_POLICY_TYPE_SSL | 1 | Verify **sslHostname** or **dNSName** in the certificate.| 359 360## KeyUsageType<sup>12+</sup> 361 362 Enumerates the purposes, for which the key in the certificate is used. 363 **Atomic service API**: This API can be used in atomic services since API version 12. 364 365 **System capability**: SystemCapability.Security.Cert 366 367| Name | Value | Description | 368| --------------------------------------| -------- | -----------------------------| 369| KEYUSAGE_DIGITAL_SIGNATURE | 0 | The certificate holder can use the private key contained in the certificate to generate a digital signature.| 370| KEYUSAGE_NON_REPUDIATION | 1 | The certificate holder can use the key to verify a digital signature as part of a nonrepudiation service.| 371| KEYUSAGE_KEY_ENCIPHERMENT | 2 | The certificate holder can use the public key contained in the certificate for key encryption.| 372| KEYUSAGE_DATA_ENCIPHERMENT | 3 | The certificate holder can use the public key contained in the certificate for data encryption.| 373| KEYUSAGE_KEY_AGREEMENT | 4 | The certificate holder can use the private key contained in the certificate to perform key agreement operations.| 374| KEYUSAGE_KEY_CERT_SIGN | 5 | The certificate holder can use the private key contained in the certificate to sign other certificates.| 375| KEYUSAGE_CRL_SIGN | 6 | The certificate holder can use the private key contained in the certificate to sign CRLs.| 376| KEYUSAGE_ENCIPHER_ONLY | 7 | The certificate holder can use the key to perform encryption operations only.| 377| KEYUSAGE_DECIPHER_ONLY | 8 | The certificate holder can use the key to perform decryption operations only.| 378 379## RevocationCheckParameter<sup>12+</sup> 380 381Represents the parameters for checking the certificate revocation status for a certificate chain. 382 383**Atomic service API**: This API can be used in atomic services since API version 12. 384 385**System capability**: SystemCapability.Security.Cert 386 387| Name | Type | Mandatory| Description | 388| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 389| ocspRequestExtension | Array\<Uint8Array> | No | OCSP request extensions.| 390| ocspResponderURI | string | No | URL of the alternative server used to send OCSP requests. HTTP and HTTPS are supported. The specific configuration is determined via the negotiation with the server.| 391| ocspResponderCert | [X509Cert](#x509cert) | No | Signing certificate used for verifying the signature of the OCSP response.| 392| ocspResponses | Uint8Array | No | Alternative OCSP responses.| 393| crlDownloadURI | string | No | Address used to download the CRLs.| 394| options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | No | A set of rules for obtaining the certificate revocation status.| 395| ocspDigest | string | No | Hash algorithm used to create a certificate ID during OCSP communication. The default algorithm is SHA256. The MD5, SHA1, SHA224, SHA256, SHA384 and SHA512 algorithms are supported.| 396 397## CertChainValidationParameters<sup>11+</sup> 398 399Represents the parameters for certificate chain validation. 400 401**Atomic service API**: This API can be used in atomic services since API version 12. 402 403**System capability**: SystemCapability.Security.Cert 404 405| Name | Type | Mandatory| Description | 406| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 407| date | string | No | Validity period of the certificate to validate. | 408| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | Yes | List of trusted anchors. | 409| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | No | Check whether the certificate is in a CRL.| 410| revocationCheckParam<sup>12+</sup> | [RevocationCheckParameter](#revocationcheckparameter12) | No | Parameters for checking the certificate revocation status online.| 411| policy<sup>12+</sup> | [ValidationPolicyType](#validationpolicytype12) | No | Type of the policy for certificate validation.| 412| sslHostname<sup>12+</sup> | string | No | Host name in the certificate to be verified. This parameter must be used with **policy** together.| 413| keyUsage<sup>12+</sup> | Array\<[KeyUsageType](#keyusagetype12)> | No | Usage of the key in the certificate to be validated.| 414 415## CertChainValidationResult<sup>11+</sup> 416 417Represents the return value of certificate chain validation. 418 419**Atomic service API**: This API can be used in atomic services since API version 12. 420 421**System capability**: SystemCapability.Security.Cert 422 423| Name | Type | Readable| Writable| Description | 424| ----------- | ------------------------------------- | ---- | ---- | -------------- | 425| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | Yes | No | Trust anchor. | 426| entityCert | [X509Cert](#x509cert) | Yes | No | Entity certificate.| 427 428## EncodingBaseFormat<sup>16+</sup> 429 430Enumerates the basic encoding formats. 431 432**Atomic service API**: This API can be used in atomic services since API version 16. 433 434**System capability**: SystemCapability.Security.Cert 435 436| Name| Value| Description | 437| ---- | --- | ------------------ | 438| PEM | 0 | PEM. | 439| DER | 1 | DER. | 440 441## Pkcs12Data<sup>16+</sup> 442 443Represents data of the parsed PKCS #12 (.p12) file. 444 445**Atomic service API**: This API can be used in atomic services since API version 16. 446 447**System capability**: SystemCapability.Security.Cert 448 449| Name | Type | Mandatory| Description | 450| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 451| privateKey | string \| Uint8Array | No | Private key obtained after the .p12 file is parsed. | 452| cert | [X509Cert](#x509cert) | No | X.509 certificate obtained after the .p12 file is parsed. | 453| otherCerts | Array\<[X509Cert](#x509cert)> | No | Other certificates obtained after the .p12 file is parsed.| 454 455## Pkcs12ParsingConfig<sup>16+</sup> 456 457Represents the configuration for parsing .p12 files. 458 459**Atomic service API**: This API can be used in atomic services since API version 16. 460 461**System capability**: SystemCapability.Security.Cert 462 463| Name | Type | Mandatory| Description | 464| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 465| password | string | Yes | Password of the .p12 file. | 466| needsPrivateKey | boolean | No | Whether to obtain the private key. The default value is **true**. | 467| privateKeyFormat | [EncodingBaseFormat](#encodingbaseformat16) | No | Format of the private key obtained. The default value is **PEM**.| 468| needsCert | boolean | No | Whether to obtain the certificate. The default value is **true**.| 469| needsOtherCerts | boolean | No | Whether to obtain other certificates. The default value is **false**.| 470 471## CmsContentType<sup>16+</sup> 472 473Enumerates the Cryptographic Message Syntax (CMS) message types. 474 475**Atomic service API**: This API can be used in atomic services since API version 16. 476 477**System capability**: SystemCapability.Security.Cert 478 479| Name | Value | Description | 480| --------------------------------------| -------- | -----------------------------| 481| SIGNED_DATA | 0 | Signature data.| 482 483## CmsContentDataFormat<sup>16+</sup> 484 485Enumerates the CMS message formats. 486 487**Atomic service API**: This API can be used in atomic services since API version 16. 488 489**System capability**: SystemCapability.Security.Cert 490 491| Name | Value| Description | 492| ------ | --- | ------------------------ | 493| BINARY | 0 | Binary. | 494| TEXT | 1 | Text. | 495 496## CmsFormat<sup>16+</sup> 497 498Enumerates the CMS signature formats. 499 500**Atomic service API**: This API can be used in atomic services since API version 16. 501 502**System capability**: SystemCapability.Security.Cert 503 504| Name| Value| Description | 505| ---- | --- | ------------------ | 506| PEM | 0 | PEM. | 507| DER | 1 | DER. | 508 509## PrivateKeyInfo<sup>16+</sup> 510 511Represents the private key information. 512 513**Atomic service API**: This API can be used in atomic services since API version 16. 514 515**System capability**: SystemCapability.Security.Cert 516 517| Name | Type | Mandatory| Description | 518| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 519| key | string \| Uint8Array | Yes | Encrypted or unencrypted private key in PEM or DER format.| 520| password | string | No | Password of the private key, if the private key is encrypted. | 521 522## CmsSignerConfig<sup>16+</sup> 523 524Represents the configuration of the CMS signer. 525 526**Atomic service API**: This API can be used in atomic services since API version 16. 527 528**System capability**: SystemCapability.Security.Cert 529 530| Name | Type | Mandatory| Description | 531| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 532| mdName | string | Yes | Message digest algorithm, for example, **SHA384**. Currently, **SHA1**, **SHA256**, **SHA384**, and **SHA512** are supported. | 533| addCert | boolean | No | Whether to add a certificate. The default value is **true**. | 534| addAttr | boolean | No | Whether to add the signature attribute. The default value is **true**. | 535| addSmimeCapAttr | boolean | No | Whether to add the SMIME capability to the CMS object. The default value is **true**. | 536 537## CmsGeneratorOptions<sup>16+</sup> 538 539Represents the configuration for generating the CMS signing result. 540 541**Atomic service API**: This API can be used in atomic services since API version 16. 542 543**System capability**: SystemCapability.Security.Cert 544 545| Name | Type | Mandatory| Description | 546| --------------------- | ----------------------------- | ---- | ------------------------------------------------------ | 547| contentDataFormat | [CmsContentDataFormat](#cmscontentdataformat16) | No | Format of the content. The default value is **CmsContentDataFormat.BINARY**. | 548| outFormat | [CmsFormat](#cmsformat16) | No | Format of the CMS data generated. The default value is **DER**. | 549| isDetached | boolean | No | Whether the final CMS data does not contain the raw data. The default value is **false**. | 550 551## cert.createX509Cert 552 553createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 554 555Creates an X.509 certificate instance. This API uses an asynchronous callback to return the result. 556 557**Atomic service API**: This API can be used in atomic services since API version 12. 558 559**System capability**: SystemCapability.Security.Cert 560 561**Parameters** 562 563| Name | Type | Mandatory| Description | 564| -------- | ------------------------------------- | ---- | -------------------------- | 565| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 566| callback | AsyncCallback\<[X509Cert](#x509cert)> | Yes | Callback used to return the **X509Cert** instance created.| 567 568**Error codes** 569 570For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 571 572| ID| Error Message | 573| -------- | ------------- | 574| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 575| 801 | this operation is not supported. | 576| 19020001 | memory error. | 577 578**Example** 579 580```ts 581import { cert } from '@kit.DeviceCertificateKit'; 582 583// Convert the string into a Uint8Array. 584function stringToUint8Array(str: string): Uint8Array { 585 let arr: Array<number> = []; 586 for (let i = 0, j = str.length; i < j; i++) { 587 arr.push(str.charCodeAt(i)); 588 } 589 return new Uint8Array(arr); 590} 591 592// Certificate binary data, which varies with the service. 593let certData = '-----BEGIN CERTIFICATE-----\n' + 594 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 595 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 596 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 597 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 598 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 599 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 600 'Qw==\n' + 601 '-----END CERTIFICATE-----\n'; 602 603let encodingBlob: cert.EncodingBlob = { 604 data: stringToUint8Array(certData), 605 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 606 encodingFormat: cert.EncodingFormat.FORMAT_PEM 607}; 608 609cert.createX509Cert(encodingBlob, (error, x509Cert) => { 610 if (error) { 611 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 612 } else { 613 console.log('createX509Cert success'); 614 } 615}); 616``` 617 618## cert.createX509Cert 619 620createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 621 622Creates an X.509 certificate instance. This API uses a promise to return the result. 623 624**Atomic service API**: This API can be used in atomic services since API version 12. 625 626**System capability**: SystemCapability.Security.Cert 627 628**Parameters** 629 630| Name | Type | Mandatory| Description | 631| -------- | ----------------------------- | ---- | ------------------ | 632| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 633 634**Return value** 635 636| Type | Description | 637| ------- | ---------------- | 638| Promise\<[X509Cert](#x509cert)> | Promise used to return the **X509Cert** instance created.| 639 640**Error codes** 641 642For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 643 644| ID| Error Message | 645| -------- | ------------- | 646| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 647| 801 | this operation is not supported. | 648| 19020001 | memory error. | 649 650**Example** 651 652```ts 653import { cert } from '@kit.DeviceCertificateKit'; 654import { BusinessError } from '@kit.BasicServicesKit'; 655 656// Convert the string into a Uint8Array. 657function stringToUint8Array(str: string): Uint8Array { 658 let arr: Array<number> = []; 659 for (let i = 0, j = str.length; i < j; i++) { 660 arr.push(str.charCodeAt(i)); 661 } 662 return new Uint8Array(arr); 663} 664 665// Certificate binary data, which varies with the service. 666let certData = '-----BEGIN CERTIFICATE-----\n' + 667 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 668 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 669 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 670 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 671 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 672 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 673 'Qw==\n' + 674 '-----END CERTIFICATE-----\n'; 675 676let encodingBlob: cert.EncodingBlob = { 677 data: stringToUint8Array(certData), 678 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 679 encodingFormat: cert.EncodingFormat.FORMAT_PEM 680}; 681 682cert.createX509Cert(encodingBlob).then(x509Cert => { 683 console.log('createX509Cert success'); 684}).catch((error: BusinessError) => { 685 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 686}); 687``` 688 689## X509Cert 690 691Provides APIs for X.509 certificate operations. 692 693### verify 694 695verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 696 697Verifies the signature of an X.509 certificate. This API uses an asynchronous callback to return the result. 698 699**Atomic service API**: This API can be used in atomic services since API version 12. 700 701**System capability**: SystemCapability.Security.Cert 702 703**Parameters** 704 705| Name | Type | Mandatory| Description | 706| -------- | --------------------- | ---- | ------------------------------------------------------------ | 707| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 708| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 709 710**Error codes** 711 712For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 713 714| ID| Error Message | 715| -------- | ------------------ | 716| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 717| 19030001 | crypto operation error. | 718 719**Example** 720 721```ts 722import { cert } from '@kit.DeviceCertificateKit'; 723import { BusinessError } from '@kit.BasicServicesKit'; 724 725// Convert the string into a Uint8Array. 726function stringToUint8Array(str: string): Uint8Array { 727 let arr: Array<number> = []; 728 for (let i = 0, j = str.length; i < j; i++) { 729 arr.push(str.charCodeAt(i)); 730 } 731 return new Uint8Array(arr); 732} 733 734// Certificate binary data, which varies with the service. 735let certData = '-----BEGIN CERTIFICATE-----\n' + 736 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 737 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 738 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 739 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 740 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 741 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 742 'Qw==\n' + 743 '-----END CERTIFICATE-----\n'; 744 745let encodingBlob: cert.EncodingBlob = { 746 data: stringToUint8Array(certData), 747 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 748 encodingFormat: cert.EncodingFormat.FORMAT_PEM 749}; 750 751cert.createX509Cert(encodingBlob, (error, x509Cert) => { 752 if (error) { 753 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 754 } else { 755 console.log('createX509Cert success'); 756 757 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 758 try { 759 let pubKey = x509Cert.getPublicKey(); 760 761 // Verify the certificate signature. 762 x509Cert.verify(pubKey, (err, data) => { 763 if (err) { 764 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 765 } else { 766 console.log('verify success'); 767 } 768 }); 769 } catch (error) { 770 let e: BusinessError = error as BusinessError; 771 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 772 } 773 } 774}); 775``` 776 777### verify 778 779verify(key : cryptoFramework.PubKey) : Promise\<void> 780 781Verifies the signature of an X.509 certificate. This API uses a promise to return the result. 782 783**Atomic service API**: This API can be used in atomic services since API version 12. 784 785**System capability**: SystemCapability.Security.Cert 786 787**Parameters** 788 789| Name| Type | Mandatory| Description | 790| ------ | ------ | ---- | ------------------ | 791| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 792 793**Return value** 794 795| Type | Description | 796| -------------- | ----------- | 797| Promise\<void> | Promise used to return the result.| 798 799**Error codes** 800 801For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 802 803| ID| Error Message | 804| -------- | ------------------ | 805| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 806| 19030001 | crypto operation error. | 807 808**Example** 809 810```ts 811import { cert } from '@kit.DeviceCertificateKit'; 812import { BusinessError } from '@kit.BasicServicesKit'; 813 814// Convert the string into a Uint8Array. 815function stringToUint8Array(str: string): Uint8Array { 816 let arr: Array<number> = []; 817 for (let i = 0, j = str.length; i < j; i++) { 818 arr.push(str.charCodeAt(i)); 819 } 820 return new Uint8Array(arr); 821} 822 823// Certificate binary data, which varies with the service. 824let certData = '-----BEGIN CERTIFICATE-----\n' + 825 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 826 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 827 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 828 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 829 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 830 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 831 'Qw==\n' + 832 '-----END CERTIFICATE-----\n'; 833 834let encodingBlob: cert.EncodingBlob = { 835 data: stringToUint8Array(certData), 836 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 837 encodingFormat: cert.EncodingFormat.FORMAT_PEM 838}; 839 840cert.createX509Cert(encodingBlob).then(x509Cert => { 841 console.log('createX509Cert success'); 842 843 try { 844 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 845 let pubKey = x509Cert.getPublicKey(); 846 x509Cert.verify(pubKey).then(result => { 847 console.log('verify success'); 848 }).catch((error: BusinessError) => { 849 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 850 }); 851 } catch (err) { 852 console.error('get public key failed'); 853 } 854}).catch((error: BusinessError) => { 855 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 856}); 857``` 858 859### getEncoded 860 861getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 862 863Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. 864 865**Atomic service API**: This API can be used in atomic services since API version 12. 866 867**System capability**: SystemCapability.Security.Cert 868 869**Parameters** 870 871| Name | Type | Mandatory| Description | 872| -------- | --------------------------------------------- | ---- | -------------------------------- | 873| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized X.509 certificate data obtained.| 874 875**Error codes** 876 877For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 878 879| ID| Error Message | 880| -------- | ------------------------------------------------- | 881| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 882| 19020001 | memory error. | 883| 19020002 | runtime error. | 884| 19030001 | crypto operation error.| 885 886**Example** 887 888```ts 889import { cert } from '@kit.DeviceCertificateKit'; 890 891// Convert the string into a Uint8Array. 892function stringToUint8Array(str: string): Uint8Array { 893 let arr: Array<number> = []; 894 for (let i = 0, j = str.length; i < j; i++) { 895 arr.push(str.charCodeAt(i)); 896 } 897 return new Uint8Array(arr); 898} 899 900// Certificate binary data, which varies with the service. 901let certData = '-----BEGIN CERTIFICATE-----\n' + 902 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 903 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 904 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 905 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 906 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 907 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 908 'Qw==\n' + 909 '-----END CERTIFICATE-----\n'; 910 911let encodingBlob: cert.EncodingBlob = { 912 data: stringToUint8Array(certData), 913 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 914 encodingFormat: cert.EncodingFormat.FORMAT_PEM 915}; 916 917cert.createX509Cert(encodingBlob, (error, x509Cert) => { 918 if (error) { 919 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 920 } else { 921 console.log('createX509Cert success'); 922 x509Cert.getEncoded((error, data) => { 923 if (error) { 924 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 925 } else { 926 console.log('getEncoded success'); 927 } 928 }); 929 } 930}); 931``` 932 933### getEncoded 934 935getEncoded() : Promise\<EncodingBlob> 936 937Obtains the serialized X.509 certificate data. This API uses a promise to return the result. 938 939**Atomic service API**: This API can be used in atomic services since API version 12. 940 941**System capability**: SystemCapability.Security.Cert 942 943**Return value** 944 945| Type | Description | 946| --------------------------------------- | ---------------------- | 947| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 certificate data obtained.| 948 949**Error codes** 950 951For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 952 953| ID| Error Message | 954| -------- | ------------------------------------------------- | 955| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 956| 19020001 | memory error. | 957| 19020002 | runtime error. | 958| 19030001 | crypto operation error.| 959 960**Example** 961 962```ts 963import { cert } from '@kit.DeviceCertificateKit'; 964import { BusinessError } from '@kit.BasicServicesKit'; 965 966// Convert the string into a Uint8Array. 967function stringToUint8Array(str: string): Uint8Array { 968 let arr: Array<number> = []; 969 for (let i = 0, j = str.length; i < j; i++) { 970 arr.push(str.charCodeAt(i)); 971 } 972 return new Uint8Array(arr); 973} 974 975// Certificate binary data, which varies with the service. 976let certData = '-----BEGIN CERTIFICATE-----\n' + 977 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 978 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 979 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 980 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 981 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 982 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 983 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 984 '-----END CERTIFICATE-----\n'; 985 986// Certificate binary data, which varies with the service. 987let encodingBlob: cert.EncodingBlob = { 988 data: stringToUint8Array(certData), 989 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 990 encodingFormat: cert.EncodingFormat.FORMAT_PEM 991}; 992cert.createX509Cert(encodingBlob).then(x509Cert => { 993 console.log('createX509Cert success'); 994 x509Cert.getEncoded().then(result => { 995 console.log('getEncoded success'); 996 }).catch((error: BusinessError) => { 997 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 998 }); 999}).catch((error: BusinessError) => { 1000 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1001}); 1002``` 1003 1004### getPublicKey 1005 1006getPublicKey() : cryptoFramework.PubKey 1007 1008Obtains the public key of this X.509 certificate. 1009 1010**Atomic service API**: This API can be used in atomic services since API version 12. 1011 1012**System capability**: SystemCapability.Security.Cert 1013 1014**Return value** 1015 1016| Type | Description | 1017| ------ | ---------------- | 1018| [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Public key of the X509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| 1019 1020**Error codes** 1021 1022For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1023 1024| ID| Error Message | 1025| -------- | ------------------------------------------------- | 1026| 19020001 | memory error. | 1027| 19030001 | crypto operation error.| 1028 1029**Example** 1030 1031```ts 1032import { cert } from '@kit.DeviceCertificateKit'; 1033import { BusinessError } from '@kit.BasicServicesKit'; 1034 1035// Convert the string into a Uint8Array. 1036function stringToUint8Array(str: string): Uint8Array { 1037 let arr: Array<number> = []; 1038 for (let i = 0, j = str.length; i < j; i++) { 1039 arr.push(str.charCodeAt(i)); 1040 } 1041 return new Uint8Array(arr); 1042} 1043 1044// Certificate binary data, which varies with the service. 1045let certData = '-----BEGIN CERTIFICATE-----\n' + 1046 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1047 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1048 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1049 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1050 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1051 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1052 'Qw==\n' + 1053 '-----END CERTIFICATE-----\n'; 1054 1055let encodingBlob: cert.EncodingBlob = { 1056 data: stringToUint8Array(certData), 1057 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1058 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1059}; 1060 1061cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1062 if (error) { 1063 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1064 } else { 1065 console.log('createX509Cert success'); 1066 try { 1067 let pubKey = x509Cert.getPublicKey(); 1068 } catch (error) { 1069 let e: BusinessError = error as BusinessError; 1070 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1071 } 1072 } 1073}); 1074``` 1075 1076### checkValidityWithDate 1077 1078checkValidityWithDate(date: string) : void 1079 1080Checks the validity period of this X.509 certificate. 1081 1082**Atomic service API**: This API can be used in atomic services since API version 12. 1083 1084**System capability**: SystemCapability.Security.Cert 1085 1086**Parameters** 1087 1088| Name | Type | Mandatory| Description | 1089| -------- | -------------- | ---- | ---------- | 1090| date | string | Yes | Date in the ASN.1 format.| 1091 1092**Error codes** 1093 1094For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1095 1096| ID| Error Message | 1097| -------- | ------------------------------------------------- | 1098| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 1099| 19020001 | memory error. | 1100| 19030001 | crypto operation error.| 1101| 19030003 | the certificate has not taken effect. | 1102| 19030004 | the certificate has expired.| 1103 1104**Example** 1105 1106```ts 1107import { cert } from '@kit.DeviceCertificateKit'; 1108import { BusinessError } from '@kit.BasicServicesKit'; 1109 1110// Convert the string into a Uint8Array. 1111function stringToUint8Array(str: string): Uint8Array { 1112 let arr: Array<number> = []; 1113 for (let i = 0, j = str.length; i < j; i++) { 1114 arr.push(str.charCodeAt(i)); 1115 } 1116 return new Uint8Array(arr); 1117} 1118 1119// Certificate binary data, which varies with the service. 1120let certData = '-----BEGIN CERTIFICATE-----\n' + 1121 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1122 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1123 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1124 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1125 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1126 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1127 'Qw==\n' + 1128 '-----END CERTIFICATE-----\n'; 1129 1130let encodingBlob: cert.EncodingBlob = { 1131 data: stringToUint8Array(certData), 1132 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1133 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1134}; 1135 1136cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1137 if (error) { 1138 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1139 } else { 1140 console.log('createX509Cert success'); 1141 1142 let date = '231001000001Z'; 1143 // Verify the certificate validity period. 1144 try { 1145 x509Cert.checkValidityWithDate(date); 1146 } catch (error) { 1147 let e: BusinessError = error as BusinessError; 1148 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1149 } 1150 } 1151}); 1152``` 1153 1154### getVersion 1155 1156getVersion() : number 1157 1158Obtains the X.509 certificate version. 1159 1160**Atomic service API**: This API can be used in atomic services since API version 12. 1161 1162**System capability**: SystemCapability.Security.Cert 1163 1164**Return value** 1165 1166| Type | Description | 1167| ------ | ---------------- | 1168| number | X.509 certificate version obtained.| 1169 1170**Example** 1171 1172```ts 1173import { cert } from '@kit.DeviceCertificateKit'; 1174 1175// Convert the string into a Uint8Array. 1176function stringToUint8Array(str: string): Uint8Array { 1177 let arr: Array<number> = []; 1178 for (let i = 0, j = str.length; i < j; i++) { 1179 arr.push(str.charCodeAt(i)); 1180 } 1181 return new Uint8Array(arr); 1182} 1183 1184// Certificate binary data, which varies with the service. 1185let certData = '-----BEGIN CERTIFICATE-----\n' + 1186 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1187 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1188 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1189 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1190 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1191 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1192 'Qw==\n' + 1193 '-----END CERTIFICATE-----\n'; 1194 1195let encodingBlob: cert.EncodingBlob = { 1196 data: stringToUint8Array(certData), 1197 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1198 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1199}; 1200cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1201 if (error) { 1202 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1203 } else { 1204 console.log('createX509Cert success'); 1205 let version = x509Cert.getVersion(); 1206 } 1207}); 1208``` 1209 1210### getSerialNumber<sup>(deprecated)</sup> 1211 1212getSerialNumber() : number 1213 1214Obtains the X.509 certificate serial number. 1215 1216> **NOTE** 1217> 1218> This API is supported since API version 9 and deprecated since API version 10. Use [getCertSerialNumber](#getcertserialnumber10) instead. 1219 1220**System capability**: SystemCapability.Security.Cert 1221 1222**Return value** 1223 1224| Type | Description | 1225| ------ | ------------------ | 1226| number | X.509 certificate serial number obtained.| 1227 1228**Example** 1229 1230```ts 1231import { cert } from '@kit.DeviceCertificateKit'; 1232 1233// Convert the string into a Uint8Array. 1234function stringToUint8Array(str: string): Uint8Array { 1235 let arr: Array<number> = []; 1236 for (let i = 0, j = str.length; i < j; i++) { 1237 arr.push(str.charCodeAt(i)); 1238 } 1239 return new Uint8Array(arr); 1240} 1241 1242// Certificate binary data, which varies with the service. 1243let certData = '-----BEGIN CERTIFICATE-----\n' + 1244 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1245 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1246 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1247 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1248 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1249 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1250 'Qw==\n' + 1251 '-----END CERTIFICATE-----\n'; 1252 1253let encodingBlob: cert.EncodingBlob = { 1254 data: stringToUint8Array(certData), 1255 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1256 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1257}; 1258 1259cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1260 if (error) { 1261 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1262 } else { 1263 console.log('createX509Cert success'); 1264 let serialNumber = x509Cert.getSerialNumber(); 1265 } 1266}); 1267``` 1268 1269### getCertSerialNumber<sup>10+</sup> 1270 1271getCertSerialNumber() : bigint 1272 1273Obtains the X.509 certificate serial number. 1274 1275**Atomic service API**: This API can be used in atomic services since API version 12. 1276 1277**System capability**: SystemCapability.Security.Cert 1278 1279**Return value** 1280 1281| Type | Description | 1282| ------ | ------------------ | 1283| bigint | X.509 certificate serial number obtained.| 1284 1285**Error codes** 1286 1287For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1288 1289| ID| Error Message | 1290| -------- | ------------------------------------------------- | 1291| 19020002 | runtime error. | 1292 1293**Example** 1294 1295```ts 1296import { cert } from '@kit.DeviceCertificateKit'; 1297import { BusinessError } from '@kit.BasicServicesKit'; 1298 1299// Convert the string into a Uint8Array. 1300function stringToUint8Array(str: string): Uint8Array { 1301 let arr: Array<number> = []; 1302 for (let i = 0, j = str.length; i < j; i++) { 1303 arr.push(str.charCodeAt(i)); 1304 } 1305 return new Uint8Array(arr); 1306} 1307 1308// Certificate binary data, which varies with the service. 1309let certData = '-----BEGIN CERTIFICATE-----\n' + 1310 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1311 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1312 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1313 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1314 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1315 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1316 'Qw==\n' + 1317 '-----END CERTIFICATE-----\n'; 1318 1319let encodingBlob: cert.EncodingBlob = { 1320 data: stringToUint8Array(certData), 1321 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1322 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1323}; 1324 1325cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1326 if (error) { 1327 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1328 } else { 1329 console.log('createX509Cert success'); 1330 try { 1331 let serialNumber = x509Cert.getCertSerialNumber(); 1332 } catch (err) { 1333 let e: BusinessError = err as BusinessError; 1334 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1335 } 1336 } 1337}); 1338``` 1339 1340### getIssuerName 1341 1342getIssuerName() : DataBlob 1343 1344Obtains the X.509 certificate issuer. 1345 1346**Atomic service API**: This API can be used in atomic services since API version 12. 1347 1348**System capability**: SystemCapability.Security.Cert 1349 1350**Return value** 1351 1352| Type | Description | 1353| --------------------- | ---------------------- | 1354| [DataBlob](#datablob) | X.509 certificate issuer obtained.| 1355 1356**Error codes** 1357 1358For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1359 1360| ID| Error Message | 1361| -------- | ------------------------------------------------- | 1362| 19020001 | memory error. | 1363| 19020002 | runtime error. | 1364| 19030001 | crypto operation error.| 1365 1366**Example** 1367 1368```ts 1369import { cert } from '@kit.DeviceCertificateKit'; 1370import { BusinessError } from '@kit.BasicServicesKit'; 1371 1372// Convert the string into a Uint8Array. 1373function stringToUint8Array(str: string): Uint8Array { 1374 let arr: Array<number> = []; 1375 for (let i = 0, j = str.length; i < j; i++) { 1376 arr.push(str.charCodeAt(i)); 1377 } 1378 return new Uint8Array(arr); 1379} 1380 1381// Certificate binary data, which varies with the service. 1382let certData = '-----BEGIN CERTIFICATE-----\n' + 1383 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1384 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1385 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1386 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1387 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1388 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1389 'Qw==\n' + 1390 '-----END CERTIFICATE-----\n'; 1391 1392let encodingBlob: cert.EncodingBlob = { 1393 data: stringToUint8Array(certData), 1394 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1395 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1396}; 1397 1398cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1399 if (error) { 1400 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1401 } else { 1402 console.log('createX509Cert success'); 1403 try { 1404 let issuerName = x509Cert.getIssuerName(); 1405 } catch (err) { 1406 let e: BusinessError = err as BusinessError; 1407 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1408 } 1409 } 1410}); 1411``` 1412 1413### getSubjectName 1414 1415getSubjectName(encodingType?: EncodingType) : DataBlob 1416 1417Obtains the subject of this X.509 certificate. 1418 1419**Atomic service API**: This API can be used in atomic services since API version 12. 1420 1421**System capability**: SystemCapability.Security.Cert 1422 1423**Parameters** 1424 1425| Name | Type | Mandatory| Description | 1426| -------- | ------------------------------------- | ---- | ------------------------------ | 1427| encodingType | [EncodingType](#encodingtype12) | No | Encoding type. If this parameter is set, the subject name in UTF-8 format is to be obtained. If this parameter is not set, the subject name in ASCII encoding format is obtained by default.<br>This parameter is available since API version 12. | 1428 1429**Return value** 1430 1431| Type | Description | 1432| --------------------- | -------------------- | 1433| [DataBlob](#datablob) | Subject name obtained.| 1434 1435**Error codes** 1436 1437For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1438 1439| ID| Error Message | 1440| -------- | ------------------------------------------------- | 1441| 401 | invalid parameters. Possible causes: <br>1. Incorrect parameter types;<br>2. Parameter verification failed. | 1442| 19020001 | memory error. | 1443| 19020002 | runtime error. | 1444| 19030001 | crypto operation error.| 1445 1446**Example** 1447 1448```ts 1449import { cert } from '@kit.DeviceCertificateKit'; 1450import { BusinessError } from '@kit.BasicServicesKit'; 1451 1452// Convert the string into a Uint8Array. 1453function stringToUint8Array(str: string): Uint8Array { 1454 let arr: Array<number> = []; 1455 for (let i = 0, j = str.length; i < j; i++) { 1456 arr.push(str.charCodeAt(i)); 1457 } 1458 return new Uint8Array(arr); 1459} 1460 1461// Certificate binary data, which varies with the service. 1462let certData = '-----BEGIN CERTIFICATE-----\n' + 1463 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1464 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1465 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1466 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1467 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1468 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1469 'Qw==\n' + 1470 '-----END CERTIFICATE-----\n'; 1471 1472let encodingBlob: cert.EncodingBlob = { 1473 data: stringToUint8Array(certData), 1474 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1475 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1476}; 1477 1478cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1479 if (error) { 1480 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1481 } else { 1482 console.log('createX509Cert success'); 1483 try { 1484 let subjectName = x509Cert.getSubjectName(); 1485 } catch (err) { 1486 let e: BusinessError = err as BusinessError; 1487 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1488 } 1489 try { 1490 let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); 1491 } catch (err) { 1492 let e: BusinessError = err as BusinessError; 1493 console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1494 } 1495 } 1496}); 1497``` 1498 1499### getNotBeforeTime 1500 1501getNotBeforeTime() : string 1502 1503Obtains the start time of this X.509 certificate. 1504 1505**Atomic service API**: This API can be used in atomic services since API version 12. 1506 1507**System capability**: SystemCapability.Security.Cert 1508 1509**Return value** 1510 1511| Type | Description | 1512| ------ | ------------------------------------------------------------ | 1513| string | Certificate start time obtained, in ASN.1 format.| 1514 1515**Error codes** 1516 1517For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1518 1519| ID| Error Message | 1520| -------- | ------------------------------------------------- | 1521| 19020001 | memory error. | 1522| 19020002 | runtime error. | 1523| 19030001 | crypto operation error.| 1524 1525**Example** 1526 1527```ts 1528import { cert } from '@kit.DeviceCertificateKit'; 1529import { BusinessError } from '@kit.BasicServicesKit'; 1530 1531// Convert the string into a Uint8Array. 1532function stringToUint8Array(str: string): Uint8Array { 1533 let arr: Array<number> = []; 1534 for (let i = 0, j = str.length; i < j; i++) { 1535 arr.push(str.charCodeAt(i)); 1536 } 1537 return new Uint8Array(arr); 1538} 1539 1540// Certificate binary data, which varies with the service. 1541let certData = '-----BEGIN CERTIFICATE-----\n' + 1542 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1543 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1544 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1545 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1546 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1547 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1548 'Qw==\n' + 1549 '-----END CERTIFICATE-----\n'; 1550 1551let encodingBlob: cert.EncodingBlob = { 1552 data: stringToUint8Array(certData), 1553 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1554 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1555}; 1556 1557cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1558 if (error) { 1559 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1560 } else { 1561 console.log('createX509Cert success'); 1562 try { 1563 let notBefore = x509Cert.getNotBeforeTime(); 1564 } catch (err) { 1565 let e: BusinessError = err as BusinessError; 1566 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1567 } 1568 } 1569}); 1570``` 1571 1572### getNotAfterTime 1573 1574getNotAfterTime() : string 1575 1576Obtains the expiration time of this X.509 certificate. 1577 1578**Atomic service API**: This API can be used in atomic services since API version 12. 1579 1580**System capability**: SystemCapability.Security.Cert 1581 1582**Return value** 1583 1584| Type | Description | 1585| ------ | ------------------------------------------------------------ | 1586| string | Certificate expiration time obtained, in ASN.1 format.| 1587 1588**Error codes** 1589 1590For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1591 1592| ID| Error Message | 1593| -------- | ------------------------------------------------- | 1594| 19020001 | memory error. | 1595| 19020002 | runtime error. | 1596| 19030001 | crypto operation error.| 1597 1598**Example** 1599 1600```ts 1601import { cert } from '@kit.DeviceCertificateKit'; 1602 1603import { BusinessError } from '@kit.BasicServicesKit'; 1604 1605// Convert the string into a Uint8Array. 1606function stringToUint8Array(str: string): Uint8Array { 1607 let arr: Array<number> = []; 1608 for (let i = 0, j = str.length; i < j; i++) { 1609 arr.push(str.charCodeAt(i)); 1610 } 1611 return new Uint8Array(arr); 1612} 1613 1614// Certificate binary data, which varies with the service. 1615let certData = '-----BEGIN CERTIFICATE-----\n' + 1616 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1617 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1618 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1619 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1620 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1621 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1622 'Qw==\n' + 1623 '-----END CERTIFICATE-----\n'; 1624 1625let encodingBlob: cert.EncodingBlob = { 1626 data: stringToUint8Array(certData), 1627 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1628 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1629}; 1630 1631cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1632 if (error) { 1633 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1634 } else { 1635 console.log('createX509Cert success'); 1636 try { 1637 let notAfter = x509Cert.getNotAfterTime(); 1638 } catch (err) { 1639 let e: BusinessError = err as BusinessError; 1640 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1641 } 1642 } 1643}); 1644``` 1645 1646### getSignature 1647 1648getSignature() : DataBlob 1649 1650Obtains the signature data of this X.509 certificate. 1651 1652**Atomic service API**: This API can be used in atomic services since API version 12. 1653 1654**System capability**: SystemCapability.Security.Cert 1655 1656**Return value** 1657 1658| Type | Description | 1659| --------------------- | -------------------- | 1660| [DataBlob](#datablob) | Signature data obtained.| 1661 1662**Error codes** 1663 1664For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1665 1666| ID| Error Message | 1667| -------- | ------------------------------------------------- | 1668| 19020001 | memory error. | 1669| 19020002 | runtime error. | 1670| 19030001 | crypto operation error.| 1671 1672**Example** 1673 1674```ts 1675import { cert } from '@kit.DeviceCertificateKit'; 1676 1677import { BusinessError } from '@kit.BasicServicesKit'; 1678 1679// Convert the string into a Uint8Array. 1680function stringToUint8Array(str: string): Uint8Array { 1681 let arr: Array<number> = []; 1682 for (let i = 0, j = str.length; i < j; i++) { 1683 arr.push(str.charCodeAt(i)); 1684 } 1685 return new Uint8Array(arr); 1686} 1687 1688// Certificate binary data, which varies with the service. 1689let certData = '-----BEGIN CERTIFICATE-----\n' + 1690 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1691 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1692 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1693 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1694 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1695 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1696 'Qw==\n' + 1697 '-----END CERTIFICATE-----\n'; 1698 1699let encodingBlob: cert.EncodingBlob = { 1700 data: stringToUint8Array(certData), 1701 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1702 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1703}; 1704 1705cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1706 if (error) { 1707 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1708 } else { 1709 console.log('createX509Cert success'); 1710 try { 1711 let signature = x509Cert.getSignature(); 1712 } catch (err) { 1713 let e: BusinessError = err as BusinessError; 1714 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1715 } 1716 } 1717}); 1718``` 1719 1720### getSignatureAlgName 1721 1722getSignatureAlgName() : string 1723 1724Obtains the signing algorithm of this X.509 certificate. 1725 1726**Atomic service API**: This API can be used in atomic services since API version 12. 1727 1728**System capability**: SystemCapability.Security.Cert 1729 1730**Return value** 1731 1732| Type | Description | 1733| ------ | ------------------------ | 1734| string | X.509 certificate signing algorithm obtained.| 1735 1736**Error codes** 1737 1738For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1739 1740| ID| Error Message | 1741| -------- | ------------------------------------------------- | 1742| 19020001 | memory error. | 1743| 19020002 | runtime error. | 1744| 19030001 | crypto operation error.| 1745 1746**Example** 1747 1748```ts 1749import { cert } from '@kit.DeviceCertificateKit'; 1750 1751import { BusinessError } from '@kit.BasicServicesKit'; 1752 1753// Convert the string into a Uint8Array. 1754function stringToUint8Array(str: string): Uint8Array { 1755 let arr: Array<number> = []; 1756 for (let i = 0, j = str.length; i < j; i++) { 1757 arr.push(str.charCodeAt(i)); 1758 } 1759 return new Uint8Array(arr); 1760} 1761 1762// Certificate binary data, which varies with the service. 1763let certData = '-----BEGIN CERTIFICATE-----\n' + 1764 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1765 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1766 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1767 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1768 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1769 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1770 'Qw==\n' + 1771 '-----END CERTIFICATE-----\n'; 1772 1773let encodingBlob: cert.EncodingBlob = { 1774 data: stringToUint8Array(certData), 1775 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1776 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1777}; 1778 1779cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1780 if (error) { 1781 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1782 } else { 1783 console.log('createX509Cert success'); 1784 try { 1785 let sigAlgName = x509Cert.getSignatureAlgName(); 1786 } catch (err) { 1787 let e: BusinessError = err as BusinessError; 1788 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1789 } 1790 } 1791}); 1792``` 1793 1794### getSignatureAlgOid 1795 1796getSignatureAlgOid() : string 1797 1798Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 1799 1800**Atomic service API**: This API can be used in atomic services since API version 12. 1801 1802**System capability**: SystemCapability.Security.Cert 1803 1804**Return value** 1805 1806| Type | Description | 1807| ------ | --------------------------------- | 1808| string | OID obtained.| 1809 1810**Error codes** 1811 1812For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1813 1814| ID| Error Message | 1815| -------- | ------------------------------------------------- | 1816| 19020001 | memory error. | 1817| 19020002 | runtime error. | 1818| 19030001 | crypto operation error.| 1819 1820**Example** 1821 1822```ts 1823import { cert } from '@kit.DeviceCertificateKit'; 1824import { BusinessError } from '@kit.BasicServicesKit'; 1825 1826// Convert the string into a Uint8Array. 1827function stringToUint8Array(str: string): Uint8Array { 1828 let arr: Array<number> = []; 1829 for (let i = 0, j = str.length; i < j; i++) { 1830 arr.push(str.charCodeAt(i)); 1831 } 1832 return new Uint8Array(arr); 1833} 1834 1835// Certificate binary data, which varies with the service. 1836let certData = '-----BEGIN CERTIFICATE-----\n' + 1837 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1838 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1839 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1840 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1841 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1842 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1843 'Qw==\n' + 1844 '-----END CERTIFICATE-----\n'; 1845 1846let encodingBlob: cert.EncodingBlob = { 1847 data: stringToUint8Array(certData), 1848 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1849 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1850}; 1851 1852cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1853 if (error) { 1854 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1855 } else { 1856 console.log('createX509Cert success'); 1857 try { 1858 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1859 } catch (err) { 1860 let e: BusinessError = err as BusinessError; 1861 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1862 } 1863 } 1864}); 1865``` 1866 1867### getSignatureAlgParams 1868 1869getSignatureAlgParams() : DataBlob 1870 1871Obtains the signing algorithm parameters of this X.509 certificate. 1872 1873**Atomic service API**: This API can be used in atomic services since API version 12. 1874 1875**System capability**: SystemCapability.Security.Cert 1876 1877**Return value** 1878 1879| Type | Description | 1880| --------------------- | ------------------------ | 1881| [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| 1882 1883**Error codes** 1884 1885For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1886 1887| ID| Error Message | 1888| -------- | ------------------------------------------------- | 1889| 801 | this operation is not supported. | 1890| 19020001 | memory error. | 1891| 19020002 | runtime error. | 1892| 19030001 | crypto operation error.| 1893 1894**Example** 1895 1896```ts 1897import { cert } from '@kit.DeviceCertificateKit'; 1898import { BusinessError } from '@kit.BasicServicesKit'; 1899 1900// Convert the string into a Uint8Array. 1901function stringToUint8Array(str: string): Uint8Array { 1902 let arr: Array<number> = []; 1903 for (let i = 0, j = str.length; i < j; i++) { 1904 arr.push(str.charCodeAt(i)); 1905 } 1906 return new Uint8Array(arr); 1907} 1908 1909// Certificate binary data, which varies with the service. 1910let certData = '-----BEGIN CERTIFICATE-----\n' + 1911 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1912 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1913 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1914 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1915 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1916 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1917 'Qw==\n' + 1918 '-----END CERTIFICATE-----\n'; 1919 1920let encodingBlob: cert.EncodingBlob = { 1921 data: stringToUint8Array(certData), 1922 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1923 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1924}; 1925 1926cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1927 if (error) { 1928 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1929 } else { 1930 console.log('createX509Cert success'); 1931 try { 1932 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1933 } catch (err) { 1934 let e: BusinessError = err as BusinessError; 1935 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1936 } 1937 } 1938}); 1939``` 1940 1941### getKeyUsage 1942 1943getKeyUsage() : DataBlob 1944 1945Obtains the key usage of this X.509 certificate. 1946 1947**Atomic service API**: This API can be used in atomic services since API version 12. 1948 1949**System capability**: SystemCapability.Security.Cert 1950 1951**Return value** 1952 1953| Type | Description | 1954| --------------------- | -------------------- | 1955| [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| 1956 1957**Error codes** 1958 1959For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1960 1961| ID| Error Message | 1962| -------- | ------------------------------------------------- | 1963| 19020001 | memory error. | 1964| 19030001 | crypto operation error.| 1965 1966**Example** 1967 1968```ts 1969import { cert } from '@kit.DeviceCertificateKit'; 1970import { BusinessError } from '@kit.BasicServicesKit'; 1971 1972// Convert the string into a Uint8Array. 1973function stringToUint8Array(str: string): Uint8Array { 1974 let arr: Array<number> = []; 1975 for (let i = 0, j = str.length; i < j; i++) { 1976 arr.push(str.charCodeAt(i)); 1977 } 1978 return new Uint8Array(arr); 1979} 1980 1981// Certificate binary data, which varies with the service. 1982let certData = '-----BEGIN CERTIFICATE-----\n' + 1983 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1984 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1985 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1986 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1987 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1988 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1989 'Qw==\n' + 1990 '-----END CERTIFICATE-----\n'; 1991 1992let encodingBlob: cert.EncodingBlob = { 1993 data: stringToUint8Array(certData), 1994 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1995 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1996}; 1997 1998cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1999 if (error) { 2000 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2001 } else { 2002 console.log('createX509Cert success'); 2003 try { 2004 let keyUsage = x509Cert.getKeyUsage(); 2005 } catch (err) { 2006 let e: BusinessError = err as BusinessError; 2007 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2008 } 2009 } 2010}); 2011``` 2012 2013### getExtKeyUsage 2014 2015getExtKeyUsage() : DataArray 2016 2017Obtains the usage of the extended key of this X.509 certificate. 2018 2019**Atomic service API**: This API can be used in atomic services since API version 12. 2020 2021**System capability**: SystemCapability.Security.Cert 2022 2023**Return value** 2024 2025| Type | Description | 2026| ----------------------- | ------------------------ | 2027| [DataArray](#dataarray) | Usage of the extended key obtained.| 2028 2029**Error codes** 2030 2031For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2032 2033| ID| Error Message | 2034| -------- | ------------------------------------------------- | 2035| 19020001 | memory error. | 2036| 19020002 | runtime error. | 2037| 19030001 | crypto operation error.| 2038 2039**Example** 2040 2041```ts 2042import { cert } from '@kit.DeviceCertificateKit'; 2043import { BusinessError } from '@kit.BasicServicesKit'; 2044 2045// Convert the string into a Uint8Array. 2046function stringToUint8Array(str: string): Uint8Array { 2047 let arr: Array<number> = []; 2048 for (let i = 0, j = str.length; i < j; i++) { 2049 arr.push(str.charCodeAt(i)); 2050 } 2051 return new Uint8Array(arr); 2052} 2053 2054// Certificate binary data, which varies with the service. 2055let certData = '-----BEGIN CERTIFICATE-----\n' + 2056 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2057 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2058 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2059 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2060 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2061 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2062 'Qw==\n' + 2063 '-----END CERTIFICATE-----\n'; 2064 2065let encodingBlob: cert.EncodingBlob = { 2066 data: stringToUint8Array(certData), 2067 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2068 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2069}; 2070 2071cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2072 if (error) { 2073 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2074 } else { 2075 console.log('createX509Cert success'); 2076 try { 2077 let extKeyUsage = x509Cert.getExtKeyUsage(); 2078 } catch (err) { 2079 let e: BusinessError = err as BusinessError; 2080 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2081 } 2082 } 2083}); 2084``` 2085 2086### getBasicConstraints 2087 2088getBasicConstraints() : number 2089 2090Obtains the basic constraints for obtaining this X.509 certificate. 2091 2092**Atomic service API**: This API can be used in atomic services since API version 12. 2093 2094**System capability**: SystemCapability.Security.Cert 2095 2096**Return value** 2097 2098| Type | Description | 2099| ------ | -------------------- | 2100| number | Basic constraints obtained.| 2101 2102**Example** 2103 2104```ts 2105import { cert } from '@kit.DeviceCertificateKit'; 2106 2107// Convert the string into a Uint8Array. 2108function stringToUint8Array(str: string): Uint8Array { 2109 let arr: Array<number> = []; 2110 for (let i = 0, j = str.length; i < j; i++) { 2111 arr.push(str.charCodeAt(i)); 2112 } 2113 return new Uint8Array(arr); 2114} 2115 2116// Certificate binary data, which varies with the service. 2117let certData = '-----BEGIN CERTIFICATE-----\n' + 2118 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2119 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2120 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2121 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2122 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2123 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2124 'Qw==\n' + 2125 '-----END CERTIFICATE-----\n'; 2126 2127let encodingBlob: cert.EncodingBlob = { 2128 data: stringToUint8Array(certData), 2129 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2130 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2131}; 2132 2133cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2134 if (error) { 2135 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2136 } else { 2137 console.log('createX509Cert success'); 2138 let basicConstraints = x509Cert.getBasicConstraints(); 2139 } 2140}); 2141``` 2142 2143### getSubjectAltNames 2144 2145getSubjectAltNames() : DataArray 2146 2147Obtains the Subject Alternative Names (SANs) of this X.509 certificate. 2148 2149**Atomic service API**: This API can be used in atomic services since API version 12. 2150 2151**System capability**: SystemCapability.Security.Cert 2152 2153**Return value** 2154 2155| Type | Description | 2156| ----------------------- | ------------------------ | 2157| [DataArray](#dataarray) | SANs obtained.| 2158 2159**Error codes** 2160 2161For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2162 2163| ID| Error Message | 2164| -------- | ------------------------------------------------- | 2165| 19020001 | memory error. | 2166| 19020002 | runtime error. | 2167| 19030001 | crypto operation error.| 2168 2169**Example** 2170 2171```ts 2172import { cert } from '@kit.DeviceCertificateKit'; 2173import { BusinessError } from '@kit.BasicServicesKit'; 2174 2175// Convert the string into a Uint8Array. 2176function stringToUint8Array(str: string): Uint8Array { 2177 let arr: Array<number> = []; 2178 for (let i = 0, j = str.length; i < j; i++) { 2179 arr.push(str.charCodeAt(i)); 2180 } 2181 return new Uint8Array(arr); 2182} 2183 2184// Certificate binary data, which varies with the service. 2185let certData = '-----BEGIN CERTIFICATE-----\n' + 2186 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2187 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2188 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2189 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2190 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2191 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2192 'Qw==\n' + 2193 '-----END CERTIFICATE-----\n'; 2194 2195let encodingBlob: cert.EncodingBlob = { 2196 data: stringToUint8Array(certData), 2197 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2198 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2199}; 2200 2201cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2202 if (error) { 2203 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2204 } else { 2205 console.log('createX509Cert success'); 2206 try { 2207 let subjectAltNames = x509Cert.getSubjectAltNames(); 2208 } catch (err) { 2209 let e: BusinessError = err as BusinessError; 2210 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2211 } 2212 } 2213}); 2214``` 2215 2216### getIssuerAltNames 2217 2218getIssuerAltNames() : DataArray 2219 2220Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. 2221 2222**Atomic service API**: This API can be used in atomic services since API version 12. 2223 2224**System capability**: SystemCapability.Security.Cert 2225 2226**Return value** 2227 2228| Type | Description | 2229| ----------------------- | -------------------------- | 2230| [DataArray](#dataarray) | IANs obtained.| 2231 2232**Error codes** 2233 2234For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2235 2236| ID| Error Message | 2237| -------- | ------------------------------------------------- | 2238| 19020001 | memory error. | 2239| 19020002 | runtime error. | 2240| 19030001 | crypto operation error.| 2241 2242**Example** 2243 2244```ts 2245import { cert } from '@kit.DeviceCertificateKit'; 2246import { BusinessError } from '@kit.BasicServicesKit'; 2247 2248// Convert the string into a Uint8Array. 2249function stringToUint8Array(str: string): Uint8Array { 2250 let arr: Array<number> = []; 2251 for (let i = 0, j = str.length; i < j; i++) { 2252 arr.push(str.charCodeAt(i)); 2253 } 2254 return new Uint8Array(arr); 2255} 2256 2257// Certificate binary data, which varies with the service. 2258let certData = '-----BEGIN CERTIFICATE-----\n' + 2259 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2260 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2261 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2262 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2263 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2264 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2265 'Qw==\n' + 2266 '-----END CERTIFICATE-----\n'; 2267 2268let encodingBlob: cert.EncodingBlob = { 2269 data: stringToUint8Array(certData), 2270 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2271 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2272}; 2273 2274cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2275 if (error) { 2276 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2277 } else { 2278 console.log('createX509Cert success'); 2279 try { 2280 let issuerAltNames = x509Cert.getIssuerAltNames(); 2281 } catch (err) { 2282 let e: BusinessError = err as BusinessError; 2283 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2284 } 2285 } 2286}); 2287``` 2288 2289### getItem<sup>10+</sup> 2290 2291getItem(itemType: CertItemType) : DataBlob 2292 2293Obtains the fields in the X.509 certificate. 2294 2295**Atomic service API**: This API can be used in atomic services since API version 12. 2296 2297**System capability**: SystemCapability.Security.Cert 2298 2299**Return value** 2300 2301| Type | Description | 2302| --------------------- | ----------------------------------------- | 2303| [DataBlob](#datablob) | Fields in DER format.| 2304 2305**Error codes** 2306 2307For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2308 2309| ID| Error Message | 2310| -------- | ----------------------- | 2311| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2312| 19020001 | memory error. | 2313| 19020002 | runtime error. | 2314| 19030001 | crypto operation error. | 2315 2316**Example** 2317 2318```ts 2319import { cert } from '@kit.DeviceCertificateKit'; 2320import { BusinessError } from '@kit.BasicServicesKit'; 2321 2322// Convert the string into a Uint8Array. 2323function stringToUint8Array(str: string): Uint8Array { 2324 let arr: Array<number> = []; 2325 for (let i = 0, j = str.length; i < j; i++) { 2326 arr.push(str.charCodeAt(i)); 2327 } 2328 return new Uint8Array(arr); 2329} 2330 2331// Certificate binary data, which varies with the service. 2332let certData = '-----BEGIN CERTIFICATE-----\n' + 2333 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2334 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2335 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2336 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2337 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2338 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2339 'Qw==\n' + 2340 '-----END CERTIFICATE-----\n'; 2341 2342let encodingBlob: cert.EncodingBlob = { 2343 data: stringToUint8Array(certData), 2344 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2345 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2346}; 2347 2348cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2349 if (error) { 2350 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2351 } else { 2352 console.log('createX509Cert success'); 2353 try { 2354 let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); 2355 let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 2356 } catch (err) { 2357 let e: BusinessError = err as BusinessError; 2358 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2359 } 2360 } 2361}); 2362``` 2363### match<sup>11+</sup> 2364 2365match(param: X509CertMatchParameters): boolean 2366 2367Checks whether this certificate matches the specified parameters. 2368 2369**Atomic service API**: This API can be used in atomic services since API version 12. 2370 2371**System capability**: SystemCapability.Security.Cert 2372 2373**Parameters** 2374 2375| Name | Type | Mandatory| Description | 2376| --------- | ------ | ---- | ------------------------------------------ | 2377| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters specified for matching the certificate.| 2378 2379**Return value** 2380 2381| Type | Description | 2382| --------------------- | ----------------------------------------- | 2383| boolean | Returns **true** if the certificate matches the parameters specified; returns **false** otherwise.| 2384 2385**Error codes** 2386 2387For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2388 2389| ID| Error Message | 2390| -------- | ------------- | 2391| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2392| 19020001 | memory error. | 2393| 19030001 | crypto operation error. | 2394 2395**Example** 2396 2397```ts 2398import { cert } from '@kit.DeviceCertificateKit'; 2399import { BusinessError } from '@kit.BasicServicesKit'; 2400 2401// Convert the string into a Uint8Array. 2402function stringToUint8Array(str: string): Uint8Array { 2403 let arr: Array<number> = []; 2404 for (let i = 0, j = str.length; i < j; i++) { 2405 arr.push(str.charCodeAt(i)); 2406 } 2407 return new Uint8Array(arr); 2408} 2409 2410async function createX509Cert(): Promise<cert.X509Cert> { 2411 let certData = '-----BEGIN CERTIFICATE-----\n' + 2412 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 2413 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 2414 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 2415 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + 2416 '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 2417 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 2418 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 2419 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 2420 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 2421 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 2422 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 2423 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 2424 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 2425 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 2426 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 2427 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 2428 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 2429 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + 2430 '-----END CERTIFICATE-----\n'; 2431 2432 let encodingBlob: cert.EncodingBlob = { 2433 data: stringToUint8Array(certData), 2434 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2435 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2436 }; 2437 2438 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2439 try { 2440 x509Cert = await cert.createX509Cert(encodingBlob); 2441 } catch (err) { 2442 let e: BusinessError = err as BusinessError; 2443 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2444 } 2445 return x509Cert; 2446} 2447 2448async function matchX509Cert() { 2449 const x509Cert = await createX509Cert(); 2450 try { 2451 // The data varies with the service. 2452 const param: cert.X509CertMatchParameters = { 2453 x509Cert, 2454 validDate: '20241121074700Z', 2455 keyUsage: [true, false, false, false, false, false, false, false, false], 2456 publicKeyAlgID: '1.2.840.113549.1.1.1' 2457 }; 2458 const result = x509Cert.match(param); 2459 console.log('call x509Cert match success'); 2460 } catch (err) { 2461 console.error('call x509Cert match failed'); 2462 } 2463} 2464``` 2465 2466### getCRLDistributionPoint<sup>12+</sup> 2467 2468getCRLDistributionPoint(): DataArray 2469 2470Obtains the CRL distribution points of this X.509 certificate. 2471 2472**Atomic service API**: This API can be used in atomic services since API version 12. 2473 2474**System capability**: SystemCapability.Security.Cert 2475 2476**Return value** 2477 2478| Type | Description | 2479| ----------------------- | -------------------------- | 2480| [DataArray](#dataarray) | URIs of the CRL distribution points obtained.| 2481 2482**Error codes** 2483 2484For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2485 2486| ID| Error Message | 2487| -------- | ------------- | 2488| 19020001 | memory error. | 2489| 19020002 | runtime error. | 2490| 19030001 | crypto operation error. | 2491 2492**Example** 2493 2494```ts 2495import { cert } from '@kit.DeviceCertificateKit'; 2496import { BusinessError } from '@kit.BasicServicesKit'; 2497 2498// Convert the string into a Uint8Array. 2499function stringToUint8Array(str: string): Uint8Array { 2500 let arr: Array<number> = []; 2501 for (let i = 0, j = str.length; i < j; i++) { 2502 arr.push(str.charCodeAt(i)); 2503 } 2504 return new Uint8Array(arr); 2505} 2506 2507let certData = "-----BEGIN CERTIFICATE-----\n" + 2508 "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + 2509 "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + 2510 "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + 2511 "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + 2512 "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + 2513 "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + 2514 "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + 2515 "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + 2516 "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + 2517 "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + 2518 "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + 2519 "-----END CERTIFICATE-----\n"; 2520 2521 // Certificate binary data, which varies with the service. 2522let encodingBlob: cert.EncodingBlob = { 2523 data: stringToUint8Array(certData), 2524 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2525 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2526}; 2527 2528async function certGetCRLDistributionPoint() { 2529 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2530 try { 2531 x509Cert = await cert.createX509Cert(encodingBlob); 2532 console.log('createX509Cert success'); 2533 let point = x509Cert.getCRLDistributionPoint(); 2534 } catch (err) { 2535 let e: BusinessError = err as BusinessError; 2536 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2537 } 2538} 2539``` 2540 2541### getIssuerX500DistinguishedName<sup>12+</sup> 2542 2543getIssuerX500DistinguishedName(): X500DistinguishedName 2544 2545Obtains the distinguished name (DN) of the X.509 certificate issuer. 2546 2547**Atomic service API**: This API can be used in atomic services since API version 12. 2548 2549**System capability**: SystemCapability.Security.Cert 2550 2551**Return value** 2552 2553| Type | Description | 2554| --------------------- | ----------------------------------------- | 2555| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 2556 2557**Error codes** 2558 2559For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2560 2561| ID| Error Message | 2562| -------- | ------------- | 2563| 19020001 | memory error. | 2564| 19020002 | runtime error. | 2565| 19030001 | crypto operation error. | 2566 2567**Example** 2568 2569```ts 2570import { cert } from '@kit.DeviceCertificateKit'; 2571import { BusinessError } from '@kit.BasicServicesKit'; 2572 2573// Convert the string into a Uint8Array. 2574function stringToUint8Array(str: string): Uint8Array { 2575 let arr: Array<number> = []; 2576 for (let i = 0, j = str.length; i < j; i++) { 2577 arr.push(str.charCodeAt(i)); 2578 } 2579 return new Uint8Array(arr); 2580} 2581 2582let certData = "-----BEGIN CERTIFICATE-----\n" + 2583 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2584 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2585 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2586 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2587 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2588 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2589 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2590 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2591 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2592 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2593 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2594 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2595 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2596 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2597 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2598 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2599 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2600 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2601 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2602 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2603 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2604 "-----END CERTIFICATE-----\n" 2605 2606 // Certificate binary data, which varies with the service. 2607 let encodingBlob: cert.EncodingBlob = { 2608 data: stringToUint8Array(certData), 2609 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2610 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2611 }; 2612 2613async function certGetIssuerX500DistinguishedName() { 2614 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2615 try { 2616 x509Cert = await cert.createX509Cert(encodingBlob); 2617 console.log('createX509Cert success'); 2618 let name = x509Cert.getIssuerX500DistinguishedName(); 2619 } catch (err) { 2620 let e: BusinessError = err as BusinessError; 2621 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2622 } 2623} 2624``` 2625 2626### getSubjectX500DistinguishedName<sup>12+</sup> 2627 2628getSubjectX500DistinguishedName(): X500DistinguishedName 2629 2630Obtains the DN of the X.509 certificate subject (holder). 2631 2632**Atomic service API**: This API can be used in atomic services since API version 12. 2633 2634**System capability**: SystemCapability.Security.Cert 2635 2636**Return value** 2637 2638| Type | Description | 2639| --------------------- | ----------------------------------------- | 2640| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 2641 2642**Error codes** 2643 2644For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2645 2646| ID| Error Message | 2647| -------- | ------------- | 2648| 19020001 | memory error. | 2649| 19020002 | runtime error. | 2650| 19030001 | crypto operation error. | 2651 2652**Example** 2653 2654```ts 2655import { cert } from '@kit.DeviceCertificateKit'; 2656import { BusinessError } from '@kit.BasicServicesKit'; 2657 2658// Convert the string into a Uint8Array. 2659function stringToUint8Array(str: string): Uint8Array { 2660 let arr: Array<number> = []; 2661 for (let i = 0, j = str.length; i < j; i++) { 2662 arr.push(str.charCodeAt(i)); 2663 } 2664 return new Uint8Array(arr); 2665} 2666 2667let certData = "-----BEGIN CERTIFICATE-----\n" + 2668 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2669 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2670 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2671 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2672 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2673 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2674 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2675 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2676 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2677 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2678 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2679 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2680 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2681 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2682 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2683 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2684 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2685 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2686 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2687 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2688 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2689 "-----END CERTIFICATE-----\n" 2690 2691 // Certificate binary data, which varies with the service. 2692 let encodingBlob: cert.EncodingBlob = { 2693 data: stringToUint8Array(certData), 2694 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2695 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2696 }; 2697 2698async function certGetSubjectX500DistinguishedName() { 2699 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2700 try { 2701 x509Cert = await cert.createX509Cert(encodingBlob); 2702 console.log('createX509Cert success'); 2703 let name = x509Cert.getSubjectX500DistinguishedName(); 2704 } catch (err) { 2705 let e: BusinessError = err as BusinessError; 2706 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2707 } 2708} 2709``` 2710 2711### toString<sup>12+</sup> 2712 2713toString(): string 2714 2715Converts the object data into a string. 2716 2717**Atomic service API**: This API can be used in atomic services since API version 12. 2718 2719**System capability**: SystemCapability.Security.Cert 2720 2721**Return value** 2722 2723| Type | Description | 2724| --------------------- | ----------------------------------------- | 2725| string | String obtained.| 2726 2727**Error codes** 2728 2729For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2730 2731| ID| Error Message | 2732| -------- | ------------- | 2733| 19020001 | memory error. | 2734| 19020002 | runtime error. | 2735| 19030001 | crypto operation error. | 2736 2737**Example** 2738 2739```ts 2740import { cert } from '@kit.DeviceCertificateKit'; 2741import { BusinessError } from '@kit.BasicServicesKit'; 2742 2743// Convert the string into a Uint8Array. 2744function stringToUint8Array(str: string): Uint8Array { 2745 let arr: Array<number> = []; 2746 for (let i = 0, j = str.length; i < j; i++) { 2747 arr.push(str.charCodeAt(i)); 2748 } 2749 return new Uint8Array(arr); 2750} 2751 2752let certData = "-----BEGIN CERTIFICATE-----\n" + 2753 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2754 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2755 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2756 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2757 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2758 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2759 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2760 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2761 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2762 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2763 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2764 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2765 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2766 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2767 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2768 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2769 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2770 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2771 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2772 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2773 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2774 "-----END CERTIFICATE-----\n" 2775 2776 // Certificate binary data, which varies with the service. 2777 let encodingBlob: cert.EncodingBlob = { 2778 data: stringToUint8Array(certData), 2779 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2780 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2781 }; 2782 2783async function certToString() { 2784 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2785 try { 2786 x509Cert = await cert.createX509Cert(encodingBlob); 2787 console.log('createX509Cert success'); 2788 console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); 2789 } catch (err) { 2790 let e: BusinessError = err as BusinessError; 2791 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2792 } 2793} 2794``` 2795 2796### hashCode<sup>12+</sup> 2797 2798hashCode(): Uint8Array 2799 2800Obtains the hash value of the data in DER format. 2801 2802**Atomic service API**: This API can be used in atomic services since API version 12. 2803 2804**System capability**: SystemCapability.Security.Cert 2805 2806**Return value** 2807 2808| Type | Description | 2809| --------------------- | ----------------------------------------- | 2810| Uint8Array | Hash value obtained.| 2811 2812**Error codes** 2813 2814For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2815 2816| ID| Error Message | 2817| -------- | ------------- | 2818| 19020001 | memory error. | 2819| 19020002 | runtime error. | 2820| 19030001 | crypto operation error. | 2821 2822**Example** 2823 2824```ts 2825import { cert } from '@kit.DeviceCertificateKit'; 2826import { BusinessError } from '@kit.BasicServicesKit'; 2827 2828// Convert the string into a Uint8Array. 2829function stringToUint8Array(str: string): Uint8Array { 2830 let arr: Array<number> = []; 2831 for (let i = 0, j = str.length; i < j; i++) { 2832 arr.push(str.charCodeAt(i)); 2833 } 2834 return new Uint8Array(arr); 2835} 2836 2837let certData = "-----BEGIN CERTIFICATE-----\n" + 2838 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2839 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2840 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2841 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2842 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2843 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2844 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2845 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2846 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2847 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2848 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2849 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2850 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2851 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2852 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2853 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2854 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2855 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2856 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2857 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2858 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2859 "-----END CERTIFICATE-----\n" 2860 2861 // Certificate binary data, which varies with the service. 2862 let encodingBlob: cert.EncodingBlob = { 2863 data: stringToUint8Array(certData), 2864 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2865 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2866 }; 2867 2868async function certHashCode() { 2869 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2870 try { 2871 x509Cert = await cert.createX509Cert(encodingBlob); 2872 console.log('createX509Cert success'); 2873 console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); 2874 } catch (err) { 2875 let e: BusinessError = err as BusinessError; 2876 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2877 } 2878} 2879``` 2880 2881### getExtensionsObject<sup>12+</sup> 2882 2883getExtensionsObject(): CertExtension 2884 2885Obtains the certification extensions in DER format. 2886 2887**Atomic service API**: This API can be used in atomic services since API version 12. 2888 2889**System capability**: SystemCapability.Security.Cert 2890 2891**Return value** 2892 2893| Type | Description | 2894| --------------------- | ----------------------------------------- | 2895| [CertExtension](#certextension10) | Certificate extensions object obtained.| 2896 2897**Error codes** 2898 2899For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2900 2901| ID| Error Message | 2902| -------- | ------------- | 2903| 19020001 | memory error. | 2904| 19020002 | runtime error. | 2905| 19030001 | crypto operation error. | 2906 2907**Example** 2908 2909```ts 2910import { cert } from '@kit.DeviceCertificateKit'; 2911import { BusinessError } from '@kit.BasicServicesKit'; 2912 2913// Convert the string into a Uint8Array. 2914function stringToUint8Array(str: string): Uint8Array { 2915 let arr: Array<number> = []; 2916 for (let i = 0, j = str.length; i < j; i++) { 2917 arr.push(str.charCodeAt(i)); 2918 } 2919 return new Uint8Array(arr); 2920} 2921 2922let certData = "-----BEGIN CERTIFICATE-----\n" + 2923 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2924 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2925 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2926 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2927 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2928 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2929 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2930 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2931 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2932 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2933 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2934 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2935 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2936 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2937 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2938 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2939 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2940 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2941 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2942 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2943 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2944 "-----END CERTIFICATE-----\n" 2945 2946 // Certificate binary data, which varies with the service. 2947 let encodingBlob: cert.EncodingBlob = { 2948 data: stringToUint8Array(certData), 2949 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2950 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2951 }; 2952 2953async function certGetExtensionsObject() { 2954 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2955 try { 2956 x509Cert = await cert.createX509Cert(encodingBlob); 2957 console.log('createX509Cert success'); 2958 let object = x509Cert.getExtensionsObject(); 2959 } catch (err) { 2960 let e: BusinessError = err as BusinessError; 2961 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2962 } 2963} 2964``` 2965 2966## cert.createCertExtension<sup>10+</sup> 2967 2968createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 2969 2970Creates a **CertExtension** instance. This API uses an asynchronous callback to return the result. 2971 2972**Atomic service API**: This API can be used in atomic services since API version 12. 2973 2974**System capability**: SystemCapability.Security.Cert 2975 2976**Parameters** 2977 2978| Name | Type | Mandatory| Description | 2979| -------- | ------------------------------------------------- | ---- | -------------------------- | 2980| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 2981| callback | AsyncCallback\<[CertExtension](#certextension10)> | Yes | Callback used to return the **CertExtension** instance created.| 2982 2983**Error codes** 2984 2985For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2986 2987| ID| Error Message | 2988| -------- | ------------- | 2989| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2990| 801 | this operation is not supported. | 2991| 19020001 | memory error. | 2992 2993**Example** 2994 2995```ts 2996import { cert } from '@kit.DeviceCertificateKit'; 2997 2998// Binary data of the certificate extension, which varies with the services. 2999let extData = new Uint8Array([ 3000 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3001 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3002 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3003 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3004 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3005 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3006 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3007 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3008 0xD9, 0xE4 3009]); 3010 3011let encodingBlob: cert.EncodingBlob = { 3012 data: extData, 3013 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3014 encodingFormat: cert.EncodingFormat.FORMAT_DER 3015}; 3016 3017cert.createCertExtension(encodingBlob, (error, certExt) => { 3018 if (error) { 3019 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3020 } else { 3021 console.log('createCertExtension success'); 3022 } 3023}); 3024``` 3025 3026## cert.createCertExtension<sup>10+</sup> 3027 3028createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 3029 3030Creates a **CertExtension** instance. This API uses a promise to return the result. 3031 3032**Atomic service API**: This API can be used in atomic services since API version 12. 3033 3034**System capability**: SystemCapability.Security.Cert 3035 3036**Parameters** 3037 3038| Name | Type | Mandatory| Description | 3039| -------- | ----------------------------- | ---- | -------------------------- | 3040| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 3041 3042**Return value** 3043 3044| Type | Description | 3045| ------------------------------------------- | -------------------- | 3046| Promise\<[CertExtension](#certextension10)> | Promise used to return the **CertExtension** instance created.| 3047 3048**Error codes** 3049 3050For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3051 3052| ID| Error Message | 3053| -------- | ------------- | 3054| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3055| 801 | this operation is not supported. | 3056| 19020001 | memory error. | 3057 3058**Example** 3059 3060```ts 3061import { cert } from '@kit.DeviceCertificateKit'; 3062import { BusinessError } from '@kit.BasicServicesKit'; 3063 3064// Binary data of the certificate extension, which varies with the services. 3065let extData = new Uint8Array([ 3066 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3067 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3068 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3069 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3070 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3071 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3072 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3073 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3074 0xD9, 0xE4 3075]); 3076 3077let encodingBlob: cert.EncodingBlob = { 3078 data: extData, 3079 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3080 encodingFormat: cert.EncodingFormat.FORMAT_DER 3081}; 3082 3083cert.createCertExtension(encodingBlob).then(certExt => { 3084 console.log('createCertExtension success'); 3085}).catch((error: BusinessError) => { 3086 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3087}); 3088``` 3089 3090## CertExtension<sup>10+</sup> 3091 3092Provides APIs for operating the certificate extensions. 3093 3094### getEncoded<sup>10+</sup> 3095 3096getEncoded() : EncodingBlob 3097 3098Obtains the serialized data of the certificate extensions. 3099 3100**Atomic service API**: This API can be used in atomic services since API version 12. 3101 3102**System capability**: SystemCapability.Security.Cert 3103 3104**Return value** 3105 3106| Type | Description | 3107| ----------------------------- | ---------------------------- | 3108| [EncodingBlob](#encodingblob) | Serialized data obtained.| 3109 3110**Error codes** 3111 3112For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3113 3114| ID| Error Message | 3115| -------- | ----------------------- | 3116| 19020001 | memory error. | 3117| 19020002 | runtime error. | 3118| 19030001 | crypto operation error. | 3119 3120**Example** 3121 3122```ts 3123import { cert } from '@kit.DeviceCertificateKit'; 3124import { BusinessError } from '@kit.BasicServicesKit'; 3125 3126// Binary data of the certificate extension, which varies with the services. 3127let extData = new Uint8Array([ 3128 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3129 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3130 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3131 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3132 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3133 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3134 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3135 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3136 0xD9, 0xE4 3137]); 3138 3139let encodingBlob: cert.EncodingBlob = { 3140 data: extData, 3141 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3142 encodingFormat: cert.EncodingFormat.FORMAT_DER 3143}; 3144 3145cert.createCertExtension(encodingBlob, (error, certExt) => { 3146 if (error) { 3147 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3148 } else { 3149 console.log('createCertExtension success'); 3150 try { 3151 let extEncodedBlob = certExt.getEncoded(); 3152 } catch (err) { 3153 let e: BusinessError = err as BusinessError; 3154 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3155 } 3156 } 3157}); 3158``` 3159 3160### getOidList<sup>10+</sup> 3161 3162getOidList(valueType : ExtensionOidType) : DataArray 3163 3164Obtains the OIDs of the certificate extensions. 3165 3166**Atomic service API**: This API can be used in atomic services since API version 12. 3167 3168**System capability**: SystemCapability.Security.Cert 3169 3170**Parameters** 3171 3172| Name | Type | Mandatory| Description | 3173| --------- | ------------------------------------- | ---- | ------------------------------ | 3174| valueType | [ExtensionOidType](#extensionoidtype10) | Yes | Type of the OIDs to obtain.| 3175 3176**Return value** 3177 3178| Type | Description | 3179| ----------------------- | -------------------------------- | 3180| [DataArray](#dataarray) | OIDs obtained.| 3181 3182**Error codes** 3183 3184For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3185 3186| ID| Error Message | 3187| -------- | ----------------------- | 3188| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3189| 19020001 | memory error. | 3190| 19020002 | runtime error. | 3191| 19030001 | crypto operation error. | 3192 3193**Example** 3194 3195```ts 3196import { cert } from '@kit.DeviceCertificateKit'; 3197import { BusinessError } from '@kit.BasicServicesKit'; 3198 3199// Binary data of the certificate extension, which varies with the services. 3200let extData = new Uint8Array([ 3201 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3202 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3203 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3204 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3205 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3206 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3207 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3208 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3209 0xD9, 0xE4 3210]); 3211 3212let encodingBlob: cert.EncodingBlob = { 3213 data: extData, 3214 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3215 encodingFormat: cert.EncodingFormat.FORMAT_DER 3216}; 3217 3218cert.createCertExtension(encodingBlob, (error, certExt) => { 3219 if (error) { 3220 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3221 } else { 3222 console.log('createCertExtension success'); 3223 try { 3224 let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 3225 } catch (err) { 3226 let e: BusinessError = err as BusinessError; 3227 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3228 } 3229 } 3230}); 3231``` 3232 3233### getEntry<sup>10+</sup> 3234 3235getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 3236 3237Obtains the certificate extension object information. 3238 3239**Atomic service API**: This API can be used in atomic services since API version 12. 3240 3241**System capability**: SystemCapability.Security.Cert 3242 3243**Parameters** 3244 3245| Name | Type | Mandatory| Description | 3246| --------- | ----------------------------------------- | ---- | -------------------------------- | 3247| valueType | [ExtensionEntryType](#extensionentrytype10) | Yes | Type of the information to obtain. | 3248| oid | [DataBlob](#datablob) | Yes | OID of the certificate extension to obtain.| 3249 3250**Return value** 3251 3252| Type | Description | 3253| --------------------- | ---------------------------- | 3254| [DataBlob](#datablob) | Certificate extension object information obtained.| 3255 3256**Error codes** 3257 3258For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3259 3260| ID| Error Message | 3261| -------- | ----------------------- | 3262| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3263| 19020001 | memory error. | 3264| 19020002 | runtime error. | 3265| 19030001 | crypto operation error. | 3266 3267**Example** 3268 3269```ts 3270import { cert } from '@kit.DeviceCertificateKit'; 3271import { BusinessError } from '@kit.BasicServicesKit'; 3272 3273// Binary data of the certificate extension, which varies with the services. 3274let extData = new Uint8Array([ 3275 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3276 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3277 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3278 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3279 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3280 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3281 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3282 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3283 0xD9, 0xE4 3284]); 3285 3286let encodingBlob: cert.EncodingBlob = { 3287 data: extData, 3288 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3289 encodingFormat: cert.EncodingFormat.FORMAT_DER 3290}; 3291 3292cert.createCertExtension(encodingBlob, (error, certExt) => { 3293 if (error) { 3294 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3295 } else { 3296 console.log('createCertExtension success'); 3297 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 3298 let oidBlob: cert.DataBlob = { 3299 data: oid 3300 } 3301 try { 3302 let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 3303 } catch (err) { 3304 let e: BusinessError = err as BusinessError; 3305 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3306 } 3307 } 3308}); 3309``` 3310 3311 3312### checkCA<sup>10+</sup> 3313 3314checkCA() : number 3315 3316Checks whether the certificate is a CA certificate. 3317 3318**Atomic service API**: This API can be used in atomic services since API version 12. 3319 3320**System capability**: SystemCapability.Security.Cert 3321 3322**Return value** 3323 3324| Type | Description | 3325| ------ | ------------------------------------------------------------ | 3326| number | If the key purpose in the certificate extension contains signing and the CA field in the basic constraints is **true**, the certificate is a CA certificate. Returns **-1** if the certificate is not a CA certificate; returns the path length in the basic constraints otherwise. Returns **-2** if the certificate is a CA certificate but the path length is not specified in the basic constraints, which means the path length is not limited.| 3327 3328**Error codes** 3329 3330For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3331 3332| ID| Error Message | 3333| -------- | ----------------------- | 3334| 19020001 | memory error. | 3335| 19020002 | runtime error. | 3336| 19030001 | crypto operation error. | 3337 3338**Example** 3339 3340```ts 3341import { cert } from '@kit.DeviceCertificateKit'; 3342import { BusinessError } from '@kit.BasicServicesKit'; 3343 3344// Binary data of the certificate extension, which varies with the services. 3345let extData = new Uint8Array([ 3346 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3347 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3348 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3349 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3350 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3351 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3352 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3353 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3354 0xD9, 0xE4 3355]); 3356 3357let encodingBlob: cert.EncodingBlob = { 3358 data: extData, 3359 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3360 encodingFormat: cert.EncodingFormat.FORMAT_DER 3361}; 3362cert.createCertExtension(encodingBlob, (error, certExt) => { 3363 if (error) { 3364 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3365 } else { 3366 console.log('createCertExtension success'); 3367 try { 3368 let res = certExt.checkCA(); 3369 } catch (err) { 3370 let e: BusinessError = err as BusinessError; 3371 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3372 } 3373 } 3374}); 3375``` 3376 3377### hasUnsupportedCriticalExtension<sup>11+</sup> 3378 3379hasUnsupportedCriticalExtension(): boolean 3380 3381Checks whether there is critical extension that is not supported. 3382 3383**Atomic service API**: This API can be used in atomic services since API version 12. 3384 3385**System capability**: SystemCapability.Security.Cert 3386 3387**Return value** 3388 3389| Type | Description | 3390| ------- | ------------------------------------------------------- | 3391| boolean | Returns **true** if unsupported critical extension is found; returns **false** otherwise.| 3392 3393**Error codes** 3394 3395For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3396 3397| ID| Error Message | 3398| -------- | ----------------------- | 3399| 19020001 | memory error. | 3400| 19020002 | runtime error. | 3401| 19030001 | crypto operation error. | 3402 3403**Example** 3404 3405```ts 3406import { cert } from '@kit.DeviceCertificateKit'; 3407import { BusinessError } from '@kit.BasicServicesKit'; 3408 3409let encodingData = new Uint8Array([ 3410 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3411 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3412 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3413 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3414 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3415 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3416 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3417 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3418 0xD9, 0xE4 3419]); 3420let encodingBlob: cert.EncodingBlob = { 3421 data: new Uint8Array(encodingData), 3422 encodingFormat: cert.EncodingFormat.FORMAT_DER 3423}; 3424 3425cert.createCertExtension(encodingBlob).then((extensionObj) => { 3426 console.log('createCertExtension success!'); 3427 const result = extensionObj.hasUnsupportedCriticalExtension() 3428 console.log('has unsupported critical extension result is:' + result); 3429}).catch((err: BusinessError) => { 3430 console.error('createCertExtension failed'); 3431}); 3432``` 3433 3434## cert.createX509Crl<sup>(deprecated)</sup> 3435 3436createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 3437 3438Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 3439 3440> **NOTE** 3441> 3442> This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11) instead. 3443 3444**System capability**: SystemCapability.Security.Cert 3445 3446**Parameters** 3447 3448| Name | Type | Mandatory| Description | 3449| -------- | ----------------------------------- | ---- | ------------------------------ | 3450| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. | 3451| callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | Yes | Callback used to return the **X509Crl** instance created.| 3452 3453**Error codes** 3454 3455For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3456 3457| ID| Error Message | 3458| -------- | ------------- | 3459| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3460| 801 | this operation is not supported. | 3461| 19020001 | memory error. | 3462 3463**Example** 3464 3465```ts 3466import { cert } from '@kit.DeviceCertificateKit'; 3467 3468// Convert the string into a Uint8Array. 3469function stringToUint8Array(str: string): Uint8Array { 3470 let arr: Array<number> = []; 3471 for (let i = 0, j = str.length; i < j; i++) { 3472 arr.push(str.charCodeAt(i)); 3473 } 3474 return new Uint8Array(arr); 3475} 3476 3477let crlData = '-----BEGIN X509 CRL-----\n' + 3478 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3479 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3480 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3481 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3482 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3483 'eavsH0Q3\n' + 3484 '-----END X509 CRL-----\n'; 3485 3486// Binary data of the CRL, which varies with the service. 3487let encodingBlob: cert.EncodingBlob = { 3488 data: stringToUint8Array(crlData), 3489 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3490 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3491}; 3492 3493cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3494 if (error) { 3495 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3496 } else { 3497 console.log('createX509Crl success'); 3498 } 3499}); 3500``` 3501 3502## cert.createX509Crl<sup>(deprecated)</sup> 3503 3504createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 3505 3506Creates an **X509Crl** instance. This API uses a promise to return the result. 3507 3508> **NOTE** 3509> 3510> This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11-1) instead. 3511 3512**System capability**: SystemCapability.Security.Cert 3513 3514**Parameters** 3515 3516| Name | Type | Mandatory| Description | 3517| -------- | ----------------------------- | ---- | -------------------------- | 3518| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 3519 3520**Return value** 3521 3522| Type | Description | 3523| ----------------------------- | -------------------- | 3524| Promise\<[X509Crl](#x509crldeprecated)> | Promise used to return the **X509Crl** instance created.| 3525 3526**Error codes** 3527 3528For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3529 3530| ID| Error Message | 3531| -------- | ------------- | 3532| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3533| 801 | this operation is not supported. | 3534| 19020001 | memory error. | 3535 3536**Example** 3537 3538```ts 3539import { cert } from '@kit.DeviceCertificateKit'; 3540import { BusinessError } from '@kit.BasicServicesKit'; 3541 3542// Convert the string into a Uint8Array. 3543function stringToUint8Array(str: string): Uint8Array { 3544 let arr: Array<number> = []; 3545 for (let i = 0, j = str.length; i < j; i++) { 3546 arr.push(str.charCodeAt(i)); 3547 } 3548 return new Uint8Array(arr); 3549} 3550 3551let crlData = '-----BEGIN X509 CRL-----\n' + 3552 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3553 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3554 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3555 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3556 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3557 'eavsH0Q3\n' + 3558 '-----END X509 CRL-----\n'; 3559 3560// Binary data of the CRL, which varies with the service. 3561let encodingBlob: cert.EncodingBlob = { 3562 data: stringToUint8Array(crlData), 3563 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3564 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3565}; 3566 3567cert.createX509Crl(encodingBlob).then(x509Crl => { 3568 console.log('createX509Crl success'); 3569}).catch((error: BusinessError) => { 3570 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3571}); 3572``` 3573 3574## cert.createX509CRL<sup>11+</sup> 3575 3576createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 3577 3578Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 3579 3580**Atomic service API**: This API can be used in atomic services since API version 12. 3581 3582**System capability**: SystemCapability.Security.Cert 3583 3584**Parameters** 3585 3586| Name | Type | Mandatory| Description | 3587| -------- | ------------------------------------- | ---- | ------------------------------ | 3588| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. | 3589| callback | AsyncCallback\<[X509CRL](#x509crl11)> | Yes | Callback used to return the **X509Crl** instance created.| 3590 3591**Error codes** 3592 3593For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3594 3595| ID| Error Message | 3596| -------- | ------------- | 3597| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3598| 801 | this operation is not supported. | 3599| 19020001 | memory error. | 3600 3601**Example** 3602 3603```ts 3604import { cert } from '@kit.DeviceCertificateKit'; 3605 3606// Convert the string into a Uint8Array. 3607function stringToUint8Array(str: string): Uint8Array { 3608 let arr: Array<number> = []; 3609 for (let i = 0, j = str.length; i < j; i++) { 3610 arr.push(str.charCodeAt(i)); 3611 } 3612 return new Uint8Array(arr); 3613} 3614 3615let crlData = '-----BEGIN X509 CRL-----\n' + 3616 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3617 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3618 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3619 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3620 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3621 'eavsH0Q3\n' + 3622 '-----END X509 CRL-----\n'; 3623 3624// Binary data of the CRL, which varies with the service. 3625let encodingBlob: cert.EncodingBlob = { 3626 data: stringToUint8Array(crlData), 3627 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3628 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3629}; 3630 3631cert.createX509CRL(encodingBlob, (error, X509CRL) => { 3632 if (error) { 3633 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3634 } else { 3635 console.log('createX509CRL success'); 3636 } 3637}); 3638``` 3639 3640## cert.createX509CRL<sup>11+</sup> 3641 3642createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 3643 3644Creates an **X509Crl** instance. This API uses a promise to return the result. 3645 3646**Atomic service API**: This API can be used in atomic services since API version 12. 3647 3648**System capability**: SystemCapability.Security.Cert 3649 3650**Parameters** 3651 3652| Name | Type | Mandatory| Description | 3653| -------- | ----------------------------- | ---- | -------------------------- | 3654| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 3655 3656**Return value** 3657 3658| Type | Description | 3659| ------------------------------- | -------------------- | 3660| Promise\<[X509CRL](#x509crl11)> | Promise used to return the **X509Crl** instance created.| 3661 3662**Error codes** 3663 3664For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3665 3666| ID| Error Message | 3667| -------- | ------------- | 3668| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3669| 801 | this operation is not supported. | 3670| 19020001 | memory error. | 3671 3672**Example** 3673 3674```ts 3675import { cert } from '@kit.DeviceCertificateKit'; 3676import { BusinessError } from '@kit.BasicServicesKit'; 3677 3678// Convert the string into a Uint8Array. 3679function stringToUint8Array(str: string): Uint8Array { 3680 let arr: Array<number> = []; 3681 for (let i = 0, j = str.length; i < j; i++) { 3682 arr.push(str.charCodeAt(i)); 3683 } 3684 return new Uint8Array(arr); 3685} 3686 3687let crlData = '-----BEGIN X509 CRL-----\n' + 3688 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3689 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3690 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3691 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3692 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3693 'eavsH0Q3\n' + 3694 '-----END X509 CRL-----\n'; 3695 3696// Binary data of the CRL, which varies with the service. 3697let encodingBlob: cert.EncodingBlob = { 3698 data: stringToUint8Array(crlData), 3699 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3700 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3701}; 3702 3703cert.createX509CRL(encodingBlob).then(X509CRL => { 3704 console.log('createX509CRL success'); 3705}).catch((error: BusinessError) => { 3706 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3707}); 3708``` 3709 3710## X509Crl<sup>(deprecated)</sup> 3711 3712Provides APIs for X.509 certificate CRL operations. 3713 3714> **NOTE** 3715> 3716> This API is deprecated since API version 11. Use [X509CRL](#x509crl11) instead. 3717 3718### isRevoked<sup>(deprecated)</sup> 3719 3720isRevoked(cert : X509Cert) : boolean 3721 3722Checks whether an X.509 certificate is revoked. 3723 3724> **NOTE** 3725> 3726> This API is deprecated since API version 11. Use [X509CRL.isRevoked](#isrevoked11) instead. 3727 3728**System capability**: SystemCapability.Security.Cert 3729 3730**Parameters** 3731 3732| Name| Type | Mandatory| Description | 3733| ------ | -------- | ---- | -------------------- | 3734| cert | X509Cert | Yes | X.509 certificate to check.| 3735 3736**Return value** 3737 3738| Type | Description | 3739| --------- | --------------------------------------------- | 3740| boolean | Returns **true** if the certificate is revoked; returns **false** otherwise.| 3741 3742**Error codes** 3743 3744For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3745 3746| ID| Error Message | 3747| -------- | ------------- | 3748| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3749 3750**Example** 3751 3752```ts 3753import { cert } from '@kit.DeviceCertificateKit'; 3754import { BusinessError } from '@kit.BasicServicesKit'; 3755 3756// Convert the string into a Uint8Array. 3757function stringToUint8Array(str: string): Uint8Array { 3758 let arr: Array<number> = []; 3759 for (let i = 0, j = str.length; i < j; i++) { 3760 arr.push(str.charCodeAt(i)); 3761 } 3762 return new Uint8Array(arr); 3763} 3764 3765let crlData = '-----BEGIN X509 CRL-----\n' + 3766 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3767 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3768 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3769 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3770 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3771 'eavsH0Q3\n' + 3772 '-----END X509 CRL-----\n'; 3773 3774let certData = '-----BEGIN CERTIFICATE-----\n' + 3775 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 3776 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 3777 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 3778 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 3779 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 3780 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 3781 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 3782 '-----END CERTIFICATE-----\n'; 3783 3784// Binary data of the CRL, which varies with the service. 3785let encodingBlob: cert.EncodingBlob = { 3786 data: stringToUint8Array(crlData), 3787 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3788 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3789}; 3790 3791let certEncodingBlob: cert.EncodingBlob = { 3792 data: stringToUint8Array(certData), 3793 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3794 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3795}; 3796 3797cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3798 if (error) { 3799 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3800 } else { 3801 console.log('createX509Crl success'); 3802 // Create an X509Cert instance. 3803 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 3804 if (error) { 3805 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3806 } else { 3807 try { 3808 let revokedFlag = x509Crl.isRevoked(x509Cert); 3809 } catch (error) { 3810 let e: BusinessError = error as BusinessError; 3811 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3812 } 3813 } 3814 }); 3815 } 3816}); 3817``` 3818 3819### getType<sup>(deprecated)</sup> 3820 3821getType() : string 3822 3823Obtains the CRL type. 3824 3825> **NOTE** 3826> 3827> This API is deprecated since API version 11. Use [X509CRL.getType](#gettype11) instead. 3828 3829**System capability**: SystemCapability.Security.Cert 3830 3831**Return value** 3832 3833| Type | Description | 3834| ------ | -------------------- | 3835| string | CRL type obtained.| 3836 3837**Example** 3838 3839```ts 3840import { cert } from '@kit.DeviceCertificateKit'; 3841 3842// Convert the string into a Uint8Array. 3843function stringToUint8Array(str: string): Uint8Array { 3844 let arr: Array<number> = []; 3845 for (let i = 0, j = str.length; i < j; i++) { 3846 arr.push(str.charCodeAt(i)); 3847 } 3848 return new Uint8Array(arr); 3849} 3850 3851let crlData = '-----BEGIN X509 CRL-----\n' + 3852 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3853 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3854 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3855 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3856 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3857 'eavsH0Q3\n' + 3858 '-----END X509 CRL-----\n'; 3859 3860// Binary data of the CRL, which varies with the service. 3861let encodingBlob: cert.EncodingBlob = { 3862 data: stringToUint8Array(crlData), 3863 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3864 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3865}; 3866 3867cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3868 if (error) { 3869 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3870 } else { 3871 console.log('createX509Crl success'); 3872 let type = x509Crl.getType(); 3873 } 3874}); 3875``` 3876 3877### getEncoded<sup>(deprecated)</sup> 3878 3879getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 3880 3881Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 3882 3883> **NOTE** 3884> 3885> This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11) instead. 3886 3887**System capability**: SystemCapability.Security.Cert 3888 3889**Parameters** 3890 3891| Name | Type | Mandatory| Description | 3892| -------- | ---------------------------- | ---- | ------------------------------------------ | 3893| callback | AsyncCallback\<EncodingBlob> | Yes | Callback used to return the serialized X.509 CRL data obtained.| 3894 3895**Error codes** 3896 3897For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3898 3899| ID| Error Message | 3900| -------- | ----------------------- | 3901| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3902| 19020001 | memory error. | 3903| 19020002 | runtime error. | 3904| 19030001 | crypto operation error. | 3905 3906**Example** 3907 3908```ts 3909import { cert } from '@kit.DeviceCertificateKit'; 3910 3911// Convert the string into a Uint8Array. 3912function stringToUint8Array(str: string): Uint8Array { 3913 let arr: Array<number> = []; 3914 for (let i = 0, j = str.length; i < j; i++) { 3915 arr.push(str.charCodeAt(i)); 3916 } 3917 return new Uint8Array(arr); 3918} 3919 3920let crlData = '-----BEGIN X509 CRL-----\n' + 3921 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3922 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3923 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3924 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3925 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3926 'eavsH0Q3\n' + 3927 '-----END X509 CRL-----\n'; 3928 3929// Binary data of the CRL, which varies with the service. 3930let encodingBlob: cert.EncodingBlob = { 3931 data: stringToUint8Array(crlData), 3932 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3933 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3934}; 3935 3936cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3937 if (error) { 3938 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3939 } else { 3940 console.log('createX509Crl success'); 3941 x509Crl.getEncoded((error, data) => { 3942 if (error) { 3943 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3944 } else { 3945 console.log('getEncoded success'); 3946 } 3947 }); 3948 } 3949}); 3950``` 3951 3952### getEncoded<sup>(deprecated)</sup> 3953 3954getEncoded() : Promise\<EncodingBlob> 3955 3956Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 3957 3958> **NOTE** 3959> 3960> This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11-1) instead. 3961 3962**System capability**: SystemCapability.Security.Cert 3963 3964**Return value** 3965 3966| Type | Description | 3967| ---------------------- | -------------------------------- | 3968| Promise\<EncodingBlob> | Promise used to return the serialized X.509 CRL data obtained.| 3969 3970**Error codes** 3971 3972For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3973 3974| ID| Error Message | 3975| -------- | ----------------------- | 3976| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3977| 19020001 | memory error. | 3978| 19020002 | runtime error. | 3979| 19030001 | crypto operation error. | 3980 3981**Example** 3982 3983```ts 3984import { cert } from '@kit.DeviceCertificateKit'; 3985import { BusinessError } from '@kit.BasicServicesKit'; 3986 3987// Convert the string into a Uint8Array. 3988function stringToUint8Array(str: string): Uint8Array { 3989 let arr: Array<number> = []; 3990 for (let i = 0, j = str.length; i < j; i++) { 3991 arr.push(str.charCodeAt(i)); 3992 } 3993 return new Uint8Array(arr); 3994} 3995 3996let crlData = '-----BEGIN X509 CRL-----\n' + 3997 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3998 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3999 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4000 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4001 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4002 'eavsH0Q3\n' + 4003 '-----END X509 CRL-----\n'; 4004 4005// Binary data of the CRL, which varies with the service. 4006let encodingBlob: cert.EncodingBlob = { 4007 data: stringToUint8Array(crlData), 4008 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4009 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4010}; 4011 4012cert.createX509Crl(encodingBlob).then(x509Crl => { 4013 console.log('createX509Crl success'); 4014 x509Crl.getEncoded().then(result => { 4015 console.log('getEncoded success'); 4016 }).catch((error: BusinessError) => { 4017 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4018 }); 4019}).catch((error: BusinessError) => { 4020 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4021}); 4022``` 4023 4024### verify<sup>(deprecated)</sup> 4025 4026verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 4027 4028Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 4029 4030> **NOTE** 4031> 4032> This API is deprecated since API version 11. Use [X509CRL.verify](#verify11) instead. 4033 4034**System capability**: SystemCapability.Security.Cert 4035 4036**Parameters** 4037 4038| Name | Type | Mandatory| Description | 4039| -------- | -------------------- | ---- | ------------------------------------------------------------ | 4040| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 4041| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 4042 4043**Error codes** 4044 4045For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4046 4047| ID| Error Message | 4048| -------- | ----------------------- | 4049| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4050| 19030001 | crypto operation error. | 4051 4052**Example** 4053 4054```ts 4055import { cert } from '@kit.DeviceCertificateKit'; 4056import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 4057import { BusinessError } from '@kit.BasicServicesKit'; 4058 4059// Convert the string into a Uint8Array. 4060function stringToUint8Array(str: string): Uint8Array { 4061 let arr: Array<number> = []; 4062 for (let i = 0, j = str.length; i < j; i++) { 4063 arr.push(str.charCodeAt(i)); 4064 } 4065 return new Uint8Array(arr); 4066} 4067 4068let crlData = '-----BEGIN X509 CRL-----\n' + 4069 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4070 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4071 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4072 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4073 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4074 'eavsH0Q3\n' + 4075 '-----END X509 CRL-----\n'; 4076 4077let pubKeyData = new Uint8Array([ 4078 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4079 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4080 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4081 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4082 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4083 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4084 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4085 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4086 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4087 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4088 0x00, 0x01 4089]); 4090 4091let priKeyData = new Uint8Array([ 4092 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4093 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4094 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4095 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4096 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4097 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4098 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4099 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4100 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4101 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4102 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4103 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4104 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4105 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4106 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4107 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4108 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4109 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4110 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4111 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4112 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4113 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4114 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4115 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4116 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4117 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4118 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4119 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4120 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4121 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4122 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4123 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4124 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4125 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4126 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4127 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4128 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4129 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4130 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4131 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4132]); 4133 4134// Binary data of the CRL, which varies with the service. 4135let encodingBlob: cert.EncodingBlob = { 4136 data: stringToUint8Array(crlData), 4137 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4138 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4139}; 4140 4141cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4142 if (error) { 4143 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4144 } else { 4145 console.log('createX509Crl success'); 4146 try { 4147 // Generate the public key by AsyKeyGenerator. 4148 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4149 console.log('createAsyKeyGenerator success'); 4150 let priEncodingBlob: cryptoFramework.DataBlob = { 4151 data: priKeyData, 4152 }; 4153 let pubEncodingBlob: cryptoFramework.DataBlob = { 4154 data: pubKeyData, 4155 }; 4156 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 4157 if (e) { 4158 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 4159 } else { 4160 console.log('convert key success'); 4161 x509Crl.verify(keyPair.pubKey, (err, data) => { 4162 if (err) { 4163 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4164 } else { 4165 console.log('verify success'); 4166 } 4167 }); 4168 } 4169 }) 4170 } catch (error) { 4171 let e: BusinessError = error as BusinessError; 4172 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4173 } 4174 } 4175}); 4176``` 4177 4178### verify<sup>(deprecated)</sup> 4179 4180verify(key : cryptoFramework.PubKey) : Promise\<void> 4181 4182Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 4183 4184> **NOTE** 4185> 4186> This API is deprecated since API version 11. Use [X509CRL.verify](#verify11-1) instead. 4187 4188**System capability**: SystemCapability.Security.Cert 4189 4190**Parameters** 4191 4192| Name| Type | Mandatory| Description | 4193| ------ | ------ | ---- | ---------------------- | 4194| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 4195 4196**Return value** 4197 4198| Type| Description | 4199| ---- | ------------------------------------------------------------ | 4200| Promise\<void> | Promise used to return the result.| 4201 4202**Error codes** 4203 4204For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4205 4206| ID| Error Message | 4207| -------- | ----------------------- | 4208| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4209| 19030001 | crypto operation error. | 4210 4211**Example** 4212 4213```ts 4214import { cert } from '@kit.DeviceCertificateKit'; 4215import { cryptoFramework } from '@kit.CryptoArchitectureKit' 4216import { BusinessError } from '@kit.BasicServicesKit'; 4217 4218// Convert the string into a Uint8Array. 4219function stringToUint8Array(str: string): Uint8Array { 4220 let arr: Array<number> = []; 4221 for (let i = 0, j = str.length; i < j; i++) { 4222 arr.push(str.charCodeAt(i)); 4223 } 4224 return new Uint8Array(arr); 4225} 4226 4227let crlData = '-----BEGIN X509 CRL-----\n' + 4228 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4229 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4230 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4231 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4232 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4233 'eavsH0Q3\n' + 4234 '-----END X509 CRL-----\n'; 4235 4236let pubKeyData = new Uint8Array([ 4237 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4238 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4239 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4240 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4241 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4242 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4243 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4244 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4245 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4246 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4247 0x00, 0x01 4248]); 4249 4250let priKeyData = new Uint8Array([ 4251 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4252 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4253 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4254 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4255 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4256 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4257 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4258 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4259 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4260 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4261 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4262 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4263 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4264 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4265 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4266 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4267 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4268 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4269 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4270 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4271 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4272 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4273 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4274 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4275 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4276 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4277 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4278 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4279 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4280 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4281 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4282 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4283 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4284 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4285 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4286 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4287 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4288 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4289 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4290 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4291]); 4292 4293// Binary data of the CRL, which varies with the service. 4294let encodingBlob: cert.EncodingBlob = { 4295 data: stringToUint8Array(crlData), 4296 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4297 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4298}; 4299 4300cert.createX509Crl(encodingBlob).then(x509Crl => { 4301 console.log('createX509Crl success'); 4302 4303 try { 4304 // Generate a public key object. 4305 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4306 console.log('createAsyKeyGenerator success'); 4307 let priEncodingBlob: cryptoFramework.DataBlob = { 4308 data: priKeyData, 4309 }; 4310 let pubEncodingBlob: cryptoFramework.DataBlob = { 4311 data: pubKeyData, 4312 }; 4313 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4314 console.log('convert key success'); 4315 x509Crl.verify(keyPair.pubKey).then(result => { 4316 console.log('verify success'); 4317 }).catch((error: BusinessError) => { 4318 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4319 }); 4320 }).catch((error: BusinessError) => { 4321 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4322 }); 4323 } catch (error) { 4324 let e: BusinessError = error as BusinessError; 4325 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4326 } 4327}).catch((error: BusinessError) => { 4328 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4329}); 4330``` 4331 4332### getVersion<sup>(deprecated)</sup> 4333 4334getVersion() : number 4335 4336Obtains the version of the X.509 CRL. 4337 4338> **NOTE** 4339> 4340> This API is deprecated since API version 11. Use [X509CRL.getVersion](#getversion11) instead. 4341 4342**System capability**: SystemCapability.Security.Cert 4343 4344**Return value** 4345 4346| Type | Description | 4347| ------ | -------------------------------- | 4348| number | Version of the X.509 CRL obtained.| 4349 4350**Example** 4351 4352```ts 4353import { cert } from '@kit.DeviceCertificateKit'; 4354 4355// Convert the string into a Uint8Array. 4356function stringToUint8Array(str: string): Uint8Array { 4357 let arr: Array<number> = []; 4358 for (let i = 0, j = str.length; i < j; i++) { 4359 arr.push(str.charCodeAt(i)); 4360 } 4361 return new Uint8Array(arr); 4362} 4363 4364let crlData = '-----BEGIN X509 CRL-----\n' + 4365 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4366 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4367 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4368 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4369 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4370 'eavsH0Q3\n' + 4371 '-----END X509 CRL-----\n'; 4372 4373// Binary data of the CRL, which varies with the service. 4374let encodingBlob: cert.EncodingBlob = { 4375 data: stringToUint8Array(crlData), 4376 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4377 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4378}; 4379 4380cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4381 if (error) { 4382 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4383 } else { 4384 console.log('createX509Crl success'); 4385 let version = x509Crl.getVersion(); 4386 } 4387}); 4388``` 4389 4390### getIssuerName<sup>(deprecated)</sup> 4391 4392getIssuerName() : DataBlob 4393 4394Obtains the issuer of the X.509 CRL. 4395 4396> **NOTE** 4397> 4398> This API is deprecated since API version 11. Use [X509CRL.getIssuerName](#getissuername11) instead. 4399 4400**System capability**: SystemCapability.Security.Cert 4401 4402**Return value** 4403 4404| Type | Description | 4405| --------------------- | ------------------------------ | 4406| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 4407 4408**Error codes** 4409 4410For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4411 4412| ID| Error Message | 4413| -------- | ----------------------- | 4414| 19020001 | memory error. | 4415| 19020002 | runtime error. | 4416| 19030001 | crypto operation error. | 4417 4418**Example** 4419 4420```ts 4421import { cert } from '@kit.DeviceCertificateKit'; 4422import { BusinessError } from '@kit.BasicServicesKit'; 4423 4424// Convert the string into a Uint8Array. 4425function stringToUint8Array(str: string): Uint8Array { 4426 let arr: Array<number> = []; 4427 for (let i = 0, j = str.length; i < j; i++) { 4428 arr.push(str.charCodeAt(i)); 4429 } 4430 return new Uint8Array(arr); 4431} 4432 4433let crlData = '-----BEGIN X509 CRL-----\n' + 4434 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4435 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4436 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4437 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4438 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4439 'eavsH0Q3\n' + 4440 '-----END X509 CRL-----\n'; 4441 4442// Binary data of the CRL, which varies with the service. 4443let encodingBlob: cert.EncodingBlob = { 4444 data: stringToUint8Array(crlData), 4445 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4446 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4447}; 4448 4449cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4450 if (error) { 4451 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4452 } else { 4453 console.log('createX509Crl success'); 4454 try { 4455 let issuerName = x509Crl.getIssuerName(); 4456 } catch (err) { 4457 let e: BusinessError = err as BusinessError; 4458 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4459 } 4460 } 4461}); 4462``` 4463 4464### getLastUpdate<sup>(deprecated)</sup> 4465 4466getLastUpdate() : string 4467 4468Obtains the last update date of this X.509 CRL. 4469 4470> **NOTE** 4471> 4472> This API is deprecated since API version 11. Use [X509CRL.getLastUpdate](#getlastupdate11) instead. 4473 4474**System capability**: SystemCapability.Security.Cert 4475 4476**Return value** 4477 4478| Type | Description | 4479| ------ | ------------------------------------ | 4480| string | Last update date of the X.509 CRL, in ASN.1 format.| 4481 4482**Error codes** 4483 4484For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4485 4486| ID| Error Message | 4487| -------- | ----------------------- | 4488| 19020001 | memory error. | 4489| 19020002 | runtime error. | 4490| 19030001 | crypto operation error. | 4491 4492**Example** 4493 4494```ts 4495import { cert } from '@kit.DeviceCertificateKit'; 4496import { BusinessError } from '@kit.BasicServicesKit'; 4497 4498// Convert the string into a Uint8Array. 4499function stringToUint8Array(str: string): Uint8Array { 4500 let arr: Array<number> = []; 4501 for (let i = 0, j = str.length; i < j; i++) { 4502 arr.push(str.charCodeAt(i)); 4503 } 4504 return new Uint8Array(arr); 4505} 4506 4507let crlData = '-----BEGIN X509 CRL-----\n' + 4508 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4509 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4510 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4511 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4512 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4513 'eavsH0Q3\n' + 4514 '-----END X509 CRL-----\n'; 4515 4516// Binary data of the CRL, which varies with the service. 4517let encodingBlob: cert.EncodingBlob = { 4518 data: stringToUint8Array(crlData), 4519 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4520 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4521}; 4522 4523cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4524 if (error) { 4525 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4526 } else { 4527 console.log('createX509Crl success'); 4528 try { 4529 let lastUpdate = x509Crl.getLastUpdate(); 4530 } catch (err) { 4531 let e: BusinessError = err as BusinessError; 4532 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4533 } 4534 } 4535}); 4536``` 4537 4538### getNextUpdate<sup>(deprecated)</sup> 4539 4540getNextUpdate() : string 4541 4542Obtains the next update date of this CRL. 4543 4544> **NOTE** 4545> 4546> This API is deprecated since API version 11. Use [X509CRL.getNextUpdate](#getnextupdate11) instead. 4547 4548**System capability**: SystemCapability.Security.Cert 4549 4550**Return value** 4551 4552| Type | Description | 4553| ------ | ------------------------------------ | 4554| string | Next update date of the CRL, in ASN.1 format.| 4555 4556**Error codes** 4557 4558For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4559 4560| ID| Error Message | 4561| -------- | ----------------------- | 4562| 19020001 | memory error. | 4563| 19020002 | runtime error. | 4564| 19030001 | crypto operation error. | 4565 4566**Example** 4567 4568```ts 4569import { cert } from '@kit.DeviceCertificateKit'; 4570import { BusinessError } from '@kit.BasicServicesKit'; 4571 4572// Convert the string into a Uint8Array. 4573function stringToUint8Array(str: string): Uint8Array { 4574 let arr: Array<number> = []; 4575 for (let i = 0, j = str.length; i < j; i++) { 4576 arr.push(str.charCodeAt(i)); 4577 } 4578 return new Uint8Array(arr); 4579} 4580 4581let crlData = '-----BEGIN X509 CRL-----\n' + 4582 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4583 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4584 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4585 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4586 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4587 'eavsH0Q3\n' + 4588 '-----END X509 CRL-----\n'; 4589 4590// Binary data of the CRL, which varies with the service. 4591let encodingBlob: cert.EncodingBlob = { 4592 data: stringToUint8Array(crlData), 4593 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4594 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4595}; 4596 4597cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4598 if (error) { 4599 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4600 } else { 4601 console.log('createX509Crl success'); 4602 try { 4603 let nextUpdate = x509Crl.getNextUpdate(); 4604 } catch (err) { 4605 let e: BusinessError = err as BusinessError; 4606 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4607 } 4608 } 4609}); 4610``` 4611 4612### getRevokedCert<sup>(deprecated)</sup> 4613 4614getRevokedCert(serialNumber : number) : X509CrlEntry 4615 4616Obtains the revoked X.509 certificate based on the specified serial number of the certificate. 4617 4618> **NOTE** 4619> 4620> This API is deprecated since API version 11. Use [X509CRL.getRevokedCert](#getrevokedcert11) instead. 4621 4622**System capability**: SystemCapability.Security.Cert 4623 4624**Parameters** 4625 4626| Name | Type | Mandatory| Description | 4627| ------------ | ------ | ---- | -------------- | 4628| serialNumber | number | Yes | Serial number of the certificate.| 4629 4630**Return value** 4631 4632| Type | Description | 4633| ---------------------- | --------------------- | 4634| [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| 4635 4636**Error codes** 4637 4638For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4639 4640| ID| Error Message | 4641| -------- | ----------------------- | 4642| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4643| 19020001 | memory error. | 4644| 19030001 | crypto operation error. | 4645 4646**Example** 4647 4648```ts 4649import { cert } from '@kit.DeviceCertificateKit'; 4650import { BusinessError } from '@kit.BasicServicesKit'; 4651 4652// Convert the string into a Uint8Array. 4653function stringToUint8Array(str: string): Uint8Array { 4654 let arr: Array<number> = []; 4655 for (let i = 0, j = str.length; i < j; i++) { 4656 arr.push(str.charCodeAt(i)); 4657 } 4658 return new Uint8Array(arr); 4659} 4660 4661let crlData = '-----BEGIN X509 CRL-----\n' + 4662 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4663 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4664 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4665 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4666 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4667 'eavsH0Q3\n' + 4668 '-----END X509 CRL-----\n'; 4669 4670// Binary data of the CRL, which varies with the service. 4671let encodingBlob: cert.EncodingBlob = { 4672 data: stringToUint8Array(crlData), 4673 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4674 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4675}; 4676 4677cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4678 if (error) { 4679 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4680 } else { 4681 console.log('createX509Crl success'); 4682 let serialNumber = 1000; 4683 try { 4684 let entry = x509Crl.getRevokedCert(serialNumber); 4685 } catch (error) { 4686 let e: BusinessError = error as BusinessError; 4687 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4688 } 4689 } 4690}); 4691``` 4692 4693### getRevokedCertWithCert<sup>(deprecated)</sup> 4694 4695getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 4696 4697Obtains the revoked X.509 certificate based on the specified certificate. 4698 4699> **NOTE** 4700> 4701> This API is deprecated since API version 11. Use [X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11) instead. 4702 4703**System capability**: SystemCapability.Security.Cert 4704 4705**Parameters** 4706 4707| Name| Type | Mandatory| Description | 4708| ------ | --------------------- | ---- | ------------ | 4709| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 4710 4711**Return value** 4712 4713| Type | Description | 4714| ------------ | -------------------- | 4715| [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| 4716 4717**Error codes** 4718 4719For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4720 4721| ID| Error Message | 4722| -------- | ----------------------- | 4723| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4724| 19020001 | memory error. | 4725| 19030001 | crypto operation error. | 4726 4727**Example** 4728 4729```ts 4730import { cert } from '@kit.DeviceCertificateKit'; 4731import { BusinessError } from '@kit.BasicServicesKit'; 4732 4733// Convert the string into a Uint8Array. 4734function stringToUint8Array(str: string): Uint8Array { 4735 let arr: Array<number> = []; 4736 for (let i = 0, j = str.length; i < j; i++) { 4737 arr.push(str.charCodeAt(i)); 4738 } 4739 return new Uint8Array(arr); 4740} 4741 4742let crlData = '-----BEGIN X509 CRL-----\n' + 4743 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 4744 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 4745 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 4746 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 4747 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 4748 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 4749 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 4750 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 4751 '+i2osvdPWRia0dJCL1PCA14k\n' + 4752 '-----END X509 CRL-----\n'; 4753 4754// Certificate binary data, which varies with the service. 4755let certData = '-----BEGIN CERTIFICATE-----\n' + 4756 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 4757 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 4758 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 4759 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 4760 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 4761 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 4762 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 4763 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 4764 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 4765 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 4766 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 4767 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 4768 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 4769 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 4770 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 4771 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 4772 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 4773 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 4774 '-----END CERTIFICATE-----\n'; 4775 4776let certEncodingBlob: cert.EncodingBlob = { 4777 data: stringToUint8Array(certData), 4778 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4779 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4780}; 4781 4782// Binary data of the CRL, which varies with the service. 4783let encodingBlob: cert.EncodingBlob = { 4784 data: stringToUint8Array(crlData), 4785 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4786 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4787}; 4788 4789cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4790 if (error) { 4791 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4792 } else { 4793 console.log('createX509Crl success'); 4794 // Create an X.509 certificate object. 4795 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 4796 try { 4797 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 4798 console.log('getRevokedCertWithCert success'); 4799 } catch (error) { 4800 let e: BusinessError = error as BusinessError; 4801 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4802 } 4803 }).catch((error: BusinessError) => { 4804 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4805 }) 4806 } 4807}); 4808``` 4809 4810### getRevokedCerts<sup>(deprecated)</sup> 4811 4812getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 4813 4814Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 4815 4816> **NOTE** 4817> 4818> This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11) instead. 4819 4820**System capability**: SystemCapability.Security.Cert 4821 4822**Parameters** 4823 4824| Name | Type | Mandatory| Description | 4825| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 4826| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | Yes | Callback used to return a list of revoked X.509 certificates.| 4827 4828**Error codes** 4829 4830For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4831 4832| ID| Error Message | 4833| -------- | ----------------------- | 4834| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4835| 19020001 | memory error. | 4836| 19030001 | crypto operation error. | 4837 4838**Example** 4839 4840```ts 4841import { cert } from '@kit.DeviceCertificateKit'; 4842import { BusinessError } from '@kit.BasicServicesKit'; 4843 4844// Convert the string into a Uint8Array. 4845function stringToUint8Array(str: string): Uint8Array { 4846 let arr: Array<number> = []; 4847 for (let i = 0, j = str.length; i < j; i++) { 4848 arr.push(str.charCodeAt(i)); 4849 } 4850 return new Uint8Array(arr); 4851} 4852 4853let crlData = '-----BEGIN X509 CRL-----\n' + 4854 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4855 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4856 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4857 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4858 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4859 'eavsH0Q3\n' + 4860 '-----END X509 CRL-----\n'; 4861 4862// Binary data of the CRL, which varies with the service. 4863let encodingBlob: cert.EncodingBlob = { 4864 data: stringToUint8Array(crlData), 4865 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4866 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4867}; 4868 4869cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4870 if (error) { 4871 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4872 } else { 4873 console.log('createX509Crl success'); 4874 x509Crl.getRevokedCerts((error, array) => { 4875 if (error) { 4876 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4877 } else { 4878 console.log('getRevokedCerts success'); 4879 } 4880 }); 4881 } 4882}); 4883``` 4884 4885### getRevokedCerts<sup>(deprecated)</sup> 4886 4887getRevokedCerts() : Promise<Array\<X509CrlEntry>> 4888 4889Obtains the revoked X.509 certificates. This API uses a promise to return the result. 4890 4891> **NOTE** 4892> 4893> This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11-1) instead. 4894 4895**System capability**: SystemCapability.Security.Cert 4896 4897**Return value** 4898 4899| Type | Description | 4900| ---------------------------------------------- | ---------------------- | 4901| Promise<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | Promise used to return a list of revoked X.509 certificates.| 4902 4903**Error codes** 4904 4905For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4906 4907| ID| Error Message | 4908| -------- | ----------------------- | 4909| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4910| 19020001 | memory error. | 4911| 19030001 | crypto operation error. | 4912 4913**Example** 4914 4915```ts 4916import { cert } from '@kit.DeviceCertificateKit'; 4917import { BusinessError } from '@kit.BasicServicesKit'; 4918 4919// Convert the string into a Uint8Array. 4920function stringToUint8Array(str: string): Uint8Array { 4921 let arr: Array<number> = []; 4922 for (let i = 0, j = str.length; i < j; i++) { 4923 arr.push(str.charCodeAt(i)); 4924 } 4925 return new Uint8Array(arr); 4926} 4927 4928let crlData = '-----BEGIN X509 CRL-----\n' + 4929 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4930 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4931 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4932 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4933 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4934 'eavsH0Q3\n' + 4935 '-----END X509 CRL-----\n'; 4936 4937// Binary data of the CRL, which varies with the service. 4938let encodingBlob: cert.EncodingBlob = { 4939 data: stringToUint8Array(crlData), 4940 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4941 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4942}; 4943 4944cert.createX509Crl(encodingBlob).then(x509Crl => { 4945 console.log('createX509Crl success'); 4946 x509Crl.getRevokedCerts().then(array => { 4947 console.log('getRevokedCerts success'); 4948 }).catch((error: BusinessError) => { 4949 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4950 }); 4951}).catch((error: BusinessError) => { 4952 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4953}); 4954``` 4955 4956### getTbsInfo<sup>(deprecated)</sup> 4957 4958getTbsInfo() : DataBlob 4959 4960Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. 4961 4962> **NOTE** 4963> 4964> This API is deprecated since API version 11. Use [X509CRL.getTBSInfo](#gettbsinfo11) instead. 4965 4966**System capability**: SystemCapability.Security.Cert 4967 4968**Return value** 4969 4970| Type | Description | 4971| --------------------- | ------------------------------- | 4972| [DataBlob](#datablob) | **tbsCertList** information obtained.| 4973 4974**Error codes** 4975 4976For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4977 4978| ID| Error Message | 4979| -------- | ----------------------- | 4980| 19020001 | memory error. | 4981| 19020002 | runtime error. | 4982| 19030001 | crypto operation error. | 4983 4984**Example** 4985 4986```ts 4987import { cert } from '@kit.DeviceCertificateKit'; 4988import { BusinessError } from '@kit.BasicServicesKit'; 4989 4990// Convert the string into a Uint8Array. 4991function stringToUint8Array(str: string): Uint8Array { 4992 let arr: Array<number> = []; 4993 for (let i = 0, j = str.length; i < j; i++) { 4994 arr.push(str.charCodeAt(i)); 4995 } 4996 return new Uint8Array(arr); 4997} 4998 4999let crlData = '-----BEGIN X509 CRL-----\n' + 5000 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5001 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5002 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5003 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5004 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5005 'eavsH0Q3\n' + 5006 '-----END X509 CRL-----\n'; 5007 5008// Binary data of the CRL, which varies with the service. 5009let encodingBlob: cert.EncodingBlob = { 5010 data: stringToUint8Array(crlData), 5011 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5012 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5013}; 5014 5015cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5016 if (error) { 5017 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5018 } else { 5019 console.log('createX509Crl success'); 5020 try { 5021 let tbsInfo = x509Crl.getTbsInfo(); 5022 } catch (error) { 5023 let e: BusinessError = error as BusinessError; 5024 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5025 } 5026 } 5027}); 5028``` 5029 5030### getSignature<sup>(deprecated)</sup> 5031 5032getSignature() : DataBlob 5033 5034Obtains the signature data of the X.509 CRL. 5035 5036> **NOTE** 5037> 5038> This API is deprecated since API version 11. Use [X509CRL.getSignature](#getsignature11) instead. 5039 5040**System capability**: SystemCapability.Security.Cert 5041 5042**Return value** 5043 5044| Type | Description | 5045| --------------------- | ------------------------------ | 5046| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 5047 5048**Error codes** 5049 5050For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5051 5052| ID| Error Message | 5053| -------- | ----------------------- | 5054| 19020001 | memory error. | 5055| 19020002 | runtime error. | 5056| 19030001 | crypto operation error. | 5057 5058**Example** 5059 5060```ts 5061import { cert } from '@kit.DeviceCertificateKit'; 5062import { BusinessError } from '@kit.BasicServicesKit'; 5063 5064// Convert the string into a Uint8Array. 5065function stringToUint8Array(str: string): Uint8Array { 5066 let arr: Array<number> = []; 5067 for (let i = 0, j = str.length; i < j; i++) { 5068 arr.push(str.charCodeAt(i)); 5069 } 5070 return new Uint8Array(arr); 5071} 5072 5073let crlData = '-----BEGIN X509 CRL-----\n' + 5074 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5075 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5076 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5077 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5078 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5079 'eavsH0Q3\n' + 5080 '-----END X509 CRL-----\n'; 5081 5082// Binary data of the CRL, which varies with the service. 5083let encodingBlob: cert.EncodingBlob = { 5084 data: stringToUint8Array(crlData), 5085 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5086 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5087}; 5088 5089cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5090 if (error) { 5091 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5092 } else { 5093 console.log('createX509Crl success'); 5094 try { 5095 let signature = x509Crl.getSignature(); 5096 } catch (err) { 5097 let e: BusinessError = err as BusinessError; 5098 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5099 } 5100 } 5101}); 5102``` 5103 5104### getSignatureAlgName<sup>(deprecated)</sup> 5105 5106getSignatureAlgName() : string 5107 5108Obtains the signing algorithm of the X.509 CRL. 5109 5110> **NOTE** 5111> 5112> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgName](#getsignaturealgname11) instead. 5113 5114**System capability**: SystemCapability.Security.Cert 5115 5116**Return value** 5117 5118| Type | Description | 5119| ------ | -------------------------------- | 5120| string | Signing algorithm obtained.| 5121 5122**Error codes** 5123 5124For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5125 5126| ID| Error Message | 5127| -------- | ----------------------- | 5128| 19020001 | memory error. | 5129| 19020002 | runtime error. | 5130| 19030001 | crypto operation error. | 5131 5132**Example** 5133 5134```ts 5135import { cert } from '@kit.DeviceCertificateKit'; 5136import { BusinessError } from '@kit.BasicServicesKit'; 5137 5138// Convert the string into a Uint8Array. 5139function stringToUint8Array(str: string): Uint8Array { 5140 let arr: Array<number> = []; 5141 for (let i = 0, j = str.length; i < j; i++) { 5142 arr.push(str.charCodeAt(i)); 5143 } 5144 return new Uint8Array(arr); 5145} 5146 5147let crlData = '-----BEGIN X509 CRL-----\n' + 5148 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5149 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5150 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5151 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5152 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5153 'eavsH0Q3\n' + 5154 '-----END X509 CRL-----\n'; 5155 5156// Binary data of the CRL, which varies with the service. 5157let encodingBlob: cert.EncodingBlob = { 5158 data: stringToUint8Array(crlData), 5159 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5160 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5161}; 5162 5163cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5164 if (error) { 5165 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5166 } else { 5167 console.log('createX509Crl success'); 5168 try { 5169 let sigAlgName = x509Crl.getSignatureAlgName(); 5170 } catch (err) { 5171 let e: BusinessError = err as BusinessError; 5172 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5173 } 5174 } 5175}); 5176``` 5177 5178### getSignatureAlgOid<sup>(deprecated)</sup> 5179 5180getSignatureAlgOid() : string 5181 5182Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 5183 5184> **NOTE** 5185> 5186> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgOid](#getsignaturealgoid11) instead. 5187 5188**System capability**: SystemCapability.Security.Cert 5189 5190**Return value** 5191 5192| Type | Description | 5193| ------ | --------------------------------------------- | 5194| string | OID of the X.509 CRL signing algorithm obtained.| 5195 5196**Error codes** 5197 5198For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5199 5200| ID| Error Message | 5201| -------- | ----------------------- | 5202| 19020001 | memory error. | 5203| 19020002 | runtime error. | 5204| 19030001 | crypto operation error. | 5205 5206**Example** 5207 5208```ts 5209import { cert } from '@kit.DeviceCertificateKit'; 5210import { BusinessError } from '@kit.BasicServicesKit'; 5211 5212// Convert the string into a Uint8Array. 5213function stringToUint8Array(str: string): Uint8Array { 5214 let arr: Array<number> = []; 5215 for (let i = 0, j = str.length; i < j; i++) { 5216 arr.push(str.charCodeAt(i)); 5217 } 5218 return new Uint8Array(arr); 5219} 5220 5221let crlData = '-----BEGIN X509 CRL-----\n' + 5222 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5223 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5224 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5225 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5226 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5227 'eavsH0Q3\n' + 5228 '-----END X509 CRL-----\n'; 5229 5230// Binary data of the CRL, which varies with the service. 5231let encodingBlob: cert.EncodingBlob = { 5232 data: stringToUint8Array(crlData), 5233 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5234 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5235}; 5236 5237cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5238 if (error) { 5239 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5240 } else { 5241 console.log('createX509Crl success'); 5242 try { 5243 let sigAlgOid = x509Crl.getSignatureAlgOid(); 5244 } catch (err) { 5245 let e: BusinessError = err as BusinessError; 5246 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5247 } 5248 } 5249}); 5250``` 5251 5252### getSignatureAlgParams<sup>(deprecated)</sup> 5253 5254getSignatureAlgParams() : DataBlob 5255 5256Obtains the parameters of the X.509 CRL signing algorithm. 5257 5258> **NOTE** 5259> 5260> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgParams](#getsignaturealgparams11) instead. 5261 5262**System capability**: SystemCapability.Security.Cert 5263 5264**Return value** 5265 5266| Type | Description | 5267| --------------------- | ---------------------------------- | 5268| [DataBlob](#datablob) | Algorithm parameters obtained.| 5269 5270**Error codes** 5271 5272For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5273 5274| ID| Error Message | 5275| -------- | ----------------------- | 5276| 801 | this operation is not supported. | 5277| 19020001 | memory error. | 5278| 19020002 | runtime error. | 5279| 19030001 | crypto operation error. | 5280 5281**Example** 5282 5283```ts 5284import { cert } from '@kit.DeviceCertificateKit'; 5285import { BusinessError } from '@kit.BasicServicesKit'; 5286 5287// Convert the string into a Uint8Array. 5288function stringToUint8Array(str: string): Uint8Array { 5289 let arr: Array<number> = []; 5290 for (let i = 0, j = str.length; i < j; i++) { 5291 arr.push(str.charCodeAt(i)); 5292 } 5293 return new Uint8Array(arr); 5294} 5295 5296let crlData = '-----BEGIN X509 CRL-----\n' + 5297 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5298 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5299 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5300 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5301 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5302 'eavsH0Q3\n' + 5303 '-----END X509 CRL-----\n'; 5304 5305// Binary data of the CRL, which varies with the service. 5306let encodingBlob: cert.EncodingBlob = { 5307 data: stringToUint8Array(crlData), 5308 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5309 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5310}; 5311 5312cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5313 if (error) { 5314 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5315 } else { 5316 console.log('createX509Crl success'); 5317 try { 5318 let sigAlgParams = x509Crl.getSignatureAlgParams(); 5319 } catch (err) { 5320 let e: BusinessError = err as BusinessError; 5321 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5322 } 5323 } 5324}); 5325``` 5326## X509CRL<sup>11+</sup> 5327 5328Provides APIs for managing a CRL object. 5329 5330### isRevoked<sup>11+</sup> 5331 5332isRevoked(cert : X509Cert) : boolean 5333 5334Checks whether an X.509 certificate is revoked. 5335 5336**Atomic service API**: This API can be used in atomic services since API version 12. 5337 5338**System capability**: SystemCapability.Security.Cert 5339 5340**Parameters** 5341 5342| Name| Type | Mandatory| Description | 5343| ------ | -------- | ---- | -------------------- | 5344| cert | [X509Cert](#x509cert) | Yes | X.509 certificate to check.| 5345 5346**Return value** 5347 5348| Type | Description | 5349| ------- | ------------------------------------------------- | 5350| boolean | Returns **true** if the certificate is revoked; returns **false** otherwise.| 5351 5352**Error codes** 5353 5354For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5355 5356| ID| Error Message | 5357| -------- | ----------------------- | 5358| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5359 5360**Example** 5361 5362```ts 5363import { cert } from '@kit.DeviceCertificateKit'; 5364import { BusinessError } from '@kit.BasicServicesKit'; 5365 5366// Convert the string into a Uint8Array. 5367function stringToUint8Array(str: string): Uint8Array { 5368 let arr: Array<number> = []; 5369 for (let i = 0, j = str.length; i < j; i++) { 5370 arr.push(str.charCodeAt(i)); 5371 } 5372 return new Uint8Array(arr); 5373} 5374 5375let crlData = '-----BEGIN X509 CRL-----\n' + 5376 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5377 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5378 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5379 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5380 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5381 'eavsH0Q3\n' + 5382 '-----END X509 CRL-----\n'; 5383 5384let certData = '-----BEGIN CERTIFICATE-----\n' + 5385 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 5386 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 5387 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 5388 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 5389 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 5390 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 5391 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 5392 '-----END CERTIFICATE-----\n'; 5393 5394// Binary data of the CRL, which varies with the service. 5395let encodingBlob: cert.EncodingBlob = { 5396 data: stringToUint8Array(crlData), 5397 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5398 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5399}; 5400 5401let certEncodingBlob: cert.EncodingBlob = { 5402 data: stringToUint8Array(certData), 5403 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5404 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5405}; 5406 5407cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5408 if (error) { 5409 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5410 } else { 5411 console.log('createX509CRL success'); 5412 // Create an X509Cert instance. 5413 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 5414 if (error) { 5415 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5416 } else { 5417 try { 5418 let revokedFlag = x509CRL.isRevoked(x509Cert); 5419 } catch (error) { 5420 let e: BusinessError = error as BusinessError; 5421 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5422 } 5423 } 5424 }); 5425 } 5426}); 5427``` 5428 5429### getType<sup>11+</sup> 5430 5431getType() : string 5432 5433Obtains the CRL type. 5434 5435**Atomic service API**: This API can be used in atomic services since API version 12. 5436 5437**System capability**: SystemCapability.Security.Cert 5438 5439**Return value** 5440 5441| Type | Description | 5442| ------ | -------------------- | 5443| string | CRL type obtained.| 5444 5445**Example** 5446 5447```ts 5448import { cert } from '@kit.DeviceCertificateKit'; 5449 5450// Convert the string into a Uint8Array. 5451function stringToUint8Array(str: string): Uint8Array { 5452 let arr: Array<number> = []; 5453 for (let i = 0, j = str.length; i < j; i++) { 5454 arr.push(str.charCodeAt(i)); 5455 } 5456 return new Uint8Array(arr); 5457} 5458 5459let crlData = '-----BEGIN X509 CRL-----\n' + 5460 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5461 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5462 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5463 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5464 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5465 'eavsH0Q3\n' + 5466 '-----END X509 CRL-----\n'; 5467 5468// Binary data of the CRL, which varies with the service. 5469let encodingBlob: cert.EncodingBlob = { 5470 data: stringToUint8Array(crlData), 5471 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5472 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5473}; 5474 5475cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5476 if (error) { 5477 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5478 } else { 5479 console.log('createX509CRL success'); 5480 let type = x509CRL.getType(); 5481 } 5482}); 5483``` 5484 5485### getEncoded<sup>11+</sup> 5486 5487getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 5488 5489Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 5490 5491**Atomic service API**: This API can be used in atomic services since API version 12. 5492 5493**System capability**: SystemCapability.Security.Cert 5494 5495**Parameters** 5496 5497| Name | Type | Mandatory| Description | 5498| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 5499| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized X.509 CRL data obtained.| 5500 5501**Error codes** 5502 5503For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5504 5505| ID| Error Message | 5506| -------- | ----------------------- | 5507| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5508| 19020001 | memory error. | 5509| 19020002 | runtime error. | 5510| 19030001 | crypto operation error. | 5511 5512**Example** 5513 5514```ts 5515import { cert } from '@kit.DeviceCertificateKit'; 5516 5517// Convert the string into a Uint8Array. 5518function stringToUint8Array(str: string): Uint8Array { 5519 let arr: Array<number> = []; 5520 for (let i = 0, j = str.length; i < j; i++) { 5521 arr.push(str.charCodeAt(i)); 5522 } 5523 return new Uint8Array(arr); 5524} 5525 5526let crlData = '-----BEGIN X509 CRL-----\n' + 5527 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5528 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5529 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5530 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5531 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5532 'eavsH0Q3\n' + 5533 '-----END X509 CRL-----\n'; 5534 5535// Binary data of the CRL, which varies with the service. 5536let encodingBlob: cert.EncodingBlob = { 5537 data: stringToUint8Array(crlData), 5538 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5539 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5540}; 5541 5542cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5543 if (error) { 5544 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5545 } else { 5546 console.log('createX509CRL success'); 5547 x509CRL.getEncoded((error, data) => { 5548 if (error) { 5549 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5550 } else { 5551 console.log('getEncoded success'); 5552 } 5553 }); 5554 } 5555}); 5556``` 5557 5558### getEncoded<sup>11+</sup> 5559 5560getEncoded() : Promise\<EncodingBlob> 5561 5562Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 5563 5564**Atomic service API**: This API can be used in atomic services since API version 12. 5565 5566**System capability**: SystemCapability.Security.Cert 5567 5568**Return value** 5569 5570| Type | Description | 5571| --------------------------------------- | -------------------------------- | 5572| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 CRL data obtained.| 5573**Error codes** 5574 5575For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5576 5577| ID| Error Message | 5578| -------- | ----------------------- | 5579| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5580| 19020001 | memory error. | 5581| 19020002 | runtime error. | 5582| 19030001 | crypto operation error. | 5583 5584**Example** 5585 5586```ts 5587import { cert } from '@kit.DeviceCertificateKit'; 5588import { BusinessError } from '@kit.BasicServicesKit'; 5589 5590// Convert the string into a Uint8Array. 5591function stringToUint8Array(str: string): Uint8Array { 5592 let arr: Array<number> = []; 5593 for (let i = 0, j = str.length; i < j; i++) { 5594 arr.push(str.charCodeAt(i)); 5595 } 5596 return new Uint8Array(arr); 5597} 5598 5599let crlData = '-----BEGIN X509 CRL-----\n' + 5600 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5601 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5602 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5603 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5604 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5605 'eavsH0Q3\n' + 5606 '-----END X509 CRL-----\n'; 5607 5608// Binary data of the CRL, which varies with the service. 5609let encodingBlob: cert.EncodingBlob = { 5610 data: stringToUint8Array(crlData), 5611 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5612 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5613}; 5614 5615cert.createX509CRL(encodingBlob).then(x509CRL => { 5616 console.log('createX509CRL success'); 5617 x509CRL.getEncoded().then(result => { 5618 console.log('getEncoded success'); 5619 }).catch((error: BusinessError) => { 5620 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5621 }); 5622}).catch((error: BusinessError) => { 5623 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5624}); 5625``` 5626 5627### verify<sup>11+</sup> 5628 5629verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 5630 5631Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 5632 5633**Atomic service API**: This API can be used in atomic services since API version 12. 5634 5635**System capability**: SystemCapability.Security.Cert 5636 5637**Parameters** 5638 5639| Name | Type | Mandatory| Description | 5640| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 5641| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 5642| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 5643 5644**Error codes** 5645 5646For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5647 5648| ID| Error Message | 5649| -------- | ----------------------- | 5650| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5651| 19030001 | crypto operation error. | 5652 5653**Example** 5654 5655```ts 5656import { cert } from '@kit.DeviceCertificateKit'; 5657import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 5658import { BusinessError } from '@kit.BasicServicesKit'; 5659 5660// Convert the string into a Uint8Array. 5661function stringToUint8Array(str: string): Uint8Array { 5662 let arr: Array<number> = []; 5663 for (let i = 0, j = str.length; i < j; i++) { 5664 arr.push(str.charCodeAt(i)); 5665 } 5666 return new Uint8Array(arr); 5667} 5668 5669let crlData = '-----BEGIN X509 CRL-----\n' + 5670 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5671 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5672 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5673 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5674 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5675 'eavsH0Q3\n' + 5676 '-----END X509 CRL-----\n'; 5677 5678let pubKeyData = new Uint8Array([ 5679 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5680 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5681 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5682 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5683 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5684 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5685 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5686 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5687 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5688 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5689 0x00, 0x01 5690]); 5691 5692let priKeyData = new Uint8Array([ 5693 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5694 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5695 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5696 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5697 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5698 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5699 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5700 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5701 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5702 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5703 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5704 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5705 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5706 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5707 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5708 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5709 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5710 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5711 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5712 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5713 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5714 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5715 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5716 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5717 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5718 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5719 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5720 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5721 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5722 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5723 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5724 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5725 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5726 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5727 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5728 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5729 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5730 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5731 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5732 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5733]); 5734 5735// Binary data of the CRL, which varies with the service. 5736let encodingBlob: cert.EncodingBlob = { 5737 data: stringToUint8Array(crlData), 5738 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5739 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5740}; 5741 5742cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5743 if (error) { 5744 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5745 } else { 5746 console.log('createX509Crl success'); 5747 try { 5748 // Generate the public key by AsyKeyGenerator. 5749 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5750 console.log('createAsyKeyGenerator success'); 5751 let priEncodingBlob: cryptoFramework.DataBlob = { 5752 data: priKeyData, 5753 }; 5754 let pubEncodingBlob: cryptoFramework.DataBlob = { 5755 data: pubKeyData, 5756 }; 5757 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 5758 if (e) { 5759 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 5760 } else { 5761 console.log('convert key success'); 5762 x509CRL.verify(keyPair.pubKey, (err, data) => { 5763 if (err) { 5764 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 5765 } else { 5766 console.log('verify success'); 5767 } 5768 }); 5769 } 5770 }) 5771 } catch (error) { 5772 let e: BusinessError = error as BusinessError; 5773 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5774 } 5775 } 5776}); 5777``` 5778 5779### verify<sup>11+</sup> 5780 5781verify(key : cryptoFramework.PubKey) : Promise\<void> 5782 5783Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 5784 5785**Atomic service API**: This API can be used in atomic services since API version 12. 5786 5787**System capability**: SystemCapability.Security.Cert 5788 5789**Parameters** 5790 5791| Name| Type | Mandatory| Description | 5792| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 5793| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 5794 5795**Return value** 5796 5797| Type | Description | 5798| -------------- | ----------- | 5799| Promise\<void> | Promise used to return the result.| 5800 5801**Error codes** 5802 5803For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5804 5805| ID| Error Message | 5806| -------- | ----------------------- | 5807| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5808| 19030001 | crypto operation error. | 5809 5810**Example** 5811 5812```ts 5813import { cert } from '@kit.DeviceCertificateKit'; 5814import { cryptoFramework } from '@kit.CryptoArchitectureKit' 5815import { BusinessError } from '@kit.BasicServicesKit'; 5816 5817// Convert the string into a Uint8Array. 5818function stringToUint8Array(str: string): Uint8Array { 5819 let arr: Array<number> = []; 5820 for (let i = 0, j = str.length; i < j; i++) { 5821 arr.push(str.charCodeAt(i)); 5822 } 5823 return new Uint8Array(arr); 5824} 5825 5826let crlData = '-----BEGIN X509 CRL-----\n' + 5827 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5828 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5829 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5830 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5831 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5832 'eavsH0Q3\n' + 5833 '-----END X509 CRL-----\n'; 5834 5835let pubKeyData = new Uint8Array([ 5836 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5837 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5838 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5839 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5840 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5841 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5842 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5843 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5844 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5845 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5846 0x00, 0x01 5847]); 5848 5849let priKeyData = new Uint8Array([ 5850 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5851 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5852 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5853 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5854 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5855 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5856 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5857 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5858 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5859 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5860 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5861 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5862 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5863 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5864 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5865 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5866 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5867 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5868 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5869 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5870 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5871 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5872 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5873 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5874 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5875 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5876 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5877 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5878 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5879 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5880 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5881 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5882 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5883 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5884 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5885 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5886 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5887 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5888 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5889 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5890]); 5891 5892// Binary data of the CRL, which varies with the service. 5893let encodingBlob: cert.EncodingBlob = { 5894 data: stringToUint8Array(crlData), 5895 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5896 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5897}; 5898 5899cert.createX509CRL(encodingBlob).then(x509CRL => { 5900 console.log('createX509Crl success'); 5901 5902 try { 5903 // Generate a public key object. 5904 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5905 console.log('createAsyKeyGenerator success'); 5906 let priEncodingBlob: cryptoFramework.DataBlob = { 5907 data: priKeyData, 5908 }; 5909 let pubEncodingBlob: cryptoFramework.DataBlob = { 5910 data: pubKeyData, 5911 }; 5912 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 5913 console.log('convert key success'); 5914 x509CRL.verify(keyPair.pubKey).then(result => { 5915 console.log('verify success'); 5916 }).catch((error: BusinessError) => { 5917 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5918 }); 5919 }).catch((error: BusinessError) => { 5920 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 5921 }); 5922 } catch (error) { 5923 let e: BusinessError = error as BusinessError; 5924 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5925 } 5926}).catch((error: BusinessError) => { 5927 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5928}); 5929``` 5930 5931### getVersion<sup>11+</sup> 5932 5933getVersion() : number 5934 5935Obtains the version of the X.509 CRL. 5936 5937**Atomic service API**: This API can be used in atomic services since API version 12. 5938 5939**System capability**: SystemCapability.Security.Cert 5940 5941**Return value** 5942 5943| Type | Description | 5944| ------ | -------------------------------- | 5945| number | Version of the X.509 CRL obtained.| 5946 5947**Example** 5948 5949```ts 5950import { cert } from '@kit.DeviceCertificateKit'; 5951 5952// Convert the string into a Uint8Array. 5953function stringToUint8Array(str: string): Uint8Array { 5954 let arr: Array<number> = []; 5955 for (let i = 0, j = str.length; i < j; i++) { 5956 arr.push(str.charCodeAt(i)); 5957 } 5958 return new Uint8Array(arr); 5959} 5960 5961let crlData = '-----BEGIN X509 CRL-----\n' + 5962 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5963 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5964 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5965 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5966 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5967 'eavsH0Q3\n' + 5968 '-----END X509 CRL-----\n'; 5969 5970// Binary data of the CRL, which varies with the service. 5971let encodingBlob: cert.EncodingBlob = { 5972 data: stringToUint8Array(crlData), 5973 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 5974 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5975}; 5976 5977cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5978 if (error) { 5979 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5980 } else { 5981 console.log('createX509CRL success'); 5982 let version = x509CRL.getVersion(); 5983 } 5984}); 5985``` 5986 5987### getIssuerName<sup>11+</sup> 5988 5989getIssuerName() : DataBlob 5990 5991Obtains the issuer of the X.509 CRL. 5992 5993**Atomic service API**: This API can be used in atomic services since API version 12. 5994 5995**System capability**: SystemCapability.Security.Cert 5996 5997**Return value** 5998 5999| Type | Description | 6000| --------------------- | ------------------------------ | 6001| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 6002 6003**Error codes** 6004 6005For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6006 6007| ID| Error Message | 6008| -------- | ----------------------- | 6009| 19020001 | memory error. | 6010| 19020002 | runtime error. | 6011| 19030001 | crypto operation error. | 6012 6013**Example** 6014 6015```ts 6016import { cert } from '@kit.DeviceCertificateKit'; 6017import { BusinessError } from '@kit.BasicServicesKit'; 6018 6019// Convert the string into a Uint8Array. 6020function stringToUint8Array(str: string): Uint8Array { 6021 let arr: Array<number> = []; 6022 for (let i = 0, j = str.length; i < j; i++) { 6023 arr.push(str.charCodeAt(i)); 6024 } 6025 return new Uint8Array(arr); 6026} 6027 6028let crlData = '-----BEGIN X509 CRL-----\n' + 6029 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6030 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6031 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6032 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6033 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6034 'eavsH0Q3\n' + 6035 '-----END X509 CRL-----\n'; 6036 6037// Binary data of the CRL, which varies with the service. 6038let encodingBlob: cert.EncodingBlob = { 6039 data: stringToUint8Array(crlData), 6040 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6041 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6042}; 6043 6044cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6045 if (error) { 6046 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6047 } else { 6048 console.log('createX509CRL success'); 6049 try { 6050 let issuerName = x509CRL.getIssuerName(); 6051 } catch (err) { 6052 let e: BusinessError = err as BusinessError; 6053 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6054 } 6055 } 6056}); 6057``` 6058 6059### getLastUpdate<sup>11+</sup> 6060 6061getLastUpdate() : string 6062 6063Obtains the last update date of this X.509 CRL. 6064 6065**Atomic service API**: This API can be used in atomic services since API version 12. 6066 6067**System capability**: SystemCapability.Security.Cert 6068 6069**Return value** 6070 6071| Type | Description | 6072| ------ | ------------------------------------ | 6073| string | Last update date of the X.509 CRL, in ASN.1 format.| 6074 6075**Error codes** 6076 6077For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6078 6079| ID| Error Message | 6080| -------- | ----------------------- | 6081| 19020001 | memory error. | 6082| 19020002 | runtime error. | 6083| 19030001 | crypto operation error. | 6084 6085**Example** 6086 6087```ts 6088import { cert } from '@kit.DeviceCertificateKit'; 6089import { BusinessError } from '@kit.BasicServicesKit'; 6090 6091// Convert the string into a Uint8Array. 6092function stringToUint8Array(str: string): Uint8Array { 6093 let arr: Array<number> = []; 6094 for (let i = 0, j = str.length; i < j; i++) { 6095 arr.push(str.charCodeAt(i)); 6096 } 6097 return new Uint8Array(arr); 6098} 6099 6100let crlData = '-----BEGIN X509 CRL-----\n' + 6101 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6102 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6103 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6104 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6105 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6106 'eavsH0Q3\n' + 6107 '-----END X509 CRL-----\n'; 6108 6109// Binary data of the CRL, which varies with the service. 6110let encodingBlob: cert.EncodingBlob = { 6111 data: stringToUint8Array(crlData), 6112 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6113 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6114}; 6115 6116cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6117 if (error) { 6118 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6119 } else { 6120 console.log('createX509CRL success'); 6121 try { 6122 let lastUpdate = x509CRL.getLastUpdate(); 6123 } catch (err) { 6124 let e: BusinessError = err as BusinessError; 6125 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6126 } 6127 } 6128}); 6129``` 6130 6131### getNextUpdate<sup>11+</sup> 6132 6133getNextUpdate() : string 6134 6135Obtains the next update date of this CRL. 6136 6137**Atomic service API**: This API can be used in atomic services since API version 12. 6138 6139**System capability**: SystemCapability.Security.Cert 6140 6141**Return value** 6142 6143| Type | Description | 6144| ------ | ------------------------------------ | 6145| string | Next update date of the CRL, in ASN.1 format.| 6146 6147**Error codes** 6148 6149For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6150 6151| ID| Error Message | 6152| -------- | ----------------------- | 6153| 19020001 | memory error. | 6154| 19020002 | runtime error. | 6155| 19030001 | crypto operation error. | 6156 6157**Example** 6158 6159```ts 6160import { cert } from '@kit.DeviceCertificateKit'; 6161import { BusinessError } from '@kit.BasicServicesKit'; 6162 6163// Convert the string into a Uint8Array. 6164function stringToUint8Array(str: string): Uint8Array { 6165 let arr: Array<number> = []; 6166 for (let i = 0, j = str.length; i < j; i++) { 6167 arr.push(str.charCodeAt(i)); 6168 } 6169 return new Uint8Array(arr); 6170} 6171 6172let crlData = '-----BEGIN X509 CRL-----\n' + 6173 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6174 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6175 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6176 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6177 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6178 'eavsH0Q3\n' + 6179 '-----END X509 CRL-----\n'; 6180 6181// Binary data of the CRL, which varies with the service. 6182let encodingBlob: cert.EncodingBlob = { 6183 data: stringToUint8Array(crlData), 6184 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6185 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6186}; 6187 6188cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6189 if (error) { 6190 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6191 } else { 6192 console.log('createX509CRL success'); 6193 try { 6194 let nextUpdate = x509CRL.getNextUpdate(); 6195 } catch (err) { 6196 let e: BusinessError = err as BusinessError; 6197 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6198 } 6199 } 6200}); 6201``` 6202 6203### getRevokedCert<sup>11+</sup> 6204 6205getRevokedCert(serialNumber : bigint) : X509CRLEntry 6206 6207Obtains the revoked X.509 certificate based on the specified serial number of the certificate. 6208 6209**Atomic service API**: This API can be used in atomic services since API version 12. 6210 6211**System capability**: SystemCapability.Security.Cert 6212 6213**Parameters** 6214 6215| Name | Type | Mandatory| Description | 6216| ------------ | ------ | ---- | -------------- | 6217| serialNumber | bigint | Yes | Serial number of the certificate.| 6218 6219**Return value** 6220 6221| Type | Description | 6222| ------------------------------- | ---------------------- | 6223| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| 6224 6225**Error codes** 6226 6227For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6228 6229| ID| Error Message | 6230| -------- | ----------------------- | 6231| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6232| 19020001 | memory error. | 6233| 19030001 | crypto operation error. | 6234 6235**Example** 6236 6237```ts 6238import { cert } from '@kit.DeviceCertificateKit'; 6239import { BusinessError } from '@kit.BasicServicesKit'; 6240 6241// Convert the string into a Uint8Array. 6242function stringToUint8Array(str: string): Uint8Array { 6243 let arr: Array<number> = []; 6244 for (let i = 0, j = str.length; i < j; i++) { 6245 arr.push(str.charCodeAt(i)); 6246 } 6247 return new Uint8Array(arr); 6248} 6249 6250let crlData = '-----BEGIN X509 CRL-----\n' + 6251 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6252 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6253 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6254 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6255 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6256 'eavsH0Q3\n' + 6257 '-----END X509 CRL-----\n'; 6258 6259// Binary data of the CRL, which varies with the service. 6260let encodingBlob: cert.EncodingBlob = { 6261 data: stringToUint8Array(crlData), 6262 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6263 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6264}; 6265 6266cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6267 if (error) { 6268 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6269 } else { 6270 console.log('createX509CRL success'); 6271 let serialNumber = BigInt(1000); 6272 try { 6273 let entry = x509CRL.getRevokedCert(serialNumber); 6274 } catch (error) { 6275 let e: BusinessError = error as BusinessError; 6276 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6277 } 6278 } 6279}); 6280``` 6281 6282### getRevokedCertWithCert<sup>11+</sup> 6283 6284getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 6285 6286Obtains the revoked X.509 certificate based on the specified certificate. 6287 6288**Atomic service API**: This API can be used in atomic services since API version 12. 6289 6290**System capability**: SystemCapability.Security.Cert 6291 6292**Parameters** 6293 6294| Name| Type | Mandatory| Description | 6295| ------ | --------------------- | ---- | ------------ | 6296| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 6297 6298**Return value** 6299 6300| Type | Description | 6301| ------------------------------- | ---------------------- | 6302| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| 6303 6304**Error codes** 6305 6306For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6307 6308| ID| Error Message | 6309| -------- | ----------------------- | 6310| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6311| 19020001 | memory error. | 6312| 19030001 | crypto operation error. | 6313 6314**Example** 6315 6316```ts 6317import { cert } from '@kit.DeviceCertificateKit'; 6318import { BusinessError } from '@kit.BasicServicesKit'; 6319 6320// Convert the string into a Uint8Array. 6321function stringToUint8Array(str: string): Uint8Array { 6322 let arr: Array<number> = []; 6323 for (let i = 0, j = str.length; i < j; i++) { 6324 arr.push(str.charCodeAt(i)); 6325 } 6326 return new Uint8Array(arr); 6327} 6328 6329let crlData = '-----BEGIN X509 CRL-----\n' + 6330 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6331 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6332 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6333 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6334 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6335 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6336 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6337 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6338 '+i2osvdPWRia0dJCL1PCA14k\n' + 6339 '-----END X509 CRL-----\n'; 6340 6341// Certificate binary data, which varies with the service. 6342let certData = '-----BEGIN CERTIFICATE-----\n' + 6343 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 6344 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 6345 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 6346 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 6347 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 6348 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 6349 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 6350 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 6351 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 6352 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 6353 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 6354 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 6355 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 6356 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 6357 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 6358 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 6359 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 6360 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 6361 '-----END CERTIFICATE-----\n'; 6362 6363let certEncodingBlob: cert.EncodingBlob = { 6364 data: stringToUint8Array(certData), 6365 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6366 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6367}; 6368 6369// Binary data of the CRL, which varies with the service. 6370let encodingBlob: cert.EncodingBlob = { 6371 data: stringToUint8Array(crlData), 6372 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6373 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6374}; 6375 6376cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6377 if (error) { 6378 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6379 } else { 6380 console.log('createX509CRL success'); 6381 // Create an X.509 certificate object. 6382 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 6383 try { 6384 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 6385 console.log('getRevokedCertWithCert success'); 6386 } catch (error) { 6387 let e: BusinessError = error as BusinessError; 6388 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6389 } 6390 }).catch((error: BusinessError) => { 6391 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6392 }) 6393 } 6394}); 6395``` 6396 6397### getRevokedCerts<sup>11+</sup> 6398 6399getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 6400 6401Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 6402 6403**Atomic service API**: This API can be used in atomic services since API version 12. 6404 6405**System capability**: SystemCapability.Security.Cert 6406 6407**Parameters** 6408 6409| Name | Type | Mandatory| Description | 6410| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 6411| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | Yes | Callback used to return a list of revoked X.509 certificates.| 6412 6413**Error codes** 6414 6415For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6416 6417| ID| Error Message | 6418| -------- | ----------------------- | 6419| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6420| 19020001 | memory error. | 6421| 19030001 | crypto operation error. | 6422 6423**Example** 6424 6425```ts 6426import { cert } from '@kit.DeviceCertificateKit'; 6427import { BusinessError } from '@kit.BasicServicesKit'; 6428 6429// Convert the string into a Uint8Array. 6430function stringToUint8Array(str: string): Uint8Array { 6431 let arr: Array<number> = []; 6432 for (let i = 0, j = str.length; i < j; i++) { 6433 arr.push(str.charCodeAt(i)); 6434 } 6435 return new Uint8Array(arr); 6436} 6437 6438let crlData = '-----BEGIN X509 CRL-----\n' + 6439 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6440 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6441 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6442 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6443 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6444 'eavsH0Q3\n' + 6445 '-----END X509 CRL-----\n'; 6446 6447// Binary data of the CRL, which varies with the service. 6448let encodingBlob: cert.EncodingBlob = { 6449 data: stringToUint8Array(crlData), 6450 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6451 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6452}; 6453 6454cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6455 if (error) { 6456 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6457 } else { 6458 console.log('createX509CRL success'); 6459 x509CRL.getRevokedCerts((error, array) => { 6460 if (error) { 6461 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6462 } else { 6463 console.log('getRevokedCerts success'); 6464 } 6465 }); 6466 } 6467}); 6468``` 6469 6470### getRevokedCerts<sup>11+</sup> 6471 6472getRevokedCerts() : Promise<Array\<X509CRLEntry>> 6473 6474Obtains the revoked X.509 certificates. This API uses a promise to return the result. 6475 6476**Atomic service API**: This API can be used in atomic services since API version 12. 6477 6478**System capability**: SystemCapability.Security.Cert 6479 6480**Return value** 6481 6482| Type | Description | 6483| ------------------------------------------------ | ---------------------- | 6484| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | Promise used to return a list of revoked X.509 certificates.| 6485 6486**Error codes** 6487 6488For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6489 6490| ID| Error Message | 6491| -------- | ----------------------- | 6492| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6493| 19020001 | memory error. | 6494| 19030001 | crypto operation error. | 6495 6496**Example** 6497 6498```ts 6499import { cert } from '@kit.DeviceCertificateKit'; 6500import { BusinessError } from '@kit.BasicServicesKit'; 6501 6502// Convert the string into a Uint8Array. 6503function stringToUint8Array(str: string): Uint8Array { 6504 let arr: Array<number> = []; 6505 for (let i = 0, j = str.length; i < j; i++) { 6506 arr.push(str.charCodeAt(i)); 6507 } 6508 return new Uint8Array(arr); 6509} 6510 6511let crlData = '-----BEGIN X509 CRL-----\n' + 6512 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6513 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6514 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6515 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6516 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6517 'eavsH0Q3\n' + 6518 '-----END X509 CRL-----\n'; 6519 6520// Binary data of the CRL, which varies with the service. 6521let encodingBlob: cert.EncodingBlob = { 6522 data: stringToUint8Array(crlData), 6523 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6524 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6525}; 6526 6527cert.createX509CRL(encodingBlob).then(x509CRL => { 6528 console.log('createX509CRL success'); 6529 x509CRL.getRevokedCerts().then(array => { 6530 console.log('getRevokedCerts success'); 6531 }).catch((error: BusinessError) => { 6532 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6533 }); 6534}).catch((error: BusinessError) => { 6535 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6536}); 6537``` 6538 6539### getSignature<sup>11+</sup> 6540 6541getSignature() : DataBlob 6542 6543Obtains the signature data of the X.509 CRL. 6544 6545**Atomic service API**: This API can be used in atomic services since API version 12. 6546 6547**System capability**: SystemCapability.Security.Cert 6548 6549**Return value** 6550 6551| Type | Description | 6552| --------------------- | ------------------------------ | 6553| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 6554 6555**Error codes** 6556 6557For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6558 6559| ID| Error Message | 6560| -------- | ----------------------- | 6561| 19020001 | memory error. | 6562| 19020002 | runtime error. | 6563| 19030001 | crypto operation error. | 6564 6565**Example** 6566 6567```ts 6568import { cert } from '@kit.DeviceCertificateKit'; 6569import { BusinessError } from '@kit.BasicServicesKit'; 6570 6571// Convert the string into a Uint8Array. 6572function stringToUint8Array(str: string): Uint8Array { 6573 let arr: Array<number> = []; 6574 for (let i = 0, j = str.length; i < j; i++) { 6575 arr.push(str.charCodeAt(i)); 6576 } 6577 return new Uint8Array(arr); 6578} 6579 6580let crlData = '-----BEGIN X509 CRL-----\n' + 6581 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6582 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6583 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6584 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6585 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6586 'eavsH0Q3\n' + 6587 '-----END X509 CRL-----\n'; 6588 6589// Binary data of the CRL, which varies with the service. 6590let encodingBlob: cert.EncodingBlob = { 6591 data: stringToUint8Array(crlData), 6592 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6593 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6594}; 6595 6596cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6597 if (error) { 6598 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6599 } else { 6600 console.log('createX509CRL success'); 6601 try { 6602 let signature = x509CRL.getSignature(); 6603 } catch (err) { 6604 let e: BusinessError = err as BusinessError; 6605 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6606 } 6607 } 6608}); 6609``` 6610 6611### getSignatureAlgName<sup>11+</sup> 6612 6613getSignatureAlgName() : string 6614 6615Obtains the signing algorithm of the X.509 CRL. 6616 6617**Atomic service API**: This API can be used in atomic services since API version 12. 6618 6619**System capability**: SystemCapability.Security.Cert 6620 6621**Return value** 6622 6623| Type | Description | 6624| ------ | -------------------------------- | 6625| string | Signing algorithm obtained.| 6626 6627**Error codes** 6628 6629For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6630 6631| ID| Error Message | 6632| -------- | ----------------------- | 6633| 19020001 | memory error. | 6634| 19020002 | runtime error. | 6635| 19030001 | crypto operation error. | 6636 6637**Example** 6638 6639```ts 6640import { cert } from '@kit.DeviceCertificateKit'; 6641import { BusinessError } from '@kit.BasicServicesKit'; 6642 6643// Convert the string into a Uint8Array. 6644function stringToUint8Array(str: string): Uint8Array { 6645 let arr: Array<number> = []; 6646 for (let i = 0, j = str.length; i < j; i++) { 6647 arr.push(str.charCodeAt(i)); 6648 } 6649 return new Uint8Array(arr); 6650} 6651 6652let crlData = '-----BEGIN X509 CRL-----\n' + 6653 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6654 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6655 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6656 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6657 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6658 'eavsH0Q3\n' + 6659 '-----END X509 CRL-----\n'; 6660 6661// Binary data of the CRL, which varies with the service. 6662let encodingBlob: cert.EncodingBlob = { 6663 data: stringToUint8Array(crlData), 6664 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6665 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6666}; 6667 6668cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6669 if (error) { 6670 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6671 } else { 6672 console.log('createX509CRL success'); 6673 try { 6674 let sigAlgName = x509CRL.getSignatureAlgName(); 6675 } catch (err) { 6676 let e: BusinessError = err as BusinessError; 6677 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6678 } 6679 } 6680}); 6681``` 6682 6683### getSignatureAlgOid<sup>11+</sup> 6684 6685getSignatureAlgOid() : string 6686 6687Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 6688 6689**Atomic service API**: This API can be used in atomic services since API version 12. 6690 6691**System capability**: SystemCapability.Security.Cert 6692 6693**Return value** 6694 6695| Type | Description | 6696| ------ | --------------------------------------------- | 6697| string | OID of the X.509 CRL signing algorithm obtained.| 6698 6699**Error codes** 6700 6701For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6702 6703| ID| Error Message | 6704| -------- | ----------------------- | 6705| 19020001 | memory error. | 6706| 19020002 | runtime error. | 6707| 19030001 | crypto operation error. | 6708 6709**Example** 6710 6711```ts 6712import { cert } from '@kit.DeviceCertificateKit'; 6713import { BusinessError } from '@kit.BasicServicesKit'; 6714 6715// Convert the string into a Uint8Array. 6716function stringToUint8Array(str: string): Uint8Array { 6717 let arr: Array<number> = []; 6718 for (let i = 0, j = str.length; i < j; i++) { 6719 arr.push(str.charCodeAt(i)); 6720 } 6721 return new Uint8Array(arr); 6722} 6723 6724let crlData = '-----BEGIN X509 CRL-----\n' + 6725 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6726 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6727 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6728 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6729 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6730 'eavsH0Q3\n' + 6731 '-----END X509 CRL-----\n'; 6732 6733// Binary data of the CRL, which varies with the service. 6734let encodingBlob: cert.EncodingBlob = { 6735 data: stringToUint8Array(crlData), 6736 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6737 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6738}; 6739 6740cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6741 if (error) { 6742 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6743 } else { 6744 console.log('createX509CRL success'); 6745 try { 6746 let sigAlgOid = x509CRL.getSignatureAlgOid(); 6747 } catch (err) { 6748 let e: BusinessError = err as BusinessError; 6749 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6750 } 6751 } 6752}); 6753``` 6754 6755### getSignatureAlgParams<sup>11+</sup> 6756 6757getSignatureAlgParams() : DataBlob 6758 6759Obtains the parameters of the X.509 CRL signing algorithm. 6760 6761**Atomic service API**: This API can be used in atomic services since API version 12. 6762 6763**System capability**: SystemCapability.Security.Cert 6764 6765**Return value** 6766 6767| Type | Description | 6768| --------------------- | ---------------------------------- | 6769| [DataBlob](#datablob) | Algorithm parameters obtained.| 6770 6771**Error codes** 6772 6773For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6774 6775| ID| Error Message | 6776| -------- | ----------------------- | 6777| 801 | this operation is not supported. | 6778| 19020001 | memory error. | 6779| 19020002 | runtime error. | 6780| 19030001 | crypto operation error. | 6781 6782**Example** 6783 6784```ts 6785import { cert } from '@kit.DeviceCertificateKit'; 6786import { BusinessError } from '@kit.BasicServicesKit'; 6787 6788// Convert the string into a Uint8Array. 6789function stringToUint8Array(str: string): Uint8Array { 6790 let arr: Array<number> = []; 6791 for (let i = 0, j = str.length; i < j; i++) { 6792 arr.push(str.charCodeAt(i)); 6793 } 6794 return new Uint8Array(arr); 6795} 6796 6797let crlData = '-----BEGIN X509 CRL-----\n' + 6798 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6799 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6800 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6801 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6802 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6803 'eavsH0Q3\n' + 6804 '-----END X509 CRL-----\n'; 6805 6806// Binary data of the CRL, which varies with the service. 6807let encodingBlob: cert.EncodingBlob = { 6808 data: stringToUint8Array(crlData), 6809 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6810 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6811}; 6812 6813cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6814 if (error) { 6815 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6816 } else { 6817 console.log('createX509CRL success'); 6818 try { 6819 let sigAlgParams = x509CRL.getSignatureAlgParams(); 6820 } catch (err) { 6821 let e: BusinessError = err as BusinessError; 6822 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6823 } 6824 } 6825}); 6826``` 6827 6828### getTBSInfo<sup>11+</sup> 6829 6830getTBSInfo() : DataBlob 6831 6832Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. 6833 6834**Atomic service API**: This API can be used in atomic services since API version 12. 6835 6836**System capability**: SystemCapability.Security.Cert 6837 6838**Return value** 6839 6840| Type | Description | 6841| --------------------- | --------------------------------- | 6842| [DataBlob](#datablob) | **tbsCertList** information obtained.| 6843 6844**Error codes** 6845 6846For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6847 6848| ID| Error Message | 6849| -------- | ----------------------- | 6850| 19020001 | memory error. | 6851| 19020002 | runtime error. | 6852| 19030001 | crypto operation error. | 6853 6854**Example** 6855 6856```ts 6857import { cert } from '@kit.DeviceCertificateKit'; 6858import { BusinessError } from '@kit.BasicServicesKit'; 6859 6860// Convert the string into a Uint8Array. 6861function stringToUint8Array(str: string): Uint8Array { 6862 let arr: Array<number> = []; 6863 for (let i = 0, j = str.length; i < j; i++) { 6864 arr.push(str.charCodeAt(i)); 6865 } 6866 return new Uint8Array(arr); 6867} 6868 6869let crlData = '-----BEGIN X509 CRL-----\n' + 6870 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6871 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6872 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6873 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6874 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6875 'eavsH0Q3\n' + 6876 '-----END X509 CRL-----\n'; 6877 6878// Binary data of the CRL, which varies with the service. 6879let encodingBlob: cert.EncodingBlob = { 6880 data: stringToUint8Array(crlData), 6881 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6882 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6883}; 6884 6885cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6886 if (error) { 6887 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6888 } else { 6889 console.log('createX509CRL success'); 6890 try { 6891 let tbsInfo = x509CRL.getTBSInfo(); 6892 } catch (error) { 6893 let e: BusinessError = error as BusinessError; 6894 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6895 } 6896 } 6897}); 6898``` 6899 6900### getExtensions<sup>11+</sup> 6901 6902getExtensions(): DataBlob 6903 6904Obtains the CRL extensions. 6905 6906**Atomic service API**: This API can be used in atomic services since API version 12. 6907 6908**System capability**: SystemCapability.Security.Cert 6909 6910**Return value** 6911 6912| Type | Description | 6913| --------------------- | ------------------- | 6914| [DataBlob](#datablob) | X.509 CRL extensions obtained.| 6915 6916**Error codes** 6917 6918For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6919 6920| ID| Error Message | 6921| -------- | ----------------------- | 6922| 19020001 | memory error. | 6923| 19020002 | runtime error. | 6924| 19030001 | crypto operation error. | 6925 6926**Example** 6927 6928```ts 6929import { cert } from '@kit.DeviceCertificateKit'; 6930import { BusinessError } from '@kit.BasicServicesKit'; 6931 6932// Convert the string into a Uint8Array. 6933function stringToUint8Array(str: string): Uint8Array { 6934 let arr: Array<number> = []; 6935 for (let i = 0, j = str.length; i < j; i++) { 6936 arr.push(str.charCodeAt(i)); 6937 } 6938 return new Uint8Array(arr); 6939} 6940 6941let crlData = '-----BEGIN X509 CRL-----\n' + 6942 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6943 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6944 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6945 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6946 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6947 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6948 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6949 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6950 '+i2osvdPWRia0dJCL1PCA14k\n' + 6951 '-----END X509 CRL-----\n'; 6952 6953// Binary data of the CRL, which varies with the service. 6954let encodingBlob: cert.EncodingBlob = { 6955 data: stringToUint8Array(crlData), 6956 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 6957 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6958}; 6959 6960cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6961 if (error) { 6962 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6963 } else { 6964 console.log('createX509CRL success'); 6965 try { 6966 let extensions = x509CRL.getExtensions(); 6967 } catch (error) { 6968 let e: BusinessError = error as BusinessError; 6969 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6970 } 6971 } 6972}); 6973``` 6974 6975### match<sup>11+</sup> 6976 6977match(param: X509CRLMatchParameters): boolean 6978 6979Checks whether this CRL matches the specified parameters. 6980 6981**Atomic service API**: This API can be used in atomic services since API version 12. 6982 6983**System capability**: SystemCapability.Security.Cert 6984 6985**Parameters** 6986 6987| Name | Type | Mandatory| Description | 6988| --------- | ------ | ---- | ------------------------------------------ | 6989| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| Yes | Parameters specified for matching the CRL. | 6990 6991**Return value** 6992 6993| Type | Description | 6994| --------------------- | ----------------------------------------- | 6995| boolean | Returns **true** if the CRL matches the parameters specified; returns **false** otherwise. | 6996 6997**Error codes** 6998 6999For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7000 7001| ID| Error Message | 7002| -------- | -------------- | 7003| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7004| 19020001 | memory error. | 7005| 19030001 | crypto operation error. | 7006 7007**Example** 7008 7009```ts 7010import { cert } from '@kit.DeviceCertificateKit'; 7011import { BusinessError } from '@kit.BasicServicesKit'; 7012 7013// Convert the string into a Uint8Array. 7014function stringToUint8Array(str: string): Uint8Array { 7015 let arr: Array<number> = []; 7016 for (let i = 0, j = str.length; i < j; i++) { 7017 arr.push(str.charCodeAt(i)); 7018 } 7019 return new Uint8Array(arr); 7020} 7021 7022let crlData = '-----BEGIN X509 CRL-----\n' + 7023 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7024 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7025 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7026 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7027 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7028 'eavsH0Q3\n' + 7029 '-----END X509 CRL-----\n'; 7030 7031// Binary data of the CRL, which varies with the service. 7032let crlEncodingBlob: cert.EncodingBlob = { 7033 data: stringToUint8Array(crlData), 7034 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7035 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7036}; 7037 7038const certData = "-----BEGIN CERTIFICATE-----\r\n" + 7039 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 7040 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 7041 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 7042 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 7043 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 7044 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 7045 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 7046 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 7047 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 7048 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 7049 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 7050 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 7051 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 7052 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 7053 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 7054 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 7055 "-----END CERTIFICATE-----\r\n"; 7056const certEncodingBlob: cert.EncodingBlob = { 7057 data: stringToUint8Array(certData), 7058 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 7059}; 7060 7061async function crlMatch() { 7062 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 7063 try { 7064 x509Cert = await cert.createX509Cert(certEncodingBlob); 7065 console.log('createX509Cert success'); 7066 } catch (err) { 7067 console.error('createX509Cert failed'); 7068 } 7069 7070 cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 7071 if (error) { 7072 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7073 } else { 7074 console.log('createX509CRL success'); 7075 try { 7076 const param: cert.X509CRLMatchParameters = { 7077 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 7078 x509Cert: x509Cert 7079 } 7080 const result = x509CRL.match(param); 7081 } catch (error) { 7082 let e: BusinessError = error as BusinessError; 7083 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7084 } 7085 } 7086 }); 7087} 7088``` 7089 7090### getIssuerX500DistinguishedName<sup>12+</sup> 7091 7092getIssuerX500DistinguishedName(): X500DistinguishedName 7093 7094Obtains the DN of the X.509 certificate issuer. 7095 7096**Atomic service API**: This API can be used in atomic services since API version 12. 7097 7098**System capability**: SystemCapability.Security.Cert 7099 7100**Return value** 7101 7102| Type | Description | 7103| --------------------- | ----------------------------------------- | 7104| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 7105 7106**Error codes** 7107 7108For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7109 7110| ID| Error Message | 7111| -------- | -------------- | 7112| 19020001 | memory error. | 7113| 19020002 | runtime error. | 7114| 19030001 | crypto operation error. | 7115 7116**Example** 7117 7118```ts 7119import { cert } from '@kit.DeviceCertificateKit'; 7120import { BusinessError } from '@kit.BasicServicesKit'; 7121 7122// Convert the string into a Uint8Array. 7123function stringToUint8Array(str: string): Uint8Array { 7124 let arr: Array<number> = []; 7125 for (let i = 0, j = str.length; i < j; i++) { 7126 arr.push(str.charCodeAt(i)); 7127 } 7128 return new Uint8Array(arr); 7129} 7130 7131let crlData = '-----BEGIN X509 CRL-----\n' + 7132 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7133 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7134 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7135 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7136 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7137 'eavsH0Q3\n' + 7138 '-----END X509 CRL-----\n'; 7139 7140// Binary data of the CRL, which varies with the service. 7141let crlEncodingBlob: cert.EncodingBlob = { 7142 data: stringToUint8Array(crlData), 7143 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7144 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7145}; 7146 7147async function crlGetIssuerX500DistinguishedName() { 7148 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7149 try { 7150 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7151 console.log('createX509CRL success'); 7152 let name = x509Crl.getIssuerX500DistinguishedName(); 7153 } catch (err) { 7154 let e: BusinessError = err as BusinessError; 7155 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7156 } 7157} 7158``` 7159 7160### toString<sup>12+</sup> 7161 7162toString(): string 7163 7164Converts the object data into a string. 7165 7166**Atomic service API**: This API can be used in atomic services since API version 12. 7167 7168**System capability**: SystemCapability.Security.Cert 7169 7170**Return value** 7171 7172| Type | Description | 7173| --------------------- | ----------------------------------------- | 7174| string | String obtained.| 7175 7176**Error codes** 7177 7178For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7179 7180| ID| Error Message | 7181| -------- | -------------- | 7182| 19020001 | memory error. | 7183| 19020002 | runtime error. | 7184| 19030001 | crypto operation error. | 7185 7186**Example** 7187 7188```ts 7189import { cert } from '@kit.DeviceCertificateKit'; 7190import { BusinessError } from '@kit.BasicServicesKit'; 7191 7192// Convert the string into a Uint8Array. 7193function stringToUint8Array(str: string): Uint8Array { 7194 let arr: Array<number> = []; 7195 for (let i = 0, j = str.length; i < j; i++) { 7196 arr.push(str.charCodeAt(i)); 7197 } 7198 return new Uint8Array(arr); 7199} 7200 7201let crlData = '-----BEGIN X509 CRL-----\n' + 7202 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7203 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7204 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7205 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7206 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7207 'eavsH0Q3\n' + 7208 '-----END X509 CRL-----\n'; 7209 7210// Binary data of the CRL, which varies with the service. 7211let crlEncodingBlob: cert.EncodingBlob = { 7212 data: stringToUint8Array(crlData), 7213 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7214 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7215}; 7216 7217async function crlToString() { 7218 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7219 try { 7220 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7221 console.log('createX509CRL success'); 7222 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); 7223 } catch (err) { 7224 let e: BusinessError = err as BusinessError; 7225 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7226 } 7227} 7228``` 7229 7230### hashCode<sup>12+</sup> 7231 7232hashCode(): Uint8Array 7233 7234Obtains the hash value of the data in DER format. 7235 7236**Atomic service API**: This API can be used in atomic services since API version 12. 7237 7238**System capability**: SystemCapability.Security.Cert 7239 7240**Return value** 7241 7242| Type | Description | 7243| --------------------- | ----------------------------------------- | 7244| Uint8Array | Hash value obtained.| 7245 7246**Error codes** 7247 7248For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7249 7250| ID| Error Message | 7251| -------- | -------------- | 7252| 19020001 | memory error. | 7253| 19020002 | runtime error. | 7254| 19030001 | crypto operation error. | 7255 7256**Example** 7257 7258```ts 7259import { cert } from '@kit.DeviceCertificateKit'; 7260import { BusinessError } from '@kit.BasicServicesKit'; 7261 7262// Convert the string into a Uint8Array. 7263function stringToUint8Array(str: string): Uint8Array { 7264 let arr: Array<number> = []; 7265 for (let i = 0, j = str.length; i < j; i++) { 7266 arr.push(str.charCodeAt(i)); 7267 } 7268 return new Uint8Array(arr); 7269} 7270 7271let crlData = '-----BEGIN X509 CRL-----\n' + 7272 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7273 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7274 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7275 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7276 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7277 'eavsH0Q3\n' + 7278 '-----END X509 CRL-----\n'; 7279 7280// Binary data of the CRL, which varies with the service. 7281let crlEncodingBlob: cert.EncodingBlob = { 7282 data: stringToUint8Array(crlData), 7283 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7284 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7285}; 7286 7287async function crlHashCode() { 7288 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7289 try { 7290 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7291 console.log('createX509CRL success'); 7292 console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); 7293 } catch (err) { 7294 let e: BusinessError = err as BusinessError; 7295 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7296 } 7297} 7298``` 7299 7300### getExtensionsObject<sup>12+</sup> 7301 7302getExtensionsObject(): CertExtension 7303 7304Obtains the certification extensions in DER format. 7305 7306**Atomic service API**: This API can be used in atomic services since API version 12. 7307 7308**System capability**: SystemCapability.Security.Cert 7309 7310**Return value** 7311 7312| Type | Description | 7313| --------------------- | ----------------------------------------- | 7314| [CertExtension](#certextension10) | Certificate extensions object obtained.| 7315 7316**Error codes** 7317 7318For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7319 7320| ID| Error Message | 7321| -------- | -------------- | 7322| 19020001 | memory error. | 7323| 19020002 | runtime error. | 7324| 19030001 | crypto operation error. | 7325 7326**Example** 7327 7328```ts 7329import { cert } from '@kit.DeviceCertificateKit'; 7330import { BusinessError } from '@kit.BasicServicesKit'; 7331 7332// Convert the string into a Uint8Array. 7333function stringToUint8Array(str: string): Uint8Array { 7334 let arr: Array<number> = []; 7335 for (let i = 0, j = str.length; i < j; i++) { 7336 arr.push(str.charCodeAt(i)); 7337 } 7338 return new Uint8Array(arr); 7339} 7340 7341let crlData = '-----BEGIN X509 CRL-----\n' + 7342 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 7343 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 7344 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + 7345 '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 7346 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + 7347 '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 7348 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + 7349 '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 7350 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 7351 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + 7352 '+X48g7VE2o2X4cfy\n' + 7353 '-----END X509 CRL-----\n'; 7354 7355// Binary data of the CRL, which varies with the service. 7356let crlEncodingBlob: cert.EncodingBlob = { 7357 data: stringToUint8Array(crlData), 7358 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7359 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7360}; 7361 7362async function crlHashCode() { 7363 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7364 try { 7365 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7366 console.log('createX509CRL success'); 7367 let object = x509Crl.getExtensionsObject(); 7368 } catch (err) { 7369 let e: BusinessError = err as BusinessError; 7370 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7371 } 7372} 7373``` 7374 7375## cert.createCertChainValidator 7376 7377createCertChainValidator(algorithm :string) : CertChainValidator 7378 7379Creates a **CertChainValidator** object. 7380 7381**Atomic service API**: This API can be used in atomic services since API version 12. 7382 7383**System capability**: SystemCapability.Security.Cert 7384 7385**Parameters** 7386 7387| Name | Type | Mandatory| Description | 7388| --------- | ------ | ---- | ------------------------------------------ | 7389| algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| 7390 7391**Return value** 7392 7393| Type | Description | 7394| ------------------ | -------------------- | 7395| [CertChainValidator](#certchainvalidator) | **CertChainValidator** object created.| 7396 7397**Error codes** 7398 7399For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7400 7401| ID| Error Message | 7402| -------- | ----------------------- | 7403| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7404| 801 | this operation is not supported. | 7405| 19020001 | memory error. | 7406| 19020002 | runtime error. | 7407| 19030001 | crypto operation error. | 7408 7409**Example** 7410 7411```ts 7412import { cert } from '@kit.DeviceCertificateKit'; 7413import { BusinessError } from '@kit.BasicServicesKit'; 7414 7415try { 7416 let validator = cert.createCertChainValidator('PKIX'); 7417} catch (error) { 7418 let e: BusinessError = error as BusinessError; 7419 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7420} 7421``` 7422 7423## CertChainValidator 7424 7425Provides APIs for certificate chain validator operations. 7426 7427 7428### Properties 7429 7430**Atomic service API**: This API can be used in atomic services since API version 12. 7431 7432**System capability**: SystemCapability.Security.Cert 7433 7434| Name | Type | Readable| Writable| Description | 7435| ------- | ------ | ---- | ---- | -------------------------- | 7436| algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| 7437 7438 7439### validate 7440 7441validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 7442 7443Validates an X.509 certificate chain. This API uses an asynchronous callback to return the result. 7444The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). 7445 7446**Atomic service API**: This API can be used in atomic services since API version 12. 7447 7448**System capability**: SystemCapability.Security.Cert 7449 7450**Parameters** 7451 7452| Name | Type | Mandatory| Description | 7453| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 7454| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | 7455| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the X.509 certificate chain is valid. If **error** is not **null**, the X.509 certificate chain is not valid.| 7456 7457**Error codes** 7458 7459For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7460 7461| ID| Error Message | 7462| -------- | ------------------------------------------------- | 7463| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7464| 19020001 | memory error. | 7465| 19020002 | runtime error. | 7466| 19030001 | crypto operation error. | 7467| 19030002 | the certificate signature verification failed. | 7468| 19030003 | the certificate has not taken effect. | 7469| 19030004 | the certificate has expired. | 7470| 19030005 | failed to obtain the certificate issuer. | 7471| 19030006 | the key cannot be used for signing a certificate. | 7472| 19030007 | the key cannot be used for digital signature. | 7473 7474**Example** 7475 7476```ts 7477import { cert } from '@kit.DeviceCertificateKit'; 7478import { BusinessError } from '@kit.BasicServicesKit'; 7479 7480// Convert the string into a Uint8Array. 7481function stringToUint8Array(str: string): Uint8Array { 7482 let arr: Array<number> = []; 7483 for (let i = 0, j = str.length; i < j; i++) { 7484 arr.push(str.charCodeAt(i)); 7485 } 7486 return new Uint8Array(arr); 7487} 7488 7489// Binary data of the certificate chain. 7490let certPem = '-----BEGIN CERTIFICATE-----\n' + 7491 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7492 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7493 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7494 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7495 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7496 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7497 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7498 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7499 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7500 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7501 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7502 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7503 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7504 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7505 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7506 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7507 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7508 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7509 '-----END CERTIFICATE-----'; 7510 7511let caPem = '-----BEGIN CERTIFICATE-----\n' + 7512'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7513'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7514'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7515'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7516'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7517'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7518'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7519'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7520'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7521'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7522'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7523'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7524'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7525'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7526'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7527'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7528'sSus\n' + 7529'-----END CERTIFICATE-----'; 7530 7531let certPemData = stringToUint8Array(certPem); 7532let caPemData = stringToUint8Array(caPem); 7533 7534let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7535let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7536 7537let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7538certChainBuff.set(certPemDataLenData) 7539certChainBuff.set(certPemData, certPemDataLenData.length) 7540certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7541certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7542 7543let certChainData: cert.CertChainData = { 7544 data: certChainBuff, 7545 // Number of certificates in the certificate chain. It must be set based on the service. 7546 count: 2, 7547 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7548 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7549}; 7550 7551try { 7552 let validator = cert.createCertChainValidator('PKIX'); 7553 validator.validate(certChainData, (error, data) => { 7554 if (error) { 7555 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7556 } else { 7557 console.log('validate success'); 7558 } 7559 }); 7560} catch (error) { 7561 let e: BusinessError = error as BusinessError; 7562 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7563} 7564``` 7565 7566### validate 7567 7568validate(certChain : CertChainData) : Promise\<void> 7569 7570Validates an X.509 certificate chain. This API uses a promise to return the result. 7571The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). 7572 7573**Atomic service API**: This API can be used in atomic services since API version 12. 7574 7575**System capability**: SystemCapability.Security.Cert 7576 7577**Parameters** 7578 7579| Name | Type | Mandatory| Description | 7580| --------- | ------------------------------- | ---- | -------------------------- | 7581| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| 7582 7583**Return value** 7584 7585| Type | Description | 7586| -------------- | ----------- | 7587| Promise\<void> | Promise used to return the result.| 7588 7589**Error codes** 7590 7591For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7592 7593| ID| Error Message | 7594| -------- | ------------------------------------------------- | 7595| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7596| 19020001 | memory error. | 7597| 19020002 | runtime error. | 7598| 19030001 | crypto operation error. | 7599| 19030002 | the certificate signature verification failed. | 7600| 19030003 | the certificate has not taken effect. | 7601| 19030004 | the certificate has expired. | 7602| 19030005 | failed to obtain the certificate issuer. | 7603| 19030006 | the key cannot be used for signing a certificate. | 7604| 19030007 | the key cannot be used for digital signature. | 7605 7606**Example** 7607 7608```ts 7609import { cert } from '@kit.DeviceCertificateKit'; 7610import { BusinessError } from '@kit.BasicServicesKit'; 7611 7612// Convert the string into a Uint8Array. 7613function stringToUint8Array(str: string): Uint8Array { 7614 let arr: Array<number> = []; 7615 for (let i = 0, j = str.length; i < j; i++) { 7616 arr.push(str.charCodeAt(i)); 7617 } 7618 return new Uint8Array(arr); 7619} 7620 7621// Certificate chain data. 7622let certPem = '-----BEGIN CERTIFICATE-----\n' + 7623 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7624 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7625 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7626 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7627 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7628 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7629 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7630 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7631 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7632 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7633 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7634 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7635 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7636 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7637 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7638 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7639 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7640 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7641 '-----END CERTIFICATE-----'; 7642 7643let caPem = '-----BEGIN CERTIFICATE-----\n' + 7644'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7645'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7646'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7647'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7648'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7649'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7650'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7651'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7652'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7653'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7654'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7655'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7656'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7657'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7658'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7659'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7660'sSus\n' + 7661'-----END CERTIFICATE-----'; 7662 7663let certPemData = stringToUint8Array(certPem); 7664let caPemData = stringToUint8Array(caPem); 7665 7666let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7667let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7668 7669let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7670certChainBuff.set(certPemDataLenData) 7671certChainBuff.set(certPemData, certPemDataLenData.length) 7672certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7673certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7674 7675let certChainData: cert.CertChainData = { 7676 data: certChainBuff, 7677 // Number of certificates in the certificate chain. It must be set based on the service. 7678 count: 2, 7679 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7680 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7681}; 7682 7683try { 7684 let validator = cert.createCertChainValidator('PKIX'); 7685 validator.validate(certChainData).then(result => { 7686 console.log('validate success'); 7687 }).catch((error: BusinessError) => { 7688 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7689 }); 7690} catch (error) { 7691 let e: BusinessError = error as BusinessError; 7692 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7693} 7694``` 7695 7696## X509CrlEntry<sup>(deprecated)</sup> 7697 7698Provides APIs for operating the revoked certificates. 7699 7700> **NOTE** 7701> 7702> This API is deprecated since API version 11. Use [X509CrlEntry](#x509crlentry11) instead. 7703 7704### getEncoded<sup>(deprecated)</sup> 7705 7706getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7707 7708Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 7709 7710> **NOTE** 7711> 7712> This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-2) instead. 7713 7714**System capability**: SystemCapability.Security.Cert 7715 7716**Parameters** 7717 7718| Name | Type | Mandatory| Description | 7719| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7720| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized data of the revoked certificate obtained.| 7721 7722**Error codes** 7723 7724For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7725 7726| ID| Error Message | 7727| -------- | ----------------------- | 7728| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7729| 19020001 | memory error. | 7730| 19020002 | runtime error. | 7731| 19030001 | crypto operation error. | 7732 7733**Example** 7734 7735```ts 7736import { cert } from '@kit.DeviceCertificateKit'; 7737import { BusinessError } from '@kit.BasicServicesKit'; 7738 7739// Convert the string into a Uint8Array. 7740function stringToUint8Array(str: string): Uint8Array { 7741 let arr: Array<number> = []; 7742 for (let i = 0, j = str.length; i < j; i++) { 7743 arr.push(str.charCodeAt(i)); 7744 } 7745 return new Uint8Array(arr); 7746} 7747 7748let crlData = '-----BEGIN X509 CRL-----\n' + 7749 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7750 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7751 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7752 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7753 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7754 'eavsH0Q3\n' + 7755 '-----END X509 CRL-----\n' 7756 7757let encodingBlob: cert.EncodingBlob = { 7758 data: stringToUint8Array(crlData), 7759 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7760 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7761}; 7762 7763cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7764 if (err) { 7765 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7766 } else { 7767 console.log('create x509 crl success'); 7768 7769 try { 7770 let serialNumber = 1000; 7771 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7772 crlEntry.getEncoded((error, data) => { 7773 if (error) { 7774 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7775 } else { 7776 console.log('getEncoded success'); 7777 } 7778 }); 7779 } catch (error) { 7780 let e: BusinessError = error as BusinessError; 7781 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7782 } 7783 } 7784}) 7785``` 7786 7787### getEncoded<sup>(deprecated)</sup> 7788 7789getEncoded() : Promise\<EncodingBlob> 7790 7791Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 7792 7793> **NOTE** 7794> 7795> This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-3) instead. 7796 7797**System capability**: SystemCapability.Security.Cert 7798 7799**Return value** 7800 7801| Type | Description | 7802| --------------------------------------- | -------------------------- | 7803| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 7804 7805**Error codes** 7806 7807For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7808 7809| ID| Error Message | 7810| -------- | ----------------------- | 7811| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7812| 19020001 | memory error. | 7813| 19020002 | runtime error. | 7814| 19030001 | crypto operation error. | 7815 7816**Example** 7817 7818```ts 7819import { cert } from '@kit.DeviceCertificateKit'; 7820import { BusinessError } from '@kit.BasicServicesKit'; 7821 7822// Convert the string into a Uint8Array. 7823function stringToUint8Array(str: string): Uint8Array { 7824 let arr: Array<number> = []; 7825 for (let i = 0, j = str.length; i < j; i++) { 7826 arr.push(str.charCodeAt(i)); 7827 } 7828 return new Uint8Array(arr); 7829} 7830 7831let crlData = '-----BEGIN X509 CRL-----\n' + 7832 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7833 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7834 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7835 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7836 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7837 'eavsH0Q3\n' + 7838 '-----END X509 CRL-----\n' 7839 7840let encodingBlob: cert.EncodingBlob = { 7841 data: stringToUint8Array(crlData), 7842 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7843 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7844}; 7845 7846cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7847 if (err) { 7848 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7849 } else { 7850 console.log('create x509 crl success'); 7851 7852 try { 7853 let serialNumber = 1000; 7854 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7855 crlEntry.getEncoded().then(result => { 7856 console.log('getEncoded success'); 7857 }).catch((error: BusinessError) => { 7858 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7859 }); 7860 } catch (error) { 7861 let e: BusinessError = error as BusinessError; 7862 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7863 } 7864 } 7865}) 7866``` 7867 7868### getSerialNumber<sup>(deprecated)</sup> 7869 7870getSerialNumber() : number 7871 7872Obtains the serial number of this revoked certificate. 7873 7874> **NOTE** 7875> 7876> This API is deprecated since API version 11. Use [X509CRLEntry.getSerialNumber](#getserialnumber11) instead. 7877 7878**System capability**: SystemCapability.Security.Cert 7879 7880**Return value** 7881 7882| Type | Description | 7883| ------ | ---------------------- | 7884| number | Serial number of the revoked certificate obtained.| 7885 7886**Example** 7887 7888```ts 7889import { cert } from '@kit.DeviceCertificateKit'; 7890import { BusinessError } from '@kit.BasicServicesKit'; 7891 7892// Convert the string into a Uint8Array. 7893function stringToUint8Array(str: string): Uint8Array { 7894 let arr: Array<number> = []; 7895 for (let i = 0, j = str.length; i < j; i++) { 7896 arr.push(str.charCodeAt(i)); 7897 } 7898 return new Uint8Array(arr); 7899} 7900 7901let crlData = '-----BEGIN X509 CRL-----\n' + 7902 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7903 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7904 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7905 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7906 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7907 'eavsH0Q3\n' + 7908 '-----END X509 CRL-----\n' 7909 7910let encodingBlob: cert.EncodingBlob = { 7911 data: stringToUint8Array(crlData), 7912 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7913 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7914}; 7915 7916cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7917 if (err) { 7918 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7919 } else { 7920 console.log('create x509 crl success'); 7921 7922 try { 7923 let serialNumber = 1000; 7924 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7925 serialNumber = crlEntry.getSerialNumber(); 7926 } catch (error) { 7927 let e: BusinessError = error as BusinessError; 7928 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7929 } 7930 } 7931}) 7932``` 7933 7934### getCertIssuer<sup>(deprecated)</sup> 7935 7936getCertIssuer() : DataBlob 7937 7938Obtains the issuer of this revoked certificate. This API uses an asynchronous callback to return the result. 7939 7940> **NOTE** 7941> 7942> This API is deprecated since API version 11. Use [X509CRLEntry.getCertIssuer](#getcertissuer11) instead. 7943 7944**System capability**: SystemCapability.Security.Cert 7945 7946**Return value** 7947 7948| Type | Description | 7949| --------------------- | ----------------------- | 7950| [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| 7951 7952**Error codes** 7953 7954For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7955 7956| ID| Error Message | 7957| -------- | -------------- | 7958| 801 | this operation is not supported. | 7959| 19020001 | memory error. | 7960| 19020002 | runtime error. | 7961 7962**Example** 7963 7964```ts 7965import { cert } from '@kit.DeviceCertificateKit'; 7966import { BusinessError } from '@kit.BasicServicesKit'; 7967 7968// Convert the string into a Uint8Array. 7969function stringToUint8Array(str: string): Uint8Array { 7970 let arr: Array<number> = []; 7971 for (let i = 0, j = str.length; i < j; i++) { 7972 arr.push(str.charCodeAt(i)); 7973 } 7974 return new Uint8Array(arr); 7975} 7976 7977let crlData = '-----BEGIN X509 CRL-----\n' + 7978 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7979 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7980 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7981 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7982 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7983 'eavsH0Q3\n' + 7984 '-----END X509 CRL-----\n' 7985 7986let encodingBlob: cert.EncodingBlob = { 7987 data: stringToUint8Array(crlData), 7988 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 7989 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7990}; 7991 7992cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7993 if (err) { 7994 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7995 } else { 7996 console.log('create x509 crl success'); 7997 7998 try { 7999 let serialNumber = 1000; 8000 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8001 let issuer = crlEntry.getCertIssuer(); 8002 } catch (error) { 8003 let e: BusinessError = error as BusinessError; 8004 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8005 } 8006 } 8007}) 8008``` 8009 8010### getRevocationDate<sup>(deprecated)</sup> 8011 8012getRevocationDate() : string 8013 8014Obtains the date when the certificate is revoked. 8015 8016> **NOTE** 8017> 8018> This API is deprecated since API version 11. Use [X509CRLEntry.getRevocationDate](#getrevocationdate11) instead. 8019 8020**System capability**: SystemCapability.Security.Cert 8021 8022**Return value** 8023 8024| Type | Description | 8025| ------ | ------------------ | 8026| string | Certificate revocation date obtained, in ASN.1 format.| 8027 8028**Error codes** 8029 8030For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8031 8032| ID| Error Message | 8033| -------- | ----------------------- | 8034| 19020001 | memory error. | 8035| 19020002 | runtime error. | 8036| 19030001 | crypto operation error. | 8037 8038**Example** 8039 8040```ts 8041import { cert } from '@kit.DeviceCertificateKit'; 8042import { BusinessError } from '@kit.BasicServicesKit'; 8043 8044// Convert the string into a Uint8Array. 8045function stringToUint8Array(str: string): Uint8Array { 8046 let arr: Array<number> = []; 8047 for (let i = 0, j = str.length; i < j; i++) { 8048 arr.push(str.charCodeAt(i)); 8049 } 8050 return new Uint8Array(arr); 8051} 8052 8053let crlData = '-----BEGIN X509 CRL-----\n' + 8054 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8055 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8056 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8057 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8058 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8059 'eavsH0Q3\n' + 8060 '-----END X509 CRL-----\n' 8061 8062let encodingBlob: cert.EncodingBlob = { 8063 data: stringToUint8Array(crlData), 8064 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8065 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8066}; 8067 8068cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8069 if (err) { 8070 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8071 } else { 8072 console.log('create x509 crl success'); 8073 8074 try { 8075 let serialNumber = 1000; 8076 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8077 let date = crlEntry.getRevocationDate(); 8078 } catch (error) { 8079 let e: BusinessError = error as BusinessError; 8080 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8081 } 8082 } 8083}) 8084``` 8085 8086## X509CRLEntry<sup>11+</sup> 8087 8088Provides APIs for operating the revoked certificates. 8089 8090### getEncoded<sup>11+</sup> 8091 8092getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 8093 8094Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 8095 8096**Atomic service API**: This API can be used in atomic services since API version 12. 8097 8098**System capability**: SystemCapability.Security.Cert 8099 8100**Parameters** 8101 8102| Name | Type | Mandatory| Description | 8103| -------- | --------------------------------------------- | ---- | ------------------------------------ | 8104| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized data of the revoked certificate obtained.| 8105 8106**Error codes** 8107 8108For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8109 8110| ID| Error Message | 8111| -------- | ----------------------- | 8112| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8113| 19020001 | memory error. | 8114| 19020002 | runtime error. | 8115| 19030001 | crypto operation error. | 8116 8117**Example** 8118 8119```ts 8120import { cert } from '@kit.DeviceCertificateKit'; 8121import { BusinessError } from '@kit.BasicServicesKit'; 8122 8123// Convert the string into a Uint8Array. 8124function stringToUint8Array(str: string): Uint8Array { 8125 let arr: Array<number> = []; 8126 for (let i = 0, j = str.length; i < j; i++) { 8127 arr.push(str.charCodeAt(i)); 8128 } 8129 return new Uint8Array(arr); 8130} 8131 8132let crlData = '-----BEGIN X509 CRL-----\n' + 8133 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8134 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8135 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8136 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8137 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8138 'eavsH0Q3\n' + 8139 '-----END X509 CRL-----\n' 8140 8141let encodingBlob: cert.EncodingBlob = { 8142 data: stringToUint8Array(crlData), 8143 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8144 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8145}; 8146 8147cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8148 if (err) { 8149 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8150 } else { 8151 console.log('create x509 CRL success'); 8152 8153 try { 8154 let serialNumber = BigInt(1000); 8155 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8156 crlEntry.getEncoded((error, data) => { 8157 if (error) { 8158 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8159 } else { 8160 console.log('getEncoded success'); 8161 } 8162 }); 8163 } catch (error) { 8164 let e: BusinessError = error as BusinessError; 8165 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8166 } 8167 } 8168}) 8169``` 8170 8171### getEncoded<sup>11+</sup> 8172 8173getEncoded() : Promise\<EncodingBlob> 8174 8175Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 8176 8177**Atomic service API**: This API can be used in atomic services since API version 12. 8178 8179**System capability**: SystemCapability.Security.Cert 8180 8181**Return value** 8182 8183| Type | Description | 8184| --------------------------------------- | -------------------------- | 8185| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 8186 8187**Error codes** 8188 8189For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8190 8191| ID| Error Message | 8192| -------- | ----------------------- | 8193| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8194| 19020001 | memory error. | 8195| 19020002 | runtime error. | 8196| 19030001 | crypto operation error. | 8197 8198**Example** 8199 8200```ts 8201import { cert } from '@kit.DeviceCertificateKit'; 8202import { BusinessError } from '@kit.BasicServicesKit'; 8203 8204// Convert the string into a Uint8Array. 8205function stringToUint8Array(str: string): Uint8Array { 8206 let arr: Array<number> = []; 8207 for (let i = 0, j = str.length; i < j; i++) { 8208 arr.push(str.charCodeAt(i)); 8209 } 8210 return new Uint8Array(arr); 8211} 8212 8213let crlData = '-----BEGIN X509 CRL-----\n' + 8214 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8215 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8216 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8217 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8218 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8219 'eavsH0Q3\n' + 8220 '-----END X509 CRL-----\n' 8221 8222let encodingBlob: cert.EncodingBlob = { 8223 data: stringToUint8Array(crlData), 8224 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8226}; 8227 8228cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8229 if (err) { 8230 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8231 } else { 8232 console.log('create x509 CRL success'); 8233 8234 try { 8235 let serialNumber = BigInt(1000); 8236 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8237 crlEntry.getEncoded().then(result => { 8238 console.log('getEncoded success'); 8239 }).catch((error: BusinessError) => { 8240 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8241 }); 8242 } catch (error) { 8243 let e: BusinessError = error as BusinessError; 8244 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8245 } 8246 } 8247}) 8248``` 8249 8250### getSerialNumber<sup>11+</sup> 8251 8252getSerialNumber() : bigint 8253 8254Obtains the serial number of this revoked certificate. 8255 8256**Atomic service API**: This API can be used in atomic services since API version 12. 8257 8258**System capability**: SystemCapability.Security.Cert 8259 8260**Return value** 8261 8262| Type | Description | 8263| ------ | ---------------------- | 8264| bigint | Serial number of the revoked certificate obtained.| 8265 8266**Error codes** 8267 8268For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8269 8270| ID| Error Message | 8271| -------- | ----------------------- | 8272| 19020001 | memory error. | 8273| 19020002 | runtime error. | 8274| 19030001 | crypto operation error. | 8275 8276**Example** 8277 8278```ts 8279import { cert } from '@kit.DeviceCertificateKit'; 8280import { BusinessError } from '@kit.BasicServicesKit'; 8281 8282// Convert the string into a Uint8Array. 8283function stringToUint8Array(str: string): Uint8Array { 8284 let arr: Array<number> = []; 8285 for (let i = 0, j = str.length; i < j; i++) { 8286 arr.push(str.charCodeAt(i)); 8287 } 8288 return new Uint8Array(arr); 8289} 8290 8291let crlData = '-----BEGIN X509 CRL-----\n' + 8292 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8293 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8294 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8295 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8296 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8297 'eavsH0Q3\n' + 8298 '-----END X509 CRL-----\n' 8299 8300let encodingBlob: cert.EncodingBlob = { 8301 data: stringToUint8Array(crlData), 8302 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8303 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8304}; 8305 8306cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8307 if (err) { 8308 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8309 } else { 8310 console.log('create x509 crl success'); 8311 8312 try { 8313 let serialNumber = BigInt(1000); 8314 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8315 serialNumber = crlEntry.getSerialNumber(); 8316 } catch (error) { 8317 let e: BusinessError = error as BusinessError; 8318 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8319 } 8320 } 8321}) 8322``` 8323 8324### getCertIssuer<sup>11+</sup> 8325 8326getCertIssuer() : DataBlob 8327 8328Obtains the issuer of this revoked certificate. 8329 8330**Atomic service API**: This API can be used in atomic services since API version 12. 8331 8332**System capability**: SystemCapability.Security.Cert 8333 8334**Return value** 8335 8336| Type | Description | 8337| --------------------- | -------------------------- | 8338| [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| 8339 8340**Error codes** 8341 8342For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8343 8344| ID| Error Message | 8345| -------- | ----------------------- | 8346| 801 | this operation is not supported. | 8347| 19020001 | memory error. | 8348| 19020002 | runtime error. | 8349| 19030001 | crypto operation error. | 8350 8351**Example** 8352 8353```ts 8354import { cert } from '@kit.DeviceCertificateKit'; 8355import { BusinessError } from '@kit.BasicServicesKit'; 8356 8357// Convert the string into a Uint8Array. 8358function stringToUint8Array(str: string): Uint8Array { 8359 let arr: Array<number> = []; 8360 for (let i = 0, j = str.length; i < j; i++) { 8361 arr.push(str.charCodeAt(i)); 8362 } 8363 return new Uint8Array(arr); 8364} 8365 8366let crlData = '-----BEGIN X509 CRL-----\n' + 8367 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8368 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8369 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8370 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8371 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8372 'eavsH0Q3\n' + 8373 '-----END X509 CRL-----\n' 8374 8375let encodingBlob: cert.EncodingBlob = { 8376 data: stringToUint8Array(crlData), 8377 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8378 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8379}; 8380 8381cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8382 if (err) { 8383 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8384 } else { 8385 console.log('create x509 CRL success'); 8386 8387 try { 8388 let serialNumber = BigInt(1000); 8389 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8390 let issuer = crlEntry.getCertIssuer(); 8391 } catch (error) { 8392 let e: BusinessError = error as BusinessError; 8393 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8394 } 8395 } 8396}) 8397``` 8398 8399### getRevocationDate<sup>11+</sup> 8400 8401getRevocationDate() : string 8402 8403Obtains the date when the certificate is revoked. 8404 8405**Atomic service API**: This API can be used in atomic services since API version 12. 8406 8407**System capability**: SystemCapability.Security.Cert 8408 8409**Return value** 8410 8411| Type | Description | 8412| ------ | -------------------- | 8413| string | Certificate revocation date obtained, in ASN.1 format.| 8414 8415**Error codes** 8416 8417For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8418 8419| ID| Error Message | 8420| -------- | ----------------------- | 8421| 19020001 | memory error. | 8422| 19020002 | runtime error. | 8423| 19030001 | crypto operation error. | 8424 8425**Example** 8426 8427```ts 8428import { cert } from '@kit.DeviceCertificateKit'; 8429import { BusinessError } from '@kit.BasicServicesKit'; 8430 8431// Convert the string into a Uint8Array. 8432function stringToUint8Array(str: string): Uint8Array { 8433 let arr: Array<number> = []; 8434 for (let i = 0, j = str.length; i < j; i++) { 8435 arr.push(str.charCodeAt(i)); 8436 } 8437 return new Uint8Array(arr); 8438} 8439 8440let crlData = '-----BEGIN X509 CRL-----\n' + 8441 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8442 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8443 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8444 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8445 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8446 'eavsH0Q3\n' + 8447 '-----END X509 CRL-----\n' 8448 8449let encodingBlob: cert.EncodingBlob = { 8450 data: stringToUint8Array(crlData), 8451 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8452 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8453}; 8454 8455cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8456 if (err) { 8457 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8458 } else { 8459 console.log('create x509 CRL success'); 8460 8461 try { 8462 let serialNumber = BigInt(1000); 8463 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8464 let date = crlEntry.getRevocationDate(); 8465 } catch (error) { 8466 let e: BusinessError = error as BusinessError; 8467 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8468 } 8469 } 8470}) 8471``` 8472 8473### getExtensions<sup>11+</sup> 8474 8475getExtensions(): DataBlob 8476 8477Obtains the CRL extensions. 8478 8479**Atomic service API**: This API can be used in atomic services since API version 12. 8480 8481**System capability**: SystemCapability.Security.Cert 8482 8483**Return value** 8484 8485| Type | Description | 8486| --------------------- | ------------------------ | 8487| [DataBlob](#datablob) | CRL extensions obtained.| 8488 8489**Error codes** 8490 8491For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8492 8493| ID| Error Message | 8494| -------- | ----------------------- | 8495| 19020001 | memory error. | 8496| 19020002 | runtime error. | 8497| 19030001 | crypto operation error. | 8498 8499**Example** 8500 8501```ts 8502import { cert } from '@kit.DeviceCertificateKit'; 8503import { BusinessError } from '@kit.BasicServicesKit'; 8504 8505// Convert the string into a Uint8Array. 8506function stringToUint8Array(str: string): Uint8Array { 8507 let arr: Array<number> = []; 8508 for (let i = 0, j = str.length; i < j; i++) { 8509 arr.push(str.charCodeAt(i)); 8510 } 8511 return new Uint8Array(arr); 8512} 8513 8514let crlData = '-----BEGIN X509 CRL-----\n' + 8515 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 8516 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 8517 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 8518 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 8519 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 8520 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 8521 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 8522 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 8523 '+i2osvdPWRia0dJCL1PCA14k\n' + 8524 '-----END X509 CRL-----\n'; 8525 8526let encodingBlob: cert.EncodingBlob = { 8527 data: stringToUint8Array(crlData), 8528 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8529 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8530}; 8531 8532cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8533 if (err) { 8534 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8535 } else { 8536 console.log('create x509 CRL success'); 8537 8538 try { 8539 let serialNumber = BigInt(4); 8540 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8541 let extensions = crlEntry.getExtensions(); 8542 } catch (error) { 8543 let e: BusinessError = error as BusinessError; 8544 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8545 } 8546 } 8547}) 8548``` 8549 8550### hasExtensions<sup>11+</sup> 8551 8552hasExtensions(): boolean 8553 8554Checks whether this CRL entry has extensions. 8555 8556**Atomic service API**: This API can be used in atomic services since API version 12. 8557 8558**System capability**: SystemCapability.Security.Cert 8559 8560**Return value** 8561 8562| Type | Description | 8563| ------- | ---------------------------------------------------- | 8564| boolean | Returns **true** if the CRL entry has extension; returns **false** otherwise.| 8565 8566**Error codes** 8567 8568For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8569 8570| ID| Error Message | 8571| -------- | ----------------------- | 8572| 19020001 | memory error. | 8573| 19020002 | runtime error. | 8574| 19030001 | crypto operation error. | 8575 8576**Example** 8577 8578```ts 8579import { cert } from '@kit.DeviceCertificateKit'; 8580import { BusinessError } from '@kit.BasicServicesKit'; 8581 8582// Convert the string into a Uint8Array. 8583function stringToUint8Array(str: string): Uint8Array { 8584 let arr: Array<number> = []; 8585 for (let i = 0, j = str.length; i < j; i++) { 8586 arr.push(str.charCodeAt(i)); 8587 } 8588 return new Uint8Array(arr); 8589} 8590 8591let crlData = '-----BEGIN X509 CRL-----\n' + 8592 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8593 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8594 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8595 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8596 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8597 'eavsH0Q3\n' + 8598 '-----END X509 CRL-----\n' 8599 8600let encodingBlob: cert.EncodingBlob = { 8601 data: stringToUint8Array(crlData), 8602 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8603 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8604}; 8605 8606cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8607 if (err) { 8608 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8609 } else { 8610 console.log('create x509 CRL success'); 8611 8612 try { 8613 let serialNumber = BigInt(1000); 8614 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8615 let hasExtensions = crlEntry.hasExtensions(); 8616 } catch (error) { 8617 let e: BusinessError = error as BusinessError; 8618 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8619 } 8620 } 8621}) 8622``` 8623 8624### getCertIssuerX500DistinguishedName<sup>12+</sup> 8625 8626getCertIssuerX500DistinguishedName(): X500DistinguishedName 8627 8628Obtains the DN of the certificate issuer. 8629 8630**Atomic service API**: This API can be used in atomic services since API version 12. 8631 8632**System capability**: SystemCapability.Security.Cert 8633 8634**Return value** 8635 8636| Type | Description | 8637| ------- | ---------------------------------------------------- | 8638| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 8639 8640**Error codes** 8641 8642For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8643 8644| ID| Error Message | 8645| -------- | ----------------------- | 8646| 19020001 | memory error. | 8647| 19020002 | runtime error. | 8648| 19030001 | crypto operation error. | 8649 8650**Example** 8651 8652```ts 8653import { cert } from '@kit.DeviceCertificateKit'; 8654import { BusinessError } from '@kit.BasicServicesKit'; 8655 8656// Convert the string into a Uint8Array. 8657function stringToUint8Array(str: string): Uint8Array { 8658 let arr: Array<number> = []; 8659 for (let i = 0, j = str.length; i < j; i++) { 8660 arr.push(str.charCodeAt(i)); 8661 } 8662 return new Uint8Array(arr); 8663} 8664 8665let crlData = '-----BEGIN X509 CRL-----\n' + 8666 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8667 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8668 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8669 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8670 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8671 'eavsH0Q3\n' + 8672 '-----END X509 CRL-----\n' 8673 8674let encodingBlob: cert.EncodingBlob = { 8675 data: stringToUint8Array(crlData), 8676 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8677 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8678}; 8679 8680async function certGetCertIssuerX500DistinguishedName() { 8681 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8682 try { 8683 x509Crl = await cert.createX509CRL(encodingBlob); 8684 console.log('createX509CRL success'); 8685 let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); 8686 } catch (error) { 8687 let e: BusinessError = error as BusinessError; 8688 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8689 } 8690} 8691``` 8692 8693### toString<sup>12+</sup> 8694 8695toString(): string 8696 8697Converts the object data into a string. 8698 8699**Atomic service API**: This API can be used in atomic services since API version 12. 8700 8701**System capability**: SystemCapability.Security.Cert 8702 8703**Return value** 8704 8705| Type | Description | 8706| ------- | ---------------------------------------------------- | 8707| string | String obtained.| 8708 8709**Error codes** 8710 8711For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8712 8713| ID| Error Message | 8714| -------- | ----------------------- | 8715| 19020001 | memory error. | 8716| 19020002 | runtime error. | 8717| 19030001 | crypto operation error. | 8718 8719**Example** 8720 8721```ts 8722import { cert } from '@kit.DeviceCertificateKit'; 8723import { BusinessError } from '@kit.BasicServicesKit'; 8724 8725// Convert the string into a Uint8Array. 8726function stringToUint8Array(str: string): Uint8Array { 8727 let arr: Array<number> = []; 8728 for (let i = 0, j = str.length; i < j; i++) { 8729 arr.push(str.charCodeAt(i)); 8730 } 8731 return new Uint8Array(arr); 8732} 8733 8734let crlData = '-----BEGIN X509 CRL-----\n' + 8735 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8736 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8737 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8738 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8739 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8740 'eavsH0Q3\n' + 8741 '-----END X509 CRL-----\n' 8742 8743let encodingBlob: cert.EncodingBlob = { 8744 data: stringToUint8Array(crlData), 8745 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8746 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8747}; 8748 8749async function certToString() { 8750 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8751 try { 8752 x509Crl = await cert.createX509CRL(encodingBlob); 8753 console.log('createX509CRL success'); 8754 console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); 8755 } catch (error) { 8756 let e: BusinessError = error as BusinessError; 8757 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8758 } 8759} 8760``` 8761 8762### hashCode<sup>12+</sup> 8763 8764hashCode(): Uint8Array 8765 8766Obtains the hash value of the data in DER format. 8767 8768**Atomic service API**: This API can be used in atomic services since API version 12. 8769 8770**System capability**: SystemCapability.Security.Cert 8771 8772**Return value** 8773 8774| Type | Description | 8775| ------- | ---------------------------------------------------- | 8776| Uint8Array | Hash value obtained.| 8777 8778**Error codes** 8779 8780For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8781 8782| ID| Error Message | 8783| -------- | ----------------------- | 8784| 19020001 | memory error. | 8785| 19020002 | runtime error. | 8786| 19030001 | crypto operation error. | 8787 8788**Example** 8789 8790```ts 8791import { cert } from '@kit.DeviceCertificateKit'; 8792import { BusinessError } from '@kit.BasicServicesKit'; 8793 8794// Convert the string into a Uint8Array. 8795function stringToUint8Array(str: string): Uint8Array { 8796 let arr: Array<number> = []; 8797 for (let i = 0, j = str.length; i < j; i++) { 8798 arr.push(str.charCodeAt(i)); 8799 } 8800 return new Uint8Array(arr); 8801} 8802 8803let crlData = '-----BEGIN X509 CRL-----\n' + 8804 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8805 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8806 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8807 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8808 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8809 'eavsH0Q3\n' + 8810 '-----END X509 CRL-----\n' 8811 8812let encodingBlob: cert.EncodingBlob = { 8813 data: stringToUint8Array(crlData), 8814 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8815 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8816}; 8817 8818async function certHashCode() { 8819 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8820 try { 8821 x509Crl = await cert.createX509CRL(encodingBlob); 8822 console.log('createX509CRL success'); 8823 console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); 8824 } catch (error) { 8825 let e: BusinessError = error as BusinessError; 8826 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8827 } 8828} 8829``` 8830 8831### getExtensionsObject<sup>12+</sup> 8832 8833getExtensionsObject(): CertExtension 8834 8835Obtains the certification extensions in DER format. 8836 8837**Atomic service API**: This API can be used in atomic services since API version 12. 8838 8839**System capability**: SystemCapability.Security.Cert 8840 8841**Return value** 8842 8843| Type | Description | 8844| ------- | ---------------------------------------------------- | 8845| [CertExtension](#certextension10) | Certificate extensions object obtained.| 8846 8847**Error codes** 8848 8849For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8850 8851| ID| Error Message | 8852| -------- | ----------------------- | 8853| 19020001 | memory error. | 8854| 19020002 | runtime error. | 8855| 19030001 | crypto operation error. | 8856 8857**Example** 8858 8859```ts 8860import { cert } from '@kit.DeviceCertificateKit'; 8861import { BusinessError } from '@kit.BasicServicesKit'; 8862 8863// Convert the string into a Uint8Array. 8864function stringToUint8Array(str: string): Uint8Array { 8865 let arr: Array<number> = []; 8866 for (let i = 0, j = str.length; i < j; i++) { 8867 arr.push(str.charCodeAt(i)); 8868 } 8869 return new Uint8Array(arr); 8870} 8871 8872let crlData = '-----BEGIN X509 CRL-----\n' + 8873 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 8874 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 8875 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 8876 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 8877 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 8878 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 8879 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 8880 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 8881 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + 8882 '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 8883 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 8884 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 8885 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 8886 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 8887 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 8888 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + 8889 '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 8890 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 8891 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 8892 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 8893 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 8894 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 8895 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 8896 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 8897 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 8898 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 8899 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 8900 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 8901 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + 8902 '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 8903 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 8904 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 8905 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 8906 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 8907 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 8908 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 8909 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 8910 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 8911 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 8912 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 8913 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 8914 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 8915 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 8916 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 8917 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 8918 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 8919 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 8920 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 8921 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 8922 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 8923 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 8924 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 8925 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + 8926 '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 8927 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 8928 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 8929 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 8930 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 8931 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 8932 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 8933 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 8934 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + 8935 '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 8936 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 8937 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 8938 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 8939 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 8940 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + 8941 '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 8942 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 8943 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + 8944 '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 8945 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + 8946 '-----END X509 CRL-----\n'; 8947 8948let encodingBlob: cert.EncodingBlob = { 8949 data: stringToUint8Array(crlData), 8950 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 8951 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8952}; 8953 8954async function certGetExtensionsObject() { 8955 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8956 try { 8957 x509Crl = await cert.createX509CRL(encodingBlob); 8958 console.log('createX509CRL success'); 8959 let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); 8960 } catch (error) { 8961 let e: BusinessError = error as BusinessError; 8962 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8963 } 8964} 8965``` 8966 8967## cert.createCertCRLCollection<sup>11+</sup> 8968 8969createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 8970 8971Creates an object for a collection of X.509 certificates and CRLs. 8972 8973**Atomic service API**: This API can be used in atomic services since API version 12. 8974 8975**System capability**: SystemCapability.Security.Cert 8976 8977**Parameters** 8978 8979| Name | Type | Mandatory| Description | 8980| -------- | ------------------------------------- | ---- | ------------------------------ | 8981| certs | Array\<[X509Cert](#x509cert)> | Yes | X.509 certificates. | 8982| crls | Array\<[X509CRL](#x509crl11)> | No | X.509 CRLs. | 8983 8984**Return value** 8985 8986| Type | Description | 8987| ------------------ | -------------------- | 8988| [CertCRLCollection](#certcrlcollection11) | **CertCRLCollection** object created.| 8989 8990**Error codes** 8991 8992For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8993 8994| ID| Error Message | 8995| -------- | ----------------------- | 8996| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 8997| 19020001 | memory error. | 8998 8999**Example** 9000 9001```ts 9002import { cert } from '@kit.DeviceCertificateKit'; 9003import { BusinessError } from '@kit.BasicServicesKit'; 9004 9005// Convert the string into a Uint8Array. 9006function stringToUint8Array(str: string): Uint8Array { 9007 let arr: Array<number> = []; 9008 for (let i = 0, j = str.length; i < j; i++) { 9009 arr.push(str.charCodeAt(i)); 9010 } 9011 return new Uint8Array(arr); 9012} 9013 9014async function createX509CRL(): Promise<cert.X509CRL> { 9015 let crlData = '-----BEGIN X509 CRL-----\n' + 9016 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9017 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9018 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9019 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9020 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9021 'eavsH0Q3\n' + 9022 '-----END X509 CRL-----\n'; 9023 9024 // Binary data of the CRL, which varies with the service. 9025 let encodingBlob: cert.EncodingBlob = { 9026 data: stringToUint8Array(crlData), 9027 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9028 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9029 }; 9030 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9031 try { 9032 x509CRL = await cert.createX509CRL(encodingBlob); 9033 } catch (err) { 9034 let e: BusinessError = err as BusinessError; 9035 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9036 } 9037 return x509CRL; 9038} 9039 9040async function createX509Cert(): Promise<cert.X509Cert> { 9041 let certData = '-----BEGIN CERTIFICATE-----\n' + 9042 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9043 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9044 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9045 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9046 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9047 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9048 'Qw==\n' + 9049 '-----END CERTIFICATE-----\n'; 9050 9051 let encodingBlob: cert.EncodingBlob = { 9052 data: stringToUint8Array(certData), 9053 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9054 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9055 }; 9056 9057 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9058 try { 9059 x509Cert = await cert.createX509Cert(encodingBlob); 9060 } catch (err) { 9061 let e: BusinessError = err as BusinessError; 9062 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9063 } 9064 return x509Cert; 9065} 9066 9067async function createCollection() { 9068 const x509Cert = await createX509Cert(); 9069 const x509CRL = await createX509CRL(); 9070 try { 9071 const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 9072 console.log('createCertCRLCollection success'); 9073 } catch (err) { 9074 console.error('createCertCRLCollection failed'); 9075 } 9076} 9077``` 9078 9079## CertCRLCollection<sup>11+</sup> 9080 9081Provides APIs for locating certificates or CRLs in a **CertCRLCollection** object. 9082 9083### selectCerts<sup>11+</sup> 9084 9085selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 9086 9087Selects certificates that match the specified parameters. This API uses a promise to return the result. 9088 9089**Atomic service API**: This API can be used in atomic services since API version 12. 9090 9091**System capability**: SystemCapability.Security.Cert 9092 9093**Parameters** 9094 9095| Name | Type | Mandatory| Description | 9096| --------- | ------------------------------- | ---- | ------------ | 9097| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 9098 9099**Return value** 9100 9101| Type | Description | 9102| --------------------------------------- | --------------------------------------- | 9103| Promise\<Array\<[X509Cert](#x509cert)>> | Promise used to return the matched certificates.| 9104 9105**Error codes** 9106 9107For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9108 9109| ID| Error Message | 9110| -------- | ----------------------- | 9111| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9112| 19020001 | memory error. | 9113| 19030001 | crypto operation error. | 9114 9115**Example** 9116 9117```ts 9118import { cert } from '@kit.DeviceCertificateKit'; 9119import { BusinessError } from '@kit.BasicServicesKit'; 9120 9121// Convert the string into a Uint8Array. 9122function stringToUint8Array(str: string): Uint8Array { 9123 let arr: Array<number> = []; 9124 for (let i = 0, j = str.length; i < j; i++) { 9125 arr.push(str.charCodeAt(i)); 9126 } 9127 return new Uint8Array(arr); 9128} 9129 9130async function createX509Cert(): Promise<cert.X509Cert> { 9131 let certData = '-----BEGIN CERTIFICATE-----\n' + 9132 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9133 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9134 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9135 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9136 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9137 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9138 'Qw==\n' + 9139 '-----END CERTIFICATE-----\n'; 9140 9141 let encodingBlob: cert.EncodingBlob = { 9142 data: stringToUint8Array(certData), 9143 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9144 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9145 }; 9146 9147 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9148 try { 9149 x509Cert = await cert.createX509Cert(encodingBlob); 9150 } catch (err) { 9151 let e: BusinessError = err as BusinessError; 9152 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9153 } 9154 return x509Cert; 9155} 9156 9157async function selectCerts() { 9158 const x509Cert = await createX509Cert(); 9159 const collection = cert.createCertCRLCollection([x509Cert]); 9160 9161 try { 9162 const param: cert.X509CertMatchParameters = { 9163 x509Cert, 9164 validDate: '20231121074700Z', 9165 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9166 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9167 publicKeyAlgID: '1.2.840.10045.2.1' 9168 }; 9169 const certs = await collection.selectCerts(param); 9170 console.log('call selectCerts success'); 9171 } catch (err) { 9172 console.error('call selectCerts failed'); 9173 } 9174} 9175``` 9176 9177### selectCerts<sup>11+</sup> 9178 9179selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 9180 9181Selects certificates that match the specified parameters. This API uses an asynchronous callback to return the result. 9182 9183**Atomic service API**: This API can be used in atomic services since API version 12. 9184 9185**System capability**: SystemCapability.Security.Cert 9186 9187**Parameters** 9188 9189| Name | Type | Mandatory| Description | 9190| --------- | ------------------------------- | ---- | ----------------- | 9191| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 9192| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | Yes | Callback used to return the matched certificates.| 9193 9194**Error codes** 9195 9196For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9197 9198| ID| Error Message | 9199| -------- | ----------------------- | 9200| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9201| 19020001 | memory error. | 9202| 19030001 | crypto operation error. | 9203 9204**Example** 9205 9206```ts 9207import { cert } from '@kit.DeviceCertificateKit'; 9208import { BusinessError } from '@kit.BasicServicesKit'; 9209 9210// Convert the string into a Uint8Array. 9211function stringToUint8Array(str: string): Uint8Array { 9212 let arr: Array<number> = []; 9213 for (let i = 0, j = str.length; i < j; i++) { 9214 arr.push(str.charCodeAt(i)); 9215 } 9216 return new Uint8Array(arr); 9217} 9218 9219async function createX509Cert(): Promise<cert.X509Cert> { 9220 let certData = '-----BEGIN CERTIFICATE-----\n' + 9221 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9222 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9223 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9224 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9225 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9226 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9227 'Qw==\n' + 9228 '-----END CERTIFICATE-----\n'; 9229 9230 let encodingBlob: cert.EncodingBlob = { 9231 data: stringToUint8Array(certData), 9232 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9233 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9234 }; 9235 9236 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9237 try { 9238 x509Cert = await cert.createX509Cert(encodingBlob); 9239 } catch (err) { 9240 let e: BusinessError = err as BusinessError; 9241 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9242 } 9243 return x509Cert; 9244} 9245 9246async function selectCerts() { 9247 const x509Cert = await createX509Cert(); 9248 const collection = cert.createCertCRLCollection([x509Cert]); 9249 // The value varies with the service. 9250 const param: cert.X509CertMatchParameters = { 9251 x509Cert, 9252 validDate: '20231121074700Z', 9253 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9254 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9255 publicKeyAlgID: '1.2.840.10045.2.1' 9256 }; 9257 collection.selectCerts(param, (err, certs) => { 9258 if (err) { 9259 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9260 } else { 9261 console.log('selectCerts success'); 9262 } 9263 }); 9264} 9265``` 9266 9267### selectCRLs<sup>11+</sup> 9268 9269selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 9270 9271Selects CRLs that match the specified parameters. This API uses a promise to return the result. 9272 9273**Atomic service API**: This API can be used in atomic services since API version 12. 9274 9275**System capability**: SystemCapability.Security.Cert 9276 9277**Parameters** 9278 9279| Name | Type | Mandatory| Description | 9280| --------- | ------------------------------- | ---- | ------------ | 9281| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs. | 9282 9283**Return value** 9284 9285| Type | Description | 9286| -------------- | ----------- | 9287| Promise\<Array\<[X509CRL](#x509crl11)>> | Promise used to return the matched CRLs.| 9288 9289**Error codes** 9290 9291For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9292 9293| ID| Error Message | 9294| -------- | ----------------------- | 9295| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9296| 19020001 | memory error. | 9297| 19030001 | crypto operation error. | 9298 9299**Example** 9300 9301```ts 9302import { cert } from '@kit.DeviceCertificateKit'; 9303import { BusinessError } from '@kit.BasicServicesKit'; 9304 9305// Convert the string into a Uint8Array. 9306function stringToUint8Array(str: string): Uint8Array { 9307 let arr: Array<number> = []; 9308 for (let i = 0, j = str.length; i < j; i++) { 9309 arr.push(str.charCodeAt(i)); 9310 } 9311 return new Uint8Array(arr); 9312} 9313 9314async function createX509CRL(): Promise<cert.X509CRL> { 9315 let crlData = '-----BEGIN X509 CRL-----\n' + 9316 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9317 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9318 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9319 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9320 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9321 'eavsH0Q3\n' + 9322 '-----END X509 CRL-----\n'; 9323 9324 // Binary data of the CRL, which varies with the service. 9325 let encodingBlob: cert.EncodingBlob = { 9326 data: stringToUint8Array(crlData), 9327 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9328 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9329 }; 9330 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9331 try { 9332 x509CRL = await cert.createX509CRL(encodingBlob); 9333 } catch (err) { 9334 let e: BusinessError = err as BusinessError; 9335 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9336 } 9337 return x509CRL; 9338} 9339 9340async function createX509Cert(): Promise<cert.X509Cert> { 9341 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9342 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9343 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9344 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9345 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9346 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9347 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9348 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9349 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9350 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9351 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9352 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9353 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9354 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9355 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9356 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9357 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9358 "-----END CERTIFICATE-----\r\n"; 9359 const certEncodingBlob: cert.EncodingBlob = { 9360 data: stringToUint8Array(certData), 9361 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9362 }; 9363 9364 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9365 try { 9366 x509Cert = await cert.createX509Cert(certEncodingBlob); 9367 console.log('createX509Cert success'); 9368 } catch (err) { 9369 console.error('createX509Cert failed'); 9370 } 9371 return x509Cert; 9372} 9373 9374async function selectCRLs() { 9375 const x509CRL = await createX509CRL(); 9376 const x509Cert = await createX509Cert(); 9377 const collection = cert.createCertCRLCollection([], [x509CRL]); 9378 9379 const param: cert.X509CRLMatchParameters = { 9380 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9381 x509Cert: x509Cert 9382 } 9383 try { 9384 const crls = await collection.selectCRLs(param); 9385 console.log('selectCRLs success'); 9386 } catch (err) { 9387 console.error('selectCRLs failed'); 9388 } 9389} 9390``` 9391 9392### selectCRLs<sup>11+</sup> 9393 9394selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 9395 9396Selects CRLs that match the specified parameters. This API uses an asynchronous callback to return the result. 9397 9398**Atomic service API**: This API can be used in atomic services since API version 12. 9399 9400**System capability**: SystemCapability.Security.Cert 9401 9402**Parameters** 9403 9404| Name | Type | Mandatory| Description | 9405| --------- | ------------------------------- | ---- | ----------------- | 9406| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs.| 9407| callback | AsyncCallback\<Array\<[X509CRL](#x509crl11)>> | Yes | Callback used to return the matched CRLs.| 9408 9409**Error codes** 9410 9411For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9412 9413| ID| Error Message | 9414| -------- | ----------------------- | 9415| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9416| 19020001 | memory error. | 9417| 19030001 | crypto operation error. | 9418 9419**Example** 9420 9421```ts 9422import { cert } from '@kit.DeviceCertificateKit'; 9423import { BusinessError } from '@kit.BasicServicesKit'; 9424 9425// Convert the string into a Uint8Array. 9426function stringToUint8Array(str: string): Uint8Array { 9427 let arr: Array<number> = []; 9428 for (let i = 0, j = str.length; i < j; i++) { 9429 arr.push(str.charCodeAt(i)); 9430 } 9431 return new Uint8Array(arr); 9432} 9433 9434async function createX509CRL(): Promise<cert.X509CRL> { 9435 let crlData = '-----BEGIN X509 CRL-----\n' + 9436 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9437 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9438 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9439 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9440 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9441 'eavsH0Q3\n' + 9442 '-----END X509 CRL-----\n'; 9443 9444 // Binary data of the CRL, which varies with the service. 9445 let encodingBlob: cert.EncodingBlob = { 9446 data: stringToUint8Array(crlData), 9447 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9448 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9449 }; 9450 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9451 try { 9452 x509CRL = await cert.createX509CRL(encodingBlob); 9453 } catch (err) { 9454 let e: BusinessError = err as BusinessError; 9455 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9456 } 9457 return x509CRL; 9458} 9459 9460async function createX509Cert(): Promise<cert.X509Cert> { 9461 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9462 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9463 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9464 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9465 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9466 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9467 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9468 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9469 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9470 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9471 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9472 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9473 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9474 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9475 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9476 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9477 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9478 "-----END CERTIFICATE-----\r\n"; 9479 const certEncodingBlob: cert.EncodingBlob = { 9480 data: stringToUint8Array(certData), 9481 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9482 }; 9483 9484 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9485 try { 9486 x509Cert = await cert.createX509Cert(certEncodingBlob); 9487 console.log('createX509Cert success'); 9488 } catch (err) { 9489 console.error('createX509Cert failed'); 9490 } 9491 return x509Cert; 9492} 9493 9494async function selectCRLs() { 9495 const x509CRL = await createX509CRL(); 9496 const x509Cert = await createX509Cert(); 9497 const collection = cert.createCertCRLCollection([], [x509CRL]); 9498 9499 const param: cert.X509CRLMatchParameters = { 9500 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9501 x509Cert: x509Cert 9502 } 9503 collection.selectCRLs(param, (err, crls) => { 9504 if (err) { 9505 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9506 } else { 9507 console.log('selectCRLs success'); 9508 } 9509 }); 9510} 9511``` 9512 9513## cert.createX509CertChain<sup>11+</sup> 9514 9515createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 9516 9517Creates an X.509 certificate chain instance. This API uses a promise to return the result. 9518 9519**Atomic service API**: This API can be used in atomic services since API version 12. 9520 9521**System capability**: SystemCapability.Security.Cert 9522 9523**Parameters** 9524 9525| Name | Type | Mandatory| Description | 9526| -------- | ----------------------------- | ---- | -------------------- | 9527| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 9528 9529**Return value** 9530 9531| Type | Description | 9532| ------------------------------- | ---------------- | 9533| Promise\<[X509CertChain](#x509certchain11)> | Promise used to return the **X509CertChain** object created.| 9534 9535**Error codes** 9536 9537For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9538 9539| ID| Error Message | 9540| -------- | ------------- | 9541| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9542| 19020001 | memory error. | 9543| 19030001 | crypto operation error. | 9544 9545**Example** 9546 9547```ts 9548import { cert } from '@kit.DeviceCertificateKit'; 9549import { BusinessError } from '@kit.BasicServicesKit'; 9550 9551// Convert the string into a Uint8Array. 9552function stringToUint8Array(str: string): Uint8Array { 9553 let arr: Array<number> = []; 9554 for (let i = 0, j = str.length; i < j; i++) { 9555 arr.push(str.charCodeAt(i)); 9556 } 9557 return new Uint8Array(arr); 9558} 9559 9560async function createX509CertChain(): Promise<cert.X509CertChain> { 9561 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9562 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9563 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9564 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9565 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9566 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9567 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9568 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9569 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9570 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9571 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9572 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9573 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9574 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9575 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9576 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9577 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9578 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9579 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9580 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9581 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9582 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9583 "-----END CERTIFICATE-----\n" + 9584 "-----BEGIN CERTIFICATE-----\n" + 9585 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9586 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9587 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9588 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9589 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9590 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9591 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9592 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9593 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9594 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9595 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9596 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9597 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9598 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9599 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9600 "uKPWR9dKBA==\n" + 9601 "-----END CERTIFICATE-----\n" + 9602 "-----BEGIN CERTIFICATE-----\n" + 9603 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9604 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9605 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9606 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9607 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9608 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9609 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9610 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9611 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9612 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9613 "xjoE\n" + 9614 "-----END CERTIFICATE-----\n"; 9615 9616 // Certificate chain binary data, which varies with the service. 9617 let encodingBlob: cert.EncodingBlob = { 9618 data: stringToUint8Array(certChainData), 9619 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 9620 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9621 }; 9622 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9623 try { 9624 x509CertChain = await cert.createX509CertChain(encodingBlob); 9625 } catch (error) { 9626 let e: BusinessError = error as BusinessError; 9627 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9628 } 9629 return x509CertChain; 9630} 9631 9632createX509CertChain(); 9633``` 9634 9635## cert.createX509CertChain<sup>11+</sup> 9636 9637createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 9638 9639Creates an X.509 certificate chain instance. This API uses an asynchronous callback to return the result. 9640 9641**Atomic service API**: This API can be used in atomic services since API version 12. 9642 9643**System capability**: SystemCapability.Security.Cert 9644 9645**Parameters** 9646 9647| Name | Type | Mandatory| Description | 9648| -------- | ------------------------------------- | ---- | -------------------------- | 9649| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 9650| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | Yes | Callback used to return the **X509CertChain** object created.| 9651 9652**Error codes** 9653 9654For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9655 9656| ID| Error Message | 9657| -------- | ------------- | 9658| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9659| 19020001 | memory error. | 9660| 19030001 | crypto operation error. | 9661 9662**Example** 9663 9664```ts 9665import { cert } from '@kit.DeviceCertificateKit'; 9666 9667// Convert the string into a Uint8Array. 9668function stringToUint8Array(str: string): Uint8Array { 9669 let arr: Array<number> = []; 9670 for (let i = 0, j = str.length; i < j; i++) { 9671 arr.push(str.charCodeAt(i)); 9672 } 9673 return new Uint8Array(arr); 9674} 9675 9676let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9677 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9678 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9679 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9680 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9681 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9682 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9683 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9684 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9685 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9686 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9687 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9688 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9689 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9690 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9691 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9692 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9693 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9694 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9695 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9696 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9697 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9698 "-----END CERTIFICATE-----\n" + 9699 "-----BEGIN CERTIFICATE-----\n" + 9700 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9701 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9702 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9703 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9704 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9705 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9706 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9707 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9708 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9709 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9710 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9711 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9712 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9713 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9714 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9715 "uKPWR9dKBA==\n" + 9716 "-----END CERTIFICATE-----\n" + 9717 "-----BEGIN CERTIFICATE-----\n" + 9718 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9719 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9720 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9721 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9722 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9723 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9724 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9725 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9726 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9727 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9728 "xjoE\n" + 9729 "-----END CERTIFICATE-----\n"; 9730 9731// Certificate chain binary data, which varies with the service. 9732let encodingBlob: cert.EncodingBlob = { 9733 data: stringToUint8Array(certChainData), 9734 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 9735 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9736}; 9737 9738cert.createX509CertChain(encodingBlob, (err, certChain) => { 9739 if (err) { 9740 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9741 } else { 9742 console.log('createX509CertChain success'); 9743 } 9744}); 9745``` 9746 9747## cert.createX509CertChain<sup>11+</sup> 9748 9749createX509CertChain(certs: Array\<X509Cert>): X509CertChain 9750 9751Creates an X.509 certificate chain object based on the specified certificates. This API returns the result synchronously. 9752 9753**Atomic service API**: This API can be used in atomic services since API version 12. 9754 9755**System capability**: SystemCapability.Security.Cert 9756 9757**Parameters** 9758 9759| Name | Type | Mandatory| Description | 9760| -------- | -------------------- | ---- | -------------------------- | 9761| certs | Array\<[X509Cert](#x509cert)> | Yes | Array of X.509 certificates.| 9762 9763**Return value** 9764 9765| Type | Description | 9766| --------------------------------- | -------------------- | 9767| [X509CertChain](#x509certchain11) | **X509CertChain** object created.| 9768 9769**Error codes** 9770 9771For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9772 9773| ID| Error Message | 9774| -------- | ------------- | 9775| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9776| 19020001 | memory error. | 9777| 19030001 | crypto operation error. | 9778 9779**Example** 9780 9781```ts 9782import { cert } from '@kit.DeviceCertificateKit'; 9783import { BusinessError } from '@kit.BasicServicesKit'; 9784 9785// Convert the string into a Uint8Array. 9786function stringToUint8Array(str: string): Uint8Array { 9787 let arr: Array<number> = []; 9788 for (let i = 0, j = str.length; i < j; i++) { 9789 arr.push(str.charCodeAt(i)); 9790 } 9791 return new Uint8Array(arr); 9792} 9793 9794async function createX509Cert(): Promise<cert.X509Cert> { 9795 let certData = '-----BEGIN CERTIFICATE-----\n' + 9796 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9797 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9798 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9799 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9800 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9801 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9802 'Qw==\n' + 9803 '-----END CERTIFICATE-----\n'; 9804 9805 // Certificate binary data, which varies with the service. 9806 let encodingBlob: cert.EncodingBlob = { 9807 data: stringToUint8Array(certData), 9808 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9809 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9810 }; 9811 9812 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9813 try { 9814 x509Cert = await cert.createX509Cert(encodingBlob); 9815 } catch (error) { 9816 let e: BusinessError = error as BusinessError; 9817 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9818 } 9819 return x509Cert; 9820} 9821 9822async function createX509CertChain(): Promise<cert.X509CertChain> { 9823 const x509Cert = await createX509Cert(); 9824 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9825 try { 9826 x509CertChain = cert.createX509CertChain([x509Cert]); 9827 } catch (error) { 9828 let e: BusinessError = error as BusinessError; 9829 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9830 } 9831 return x509CertChain; 9832} 9833 9834createX509CertChain(); 9835``` 9836 9837## cert.buildX509CertChain<sup>12+</sup> 9838 9839buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\<CertChainBuildResult> 9840 9841Builds an X.509 certificate chain with a **CertChainBuildParameters** object. This API uses a promise to return the result. 9842 9843**Atomic service API**: This API can be used in atomic services since API version 12. 9844 9845**System capability**: SystemCapability.Security.Cert 9846 9847**Parameters** 9848 9849| Name | Type | Mandatory| Description | 9850| -------- | -------------------- | ---- | -------------------------- | 9851| param | [CertChainBuildParameters](#certchainbuildparameters12) | Yes | Object used to build the certificate chain.| 9852 9853**Return value** 9854 9855| Type | Description | 9856| --------------------------------- | -------------------- | 9857| [CertChainBuildResult](#certchainbuildresult12) | **X509CertChain** object created.| 9858 9859**Error codes** 9860 9861For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9862 9863| ID| Error Message | 9864| -------- | ------------------------------------------------- | 9865| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9866| 19020001 | memory error. | 9867| 19020002 | runtime error. | 9868| 19030001 | crypto operation error. | 9869| 19030002 | the certificate signature verification failed. | 9870| 19030003 | the certificate has not taken effect. | 9871| 19030004 | the certificate has expired. | 9872| 19030005 | failed to obtain the certificate issuer. | 9873| 19030006 | the key cannot be used for signing a certificate. | 9874| 19030007 | the key cannot be used for digital signature. | 9875 9876**Example** 9877 9878```ts 9879import { cert } from '@kit.DeviceCertificateKit'; 9880import { BusinessError } from '@kit.BasicServicesKit'; 9881 9882// Convert the string into a Uint8Array. 9883function stringToUint8Array(str: string): Uint8Array { 9884 let arr: Array<number> = []; 9885 for (let i = 0, j = str.length; i < j; i++) { 9886 arr.push(str.charCodeAt(i)); 9887 } 9888 return new Uint8Array(arr); 9889} 9890 9891// Certificate chain data. 9892let certPem = '-----BEGIN CERTIFICATE-----\n' + 9893 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9894 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 9895 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 9896 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 9897 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 9898 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 9899 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 9900 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 9901 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 9902 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 9903 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 9904 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 9905 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 9906 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 9907 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 9908 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 9909 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 9910 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 9911 '-----END CERTIFICATE-----'; 9912 9913let caPem = '-----BEGIN CERTIFICATE-----\n' + 9914'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9915'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 9916'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 9917'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 9918'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 9919'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 9920'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 9921'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 9922'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 9923'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 9924'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 9925'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 9926'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 9927'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 9928'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 9929'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 9930'sSus\n' + 9931'-----END CERTIFICATE-----'; 9932 9933async function createX509Cert(certData: string): Promise<cert.X509Cert> { 9934 // Certificate binary data, which varies with the service. 9935 let encodingBlob: cert.EncodingBlob = { 9936 data: stringToUint8Array(certData), 9937 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 9938 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9939 }; 9940 9941 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9942 try { 9943 x509Cert = await cert.createX509Cert(encodingBlob); 9944 } catch (error) { 9945 let e: BusinessError = error as BusinessError; 9946 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9947 } 9948 return x509Cert; 9949} 9950 9951async function buildX509CertChain() { 9952 try { 9953 const caCert = await createX509Cert(caPem); 9954 const x509Cert = await createX509Cert(certPem); 9955 let certCrlCollection = await cert.createCertCRLCollection([x509Cert]); 9956 let param: cert.CertChainBuildParameters = { 9957 certMatchParameters: {validDate:'20240812080000Z'}, 9958 maxLength: 3, 9959 validationParameters: { 9960 date: '20240812080000Z', 9961 certCRLs: [certCrlCollection], 9962 trustAnchors: [{CACert:caCert}, {CACert:caCert}], 9963 } 9964 } 9965 let certChainBuildResult = await cert.buildX509CertChain(param); 9966 console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) 9967 console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) 9968 } catch (error) { 9969 let e: BusinessError = error as BusinessError; 9970 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9971 } 9972} 9973 9974buildX509CertChain(); 9975``` 9976 9977## cert.parsePkcs12<sup>16+</sup> 9978 9979parsePkcs12(data: Uint8Array, config: Pkcs12ParsingConfig): Pkcs12Data 9980 9981Parses a .p12 file. 9982 9983**Atomic service API**: This API can be used in atomic services since API version 16. 9984 9985**System capability**: SystemCapability.Security.Cert 9986 9987**Parameters** 9988 9989| Name | Type | Mandatory| Description | 9990| -------- | -------------------- | ---- | -------------------------- | 9991| data | Uint8Array | Yes| .p12 file to parse, in DER format.| 9992| config | [Pkcs12ParsingConfig](#pkcs12parsingconfig16) | Yes| Configuration for parsing the file.| 9993 9994**Return value** 9995 9996| Type | Description | 9997| --------------------------------- | -------------------- | 9998| [Pkcs12Data](#pkcs12data16) | Data parsed from the .p12 file.| 9999 10000**Error codes** 10001 10002For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10003 10004| ID| Error Message | 10005| -------- | ------------------------------------------------- | 10006| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10007| 19020001 | memory error. | 10008| 19020002 | runtime error. | 10009| 19030001 | crypto operation error. | 10010| 19030008 | maybe wrong password. | 10011 10012**Example** 10013 10014```ts 10015import { cert } from '@kit.DeviceCertificateKit'; 10016import { BusinessError } from '@kit.BasicServicesKit'; 10017 10018function doTestParsePkcs12() { 10019 try { 10020 let p12_cert = new Uint8Array([0x30, 0x82, 0x09, 0x51, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 10021 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x09, 0x08, 0x04, 0x82, 0x09, 0x04, 0x30, 0x82, 10022 0x09, 0x00, 0x30, 0x82, 0x03, 0xb7, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 10023 0x06, 0xa0, 0x82, 0x03, 0xa8, 0x30, 0x82, 0x03, 0xa4, 0x02, 0x01, 0x00, 0x30, 0x82, 0x03, 0x9d, 10024 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 10025 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x7c, 0xd8, 0x60, 10026 0x3a, 0x07, 0xfb, 0x87, 0x8b, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x03, 0x70, 0x4d, 0x64, 0xbe, 10027 0x82, 0xc2, 0x59, 0x58, 0x65, 0xf0, 0x37, 0x46, 0x4f, 0x6b, 0xfa, 0x43, 0x2e, 0x9d, 0xd9, 0x4f, 10028 0xd3, 0x54, 0x71, 0x69, 0x6e, 0x03, 0xf8, 0xb8, 0xf9, 0x05, 0xa2, 0x70, 0xa8, 0x70, 0xfb, 0xe6, 10029 0xda, 0x73, 0xdb, 0x4e, 0xdf, 0x72, 0xcd, 0xb6, 0x88, 0x81, 0xec, 0x3f, 0x8d, 0x7b, 0xdc, 0xa6, 10030 0x62, 0xd3, 0xd1, 0xdc, 0xef, 0xb9, 0x76, 0xb5, 0xd3, 0xb3, 0xfb, 0x61, 0x50, 0xeb, 0x22, 0x9b, 10031 0x72, 0x20, 0xb4, 0xe9, 0x7c, 0x5e, 0xaf, 0xa9, 0xb6, 0x40, 0x69, 0x70, 0xea, 0x79, 0x02, 0x1d, 10032 0x66, 0x71, 0x62, 0x39, 0x31, 0xd3, 0x31, 0xb1, 0x6f, 0x2a, 0x2d, 0x13, 0x59, 0xe9, 0xb7, 0x98, 10033 0xbe, 0x67, 0xfa, 0x5d, 0x6f, 0x8f, 0x7a, 0x43, 0x10, 0x5a, 0x3f, 0x13, 0xda, 0xb0, 0x94, 0x08, 10034 0x82, 0xf4, 0x39, 0x1d, 0x42, 0x26, 0x4a, 0xbe, 0x13, 0xe9, 0x89, 0x55, 0x52, 0xa4, 0x16, 0x3d, 10035 0x50, 0x83, 0x5c, 0xb9, 0x00, 0x5e, 0x03, 0x35, 0x65, 0x13, 0x1f, 0xd8, 0xf8, 0xeb, 0x28, 0xe5, 10036 0x00, 0x09, 0x9a, 0x62, 0x65, 0xab, 0x28, 0x21, 0x2e, 0x55, 0x11, 0x77, 0x7e, 0x64, 0xae, 0x12, 10037 0xc1, 0x5e, 0x85, 0xf2, 0xe7, 0xf7, 0x2b, 0x51, 0x46, 0xa6, 0xf8, 0x55, 0x2c, 0xc4, 0x0a, 0x80, 10038 0x6a, 0xc2, 0xa8, 0xba, 0x94, 0xf8, 0xee, 0x18, 0xf7, 0x32, 0x50, 0x53, 0xcc, 0x1e, 0x53, 0x85, 10039 0xeb, 0x0d, 0x1e, 0xec, 0xe2, 0xbb, 0xc2, 0xf3, 0xf7, 0x80, 0xfd, 0x81, 0x63, 0x8f, 0x87, 0x98, 10040 0x09, 0x47, 0x72, 0xee, 0x2d, 0x5a, 0x18, 0x89, 0x6b, 0x95, 0xef, 0x52, 0xde, 0x4d, 0xf5, 0x48, 10041 0x2a, 0x38, 0x6f, 0x4b, 0x98, 0x3c, 0x6d, 0x41, 0xdd, 0x1b, 0xfd, 0x65, 0x1b, 0x87, 0x8a, 0xcf, 10042 0xec, 0x47, 0xe3, 0x7a, 0xa0, 0x56, 0xd9, 0x36, 0x36, 0xcb, 0x17, 0xaa, 0x1b, 0x24, 0x79, 0x96, 10043 0xc6, 0x60, 0xd4, 0xe4, 0xa8, 0x59, 0x35, 0x5e, 0x4e, 0x00, 0xbf, 0x9a, 0xf5, 0x5c, 0x2a, 0xd7, 10044 0xd7, 0x92, 0x98, 0x79, 0xad, 0x13, 0xda, 0xea, 0xde, 0xcd, 0x65, 0x81, 0x26, 0xbd, 0x55, 0x0f, 10045 0xa4, 0x73, 0x54, 0x7b, 0x2f, 0x55, 0x2a, 0x2f, 0xb9, 0x2d, 0x6e, 0x04, 0xc8, 0x37, 0x5e, 0x93, 10046 0x09, 0xa7, 0x7f, 0xb1, 0x6b, 0x4a, 0x9f, 0xea, 0x59, 0x19, 0x57, 0xd0, 0xc1, 0xa1, 0x6b, 0xaf, 10047 0x27, 0x2b, 0xac, 0x81, 0xec, 0xcd, 0x2e, 0xa2, 0xa6, 0x08, 0x01, 0xfc, 0xa1, 0xbc, 0xc9, 0xdc, 10048 0x97, 0xb9, 0x48, 0xa8, 0x65, 0x5d, 0x63, 0xdb, 0x5c, 0x7e, 0x55, 0xe7, 0x47, 0xf2, 0x74, 0x17, 10049 0x67, 0xfe, 0x56, 0x20, 0x54, 0x65, 0x11, 0xdf, 0xec, 0x75, 0x70, 0x49, 0x59, 0xd1, 0xea, 0x6b, 10050 0x8f, 0x39, 0xec, 0x5d, 0x81, 0x82, 0x9a, 0xec, 0xce, 0x6c, 0x0c, 0x32, 0x14, 0xbd, 0xef, 0xac, 10051 0xae, 0x04, 0xd0, 0x75, 0x62, 0xf5, 0x82, 0x16, 0xd1, 0xa8, 0xfb, 0x22, 0x2a, 0xc2, 0xe7, 0x7a, 10052 0x75, 0x08, 0x59, 0x99, 0x34, 0x3d, 0xd9, 0xd7, 0x66, 0xb8, 0xcd, 0xaa, 0xf4, 0x48, 0xcc, 0x21, 10053 0x25, 0x83, 0xae, 0xad, 0x55, 0x0e, 0xff, 0x44, 0xf3, 0xcc, 0xd1, 0x89, 0x72, 0x0f, 0x9f, 0xe3, 10054 0xe5, 0xc7, 0xd4, 0x53, 0x94, 0xd6, 0xfb, 0x35, 0xd5, 0xd8, 0x2f, 0xa7, 0x4b, 0xf9, 0x50, 0x15, 10055 0x1e, 0x35, 0xfc, 0x3d, 0xca, 0xad, 0xb6, 0x49, 0x16, 0xee, 0xff, 0xd7, 0x8a, 0xcc, 0xf0, 0x96, 10056 0x11, 0x97, 0x22, 0xf3, 0xf7, 0x7c, 0x7a, 0x50, 0x49, 0x12, 0x68, 0x6e, 0x0e, 0x62, 0x32, 0xc7, 10057 0xe9, 0xc3, 0xa0, 0x1b, 0xfe, 0x29, 0x8c, 0x46, 0xc2, 0x7e, 0xe1, 0xea, 0xc3, 0xcb, 0x30, 0xaf, 10058 0xe4, 0x60, 0xe5, 0xa5, 0xa5, 0xb8, 0xf4, 0x16, 0xfa, 0x19, 0xd0, 0x1c, 0x14, 0xce, 0xf9, 0xa8, 10059 0x0b, 0x3f, 0x87, 0x89, 0xd3, 0xed, 0x9e, 0x16, 0x14, 0xbb, 0xd3, 0x64, 0xeb, 0x00, 0xe7, 0x48, 10060 0x1f, 0xd4, 0x47, 0xbc, 0xa9, 0x6f, 0x03, 0xe0, 0x0e, 0xaf, 0xb9, 0xad, 0x05, 0xa0, 0x1d, 0xee, 10061 0x0a, 0xcd, 0x0f, 0xd0, 0xb8, 0xf1, 0x35, 0x80, 0xa7, 0x72, 0xcd, 0x36, 0x8e, 0xce, 0x72, 0xf9, 10062 0x9f, 0xd5, 0x29, 0xae, 0x02, 0xb7, 0xbe, 0x65, 0xff, 0x38, 0x45, 0xf8, 0x8d, 0x87, 0x2f, 0xf8, 10063 0xdd, 0xc1, 0x72, 0x17, 0x2b, 0xdd, 0x3e, 0xfe, 0x01, 0xa0, 0x59, 0xb3, 0x19, 0x92, 0xf0, 0x59, 10064 0xf5, 0x06, 0x77, 0x8b, 0x1a, 0x41, 0x1d, 0x8b, 0x80, 0x74, 0x95, 0x8b, 0x30, 0x03, 0x18, 0xdd, 10065 0x1e, 0x1b, 0x21, 0x36, 0xdf, 0xde, 0xc3, 0xa2, 0x68, 0xe0, 0x3d, 0x94, 0x37, 0x6b, 0x48, 0xb2, 10066 0xb9, 0x41, 0x53, 0xd6, 0x65, 0xef, 0x7a, 0x3d, 0xdc, 0x09, 0x17, 0x66, 0xb4, 0x05, 0x58, 0x8a, 10067 0x5d, 0x2f, 0x40, 0x4a, 0x91, 0x8a, 0xa5, 0xb7, 0x29, 0xfb, 0x37, 0x81, 0x71, 0x77, 0x50, 0x8d, 10068 0x34, 0x80, 0x7e, 0xab, 0xb9, 0xc8, 0xdc, 0xb7, 0x2c, 0x7e, 0xbc, 0xad, 0x7c, 0x14, 0x5c, 0xf6, 10069 0x90, 0x88, 0x0e, 0x0d, 0x50, 0x7a, 0x4e, 0xa6, 0x85, 0xe4, 0x2a, 0xe7, 0x67, 0x21, 0x53, 0xbb, 10070 0x73, 0xd5, 0x30, 0x78, 0xbd, 0x08, 0x2b, 0x42, 0x44, 0x3e, 0x5d, 0x2b, 0x2f, 0x09, 0x8e, 0x82, 10071 0xc3, 0x5b, 0x9e, 0xd8, 0x20, 0xc6, 0xb7, 0x42, 0xe5, 0xb3, 0x60, 0x0b, 0x9b, 0x01, 0x76, 0x26, 10072 0xf7, 0xc1, 0xf7, 0xe1, 0xd1, 0x46, 0xf7, 0x9c, 0x21, 0xfd, 0x66, 0xb7, 0x14, 0x1d, 0x89, 0xb5, 10073 0xd3, 0xa1, 0x4e, 0x57, 0x97, 0xe7, 0xe4, 0x63, 0x96, 0xe2, 0x6f, 0x10, 0x6a, 0xb7, 0x8e, 0x83, 10074 0x64, 0x22, 0x10, 0x02, 0x27, 0x87, 0x6d, 0xb6, 0x11, 0x51, 0xe9, 0xe6, 0x68, 0x1a, 0xc8, 0xd3, 10075 0x6b, 0x23, 0x33, 0x68, 0x66, 0xab, 0x4d, 0xf9, 0x92, 0x11, 0x67, 0x9d, 0x24, 0xee, 0x18, 0xa8, 10076 0x3c, 0x5a, 0xfe, 0x79, 0x76, 0x99, 0xeb, 0x9f, 0x19, 0x9d, 0x74, 0xee, 0x13, 0xd9, 0xb1, 0x7b, 10077 0x4e, 0xcf, 0x30, 0x05, 0xdb, 0x5a, 0x3e, 0x00, 0x7e, 0x0a, 0xed, 0x6f, 0xaf, 0x0d, 0x1b, 0xf3, 10078 0x61, 0x24, 0x06, 0xe7, 0xf2, 0x57, 0x72, 0xf8, 0x61, 0x4d, 0x5f, 0x00, 0x78, 0x1f, 0x4d, 0xc7, 10079 0x28, 0x5e, 0xc4, 0x9b, 0xed, 0xac, 0x4f, 0x16, 0xaf, 0x81, 0x85, 0x33, 0x16, 0xbd, 0x6a, 0xb9, 10080 0xb2, 0x8e, 0x25, 0xbc, 0xaf, 0xfd, 0xea, 0xb7, 0x20, 0x32, 0x15, 0x62, 0x77, 0x52, 0xa1, 0xf2, 10081 0xd0, 0x9d, 0x12, 0x4c, 0x85, 0x71, 0x08, 0x03, 0xa7, 0x94, 0x34, 0xb4, 0x96, 0x30, 0x82, 0x05, 10082 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, 10083 0x04, 0x82, 0x05, 0x2e, 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, 10084 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 10085 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 10086 0x0e, 0x04, 0x08, 0x30, 0xee, 0xbd, 0x7c, 0xcb, 0xb5, 0xa5, 0x1b, 0x02, 0x02, 0x08, 0x00, 0x04, 10087 0x82, 0x04, 0xc8, 0x1e, 0xd0, 0x7f, 0x7e, 0x86, 0x1c, 0x6f, 0x0e, 0xac, 0x6c, 0xe3, 0x35, 0xcb, 10088 0xff, 0xe4, 0x84, 0x88, 0x97, 0x45, 0xf3, 0x48, 0xa9, 0x98, 0xeb, 0x74, 0x91, 0x53, 0x07, 0x7a, 10089 0xe4, 0x78, 0x89, 0x13, 0xe7, 0xce, 0xa3, 0xc5, 0xab, 0x2c, 0x16, 0xe5, 0x02, 0x64, 0xc6, 0xb5, 10090 0x11, 0x36, 0x69, 0x0b, 0x5f, 0x7e, 0x95, 0x27, 0x59, 0x9a, 0xac, 0x98, 0x12, 0x76, 0x39, 0x31, 10091 0xaa, 0x4f, 0x22, 0x55, 0x21, 0x71, 0x20, 0xeb, 0x4e, 0x5e, 0x2d, 0xd8, 0xab, 0xd9, 0x64, 0x38, 10092 0x13, 0x9a, 0x14, 0x48, 0x7f, 0x48, 0x05, 0xec, 0x49, 0x55, 0x80, 0x49, 0xaf, 0x4e, 0x29, 0xdf, 10093 0x4a, 0xfb, 0xa1, 0x20, 0x2f, 0x98, 0x35, 0xf7, 0x8f, 0xb9, 0x41, 0x8b, 0x00, 0x14, 0x23, 0x9a, 10094 0x43, 0xfe, 0x55, 0xfc, 0xe5, 0x57, 0x19, 0xa9, 0x74, 0x44, 0x1f, 0xdd, 0xc3, 0xc8, 0x9f, 0xfa, 10095 0x9f, 0x67, 0x93, 0xed, 0x79, 0x11, 0xe1, 0x4e, 0xed, 0xd6, 0x20, 0x82, 0xc8, 0x85, 0xdf, 0x4e, 10096 0xa0, 0xcd, 0xd8, 0x36, 0x37, 0x4f, 0x67, 0x9d, 0x84, 0x44, 0x14, 0xce, 0xc0, 0xc9, 0xa6, 0xbd, 10097 0x73, 0x06, 0x27, 0xb7, 0x16, 0x97, 0x8c, 0x61, 0xd9, 0x63, 0xb2, 0x56, 0x8d, 0x28, 0x9e, 0x2e, 10098 0xcf, 0xa3, 0xfe, 0x8d, 0xaa, 0xef, 0x69, 0x32, 0x7b, 0x32, 0xbe, 0xd5, 0x62, 0x2c, 0x2e, 0x7f, 10099 0x72, 0xdb, 0x3c, 0x4b, 0xe4, 0x76, 0xa3, 0xa9, 0xa1, 0x67, 0x84, 0x86, 0xea, 0x14, 0x15, 0x6c, 10100 0x74, 0xd2, 0xac, 0x0e, 0xe2, 0x54, 0x54, 0xd4, 0x31, 0xa3, 0x88, 0x66, 0x89, 0x31, 0x7b, 0xf7, 10101 0x3c, 0x92, 0xce, 0x3e, 0x86, 0xfb, 0x57, 0xc8, 0x65, 0xae, 0x85, 0x6d, 0x48, 0xf6, 0xe6, 0x37, 10102 0xeb, 0x77, 0xcf, 0x06, 0xd6, 0x9e, 0x54, 0xb4, 0xd8, 0x9a, 0x5f, 0xdd, 0xc5, 0xa5, 0x05, 0xa0, 10103 0x4b, 0xd1, 0x54, 0xab, 0x4f, 0xd0, 0x3e, 0x6b, 0x8f, 0x03, 0x66, 0xd4, 0xe2, 0x90, 0xea, 0x2d, 10104 0x9b, 0x6a, 0x2b, 0xc4, 0x7b, 0x9d, 0xf1, 0xb5, 0x22, 0xdf, 0x86, 0xc2, 0xfd, 0x13, 0x0a, 0x69, 10105 0x29, 0x59, 0xe9, 0x45, 0xcd, 0xdf, 0xcd, 0xa5, 0x71, 0x7e, 0x70, 0xc3, 0x60, 0x9e, 0x47, 0x5d, 10106 0xd4, 0x6c, 0xcc, 0x15, 0x51, 0x23, 0x5b, 0x4e, 0xee, 0x72, 0x80, 0x49, 0xd6, 0xac, 0x89, 0x16, 10107 0x65, 0xf4, 0x95, 0x57, 0x19, 0x13, 0xab, 0x9c, 0x08, 0xe8, 0xdf, 0x0a, 0xe2, 0x39, 0xfc, 0xff, 10108 0x42, 0x02, 0xac, 0xaf, 0xf1, 0xb6, 0x56, 0xef, 0x75, 0x60, 0x2f, 0xc2, 0x5d, 0xef, 0xf5, 0x79, 10109 0xb5, 0x46, 0xa0, 0xb5, 0x03, 0x67, 0xef, 0x78, 0x3d, 0x49, 0xd0, 0xc5, 0x0e, 0xff, 0x42, 0x72, 10110 0x02, 0x86, 0x99, 0x93, 0xaa, 0xa3, 0x9e, 0x2c, 0xc7, 0xec, 0xa2, 0xdf, 0x25, 0x4e, 0x28, 0x81, 10111 0x82, 0x3e, 0x29, 0xd3, 0x37, 0xfd, 0x32, 0xf4, 0x85, 0x46, 0x42, 0xb9, 0x94, 0x44, 0x8a, 0xbf, 10112 0xd9, 0x14, 0xcb, 0xb6, 0xd3, 0xc5, 0xe7, 0x6b, 0x28, 0x70, 0xc3, 0x9c, 0xc2, 0x93, 0x9d, 0x2f, 10113 0xab, 0xd6, 0xb2, 0x19, 0x28, 0x9a, 0xda, 0x0d, 0x90, 0x5b, 0xba, 0x64, 0x6f, 0xcc, 0x11, 0xef, 10114 0x6c, 0x88, 0x18, 0x4f, 0x86, 0x6e, 0xed, 0xcf, 0xde, 0x0d, 0xec, 0xe2, 0x12, 0xc3, 0x89, 0x0a, 10115 0x3f, 0xbb, 0x3d, 0x8c, 0x8f, 0xa9, 0x40, 0xe6, 0xf8, 0xd1, 0x1a, 0x9a, 0x7e, 0x8a, 0xd7, 0x7b, 10116 0x56, 0xf4, 0x5d, 0x80, 0x64, 0xd5, 0x88, 0x86, 0x85, 0x18, 0x30, 0x5d, 0x64, 0x04, 0xb3, 0xc2, 10117 0xc7, 0x80, 0xda, 0x3e, 0xc4, 0xd6, 0xf6, 0xc4, 0x95, 0x56, 0xd5, 0xad, 0x82, 0x86, 0xcc, 0x1a, 10118 0x05, 0x69, 0x06, 0x08, 0x5b, 0x19, 0xea, 0x10, 0xc5, 0xcd, 0x67, 0x93, 0xab, 0x0f, 0xe3, 0xba, 10119 0xb0, 0x0d, 0xac, 0x99, 0x0d, 0x35, 0x6f, 0xe5, 0x41, 0xb2, 0x7c, 0x87, 0x91, 0x6c, 0xe2, 0x75, 10120 0x9b, 0x64, 0x62, 0x06, 0x2a, 0x8b, 0xd9, 0x4d, 0x23, 0xcd, 0x2b, 0xef, 0xf5, 0x61, 0x82, 0x8e, 10121 0x3f, 0xf6, 0x2b, 0xe1, 0x6f, 0xcf, 0xbd, 0xaa, 0x07, 0x97, 0x49, 0x4e, 0x02, 0x9d, 0xa5, 0x9e, 10122 0xc5, 0xd7, 0x8b, 0xd3, 0xe1, 0xd9, 0x35, 0x96, 0x9d, 0x1f, 0xa2, 0xf6, 0x91, 0xee, 0xd1, 0x3b, 10123 0xa8, 0xfe, 0x4d, 0xeb, 0xf9, 0xfc, 0xe4, 0xab, 0x60, 0xb7, 0x86, 0x9d, 0x2a, 0x35, 0xb0, 0x00, 10124 0xd4, 0x3c, 0x2a, 0x7e, 0x6d, 0x65, 0x5f, 0xf3, 0x7c, 0x23, 0x57, 0x52, 0x2a, 0x8c, 0x5b, 0x36, 10125 0x74, 0xb7, 0x61, 0x49, 0xf0, 0xdf, 0xcf, 0x8a, 0x28, 0xc5, 0x8d, 0xbc, 0x20, 0xcc, 0xac, 0x86, 10126 0x20, 0xd8, 0x2d, 0x86, 0x99, 0xf5, 0xf0, 0xdb, 0xed, 0x8d, 0xf9, 0xd7, 0x4e, 0xa8, 0xde, 0x84, 10127 0x35, 0x50, 0xc1, 0x7c, 0xbd, 0xdf, 0xc2, 0x24, 0x1a, 0x49, 0x24, 0x9a, 0x37, 0x93, 0xca, 0x2d, 10128 0x73, 0x47, 0x8f, 0x83, 0xed, 0x4d, 0xca, 0xf8, 0xf0, 0xd3, 0x9b, 0xe0, 0x4b, 0x3b, 0xf1, 0x86, 10129 0xeb, 0x78, 0x7b, 0x42, 0xa1, 0xb9, 0x36, 0x15, 0xde, 0x63, 0xab, 0x8b, 0x8b, 0x5d, 0xa2, 0x92, 10130 0x10, 0x95, 0xdf, 0xda, 0xd7, 0xba, 0xa0, 0x26, 0xb9, 0xdc, 0x83, 0xeb, 0xdc, 0xd2, 0x1f, 0xf1, 10131 0xb1, 0x8d, 0x21, 0x51, 0x71, 0x59, 0x0e, 0xe8, 0x7e, 0xf1, 0x53, 0x08, 0x98, 0x79, 0x05, 0x3b, 10132 0x22, 0xf1, 0xda, 0x07, 0x0d, 0xf7, 0x89, 0x5e, 0xc4, 0x62, 0x8c, 0xf9, 0x19, 0xc8, 0xbc, 0xa4, 10133 0x0c, 0x6f, 0x41, 0x34, 0x56, 0x22, 0x6b, 0xe6, 0xee, 0x7c, 0x4a, 0xd9, 0x26, 0x8c, 0x56, 0x12, 10134 0xf3, 0x03, 0x12, 0x1c, 0x5b, 0x8d, 0x64, 0x5c, 0x1c, 0xb6, 0x0f, 0x93, 0xaf, 0xb1, 0x67, 0x6f, 10135 0x13, 0xdd, 0xe3, 0xcf, 0x0e, 0xe6, 0x06, 0xf3, 0xb2, 0xbc, 0x99, 0xf5, 0xb0, 0xd7, 0xe9, 0x7e, 10136 0xb0, 0x6a, 0xb9, 0xb5, 0xda, 0xcf, 0x88, 0xf1, 0xc5, 0x58, 0x54, 0x05, 0x5c, 0x9d, 0x79, 0xc2, 10137 0xcd, 0xbb, 0xc6, 0xf2, 0x69, 0xa9, 0xe3, 0x4e, 0x05, 0x0d, 0x02, 0xb6, 0x4d, 0x8e, 0x7d, 0x60, 10138 0x8e, 0xda, 0x4d, 0x28, 0xd2, 0xec, 0x8a, 0x11, 0xe3, 0xe7, 0x17, 0x20, 0x07, 0x7b, 0xfc, 0x9b, 10139 0x4e, 0xf7, 0x79, 0xf5, 0x0a, 0x6e, 0xd1, 0x1e, 0x7b, 0x83, 0x66, 0x5e, 0x1b, 0x9d, 0x36, 0x32, 10140 0x89, 0xf6, 0x72, 0xa5, 0x58, 0x54, 0x42, 0xba, 0x90, 0xf3, 0xbb, 0x05, 0x46, 0xa4, 0x91, 0x1c, 10141 0xdb, 0xab, 0xf3, 0x68, 0x56, 0x7a, 0xd3, 0xff, 0x3f, 0x9f, 0xc5, 0x4a, 0x47, 0xbd, 0x89, 0x46, 10142 0xf6, 0x94, 0x3a, 0x94, 0xd4, 0x30, 0xd3, 0xae, 0x0d, 0x99, 0x95, 0xf7, 0x75, 0xfe, 0x14, 0x10, 10143 0x9e, 0xed, 0x21, 0x0f, 0x0d, 0x54, 0x7d, 0x54, 0xc5, 0x80, 0x21, 0x4d, 0xf2, 0xaf, 0x67, 0xaf, 10144 0x8a, 0x76, 0x9e, 0x34, 0x32, 0x74, 0x89, 0x2a, 0x32, 0xf9, 0x48, 0x20, 0x90, 0xe6, 0x4a, 0xa3, 10145 0x7f, 0xf2, 0x2a, 0x51, 0x22, 0x93, 0xe5, 0xdd, 0x59, 0xb3, 0x83, 0xa8, 0x47, 0xf5, 0x6b, 0x38, 10146 0x24, 0xc2, 0xac, 0x2d, 0x03, 0xda, 0xb1, 0x17, 0x19, 0xe0, 0x38, 0x2c, 0xb3, 0xa6, 0x4c, 0x8e, 10147 0xae, 0x63, 0xa7, 0xae, 0x96, 0xb1, 0x07, 0x8c, 0x8f, 0x6a, 0x08, 0x32, 0x15, 0x1f, 0x33, 0x97, 10148 0x21, 0x3b, 0x51, 0x70, 0xc5, 0x1f, 0xa6, 0xa3, 0x8a, 0xd0, 0x8f, 0x0b, 0xda, 0x64, 0xab, 0xbe, 10149 0xee, 0x4b, 0x14, 0xfd, 0x32, 0x87, 0x9e, 0xa7, 0x19, 0x75, 0xc9, 0xaa, 0xd3, 0xed, 0xa7, 0xa0, 10150 0x01, 0xe7, 0xa0, 0xe5, 0x28, 0xdd, 0x3b, 0x7c, 0x49, 0xe4, 0x24, 0x7d, 0x92, 0x86, 0x25, 0x03, 10151 0xb3, 0x66, 0x04, 0xf3, 0xa1, 0x40, 0x11, 0x35, 0x3a, 0x1d, 0xbf, 0x1c, 0x02, 0x83, 0x3d, 0x37, 10152 0x51, 0x88, 0xa3, 0x2b, 0x10, 0x8c, 0x8e, 0x10, 0xdd, 0xdc, 0xef, 0xa4, 0xe9, 0x14, 0x77, 0xb6, 10153 0x8e, 0x75, 0xb6, 0x8e, 0xea, 0xaa, 0x57, 0x16, 0x1f, 0xb0, 0x0c, 0xbc, 0x44, 0xed, 0x92, 0x94, 10154 0x9a, 0xb4, 0xf3, 0x31, 0x64, 0x02, 0x5c, 0xa1, 0x51, 0x63, 0x39, 0x42, 0x74, 0x7a, 0x1d, 0xf2, 10155 0xf5, 0x92, 0x50, 0xf1, 0x5a, 0x8a, 0xde, 0xb3, 0x4e, 0xf1, 0x6e, 0x67, 0xd9, 0x5b, 0x00, 0xa7, 10156 0xd1, 0x90, 0x58, 0x36, 0xc4, 0x15, 0x80, 0xbb, 0xa5, 0xbb, 0x98, 0xc0, 0x8a, 0x9b, 0x17, 0x35, 10157 0x36, 0x3b, 0x62, 0x0f, 0x29, 0xcd, 0xe9, 0x04, 0x0e, 0x9d, 0xca, 0x43, 0x04, 0xdf, 0x17, 0x49, 10158 0xbf, 0xb6, 0x7a, 0x7a, 0x3c, 0xdb, 0x0d, 0x6d, 0xd5, 0x89, 0xb9, 0x69, 0x94, 0xd8, 0xb2, 0xd6, 10159 0x38, 0x8a, 0xcc, 0x78, 0x44, 0x40, 0x63, 0x9f, 0x1e, 0x0e, 0x40, 0x33, 0x51, 0xd3, 0x65, 0xf8, 10160 0xf1, 0x42, 0x06, 0x75, 0x84, 0xe7, 0xb1, 0xe9, 0xd6, 0xa4, 0x5e, 0x7f, 0xb0, 0x48, 0x6f, 0x80, 10161 0x92, 0xf8, 0xfc, 0x2a, 0xdb, 0x18, 0x97, 0xe5, 0xe7, 0xc7, 0x46, 0xb6, 0x59, 0x8c, 0x3a, 0x09, 10162 0x91, 0xc1, 0x49, 0x55, 0xf9, 0xf3, 0x87, 0x19, 0xdc, 0x72, 0x56, 0xd3, 0x20, 0x5e, 0xc5, 0x3d, 10163 0xfb, 0x19, 0xea, 0x6a, 0xdf, 0x09, 0xb2, 0x8f, 0xb6, 0xdd, 0x26, 0x31, 0x25, 0x30, 0x23, 0x06, 10164 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x3b, 0xd2, 10165 0xb3, 0x51, 0x4c, 0x57, 0xd0, 0xca, 0x34, 0xa4, 0xf0, 0x06, 0xdd, 0xe9, 0x76, 0x08, 0xdb, 0x7b, 10166 0x3a, 0xb0, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 10167 0x00, 0x04, 0x14, 0x8e, 0x7f, 0x87, 0x67, 0x78, 0x64, 0x93, 0x36, 0x35, 0xe5, 0x93, 0x9d, 0xac, 10168 0x61, 0x09, 0x4f, 0xdc, 0x95, 0xd7, 0x4f, 0x04, 0x08, 0x23, 0xc2, 0xc0, 0xc6, 0x8d, 0x5f, 0x70, 10169 0x7e, 0x02, 0x02, 0x08, 0x00]); 10170 10171 let conf: cert.Pkcs12ParsingConfig = { 10172 password: "123456", 10173 needsCert: false, 10174 needsPrivateKey: true, 10175 privateKeyFormat: cert.EncodingBaseFormat.DER, 10176 needsOtherCerts: false, 10177 }; 10178 let p12: cert.Pkcs12Data = cert.parsePkcs12(p12_cert, conf); 10179 console.info("parsePKCS12 succeed."); 10180 if (p12.privateKey) { 10181 console.info("privateKey:" + p12.privateKey.toString()) 10182 } 10183 } catch (error) { 10184 console.error('parsePKCS12 failed:' + JSON.stringify(error)); 10185 } 10186} 10187``` 10188 10189## cert.createTrustAnchorsWithKeyStore<sup>12+</sup> 10190 10191createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array\<[X509TrustAnchor](#x509trustanchor11)>> 10192 10193Creates a [TrustAnchor](#x509trustanchor11) object array by using the CA certificate parsed from a .p12 keystore file. This API uses a promise to return the result. 10194 10195**Atomic service API**: This API can be used in atomic services since API version 12. 10196 10197**System capability**: SystemCapability.Security.Cert 10198 10199**Parameters** 10200 10201| Name | Type | Mandatory| Description | 10202| -------- | -------------------- | ---- | -------------------------- | 10203| keystore | Uint8Array | Yes| .p12 file to parse, in DER format.| 10204| pwd | string | Yes| Password of the .p12 file.| 10205 10206**Return value** 10207 10208| Type | Description | 10209| --------------------------------- | -------------------- | 10210| Array\<[X509TrustAnchor](#x509trustanchor11)> | **X509TrustAnchor** object array created.| 10211 10212**Error codes** 10213 10214For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10215 10216| ID| Error Message | 10217| -------- | ------------------------------------------------- | 10218| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10219| 19020001 | memory error. | 10220| 19020002 | runtime error. | 10221| 19030001 | crypto operation error. | 10222| 19030002 | the certificate signature verification failed. | 10223| 19030003 | the certificate has not taken effect. | 10224| 19030004 | the certificate has expired. | 10225| 19030005 | failed to obtain the certificate issuer. | 10226| 19030006 | the key cannot be used for signing a certificate. | 10227| 19030007 | the key cannot be used for digital signature. | 10228 10229**Example** 10230 10231```ts 10232import { cert } from '@kit.DeviceCertificateKit'; 10233import { BusinessError } from '@kit.BasicServicesKit'; 10234 10235try { 10236 cert.createTrustAnchorsWithKeyStore( 10237 new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), 10238 '123456').then((data) => { 10239 console.log('createTrustAnchorsWithKeyStore sucess, number of the result is: ' + JSON.stringify(data.length)); 10240 }).catch((err : BusinessError) => { 10241 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); 10242 }) 10243} catch (error) { 10244 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); 10245} 10246``` 10247 10248## X509CertChain<sup>11+</sup> 10249 10250Provides APIs for managing the X.509 certificate chain. 10251 10252### getCertList<sup>11+</sup> 10253 10254getCertList(): Array\<X509Cert> 10255 10256Obtains the X.509 certificate list. 10257 10258**Atomic service API**: This API can be used in atomic services since API version 12. 10259 10260**System capability**: SystemCapability.Security.Cert 10261 10262**Return value** 10263 10264| Type | Description | 10265| -------------- | ----------- | 10266| Array\<[X509Cert](#x509cert)> | X.509 certificate list obtained.| 10267 10268**Error codes** 10269 10270For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10271 10272| ID| Error Message | 10273| -------- | ----------------------- | 10274| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10275| 19020001 | memory error. | 10276| 19030001 | crypto operation error. | 10277 10278**Example** 10279 10280```ts 10281import { cert } from '@kit.DeviceCertificateKit'; 10282import { BusinessError } from '@kit.BasicServicesKit'; 10283 10284// Convert the string into a Uint8Array. 10285function stringToUint8Array(str: string): Uint8Array { 10286 let arr: Array<number> = []; 10287 for (let i = 0, j = str.length; i < j; i++) { 10288 arr.push(str.charCodeAt(i)); 10289 } 10290 return new Uint8Array(arr); 10291} 10292 10293let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10294 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10295 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10296 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10297 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10298 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10299 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10300 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10301 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10302 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10303 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10304 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10305 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10306 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10307 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10308 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10309 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10310 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10311 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10312 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10313 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10314 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10315 "-----END CERTIFICATE-----\n" + 10316 "-----BEGIN CERTIFICATE-----\n" + 10317 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10318 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10319 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10320 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10321 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10322 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10323 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10324 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10325 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10326 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10327 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10328 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10329 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10330 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10331 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10332 "uKPWR9dKBA==\n" + 10333 "-----END CERTIFICATE-----\n" + 10334 "-----BEGIN CERTIFICATE-----\n" + 10335 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10336 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10337 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10338 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10339 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10340 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10341 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10342 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10343 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10344 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10345 "xjoE\n" + 10346 "-----END CERTIFICATE-----\n"; 10347 10348// Certificate chain binary data, which varies with the service. 10349let encodingBlob: cert.EncodingBlob = { 10350 data: stringToUint8Array(certChainData), 10351 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 10352 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10353}; 10354 10355cert.createX509CertChain(encodingBlob, (err, certChain) => { 10356 if (err) { 10357 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10358 } else { 10359 console.log('createX509CertChain success'); 10360 try { 10361 let certList = certChain.getCertList(); 10362 } catch (err) { 10363 let e: BusinessError = err as BusinessError; 10364 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10365 } 10366 } 10367}); 10368``` 10369 10370### validate<sup>11+</sup> 10371 10372validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 10373 10374Validates a certificate chain. This API uses a promise to return the result. 10375 10376**Atomic service API**: This API can be used in atomic services since API version 12. 10377 10378**System capability**: SystemCapability.Security.Cert 10379 10380**Parameters** 10381 10382| Name | Type | Mandatory| Description | 10383| --------- | ------------------------------- | ---- | ----------------- | 10384| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 10385 10386**Return value** 10387 10388| Type | Description | 10389| ------------------------------------------------------------ | --------------------------------- | 10390| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise used to return the result.| 10391 10392**Error codes** 10393 10394For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10395 10396| ID| Error Message | 10397| -------- | ----------------------- | 10398| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10399| 19020001 | memory error. | 10400| 19020002 | runtime error. | 10401| 19030001 | crypto operation error. | 10402| 19030002 | the certificate signature verification failed. | 10403| 19030003 | the certificate has not taken effect. | 10404| 19030004 | the certificate has expired. | 10405| 19030005 | failed to obtain the certificate issuer. | 10406| 19030006 | the key cannot be used for signing a certificate. | 10407| 19030007 | the key cannot be used for digital signature. | 10408 10409**Example** 10410 10411```ts 10412import { cert } from '@kit.DeviceCertificateKit'; 10413import { BusinessError } from '@kit.BasicServicesKit'; 10414 10415// Convert the string into a Uint8Array. 10416function stringToUint8Array(str: string): Uint8Array { 10417 let arr: Array<number> = []; 10418 for (let i = 0, j = str.length; i < j; i++) { 10419 arr.push(str.charCodeAt(i)); 10420 } 10421 return new Uint8Array(arr); 10422} 10423 10424async function createX509CertChain(): Promise<cert.X509CertChain> { 10425 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10426 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10427 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10428 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10429 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10430 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10431 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10432 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10433 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10434 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10435 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10436 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10437 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10438 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10439 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10440 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10441 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10442 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10443 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10444 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10445 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10446 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10447 "-----END CERTIFICATE-----\n" + 10448 "-----BEGIN CERTIFICATE-----\n" + 10449 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10450 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10451 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10452 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10453 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10454 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10455 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10456 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10457 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10458 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10459 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10460 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10461 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10462 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10463 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10464 "uKPWR9dKBA==\n" + 10465 "-----END CERTIFICATE-----\n" + 10466 "-----BEGIN CERTIFICATE-----\n" + 10467 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10468 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10469 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10470 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10471 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10472 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10473 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10474 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10475 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10476 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10477 "xjoE\n" + 10478 "-----END CERTIFICATE-----\n"; 10479 10480 // Certificate chain binary data, which varies with the service. 10481 let encodingBlob: cert.EncodingBlob = { 10482 data: stringToUint8Array(certChainData), 10483 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 10484 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10485 }; 10486 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10487 try { 10488 x509CertChain = await cert.createX509CertChain(encodingBlob); 10489 } 10490 catch (error) { 10491 let e: BusinessError = error as BusinessError; 10492 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10493 } 10494 return x509CertChain; 10495} 10496 10497async function validate() { 10498 const certChain = await createX509CertChain(); 10499 // Certificate chain validation data, which varies with the service. 10500 const param: cert.CertChainValidationParameters = { 10501 date: '20231212080000Z', 10502 trustAnchors: [{ 10503 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10504 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10505 }] 10506 } 10507 try { 10508 const validationRes = await certChain.validate(param); 10509 console.log('X509CertChain validate success'); 10510 } 10511 catch (err) { 10512 console.error('X509CertChain validate failed'); 10513 } 10514} 10515 10516validate(); 10517``` 10518 10519### validate<sup>11+</sup> 10520 10521validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 10522 10523Validates a certificate chain. This API uses an asynchronous callback to return the result. 10524 10525**Atomic service API**: This API can be used in atomic services since API version 12. 10526 10527**System capability**: SystemCapability.Security.Cert 10528 10529**Parameters** 10530 10531| Name | Type | Mandatory| Description | 10532| --------- | ------------------------------- | ---- | ------------ | 10533| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 10534| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | Yes | Callback used to return the certificate chain validation result.| 10535 10536**Error codes** 10537 10538For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10539 10540| ID| Error Message | 10541| -------- | ----------------------- | 10542| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10543| 19020001 | memory error. | 10544| 19020002 | runtime error. | 10545| 19030001 | crypto operation error. | 10546| 19030002 | the certificate signature verification failed. | 10547| 19030003 | the certificate has not taken effect. | 10548| 19030004 | the certificate has expired. | 10549| 19030005 | failed to obtain the certificate issuer. | 10550| 19030006 | the key cannot be used for signing a certificate. | 10551| 19030007 | the key cannot be used for digital signature. | 10552 10553**Example** 10554 10555```ts 10556import { cert } from '@kit.DeviceCertificateKit'; 10557 10558// Convert the string into a Uint8Array. 10559function stringToUint8Array(str: string): Uint8Array { 10560 let arr: Array<number> = []; 10561 for (let i = 0, j = str.length; i < j; i++) { 10562 arr.push(str.charCodeAt(i)); 10563 } 10564 return new Uint8Array(arr); 10565} 10566 10567let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10568 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10569 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10570 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10571 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10572 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10573 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10574 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10575 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10576 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10577 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10578 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10579 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10580 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10581 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10582 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10583 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10584 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10585 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10586 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10587 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10588 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10589 "-----END CERTIFICATE-----\n" + 10590 "-----BEGIN CERTIFICATE-----\n" + 10591 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10592 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10593 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10594 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10595 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10596 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10597 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10598 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10599 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10600 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10601 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10602 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10603 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10604 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10605 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10606 "uKPWR9dKBA==\n" + 10607 "-----END CERTIFICATE-----\n" + 10608 "-----BEGIN CERTIFICATE-----\n" + 10609 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10610 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10611 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10612 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10613 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10614 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10615 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10616 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10617 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10618 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10619 "xjoE\n" + 10620 "-----END CERTIFICATE-----\n"; 10621 10622// Certificate chain binary data, which varies with the service. 10623let encodingBlob: cert.EncodingBlob = { 10624 data: stringToUint8Array(certChainData), 10625 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 10626 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10627}; 10628 10629// Certificate chain validation data, which varies with the service. 10630let param: cert.CertChainValidationParameters = { 10631 date: '20231212080000Z', 10632 trustAnchors: [{ 10633 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10634 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10635 }] 10636}; 10637 10638cert.createX509CertChain(encodingBlob, (err, certChain) => { 10639 if (err) { 10640 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10641 } else { 10642 console.log('createX509CertChain success'); 10643 certChain.validate(param, (error, validationRes) => { 10644 if (error) { 10645 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 10646 } else { 10647 console.log('X509CertChain validate success'); 10648 } 10649 }); 10650 } 10651}); 10652``` 10653 10654### toString<sup>12+</sup> 10655 10656toString(): string 10657 10658Converts the object data into a string. 10659 10660**Atomic service API**: This API can be used in atomic services since API version 12. 10661 10662**System capability**: SystemCapability.Security.Cert 10663 10664**Return value** 10665 10666| Type | Description | 10667| ------- | ---------------------------------------------------- | 10668| string | String obtained.| 10669 10670**Error codes** 10671 10672For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10673 10674| ID| Error Message | 10675| -------- | ----------------------- | 10676| 19020001 | memory error. | 10677| 19020002 | runtime error. | 10678| 19030001 | crypto operation error. | 10679 10680**Example** 10681 10682```ts 10683import { cert } from '@kit.DeviceCertificateKit'; 10684import { BusinessError } from '@kit.BasicServicesKit'; 10685 10686// Convert the string into a Uint8Array. 10687function stringToUint8Array(str: string): Uint8Array { 10688 let arr: Array<number> = []; 10689 for (let i = 0, j = str.length; i < j; i++) { 10690 arr.push(str.charCodeAt(i)); 10691 } 10692 return new Uint8Array(arr); 10693} 10694 10695let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10696 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10697 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10698 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10699 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10700 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10701 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10702 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10703 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10704 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10705 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10706 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10707 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10708 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10709 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10710 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10711 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10712 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10713 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10714 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10715 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10716 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10717 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10718 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10719 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10720 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10721 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10722 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10723 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10724 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10725 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10726 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10727 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10728 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10729 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10730 '-----END CERTIFICATE-----\n' + 10731 '-----BEGIN CERTIFICATE-----\n' + 10732 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10733 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10734 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10735 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10736 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10737 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10738 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10739 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10740 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10741 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10742 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10743 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10744 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10745 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10746 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10747 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10748 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10749 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10750 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10751 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10752 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10753 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10754 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10755 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10756 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10757 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10758 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10759 'tPO+\n' + 10760 '-----END CERTIFICATE-----\n'; 10761 10762// Certificate chain binary data, which varies with the service. 10763let encodingBlob: cert.EncodingBlob = { 10764 data: stringToUint8Array(certChainData), 10765 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 10766 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10767}; 10768 10769async function certChainToString() { 10770 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10771 try { 10772 x509CertChain = await cert.createX509CertChain(encodingBlob); 10773 console.log('createX509CertChain success'); 10774 console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); 10775 } catch (error) { 10776 let e: BusinessError = error as BusinessError; 10777 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10778 } 10779} 10780``` 10781### hashCode<sup>12+</sup> 10782 10783hashCode(): Uint8Array 10784 10785Obtains the hash value of the data in DER format. 10786 10787**Atomic service API**: This API can be used in atomic services since API version 12. 10788 10789**System capability**: SystemCapability.Security.Cert 10790 10791**Return value** 10792 10793| Type | Description | 10794| ------- | ---------------------------------------------------- | 10795| Uint8Array | Hash value obtained.| 10796 10797**Error codes** 10798 10799For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10800 10801| ID| Error Message | 10802| -------- | ----------------------- | 10803| 19020001 | memory error. | 10804| 19020002 | runtime error. | 10805| 19030001 | crypto operation error. | 10806 10807**Example** 10808 10809```ts 10810import { cert } from '@kit.DeviceCertificateKit'; 10811import { BusinessError } from '@kit.BasicServicesKit'; 10812 10813// Convert the string into a Uint8Array. 10814function stringToUint8Array(str: string): Uint8Array { 10815 let arr: Array<number> = []; 10816 for (let i = 0, j = str.length; i < j; i++) { 10817 arr.push(str.charCodeAt(i)); 10818 } 10819 return new Uint8Array(arr); 10820} 10821 10822let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10823 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10824 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10825 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10826 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10827 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10828 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10829 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10830 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10831 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10832 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10833 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10834 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10835 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10836 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10837 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10838 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10839 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10840 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10841 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10842 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10843 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10844 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10845 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10846 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10847 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10848 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10849 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10850 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10851 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10852 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10853 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10854 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10855 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10856 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10857 '-----END CERTIFICATE-----\n' + 10858 '-----BEGIN CERTIFICATE-----\n' + 10859 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10860 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10861 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10862 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10863 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10864 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10865 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10866 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10867 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10868 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10869 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10870 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10871 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10872 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10873 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10874 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10875 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10876 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10877 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10878 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10879 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10880 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10881 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10882 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10883 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10884 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10885 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10886 'tPO+\n' + 10887 '-----END CERTIFICATE-----\n'; 10888 10889// Certificate chain binary data, which varies with the service. 10890let encodingBlob: cert.EncodingBlob = { 10891 data: stringToUint8Array(certChainData), 10892 // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. 10893 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10894}; 10895 10896async function certChainHashCode() { 10897 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10898 try { 10899 x509CertChain = await cert.createX509CertChain(encodingBlob); 10900 console.log('createX509CertChain success'); 10901 console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); 10902 } catch (error) { 10903 let e: BusinessError = error as BusinessError; 10904 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10905 } 10906} 10907``` 10908 10909## cert.generateCsr<sup>16+</sup> 10910 10911generateCsr(keyInfo: PrivateKeyInfo, config: CsrGenerationConfig): string | Uint8Array 10912 10913Generates a CSR. 10914 10915**Atomic service API**: This API can be used in atomic services since API version 16. 10916 10917**System capability**: SystemCapability.Security.Cert 10918 10919**Parameters** 10920 10921| Name | Type | Mandatory| Description | 10922| -------- | ----------------------------- | ---- | -------------------- | 10923| keyInfo | [PrivateKeyInfo](#privatekeyinfo16) | Yes| Private key information.| 10924| config | [CsrGenerationConfig](#csrgenerationconfig16) | Yes| Configuration for generating the CSR.| 10925 10926**Return value** 10927 10928| Type | Description | 10929| ------------------------------- | ---------------- | 10930| string | Uint8Array | CSR generated.| 10931 10932**Error codes** 10933 10934For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10935 10936| ID| Error Message | 10937| -------- | ------------- | 10938| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10939| 19020001 | memory error. | 10940| 19020002 | runtime error. | 10941| 19030001 | crypto operation error. | 10942| 19030002 | the certificate signature verification failed. | 10943| 19030003 | the certificate has not taken effect. | 10944| 19030004 | the certificate has expired. | 10945| 19030005 | failed to obtain the certificate issuer. | 10946| 19030006 | the key cannot be used for signing a certificate. | 10947| 19030007 | the key cannot be used for digital signature. | 10948 10949**Example** 10950 10951```ts 10952import { cert } from '@kit.DeviceCertificateKit'; 10953 10954async function createCsrTest() { 10955 let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 10956 let prikeyEnstr: string = 10957 '-----BEGIN RSA PRIVATE KEY-----\n' + 10958 'Proc-Type: 4,ENCRYPTED\n' + 10959 'DEK-Info: AES-128-CBC,B5FFA3AEEE7176106FDDB0988B532F07\n\n' + 10960 't3zNRGKp5X4BNkcsYATad/Le+94yMIX9CoNAGsBIDzQw+773UMGIoeGEYVlXWc8x\n' + 10961 'N1XWDinn4ytWw9x9OfUYgmNnrdkWRSaIuw+SpQfBgJip+MsNERYOHZ5TYWTR8n3k\n' + 10962 '7/jHY8eCgTsP3hbNtyaePIrtbTLZGZAHG1YWY5UmLaYoI1O6/Vvobx72lx3b43Tx\n' + 10963 '4j5lkknpLl85fcs1s4TYMOd8vEwhdpouR4VY8kfRSm44WQLtGXrce0An3MG3pXyZ\n' + 10964 'GhpmJyTcg0epTEYVzglENlBJrBVDL+bJ8uvHGH4tmeQb77e6ILXoxZntM7zQMMFo\n' + 10965 'A7dilqO6FBxu20n2TidVGCa0Yn+DZLpry2OdwVUC2nXyCHCehr3jAZz6k20FWg5B\n' + 10966 'EsU16yOIB+bp9BUKdTpJVtc/pmZJtnlA9pSCUVmWdltOsjjxkE94wfAUOYhO3Mvz\n' + 10967 'gF9KR1/bdAbLw4t7bGeuyV4N2iYr83FodLLXpupM6Qfb51+HVgHvm2aaHv2Q4sf3\n' + 10968 'poCVTNlegoVV9x3+7HqXY6MjlG8aU6LcWqH34ySqRBQrKL1PuDzQSY5/RmP7PUhG\n' + 10969 'ym4l6KbEaRC2H/XS2qKa4VCMgBCgA0hoiw4s48Xd4h2GUTuxLM9wGyW89OEaHky7\n' + 10970 'VE7t3O9a2zhkRTYDDYQ8QCycKhNrsKySyItRUWn/w2lXvuKM7PpAzYH7Ey3W1eZG\n' + 10971 'PyyeGG9exjpdIvD3tx5Hl/OWwBkW1DAzO40gT6sdD5FXzRv4fCHuCrIow5QMLF4T\n' + 10972 'd5Y4a6q13V4O5b73T5INmKl8rEbPGIw7WLR7BNj05QuzNcn5kA1aBFIJqsxQv46l\n' + 10973 '-----END RSA PRIVATE KEY-----\n'; 10974 let priKeyInfo: cert.PrivateKeyInfo = { 10975 key: prikeyEnstr, 10976 password : "123abc" 10977 } 10978 let keyUsage: cert.CsrAttribute = { 10979 type: "keyUsage", 10980 value: "digitalSignature, keyEncipherment" 10981 }; 10982 10983 let challengePassword: cert.CsrAttribute = { 10984 type:"challengePassword", 10985 value: "123456" 10986 }; 10987 let attribute: cert.CsrAttribute[] = [ 10988 keyUsage,challengePassword 10989 ]; 10990 try { 10991 let data = await cert.createX500DistinguishedName(nameStr); 10992 console.info('createX500DistinguishedName success' + data.getName("CN").toString()); 10993 let conf: cert.CsrGenerationConfig = { 10994 subject: data, 10995 mdName: "SHA256", 10996 outFormat: cert.EncodingBaseFormat.PEM, 10997 attributes: attribute 10998 } 10999 try { 11000 let csrStr = cert.generateCsr(priKeyInfo, conf) 11001 console.log('generateCsr success return str is' + csrStr.toString()) 11002 } catch (error) { 11003 let e: BusinessError = error as BusinessError; 11004 console.error('generateCsr failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11005 } 11006 } catch (error) { 11007 let e: BusinessError = error as BusinessError; 11008 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11009 } 11010} 11011``` 11012 11013## cert.createX500DistinguishedName<sup>12+</sup> 11014 11015createX500DistinguishedName(nameStr: string): Promise\<X500DistinguishedName> 11016 11017Creates an **X500DistinguishedName** object in the form of a string. This API uses a promise to return the result. 11018 11019**Atomic service API**: This API can be used in atomic services since API version 12. 11020 11021**System capability**: SystemCapability.Security.Cert 11022 11023**Parameters** 11024 11025| Name | Type | Mandatory| Description | 11026| -------- | ----------------------------- | ---- | -------------------- | 11027| nameStr | string | Yes|DN of the string type defined by X.509.| 11028 11029**Return value** 11030 11031| Type | Description | 11032| ------------------------------- | ---------------- | 11033| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| 11034 11035**Error codes** 11036 11037For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11038 11039| ID| Error Message | 11040| -------- | ------------- | 11041| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11042| 19020001 | memory error. | 11043| 19020002 | runtime error. | 11044| 19030001 | crypto operation error. | 11045| 19030002 | the certificate signature verification failed. | 11046| 19030003 | the certificate has not taken effect. | 11047| 19030004 | the certificate has expired. | 11048| 19030005 | failed to obtain the certificate issuer. | 11049| 19030006 | the key cannot be used for signing a certificate. | 11050| 19030007 | the key cannot be used for digital signature. | 11051 11052**Example** 11053 11054```ts 11055import { cert } from '@kit.DeviceCertificateKit'; 11056import { BusinessError } from '@kit.BasicServicesKit'; 11057 11058// Convert the string into a Uint8Array. 11059function stringToUint8Array(str: string): Uint8Array { 11060 let arr: Array<number> = []; 11061 for (let i = 0, j = str.length; i < j; i++) { 11062 arr.push(str.charCodeAt(i)); 11063 } 11064 return new Uint8Array(arr); 11065} 11066 11067let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 11068async function createX500DistinguishedName() { 11069 try { 11070 cert.createX500DistinguishedName(nameStr) 11071 .then((data) => { 11072 console.log('createX500DistinguishedName success'); 11073 }) 11074 .catch((err: BusinessError) => { 11075 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11076 }) 11077 } catch (error) { 11078 let e: BusinessError = error as BusinessError; 11079 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11080 } 11081} 11082``` 11083 11084## cert.createX500DistinguishedName<sup>12+</sup> 11085 11086createX500DistinguishedName(nameDer: Uint8Array): Promise\<X500DistinguishedName> 11087 11088Creates an **X500DistinguishedName** object in DER format. This API uses a promise to return the result. 11089 11090**Atomic service API**: This API can be used in atomic services since API version 12. 11091 11092**System capability**: SystemCapability.Security.Cert 11093 11094**Parameters** 11095 11096| Name | Type | Mandatory| Description | 11097| -------- | ----------------------------- | ---- | -------------------- | 11098| nameDer | Uint8Array | Yes|Name of the Uint8Array type in DER format defined by X.509.| 11099 11100**Return value** 11101 11102| Type | Description | 11103| ------------------------------- | ---------------- | 11104| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| 11105 11106**Error codes** 11107 11108For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11109 11110| ID| Error Message | 11111| -------- | ------------- | 11112| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11113| 19020001 | memory error. | 11114| 19020002 | runtime error. | 11115| 19030001 | crypto operation error. | 11116| 19030002 | the certificate signature verification failed. | 11117| 19030003 | the certificate has not taken effect. | 11118| 19030004 | the certificate has expired. | 11119| 19030005 | failed to obtain the certificate issuer. | 11120| 19030006 | the key cannot be used for signing a certificate. | 11121| 19030007 | the key cannot be used for digital signature. | 11122 11123**Example** 11124 11125```ts 11126import { cert } from '@kit.DeviceCertificateKit'; 11127import { BusinessError } from '@kit.BasicServicesKit'; 11128 11129let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11130async function createX500DistinguishedName() { 11131 try { 11132 cert.createX500DistinguishedName(nameDer) 11133 .then((data) => { 11134 console.log('createX500DistinguishedName success'); 11135 }) 11136 .catch((err: BusinessError) => { 11137 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11138 }) 11139 } catch (error) { 11140 let e: BusinessError = error as BusinessError; 11141 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11142 } 11143} 11144``` 11145## X500DistinguishedName<sup>12+</sup> 11146 11147Provides APIs for managing the **X500DistinguishedName** instance. 11148 11149### getName<sup>12+</sup> 11150 11151getName(): string 11152 11153Obtains the DN in the form of a string. 11154 11155**Atomic service API**: This API can be used in atomic services since API version 12. 11156 11157**System capability**: SystemCapability.Security.Cert 11158 11159**Return value** 11160 11161| Type | Description | 11162| ------- | ------------------------------------------------- | 11163| string | DN in the form of a string obtained.| 11164 11165**Error codes** 11166 11167For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11168 11169| ID| Error Message | 11170| -------- | ------------- | 11171| 19020001 | memory error. | 11172| 19020002 | runtime error. | 11173| 19030001 | crypto operation error. | 11174 11175**Example** 11176 11177```ts 11178import { cert } from '@kit.DeviceCertificateKit'; 11179import { BusinessError } from '@kit.BasicServicesKit'; 11180 11181let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11182async function getName() { 11183 try { 11184 cert.createX500DistinguishedName(nameDer) 11185 .then((data) => { 11186 console.log('createX500DistinguishedName success'); 11187 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) 11188 }) 11189 .catch((err: BusinessError) => { 11190 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11191 }) 11192 } catch (error) { 11193 let e: BusinessError = error as BusinessError; 11194 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11195 } 11196} 11197``` 11198 11199### getName<sup>12+</sup> 11200 11201getName(type: string): Array\<string> 11202 11203Obtains DNs of the specified type. 11204 11205**Atomic service API**: This API can be used in atomic services since API version 12. 11206 11207**System capability**: SystemCapability.Security.Cert 11208 11209**Parameters** 11210 11211| Name | Type | Mandatory| Description | 11212| ------------ | ------ | ---- | -------------- | 11213| type | string | Yes| Type of the DNs to obtain.| 11214 11215**Return value** 11216 11217| Type | Description | 11218| ------- | ------------------------------------------------- | 11219| Array\<string> | DNs obtained.| 11220 11221**Error codes** 11222 11223For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11224 11225| ID| Error Message | 11226| -------- | ------------- | 11227| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11228| 19020001 | memory error. | 11229| 19020002 | runtime error. | 11230| 19030001 | crypto operation error. | 11231 11232**Example** 11233 11234```ts 11235import { cert } from '@kit.DeviceCertificateKit'; 11236import { BusinessError } from '@kit.BasicServicesKit'; 11237 11238let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11239async function getName() { 11240 try { 11241 cert.createX500DistinguishedName(nameStr) 11242 .then((data) => { 11243 console.log('createX500DistinguishedName success'); 11244 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) 11245 }) 11246 .catch((err: BusinessError) => { 11247 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11248 }) 11249 } catch (error) { 11250 let e: BusinessError = error as BusinessError; 11251 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11252 } 11253} 11254``` 11255 11256### getEncoded<sup>12+</sup> 11257 11258getEncoded(): EncodingBlob 11259 11260Obtains the data of the X.509 certificate **extensions** field. 11261 11262**Atomic service API**: This API can be used in atomic services since API version 12. 11263 11264**System capability**: SystemCapability.Security.Cert 11265 11266**Return value** 11267 11268| Type | Description | 11269| ------- | ------------------------------------------------- | 11270| [EncodingBlob](#encodingblob) | X.509 certificate extensions data obtained.| 11271 11272**Error codes** 11273 11274For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11275 11276| ID| Error Message | 11277| -------- | ------------- | 11278| 19020001 | memory error. | 11279| 19020002 | runtime error. | 11280| 19030001 | crypto operation error. | 11281 11282**Example** 11283 11284```ts 11285import { cert } from '@kit.DeviceCertificateKit'; 11286import { BusinessError } from '@kit.BasicServicesKit'; 11287 11288let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11289async function getEncoded() { 11290 try { 11291 cert.createX500DistinguishedName(nameStr) 11292 .then((data) => { 11293 console.log('createX500DistinguishedName success'); 11294 let encodingBlobData = data.getEncoded(); 11295 }) 11296 .catch((err: BusinessError) => { 11297 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11298 }) 11299 } catch (error) { 11300 let e: BusinessError = error as BusinessError; 11301 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11302 } 11303} 11304``` 11305 11306## cert.createCmsGenerator<sup>16+</sup> 11307 11308createCmsGenerator(contentType: CmsContentType): CmsGenerator 11309 11310Creates a **CmsGenerator** object. 11311 11312**Atomic service API**: This API can be used in atomic services since API version 16. 11313 11314**System capability**: SystemCapability.Security.Cert 11315 11316**Parameters** 11317 11318| Name | Type | Mandatory| Description | 11319| -------- | ----------------------------- | ---- | -------------------- | 11320| contentType | [CmsContentType](#cmscontenttype16) | Yes| CMS message type.| 11321 11322**Return value** 11323 11324| Type | Description | 11325| ------------------------------- | ---------------- | 11326| [CmsGenerator](#cmsgenerator16) | **CmsGenerator** object created.| 11327 11328**Error codes** 11329 11330For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11331 11332| ID| Error Message | 11333| -------- | ------------- | 11334| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11335| 19020001 | memory error. | 11336| 19020002 | runtime error. | 11337| 19030001 | crypto operation error. | 11338 11339**Example** 11340 11341```ts 11342import { cert } from '@kit.DeviceCertificateKit'; 11343import { BusinessError } from '@kit.BasicServicesKit'; 11344 11345let certData = '-----BEGIN CERTIFICATE-----\n' + 11346 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11347 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11348 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11349 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11350 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11351 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11352 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11353 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11354 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11355 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11356 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11357 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11358 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11359 '-----END CERTIFICATE-----\n'; 11360 11361function testcreateCmsGenerator() { 11362 let certEncodingBlob: cert.EncodingBlob = { 11363 data: stringToUint8Array(certData), 11364 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 11365 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11366 }; 11367 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11368 if (error) { 11369 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11370 } else { 11371 try { 11372 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11373 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11374 console.info('testcreateCmsGenerator createCmsGenerator success.'); 11375 } catch (err) { 11376 let e: BusinessError = err as BusinessError; 11377 console.error('createCmsGenerator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11378 } 11379 } 11380 }); 11381} 11382``` 11383 11384## CmsGenerator<sup>16+</sup> 11385 11386Provides APIs for generating the messages in CMS format. 11387 11388> **NOTE** 11389> 11390> PKCS #7 is a standard syntax for storing signed or encrypted data. CMS is an extension of PKCS #7. PKCS#7 supports data types including data, signature data, envelope data, 11391> signature and envelope data, message digest data, and encrypted data. It is often used to protect data integrity and confidentiality. 11392 11393### addSigner<sup>16+</sup> 11394 11395addSigner(cert: X509Cert, keyInfo: PrivateKeyInfo, config: CmsSignerConfig): void; 11396 11397Adds signer information. 11398 11399**Atomic service API**: This API can be used in atomic services since API version 16. 11400 11401**System capability**: SystemCapability.Security.Cert 11402 11403**Parameters** 11404 11405| Name | Type | Mandatory| Description | 11406| ------------ | ------ | ---- | -------------- | 11407| cert | [X509Cert](#x509cert) | Yes| X.509 certificate.| 11408| keyInfo | [PrivateKeyInfo](#privatekeyinfo16) | Yes| Private key information.| 11409| config | [CmsSignerConfig](#cmssignerconfig16) | Yes| Signer configuration.| 11410 11411**Error codes** 11412 11413For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11414 11415| ID| Error Message | 11416| -------- | ------------- | 11417| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11418| 19020001 | memory error. | 11419| 19020002 | runtime error. | 11420| 19030001 | crypto operation error. | 11421| 19030008 | maybe wrong password. | 11422 11423**Example** 11424 11425```ts 11426import { cert } from '@kit.DeviceCertificateKit'; 11427import { BusinessError } from '@kit.BasicServicesKit'; 11428 11429let certData = '-----BEGIN CERTIFICATE-----\n' + 11430 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11431 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11432 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11433 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11434 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11435 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11436 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11437 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11438 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11439 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11440 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11441 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11442 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11443 '-----END CERTIFICATE-----\n'; 11444 11445let rsaStr1024: string = 11446 '-----BEGIN RSA PRIVATE KEY-----\n' + 11447 'Proc-Type: 4,ENCRYPTED\n' + 11448 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11449 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11450 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11451 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11452 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11453 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11454 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11455 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11456 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11457 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11458 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11459 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11460 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11461 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11462 '-----END RSA PRIVATE KEY-----\n'; 11463 11464// Convert the string into a Uint8Array. 11465function stringToUint8Array(str: string): Uint8Array { 11466 let arr: Array<number> = []; 11467 for (let i = 0, j = str.length; i < j; i++) { 11468 arr.push(str.charCodeAt(i)); 11469 } 11470 return new Uint8Array(arr); 11471} 11472 11473function testAddSigner() { 11474 let certEncodingBlob: cert.EncodingBlob = { 11475 data: stringToUint8Array(certData), 11476 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 11477 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11478 }; 11479 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11480 if (error) { 11481 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11482 } else { 11483 try { 11484 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11485 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11486 console.info('testAddSigner createCmsGenerator success.'); 11487 let privateKeyInfo: cert.PrivateKeyInfo = { 11488 key: rsaStr1024, 11489 password: '123456' 11490 }; 11491 // If addCert is true, an error will be reported if the same certificate is added to addSigner. 11492 let config: cert.CmsSignerConfig = { 11493 mdName:'SHA256', 11494 addCert:false, 11495 addAttr:false, 11496 addSmimeCapAttr:false 11497 } 11498 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11499 console.info('testAddSigner addSigner success.'); 11500 } catch (err) { 11501 let e: BusinessError = err as BusinessError; 11502 console.error('testAddSigner failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11503 } 11504 } 11505 }); 11506} 11507``` 11508 11509### addCert<sup>16+</sup> 11510 11511addCert(cert: X509Cert): void 11512 11513Adds a certificate, for example, the issuer certificate of a signing certificate. 11514 11515**Atomic service API**: This API can be used in atomic services since API version 16. 11516 11517**System capability**: SystemCapability.Security.Cert 11518 11519**Parameters** 11520 11521| Name| Type | Mandatory| Description | 11522| ------ | --------- | ---- | ------------------------ | 11523| cert | [X509Cert](#x509cert) | Yes | X.509 certificate to add. | 11524 11525**Error codes** 11526 11527For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11528 11529| ID| Error Message | 11530| -------- | ------------- | 11531| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11532| 19020001 | memory error. | 11533| 19020002 | runtime error. | 11534| 19030001 | crypto operation error. | 11535 11536**Example** 11537 11538```ts 11539import { cert } from '@kit.DeviceCertificateKit'; 11540import { BusinessError } from '@kit.BasicServicesKit'; 11541 11542let certData = '-----BEGIN CERTIFICATE-----\n' + 11543 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11544 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11545 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11546 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11547 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11548 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11549 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11550 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11551 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11552 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11553 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11554 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11555 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11556 '-----END CERTIFICATE-----\n'; 11557 11558// Convert the string into a Uint8Array. 11559function stringToUint8Array(str: string): Uint8Array { 11560 let arr: Array<number> = []; 11561 for (let i = 0, j = str.length; i < j; i++) { 11562 arr.push(str.charCodeAt(i)); 11563 } 11564 return new Uint8Array(arr); 11565} 11566 11567function testAddCert() { 11568 let certEncodingBlob: cert.EncodingBlob = { 11569 data: stringToUint8Array(certData), 11570 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 11571 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11572 }; 11573 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11574 if (error) { 11575 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11576 } else { 11577 try { 11578 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11579 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11580 console.info('testAddCert createCmsGenerator success.'); 11581 // If the same certificate is added, an error will be reported. 11582 cmsGenerator.addCert(x509Cert); 11583 console.info('testAddCert addCert success.'); 11584 } catch (err) { 11585 let e: BusinessError = err as BusinessError; 11586 console.error('testAddCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11587 } 11588 } 11589 }); 11590} 11591``` 11592 11593### doFinal<sup>16+</sup> 11594 11595doFinal(data: Uint8Array, options?: CmsGeneratorOptions): Promise<Uint8Array | string> 11596 11597Generates the CMS data, for example, the CMS signature data. 11598 11599**Atomic service API**: This API can be used in atomic services since API version 16. 11600 11601**System capability**: SystemCapability.Security.Cert 11602 11603**Parameters** 11604 11605| Name | Type | Mandatory| Description | 11606| ----------- | ------------------- | ---- | ------------------------------------------ | 11607| data | Uint8Array | Yes | Data to be operated. | 11608| options | [CmsGeneratorOptions](#cmsgeneratoroptions16) | No | Configuration of the CMS operation. | 11609 11610**Return value** 11611 11612| Type | Description | 11613| ------------------------------- | ---------------- | 11614| Promise<Uint8Array \| string> | Promise used to return the CMS data.| 11615 11616**Error codes** 11617 11618For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11619 11620| ID| Error Message | 11621| -------- | ------------- | 11622| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11623| 19020001 | memory error. | 11624| 19020002 | runtime error. | 11625| 19030001 | crypto operation error. | 11626 11627**Example** 11628 11629```ts 11630import { cert } from '@kit.DeviceCertificateKit'; 11631import { BusinessError } from '@kit.BasicServicesKit'; 11632 11633let certData = '-----BEGIN CERTIFICATE-----\n' + 11634 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11635 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11636 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11637 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11638 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11639 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11640 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11641 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11642 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11643 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11644 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11645 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11646 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11647 '-----END CERTIFICATE-----\n'; 11648 11649let rsaStr1024: string = 11650 '-----BEGIN RSA PRIVATE KEY-----\n' + 11651 'Proc-Type: 4,ENCRYPTED\n' + 11652 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11653 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11654 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11655 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11656 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11657 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11658 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11659 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11660 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11661 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11662 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11663 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11664 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11665 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11666 '-----END RSA PRIVATE KEY-----\n'; 11667 11668// Convert the string into a Uint8Array. 11669function stringToUint8Array(str: string): Uint8Array { 11670 let arr: Array<number> = []; 11671 for (let i = 0, j = str.length; i < j; i++) { 11672 arr.push(str.charCodeAt(i)); 11673 } 11674 return new Uint8Array(arr); 11675} 11676 11677async function testDoFinalByPromise() { 11678 let certEncodingBlob: cert.EncodingBlob = { 11679 data: stringToUint8Array(certData), 11680 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 11681 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11682 }; 11683 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11684 if (error) { 11685 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11686 } else { 11687 try { 11688 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11689 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11690 console.info('testDoFinalByPromise createCmsGenerator success.'); 11691 let privateKeyInfo: cert.PrivateKeyInfo = { 11692 key: rsaStr1024, 11693 password: '123456' 11694 }; 11695 // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert. 11696 let config: cert.CmsSignerConfig = { 11697 mdName:'SHA256', 11698 addCert:false, 11699 addAttr:true, 11700 addSmimeCapAttr:true 11701 } 11702 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11703 console.info('testDoFinalByPromise addSigner success.'); 11704 cmsGenerator.addCert(x509Cert); 11705 console.info('testDoFinalByPromise addCert success.'); 11706 let content = new Uint8Array([1,2,3,4]); 11707 let optionsFinal: cert.CmsGeneratorOptions = { 11708 contentDataFormat : cert.CmsContentDataFormat.BINARY, 11709 outFormat : cert.CmsFormat.PEM, 11710 isDetached : true 11711 }; 11712 cmsGenerator.doFinal(content, optionsFinal).then(result => { 11713 console.log('testDoFinalByPromise doFinal success, resullt = %s', result); 11714 }).catch((error: BusinessError) => { 11715 console.error('testDoFinalByPromise failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11716 }); 11717 } catch (err) { 11718 let e: BusinessError = err as BusinessError; 11719 console.error('testDoFinalByPromise failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11720 } 11721 } 11722 }); 11723} 11724``` 11725 11726### doFinalSync<sup>16+</sup> 11727 11728doFinalSync(data: Uint8Array, options?: CmsGeneratorOptions): Uint8Array | string 11729 11730Generates the CMS data, for example, the CMS signature data. This API returns the result synchronously. 11731 11732**Atomic service API**: This API can be used in atomic services since API version 16. 11733 11734**System capability**: SystemCapability.Security.Cert 11735 11736**Parameters** 11737 11738| Name | Type | Mandatory| Description | 11739| ----------- | ------------------- | ---- | ------------------------------------------ | 11740| data | Uint8Array | Yes | Data to be operated. | 11741| options | [CmsGeneratorOptions](#cmsgeneratoroptions16) | No | Configuration of the CMS operation. | 11742 11743**Return value** 11744 11745| Type | Description | 11746| ------------------------------- | ---------------- | 11747| Uint8Array \| string | CMS data generated.| 11748 11749**Error codes** 11750 11751For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11752 11753| ID| Error Message | 11754| -------- | ------------- | 11755| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11756| 19020001 | memory error. | 11757| 19020002 | runtime error. | 11758| 19030001 | crypto operation error. | 11759 11760**Example** 11761 11762```ts 11763import { cert } from '@kit.DeviceCertificateKit'; 11764import { BusinessError } from '@kit.BasicServicesKit'; 11765 11766let certData = '-----BEGIN CERTIFICATE-----\n' + 11767 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11768 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11769 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11770 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11771 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11772 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11773 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11774 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11775 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11776 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11777 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11778 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11779 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11780 '-----END CERTIFICATE-----\n'; 11781 11782let rsaStr1024: string = 11783 '-----BEGIN RSA PRIVATE KEY-----\n' + 11784 'Proc-Type: 4,ENCRYPTED\n' + 11785 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11786 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11787 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11788 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11789 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11790 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11791 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11792 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11793 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11794 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11795 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11796 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11797 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11798 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11799 '-----END RSA PRIVATE KEY-----\n'; 11800 11801// Convert the string into a Uint8Array. 11802function stringToUint8Array(str: string): Uint8Array { 11803 let arr: Array<number> = []; 11804 for (let i = 0, j = str.length; i < j; i++) { 11805 arr.push(str.charCodeAt(i)); 11806 } 11807 return new Uint8Array(arr); 11808} 11809 11810function testDoFinalSync() { 11811 let certEncodingBlob: cert.EncodingBlob = { 11812 data: stringToUint8Array(certData), 11813 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 11814 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11815 }; 11816 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11817 if (error) { 11818 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11819 } else { 11820 try { 11821 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11822 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11823 console.info('testDoFinalSync createCmsGenerator success.'); 11824 let privateKeyInfo: cert.PrivateKeyInfo = { 11825 key: rsaStr1024, 11826 password: '123456' 11827 }; 11828 // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert. 11829 let config: cert.CmsSignerConfig = { 11830 mdName:'SHA256', 11831 addCert:false, 11832 addAttr:false, 11833 addSmimeCapAttr:false 11834 } 11835 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11836 console.info('testDoFinalSync addSigner success.'); 11837 cmsGenerator.addCert(x509Cert); 11838 console.info('testDoFinalSync addCert success.'); 11839 let content = new Uint8Array([1,2,3,4]); 11840 let optionsFinal: cert.CmsGeneratorOptions = { 11841 contentDataFormat : cert.CmsContentDataFormat.BINARY, 11842 outFormat : cert.CmsFormat.DER, 11843 isDetached : false 11844 }; 11845 let output = cmsGenerator.doFinalSync(content, optionsFinal); 11846 console.info('testDoFinalSync doFinalSync success, output = %s.',output); 11847 } catch (err) { 11848 let e: BusinessError = err as BusinessError; 11849 console.error('testDoFinalSync failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11850 } 11851 } 11852 }); 11853} 11854``` 11855