1# @ohos.security.certManager (Certificate Management) 2 3The **certManager** module provides system-level certificate management capabilities to ensure secure use and management of certificates throughout their lifecycle (installation, storage, use, and destruction). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import { certificateManager } from '@kit.DeviceCertificateKit'; 13``` 14 15## CmKeyPurpose 16 17Enumerates the purposes of using the key. 18 19**System capability**: System SystemCapability.Security.CertificateManager 20 21| Name | Value| Description | 22| ---------- | ------ | --------- | 23| CM_KEY_PURPOSE_SIGN | 4 | The key is used for signing.| 24| CM_KEY_PURPOSE_VERIFY | 8 | The key is used for signature verification.| 25 26## CmKeyDigest 27 28Enumerates the digest algorithms that can be used for signing and signature verification. 29 30**System capability**: System SystemCapability.Security.CertificateManager 31 32| Name | Value| Description | 33| ---------- | ------ | --------- | 34| CM_DIGEST_NONE | 0 | No digest algorithm is required. If this option is used, the service needs to pass in the data with the digest generated for signing or signature verification.| 35| CM_DIGEST_MD5 | 1 | MD5.| 36| CM_DIGEST_SHA1 | 2 | SHA-1.| 37| CM_DIGEST_SHA224 | 3 | SHA-224.| 38| CM_DIGEST_SHA256 | 4 | SHA-256.| 39| CM_DIGEST_SHA384 | 5 | SHA-384.| 40| CM_DIGEST_SHA512 | 6 | SHA-512.| 41| CM_DIGEST_SM3<sup>16+</sup> | 7 | SM3.| 42 43## CmKeyPadding 44 45Enumerates the padding modes that can be used for signing and signature verification. 46 47**System capability**: System SystemCapability.Security.CertificateManager 48 49| Name | Value| Description | 50| ---------- | ------ | --------- | 51| CM_PADDING_NONE | 0 | No padding.| 52| CM_PADDING_PSS | 1 | PSS.| 53| CM_PADDING_PKCS1_V1_5 | 2 | PKCS1-V1_5.| 54 55## CMSignatureSpec 56 57Represents a set of parameters used for signing or signature verification, including the key usage purpose, padding mode, and digest algorithm. 58 59**System capability**: System SystemCapability.Security.CertificateManager 60 61| Name | Type | Read-Only| Optional| Description | 62| -------------- | --------------------------------- | ---- | ------------------------------------------------------------ | ------------------------------------------------------------ | 63| purpose | [CmKeyPurpose](#cmkeypurpose) | No | No | Purpose of using the key.| 64| padding | [CmKeyPadding](#cmkeypadding) | No | Yes | Padding mode.| 65| digest | [CmKeyDigest](#cmkeydigest) | No | Yes | Digest algorithm.| 66 67 68## CertInfo 69 70Represents detailed information about a certificate. 71 72**System capability**: System SystemCapability.Security.CertificateManager 73 74| Name | Type | Read-Only| Optional| Description | 75| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 76| uri | string | No | No | Unique identifier of the certificate.| 77| certAlias | string | No | No | Alias of the certificate.| 78| state | boolean | No | No | Certificate state. The value **true** indicates that the certificate is enabled, and **false** means the opposite.| 79| issuerName | string | No | No | Issuer of the certificate.| 80| subjectName | string | No | No | User of the certificate.| 81| serial | string | No | No | Serial number of the certificate.| 82| notBefore | string | No | No | Date from which the certificate takes effect.| 83| notAfter | string | No | No | Date when the certificate expires.| 84| fingerprintSha256 | string | No | No | Fingerprint value of the certificate.| 85| cert | Uint8Array | No | No | Certificate data in binary format.| 86 87## CertAbstract 88 89Represents brief information about a certificate. 90 91**System capability**: System SystemCapability.Security.CertificateManager 92 93| Name | Type | Read-Only| Optional| Description | 94| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 95| uri | string | No | No | Unique identifier of the certificate.| 96| certAlias | string | No | No | Alias of the certificate.| 97| state | boolean | No | No | Certificate state. The value **true** indicates that the certificate is enabled, and **false** means the opposite.| 98| subjectName | string | No | No | User of the certificate.| 99 100## Credential 101 102Represents detailed information about a credential. 103 104**System capability**: System SystemCapability.Security.CertificateManager 105 106| Name | Type | Read-Only| Optional| Description | 107| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 108| type | string | No | No | Type of the credential.| 109| alias | string | No | No | Alias of the credential.| 110| keyUri | string | No | No | Unique identifier of the credential.| 111| certNum | number | No | No | Number of certificates contained in the credential.| 112| keyNum | number | No | No | Number of keys contained in the credential.| 113| credentialData | Uint8Array | No | No | Credential data in binary format.| 114 115## CredentialAbstract 116 117Represents brief information about a credential. 118 119**System capability**: System SystemCapability.Security.CertificateManager 120 121| Name | Type | Read-Only| Optional| Description | 122| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 123| type | string | No| No | Type of the credential.| 124| alias | string | No | No | Alias of the credential.| 125| keyUri | string | No | No | Unique identifier of the credential.| 126 127## CMResult 128 129Represents the result returned. 130 131**System capability**: System SystemCapability.Security.CertificateManager 132 133| Name | Type | Read-Only| Optional| Description | 134| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 135| certList | Array<[CertAbstract](#certabstract)> | No | Yes | Brief certificate information.| 136| certInfo | [CertInfo](#certinfo) | No | Yes | Detailed certificate information.| 137| credentialList | Array<[CredentialAbstract](#credentialabstract)> | No | Yes | Brief credential information.| 138| credential | [Credential](#credential) | No | Yes | Detailed credential information.| 139| appUidList | Array\<string> | No | Yes | List of authorized applications.| 140| uri | string | No | Yes | Unique identifier of the certificate or credential.| 141| outData | Uint8Array | No | Yes | Signature generated.| 142 143## CMHandle 144 145Represents the handle to a signing or signature verification operation. 146 147**System capability**: System SystemCapability.Security.CertificateManager 148 149| Name | Type | Read-Only| Optional| Description | 150| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 151| handle | Uint8Array | No | No | Handle returned by **certManager.init()** for the subsequent signing or signature verification operation.| 152 153## CMErrorCode 154 155Enumerates the error codes used in the certificate management APIs. 156 157**System capability**: System SystemCapability.Security.CertificateManager 158 159| Name | Value| Description | 160| ---------- | ------ | --------- | 161| CM_ERROR_NO_PERMISSION | 201 | The application does not have the permission to call the API.| 162| CM_ERROR_INVALID_PARAMS | 401 | Invalid input parameter is found.| 163| CM_ERROR_GENERIC | 17500001 | An internal error occurs when the interface is called.| 164| CM_ERROR_NO_FOUND | 17500002 | The certificate or credential does not exist.| 165| CM_ERROR_INCORRECT_FORMAT | 17500003 | The certificate or credential is in invalid format.| 166| CM_ERROR_MAX_CERT_COUNT_REACHED<sup>12+</sup> | 17500004 | The number of certificates or credentials has reached the limit.| 167| CM_ERROR_NO_AUTHORIZATION<sup>12+</sup> | 17500005 | The application has not obtained user authorization.| 168 169## CertType<sup>16+</sup> 170 171Enumerates the certificate types. 172 173**System capability**: System SystemCapability.Security.CertificateManager 174 175| Name | Value| Description | 176| ---------- | ------ | --------- | 177| CA_CERT_SYSTEM | 0 | System CA certificate.| 178| CA_CERT_USER | 1 | User CA certificate.| 179 180## CertScope<sup>16+</sup> 181 182Enumerates the certificate scopes. 183 184**System capability**: System SystemCapability.Security.CertificateManager 185 186| Name | Value| Description | 187| ---------- | ------ | --------- | 188| CURRENT_USER | 1 | The certificate is accessible only to the current user.| 189| GLOBAL_USER | 2 | The certificate is accessible to all users.| 190 191## CertStoreProperty<sup>16+</sup> 192 193Represents the storage information about a certificate, including the certificate type and location. 194 195**System capability**: System SystemCapability.Security.CertificateManager 196 197| Name | Type | Read-Only| Optional| Description | 198| -------------- | --------------------------------- | ---- | ------------------------------------------------------------ | ------------------------------------------------------------ | 199| certType | [CertType](#certtype16) | No | No | Type of the certificate.| 200| certScope | [CertScope](#certscope16) | No | Yes | Scope of the certificate. This parameter is mandatory when **certType** is **CA_CERT_USER**.| 201 202 203## certificateManager.installPrivateCertificate 204 205installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string, callback: AsyncCallback\<CMResult>): void 206 207Installs a private credential. This API uses an asynchronous callback to return the result. 208 209**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 210 211**System capability**: System SystemCapability.Security.CertificateManager 212 213**Parameters** 214 215| Name | Type | Mandatory| Description | 216| -------- | ------------------------------------------------- | ---- | -------------------------- | 217| keystore | Uint8Array | Yes | Keystore file containing the key pair and certificate.| 218| keystorePwd | string | Yes | Password of the keystore file. The password cannot exceed 32 bytes.| 219| certAlias | string | Yes | Credential alias. Currently, the alias can contain only digits, letters, and underscores (_) and should not exceed 32 bytes.| 220| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback used to return the result. If the operation is successful, **err** is **null** and **data** is **uri** in the [CMResult](#cmresult) object. Otherwise, **err** is an error object.| 221 222**Error codes** 223 224For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 225 226| ID| Error Message | 227| -------- | ------------------------------------------------------------ | 228| 201 | Permission verification failed. The application does not have the permission required to call the API. | 229| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 230| 17500001 | Internal error. | 231| 17500003 | The keystore is in an invalid format or the keystore password is incorrect. | 232| 17500004<sup>12+</sup> | The number of certificates or credentials reaches the maximum allowed. | 233 234**Example** 235```ts 236import { certificateManager } from '@kit.DeviceCertificateKit'; 237 238/* The credential data to be installed must be assigned by the service. The data in this example is not the real credential data. */ 239let keystore: Uint8Array = new Uint8Array([ 240 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 241]); 242let keystorePwd: string = "123456"; 243try { 244 certificateManager.installPrivateCertificate(keystore, keystorePwd, "test", (err, cmResult) => { 245 if (err != null) { 246 console.error(`Failed to install private certificate. Code: ${err.code}, message: ${err.message}`); 247 } else { 248 let uri: string = (cmResult?.uri == undefined) ? '' : cmResult.uri; 249 console.info('Succeeded in installing private certificate.'); 250 } 251 }); 252} catch (error) { 253 console.error(`Failed to install private certificate. Code: ${error.code}, message: ${error.message}`); 254} 255``` 256 257## certificateManager.installPrivateCertificate 258 259installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string): Promise\<CMResult> 260 261Installs a private credential. This API uses a promise to return the result. 262 263**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 264 265**System capability**: System SystemCapability.Security.CertificateManager 266 267**Parameters** 268 269| Name | Type | Mandatory| Description | 270| -------- | ------------------------------------------------- | ---- | -------------------------- | 271| keystore | Uint8Array | Yes | Keystore file containing the key pair and certificate.| 272| keystorePwd | string | Yes | Password of the keystore file. The password cannot exceed 32 bytes.| 273| certAlias | string | Yes | Credential alias. Currently, the alias can contain only digits, letters, and underscores (_) and should not exceed 32 bytes.| 274 275**Return value** 276 277| Type | Description | 278| ------------------------------- | ------------------------------------------------------------ | 279| Promise\<[CMResult](#cmresult)> | Promise used to return the operation result, that is, **uri** in the [CMResult](#cmresult) object.| 280 281**Error codes** 282 283For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 284 285| ID| Error Message | 286| -------- | ------------------------------------------------------------ | 287| 201 | Permission verification failed. The application does not have the permission required to call the API. | 288| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 289| 17500001 | Internal error. | 290| 17500003 | The keystore is in an invalid format or the keystore password is incorrect. | 291| 17500004<sup>12+</sup> | The number of certificates or credentials reaches the maximum allowed. | 292 293**Example** 294 295```ts 296import { certificateManager } from '@kit.DeviceCertificateKit'; 297import { BusinessError } from '@kit.BasicServicesKit'; 298 299/* The credential data to be installed must be assigned by the service. The data in this example is not the real credential data. */ 300let keystore: Uint8Array = new Uint8Array([ 301 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 302]); 303let keystorePwd: string = "123456"; 304try { 305 certificateManager.installPrivateCertificate(keystore, keystorePwd, 'test').then((cmResult) => { 306 let uri: string = (cmResult?.uri == undefined) ? '' : cmResult.uri; 307 console.info('Succeeded in installing private certificate.'); 308 }).catch((err: BusinessError) => { 309 console.error(`Failed to install private certificate. Code: ${err.code}, message: ${err.message}`); 310 }) 311} catch (error) { 312 console.error(`Failed to install private certificate. Code: ${error.code}, message: ${error.message}`); 313} 314``` 315 316## certificateManager.getPrivateCertificate 317 318getPrivateCertificate(keyUri: string, callback: AsyncCallback\<CMResult>): void 319 320Obtains detailed information about a private credential. This API uses an asynchronous callback to return the result. 321 322**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 323 324**System capability**: System SystemCapability.Security.CertificateManager 325 326**Parameters** 327 328| Name | Type | Mandatory| Description | 329| -------- | ------------------------------------------------- | ---- | -------------------------- | 330| keyUri | string | Yes | Unique identifier of the target credential.| 331| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback used to return the result. If the operation is successful, **err** is **null** and **data** is **credential** in the [CMResult](#cmresult) object. Otherwise, **err** is an error object.| 332 333**Error codes** 334 335For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 336 337| ID| Error Message | 338| -------- | ------------- | 339| 201 | Permission verification failed. The application does not have the permission required to call the API. | 340| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 341| 17500001 | Internal error. | 342| 17500002 | The certificate does not exist. | 343 344**Example** 345```ts 346import { certificateManager } from '@kit.DeviceCertificateKit'; 347 348let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 349try { 350 certificateManager.getPrivateCertificate(uri, (err, cmResult) => { 351 if (err != null) { 352 console.error(`Failed to get private certificate. Code: ${err.code}, message: ${err.message}`); 353 } else { 354 if (cmResult?.credential == undefined) { 355 console.info('The result of getting private certificate is undefined.'); 356 } else { 357 let list = cmResult.credential; 358 console.info('Succeeded in getting private certificate.'); 359 } 360 } 361 }); 362} catch (error) { 363 console.error(`Failed to get private certificate. Code: ${error.code}, message: ${error.message}`); 364} 365``` 366 367## certificateManager.getPrivateCertificate 368 369getPrivateCertificate(keyUri: string): Promise\<CMResult> 370 371Obtains detailed information about a private credential. This API uses a promise to return the result. 372 373**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 374 375**System capability**: System SystemCapability.Security.CertificateManager 376 377**Parameters** 378 379| Name | Type | Mandatory| Description | 380| -------- | ------------------------------------------------- | ---- | -------------------------- | 381| keyUri | string | Yes | Unique identifier of the target credential.| 382 383**Return value** 384 385| Type | Description | 386| ------------------------------- | ------------------------------------------------------------ | 387| Promise\<[CMResult](#cmresult)> | Promise used to return the private credential details obtained, that is, **credential** in the [CMResult](#cmresult) object.| 388 389**Error codes** 390 391For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 392 393| ID| Error Message | 394| -------- | ------------- | 395| 201 | Permission verification failed. The application does not have the permission required to call the API. | 396| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 397| 17500001 | Internal error. | 398| 17500002 | The certificate does not exist. | 399 400**Example** 401```ts 402import { certificateManager } from '@kit.DeviceCertificateKit'; 403import { BusinessError } from '@kit.BasicServicesKit'; 404 405let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 406try { 407 certificateManager.getPrivateCertificate(uri).then((cmResult) => { 408 if (cmResult?.credential == undefined) { 409 console.info('The result of getting private certificate is undefined.'); 410 } else { 411 let list = cmResult.credential; 412 console.info('Succeeded in getting private certificate.'); 413 } 414 }).catch((err: BusinessError) => { 415 console.error(`Failed to get private certificate. Code: ${err.code}, message: ${err.message}`); 416 }) 417} catch (error) { 418 console.error(`Failed to get private certificate. Code: ${error.code}, message: ${error.message}`); 419} 420``` 421 422## certificateManager.uninstallPrivateCertificate 423 424uninstallPrivateCertificate(keyUri: string, callback: AsyncCallback\<void>): void 425 426Uninstalls a private credential. This API uses an asynchronous callback to return the result. 427 428**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 429 430**System capability**: System SystemCapability.Security.CertificateManager 431 432**Parameters** 433 434| Name | Type | Mandatory| Description | 435| -------- | ------------------------------------------------- | ---- | -------------------------- | 436| keyUri | string | Yes | Unique identifier of the credential to uninstall.| 437| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object.| 438 439**Error codes** 440 441For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 442 443| ID| Error Message | 444| -------- | ------------- | 445| 201 | Permission verification failed. The application does not have the permission required to call the API. | 446| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 447| 17500001 | Internal error. | 448| 17500002 | The certificate does not exist. | 449 450**Example** 451```ts 452import { certificateManager } from '@kit.DeviceCertificateKit'; 453 454let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 455try { 456 certificateManager.uninstallPrivateCertificate(uri, (err, result) => { 457 if (err != null) { 458 console.error(`Failed to uninstall private certificate. Code: ${err.code}, message: ${err.message}`); 459 } else { 460 console.info('Succeeded in uninstalling private certificate.'); 461 } 462 }); 463} catch (error) { 464 console.error(`Failed to uninstall private certificate. Code: ${error.code}, message: ${error.message}`); 465} 466``` 467 468## certificateManager.uninstallPrivateCertificate 469 470uninstallPrivateCertificate(keyUri: string): Promise\<void> 471 472Uninstalls a private credential. This API uses a promise to return the result. 473 474**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 475 476**System capability**: System SystemCapability.Security.CertificateManager 477 478**Parameters** 479 480| Name | Type | Mandatory| Description | 481| -------- | ------------------------------------------------- | ---- | -------------------------- | 482| keyUri | string | Yes | Unique identifier of the credential to uninstall.| 483 484**Return value** 485 486| Type | Description | 487| ------------------------------------------- | -------------------- | 488| Promise\<void> | Promise that returns no value.| 489 490**Error codes** 491 492For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 493 494| ID| Error Message | 495| -------- | ------------- | 496| 201 | Permission verification failed. The application does not have the permission required to call the API. | 497| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 498| 17500001 | Internal error. | 499| 17500002 | The certificate does not exist. | 500 501**Example** 502```ts 503import { certificateManager } from '@kit.DeviceCertificateKit'; 504import { BusinessError } from '@kit.BasicServicesKit'; 505 506let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 507try { 508 certificateManager.uninstallPrivateCertificate(uri).then((cmResult) => { 509 console.info('Succeeded in uninstalling private certificate.'); 510 }).catch((err: BusinessError) => { 511 console.error(`Failed to uninstall private certificate. Code: ${err.code}, message: ${err.message}`); 512 }) 513} catch (error) { 514 console.error(`Failed to uninstall private certificate. Code: ${error.code}, message: ${error.message}`); 515} 516``` 517 518## certificateManager.installUserTrustedCertificateSync<sup>16+</sup> 519 520installUserTrustedCertificateSync(cert: Uint8Array, certScope: CertScope) : CMResult 521 522Installs a user CA certificate. 523 524**Required permissions**: ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT<!--Del--> or ohos.permission.ACCESS_USER_TRUSTED_CERT<!--DelEnd--> 525 526**System capability**: System SystemCapability.Security.CertificateManager 527 528**Parameters** 529 530| Name | Type | Mandatory| Description | 531|-----------|----------------------------|----|--------------| 532| cert | Uint8Array | Yes | Data of the CA certificate to install. | 533| certScope | [CertScope](#certscope16) | Yes | Scope of the CA certificate.| 534 535**Return value** 536 537| Type | Description | 538|-----------------------|-----------------------------------| 539| [CMResult](#cmresult) | CA certificate installation result. The **uri** property in **CMResult** is returned if the certificate is installed successfully.| 540 541**Error codes** 542 543For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 544 545| ID | Error Message | 546|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| 547| 201 | Permission verification failed. The application does not have the permission required to call the API. | 548| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 549| 17500001 | Internal error. | 550| 17500003 | Indicates that the certificate is in an invalid format. | 551| 17500004<sup>12+</sup> | Indicates that the number of certificates reaches the maximum allowed. | 552| 17500007<sup>16+</sup> | Indicates that the device enters advanced security mode. In this mode, the user CA certificate cannot be installed. | 553 554**Example** 555 556```ts 557import {certificateManager} from '@kit.DeviceCertificateKit'; 558 559/* The CA certificate data must be assigned by the service. In this example, the data is not CA certificate data. */ 560let certData: Uint8Array = new Uint8Array([ 561 0x30, 0x82, 0x0b, 0xc1, 0x02, 0x01, 562]); 563try { 564 let result: certificateManager.CMResult = certificateManager.installUserTrustedCertificateSync(certData, certificateManager.CertScope.CURRENT_USER); 565 let certUri = result.uri; 566 if (certUri === undefined) { 567 console.error("The result of install user trusted certificate is undefined."); 568 } else { 569 console.info("Successed to install user trusted certificate."); 570 } 571} catch (error) { 572 console.error(`Failed to install user trusted certificate. Code: ${error.code}, message: ${error.message}`); 573} 574``` 575 576## certificateManager.uninstallUserTrustedCertificateSync<sup>16+</sup> 577 578uninstallUserTrustedCertificateSync(certUri: string) : void 579 580Uninstalls a user CA certificate. 581 582**Required permissions**: ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT<!--Del--> or ohos.permission.ACCESS_USER_TRUSTED_CERT<!--DelEnd--> 583 584**System capability**: System SystemCapability.Security.CertificateManager 585 586**Parameters** 587 588| Name | Type | Mandatory| Description | 589|-----------|----------------------------|----|--------------| 590| certUri | string | Yes | Unique identifier of the certificate to uninstall. | 591 592**Error codes** 593 594For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 595 596| ID | Error Message | 597|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------| 598| 201 | Permission verification failed. The application does not have the permission required to call the API. | 599| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 600| 17500001 | Internal error. | 601| 17500002 | Indicates that the certificate does not exist. | 602 603**Example** 604 605```ts 606import {certificateManager} from '@kit.DeviceCertificateKit'; 607 608let certUri: string = "test"; /* Unique identifier of the certificate installed. The installation process is omitted here. */ 609try { 610 certificateManager.uninstallUserTrustedCertificateSync(certUri); 611} catch (error) { 612 console.error(`Failed to uninstall user trusted certificate. Code: ${error.code}, message: ${error.message}`); 613} 614``` 615 616## certificateManager.init 617 618init(authUri: string, spec: CMSignatureSpec, callback: AsyncCallback\<CMHandle>): void 619 620Initializes the signing or signature verification operation using the specified credential. This API uses an asynchronous callback to return the result. 621 622**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 623 624**System capability**: System SystemCapability.Security.CertificateManager 625 626**Parameters** 627 628| Name | Type | Mandatory| Description | 629| -------- | ------------------------------------------------- | ---- | -------------------------- | 630| authUri | string | Yes | Unique identifier of the credential to use.| 631| spec | [CMSignatureSpec](#cmsignaturespec) | Yes | Parameters for the signing or signature verification operation.| 632| callback | AsyncCallback\<[CMHandle](#cmhandle)> | Yes | Callback used to return the result. If the operation is successful, **err** is **null** and **data** is the obtained **CMHandle**. Otherwise, **err** is an error object.| 633 634**Error codes** 635 636For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 637 638| ID| Error Message | 639| -------- | ------------- | 640| 201 | Permission verification failed. The application does not have the permission required to call the API. | 641| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 642| 17500001 | Internal error. | 643| 17500002 | The certificate does not exist. | 644| 17500005<sup>12+</sup> | The application is not authorized by the user. | 645 646**Example** 647```ts 648import { certificateManager } from '@kit.DeviceCertificateKit'; 649 650let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 651const req: certificateManager.CMSignatureSpec = { 652 purpose: certificateManager.CmKeyPurpose.CM_KEY_PURPOSE_SIGN, 653 padding: certificateManager.CmKeyPadding.CM_PADDING_PSS, 654 digest: certificateManager.CmKeyDigest.CM_DIGEST_SHA256 655} 656try { 657 certificateManager.init(uri, req, (err, cmHandle) => { 658 if (err != null) { 659 console.error(`Failed to init. Code: ${err.code}, message: ${err.message}`); 660 } else { 661 console.info('Succeeded in initiating.'); 662 } 663 }) 664} catch (error) { 665 console.error(`Failed to init. Code: ${error.code}, message: ${error.message}`); 666} 667``` 668 669## certificateManager.init 670 671init(authUri: string, spec: CMSignatureSpec): Promise\<CMHandle> 672 673Initializes the signing or signature verification operation using the specified credential. This API uses a promise to return the result. 674 675**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 676 677**System capability**: System SystemCapability.Security.CertificateManager 678 679**Parameters** 680 681| Name | Type | Mandatory| Description | 682| -------- | ------------------------------------------------- | ---- | -------------------------- | 683| authUri | string | Yes | Unique identifier of the credential to use.| 684| spec | [CMSignatureSpec](#cmsignaturespec) | Yes | Parameters for the signing or signature verification operation.| 685 686**Return value** 687 688| Type | Description | 689| ------------------------------------------- | -------------------- | 690| Promise\<[CMHandle](#cmhandle)> | Promise used to return a **CMHandle** object.| 691 692**Error codes** 693 694For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 695 696| ID| Error Message | 697| -------- | ------------- | 698| 201 | Permission verification failed. The application does not have the permission required to call the API. | 699| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 700| 17500001 | Internal error. | 701| 17500002 | The certificate does not exist. | 702| 17500005<sup>12+</sup> | The application is not authorized by the user. | 703 704**Example** 705```ts 706import { certificateManager } from '@kit.DeviceCertificateKit'; 707import { BusinessError } from '@kit.BasicServicesKit'; 708 709let uri: string = 'test'; /* URI of the credential installed. The process for installing the credential is omitted here. */ 710const req: certificateManager.CMSignatureSpec = { 711 purpose: certificateManager.CmKeyPurpose.CM_KEY_PURPOSE_VERIFY, 712 padding: certificateManager.CmKeyPadding.CM_PADDING_PSS, 713 digest: certificateManager.CmKeyDigest.CM_DIGEST_MD5 714} 715try { 716 certificateManager.init(uri, req).then((handle) => { 717 console.info('Succeeded in initiating.'); 718 }).catch((err: BusinessError) => { 719 console.error(`Failed to init. Code: ${err.code}, message: ${err.message}`); 720 }) 721} catch (error) { 722 console.error(`Failed to init. Code: ${error.code}, message: ${error.message}`); 723} 724``` 725 726## certificateManager.update 727 728update(handle: Uint8Array, data: Uint8Array, callback: AsyncCallback\<void>): void 729 730Updates the data for the signing or signature verification operation. This API uses an asynchronous callback to return the result. 731 732**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 733 734**System capability**: System SystemCapability.Security.CertificateManager 735 736**Parameters** 737 738| Name | Type | Mandatory| Description | 739| -------- | ------------------------------------------------- | ---- | -------------------------- | 740| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 741| data | Uint8Array | Yes | Data to be signed or verified.| 742| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object.| 743 744**Error codes** 745 746For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 747 748| ID| Error Message | 749| -------- | ------------------------------------------------------------ | 750| 201 | Permission verification failed. The application does not have the permission required to call the API. | 751| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 752| 17500001 | Internal error. | 753 754**Example** 755```ts 756import { certificateManager } from '@kit.DeviceCertificateKit'; 757 758/* cmHandle is the value returned by init(). The value here is only an example. */ 759let cmHandle: Uint8Array = new Uint8Array([ 760 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 761]); 762let srcData: Uint8Array = new Uint8Array([ 763 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 764]); 765try { 766 certificateManager.update(cmHandle, srcData, (err, result) => { 767 if (err != null) { 768 console.error(`Failed to update. Code: ${err.code}, message: ${err.message}`); 769 } else { 770 console.info('Succeeded in updating.'); 771 } 772 }); 773} catch (error) { 774 console.error(`Failed to update. Code: ${error.code}, message: ${error.message}`); 775} 776``` 777 778## certificateManager.update 779 780update(handle: Uint8Array, data: Uint8Array): Promise\<void> 781 782Updates the data for the signing or signature verification operation. This API uses a promise to return the result. 783 784**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 785 786**System capability**: System SystemCapability.Security.CertificateManager 787 788**Parameters** 789 790| Name | Type | Mandatory| Description | 791| -------- | ------------------------------------------------- | ---- | -------------------------- | 792| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 793| data | Uint8Array | Yes | Data to be signed or verified.| 794 795**Return value** 796 797| Type | Description | 798| ------------------------------------------- | -------------------- | 799| Promise\<void> | Promise that returns no value.| 800 801**Error codes** 802 803For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 804 805| ID| Error Message | 806| -------- | ------------------------------------------------------------ | 807| 201 | Permission verification failed. The application does not have the permission required to call the API. | 808| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 809| 17500001 | Internal error. | 810 811**Example** 812```ts 813import { certificateManager } from '@kit.DeviceCertificateKit'; 814import { BusinessError } from '@kit.BasicServicesKit'; 815 816/* cmHandle is the value returned by init(). The value here is only an example. */ 817let cmHandle: Uint8Array = new Uint8Array([ 818 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 819]); 820let srcData: Uint8Array = new Uint8Array([ 821 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 822]); 823try { 824 certificateManager.update(cmHandle, srcData).then((result) => { 825 console.info('Succeeded in updating.'); 826 }).catch((err: BusinessError) => { 827 console.error(`Failed to update. Code: ${err.code}, message: ${err.message}`); 828 }) 829} catch (error) { 830 console.error(`Failed to update. Code: ${error.code}, message: ${error.message}`); 831} 832``` 833 834## certificateManager.finish 835 836finish(handle: Uint8Array, callback: AsyncCallback\<CMResult>): void 837 838Finishes the signing operation. This API uses an asynchronous callback to return the result. 839 840**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 841 842**System capability**: System SystemCapability.Security.CertificateManager 843 844**Parameters** 845 846| Name | Type | Mandatory| Description | 847| -------- | ------------------------------------------------- | ---- | -------------------------- | 848| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 849| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback used to return the result. If the operation is successful, **err** is **null** and **data** is the signature, that is, **outData** of the [CMResult](#cmresult) object. Otherwise, **err** is an error object.| 850 851**Error codes** 852 853For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 854 855| ID| Error Message | 856| -------- | ------------------------------------------------------------ | 857| 201 | Permission verification failed. The application does not have the permission required to call the API. | 858| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 859| 17500001 | Internal error. | 860 861**Example** 862```ts 863import { certificateManager } from '@kit.DeviceCertificateKit'; 864 865/* cmHandle is the value returned by init(). The value here is only an example. */ 866let cmHandle: Uint8Array = new Uint8Array([ 867 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 868]); 869try { 870 certificateManager.finish(cmHandle, (err, cmResult) => { 871 if (err != null) { 872 console.error(`Failed to finish. Code: ${err.code}, message: ${err.message}`); 873 } else { 874 if (cmResult?.outData != undefined) { 875 let signRes: Uint8Array = cmResult.outData; 876 console.info('Succeeded in finishing.'); 877 } else { 878 console.info('The result of finishing is undefined.'); 879 } 880 } 881 }); 882} catch(error) { 883 console.error(`Failed to finish. Code: ${error.code}, message: ${error.message}`); 884} 885``` 886 887## certificateManager.finish 888 889finish(handle: Uint8Array, signature: Uint8Array, callback: AsyncCallback\<CMResult>): void 890 891Finishes the signature verification operation. This API uses an asynchronous callback to return the result. 892 893**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 894 895**System capability**: System SystemCapability.Security.CertificateManager 896 897**Parameters** 898 899| Name | Type | Mandatory| Description | 900| -------- | ------------------------------------------------- | ---- | -------------------------- | 901| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 902| signature | Uint8Array | Yes | Signature data to verify.| 903| callback | AsyncCallback\<[CMResult](#cmresult)> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object.| 904 905**Error codes** 906 907For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 908 909| ID| Error Message | 910| -------- | ------------------------------------------------------------ | 911| 201 | Permission verification failed. The application does not have the permission required to call the API. | 912| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 913| 17500001 | Internal error. | 914 915**Example** 916```ts 917import { certificateManager } from '@kit.DeviceCertificateKit'; 918 919/* cmHandle is the value returned by init(). The value here is only an example. */ 920let cmHandle: Uint8Array = new Uint8Array([ 921 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 922]); 923let signRes: Uint8Array = new Uint8Array([ 924 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 925]); 926try { 927 certificateManager.finish(cmHandle, signRes, (err, cmResult) => { 928 if (err != null) { 929 console.error(`Failed to finish. Code: ${err.code}, message: ${err.message}`); 930 } else { 931 console.info('Succeeded in finishing.'); 932 } 933 }); 934} catch(error) { 935 console.error(`Failed to finish. Code: ${error.code}, message: ${error.message}`); 936} 937``` 938 939## certificateManager.finish 940 941finish(handle: Uint8Array, signature?: Uint8Array): Promise\<CMResult> 942 943Finishes the signing or signature verification operation. This API uses a promise to return the result. 944 945**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 946 947**System capability**: System SystemCapability.Security.CertificateManager 948 949**Parameters** 950 951| Name | Type | Mandatory| Description | 952| -------- | ------------------------------------------------- | ---- | -------------------------- | 953| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 954| signature | Uint8Array | No | Data to sign or verify.| 955 956**Return value** 957 958| Type | Description | 959| ------------------------------- | ------------------------------------------------------------ | 960| Promise\<[CMResult](#cmresult)> | Promise used to return the result. For a signing operation, the promise returns the signature, that is, **outData** in the [CMResult](#cmresult) object, is returned. For a signature verification operation, the promise returns no value.| 961 962**Error codes** 963 964For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 965 966| ID| Error Message | 967| -------- | ------------------------------------------------------------ | 968| 201 | Permission verification failed. The application does not have the permission required to call the API. | 969| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 970| 17500001 | Internal error. | 971 972**Example** 973```ts 974import { certificateManager } from '@kit.DeviceCertificateKit'; 975import { BusinessError } from '@kit.BasicServicesKit'; 976 977/* cmHandle is the value returned by init(). The value here is only an example. */ 978let cmHandle: Uint8Array = new Uint8Array([ 979 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 980]); 981try { 982 /* Finish the signing operation. */ 983 certificateManager.finish(cmHandle).then((cmResult) => { 984 if (cmResult?.outData != undefined) { 985 let signRes1: Uint8Array = cmResult.outData; 986 console.info('Succeeded in finishing signature.'); 987 } else { 988 console.info('The result of signature is undefined.'); 989 } 990 }).catch((err: BusinessError) => { 991 console.error(`Failed to finish signature. Code: ${err.code}, message: ${err.message}`); 992 }) 993 994 /* Signature generated. */ 995 let signRes: Uint8Array = new Uint8Array([ 996 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 997 ]); 998 /* Finish the signature verification operation. */ 999 certificateManager.finish(cmHandle, signRes).then((cmResult) => { 1000 console.info('Succeeded in finishing verification.'); 1001 }).catch((err: BusinessError) => { 1002 console.error(`Failed to finish verification. Code: ${err.code}, message: ${err.message}`); 1003 }) 1004} catch(error) { 1005 console.error(`Failed to finish. Code: ${error.code}, message: ${error.message}`); 1006} 1007``` 1008 1009## certificateManager.abort 1010 1011abort(handle: Uint8Array, callback: AsyncCallback\<void>): void 1012 1013Aborts the signing or signature verification operation. This API uses an asynchronous callback to return the result. 1014 1015**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1016 1017**System capability**: System SystemCapability.Security.CertificateManager 1018 1019**Parameters** 1020 1021| Name | Type | Mandatory| Description | 1022| -------- | ------------------------------------------------- | ---- | -------------------------- | 1023| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 1024| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If the operation is successful, **err** is **null**. Otherwise, **err** is an error object.| 1025 1026**Error codes** 1027 1028For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1029 1030| ID| Error Message | 1031| -------- | ------------------------------------------------------------ | 1032| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1033| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1034| 17500001 | Internal error. | 1035 1036**Example** 1037```ts 1038import { certificateManager } from '@kit.DeviceCertificateKit'; 1039 1040/* cmHandle is the value returned by init(). The value here is only an example. */ 1041let cmHandle: Uint8Array = new Uint8Array([ 1042 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 1043]); 1044try { 1045 certificateManager.abort(cmHandle, (err, cmResult) => { 1046 if (err != null) { 1047 console.error(`Failed to abort. Code: ${err.code}, message: ${err.message}`); 1048 } else { 1049 console.info('Succeeded in aborting.'); 1050 } 1051 }); 1052} catch(error) { 1053 console.error(`Failed to abort. Code: ${error.code}, message: ${error.message}`); 1054} 1055``` 1056 1057## certificateManager.abort 1058 1059abort(handle: Uint8Array): Promise\<void> 1060 1061Aborts the signing or signature verification operation. This API uses a promise to return the result. 1062 1063**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1064 1065**System capability**: System SystemCapability.Security.CertificateManager 1066 1067**Parameters** 1068 1069| Name | Type | Mandatory| Description | 1070| -------- | ------------------------------------------------- | ---- | -------------------------- | 1071| handle | Uint8Array | Yes | Operation handle returned by **init()**.| 1072 1073**Return value** 1074 1075| Type | Description | 1076| ------------------------------------------- | -------------------- | 1077| Promise\<void> | Promise that returns no value.| 1078 1079**Error codes** 1080 1081For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1082 1083| ID| Error Message | 1084| -------- | ------------------------------------------------------------ | 1085| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1086| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1087| 17500001 | Internal error. | 1088 1089**Example** 1090```ts 1091import { certificateManager } from '@kit.DeviceCertificateKit'; 1092import { BusinessError } from '@kit.BasicServicesKit'; 1093 1094/* cmHandle is the value returned by init(). The value here is only an example. */ 1095let cmHandle: Uint8Array = new Uint8Array([ 1096 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 1097]); 1098try { 1099 certificateManager.abort(cmHandle).then((result) => { 1100 console.info('Succeeded in aborting.'); 1101 }).catch((err: BusinessError) => { 1102 console.error(`Failed to abort. Code: ${err.code}, message: ${err.message}`); 1103 }) 1104} catch (error) { 1105 console.error(`Failed to abort. Code: ${error.code}, message: ${error.message}`); 1106} 1107``` 1108 1109## certificateManager.getPublicCertificate<sup>12+</sup> 1110 1111getPublicCertificate(keyUri: string): Promise\<CMResult> 1112 1113Obtains detailed information about a public credential. This API uses a promise to return the result. 1114 1115**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1116 1117**System capability**: System SystemCapability.Security.CertificateManager 1118 1119**Parameters** 1120 1121| Name | Type | Mandatory| Description | 1122| -------- | ------------------------------------------------- | ---- | -------------------------- | 1123| keyUri | string | Yes | Unique identifier of the public credential.| 1124 1125**Return value** 1126 1127| Type | Description | 1128| ------------------------------- | ------------------------------------------------------------ | 1129| Promise\<[CMResult](#cmresult)> | Promise used to return the detailed information about the user's public credential obtained, that is, **credential** in the [CMResult](#cmresult) object.| 1130 1131**Error codes** 1132 1133For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1134 1135| ID| Error Message | 1136| -------- | ------------- | 1137| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1138| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1139| 17500001 | Internal error. | 1140| 17500002 | The certificate does not exist. | 1141| 17500005 | The application is not authorized by the user. | 1142 1143**Example** 1144```ts 1145import { certificateManager } from '@kit.DeviceCertificateKit'; 1146import { BusinessError } from '@kit.BasicServicesKit'; 1147 1148let uri: string = 'test'; /* Unique identifier of the public credential. The process for installing the public credential is omitted here. */ 1149try { 1150 certificateManager.getPublicCertificate(uri).then((cmResult) => { 1151 if (cmResult?.credential == undefined) { 1152 console.info('The result of getting public certificate is undefined.'); 1153 } else { 1154 let cred = cmResult.credential; 1155 console.info('Succeeded in getting Public certificate.'); 1156 } 1157 }).catch((err: BusinessError) => { 1158 console.error(`Failed to get Public certificate. Code: ${err.code}, message: ${err.message}`); 1159 }) 1160} catch (error) { 1161 console.error(`Failed to get Public certificate. Code: ${error.code}, message: ${error.message}`); 1162} 1163``` 1164 1165## certificateManager.isAuthorizedApp<sup>12+</sup> 1166 1167isAuthorizedApp(keyUri: string): Promise\<boolean> 1168 1169Checks whether this application is authorized by the specified user credential. This API uses a promise to return the result. 1170 1171**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1172 1173**System capability**: System SystemCapability.Security.CertificateManager 1174 1175**Parameters** 1176 1177| Name | Type | Mandatory| Description | 1178| -------- | ------------------------------------------------- | ---- | -------------------------- | 1179| keyUri | string | Yes | Unique identifier of the credential.| 1180 1181**Return value** 1182 1183| Type | Description | 1184| ----------------- | ------------------------------------------------------------ | 1185| Promise\<boolean> | Promise used to return a Boolean value, which indicates whether the application is authorized by the specified user credential.| 1186 1187**Error codes** 1188 1189For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1190 1191| ID| Error Message | 1192| -------- | ------------- | 1193| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1194| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1195| 17500001 | Internal error. | 1196 1197**Example** 1198```ts 1199import { certificateManager } from '@kit.DeviceCertificateKit'; 1200import { BusinessError } from '@kit.BasicServicesKit'; 1201 1202let uri: string = 'test'; /* Unique identifier of the credential. The process for authorizing the credential to the application is omitted here. */ 1203try { 1204 certificateManager.isAuthorizedApp(uri).then((res) => { 1205 if (res) { 1206 console.info('The application is authorized by the user.'); 1207 } else { 1208 console.info('The application is not authorized by the user.'); 1209 } 1210 }).catch((err: BusinessError) => { 1211 console.error(`Failed to get Public certificate. Code: ${err.code}, message: ${err.message}`); 1212 }) 1213} catch (error) { 1214 console.error(`Failed to get Public certificate. Code: ${error.code}, message: ${error.message}`); 1215} 1216``` 1217 1218## certificateManager.getAllUserTrustedCertificates<sup>12+</sup> 1219 1220getAllUserTrustedCertificates(): Promise\<CMResult> 1221 1222Obtains all user trusted root CA certificates of the device. This API uses a promise to return the result. 1223 1224**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1225 1226**System capability**: System SystemCapability.Security.CertificateManager 1227 1228**Return value** 1229 1230| Type | Description | 1231| ------------------------------- | ------------------------------------------------------------ | 1232| Promise\<[CMResult](#cmresult)> | Promise used to return the user's root CA certificates obtained, that is, **certList** in the [CMResult](#cmresult) object.| 1233 1234**Error codes** 1235 1236For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1237 1238| ID| Error Message | 1239| -------- | ------------- | 1240| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1241| 17500001 | Internal error. | 1242 1243**Example** 1244```ts 1245import { certificateManager } from '@kit.DeviceCertificateKit'; 1246import { BusinessError } from '@kit.BasicServicesKit'; 1247 1248try { 1249 certificateManager.getAllUserTrustedCertificates().then((cmResult) => { 1250 if (cmResult == undefined) { // If the number of root CA certificates is 0, return undefined in cmResult. 1251 console.info('the count of the user trusted certificates is 0'); 1252 } else if (cmResult.certList == undefined) { 1253 console.info('The result of getting all user trusted certificates is undefined.'); 1254 } else { 1255 let list = cmResult.certList; 1256 console.info('Succeeded in getting all user trusted certificates.'); 1257 } 1258 }).catch((err: BusinessError) => { 1259 console.error(`Failed to get all user trusted certificates. Code: ${err.code}, message: ${err.message}`); 1260 }) 1261} catch (error) { 1262 console.error(`Failed to get all user trusted certificates. Code: ${error.code}, message: ${error.message}`); 1263} 1264``` 1265 1266## certificateManager.getAllUserTrustedCertificates<sup>16+</sup> 1267 1268getAllUserTrustedCertificates(scope: CertScope): Promise\<CMResult> 1269 1270Obtains the user root CA certificates based on the certificate scope. This API uses a promise to return the result. 1271 1272**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1273 1274**System capability**: System SystemCapability.Security.CertificateManager 1275 1276**Parameters** 1277 1278| Name| Type | Mandatory| Description | 1279| ------ | ------------------------- | ---- | ---------------- | 1280| scope | [CertScope](#certscope16) | Yes | Scope of the certificates to obtain.| 1281 1282**Return value** 1283 1284| Type | Description | 1285| ------------------------------- | ------------------------------------------------------------ | 1286| Promise\<[CMResult](#cmresult)> | Promise used to return the user's root CA certificates obtained, that is, **certList** in the [CMResult](#cmresult) object.| 1287 1288**Error codes** 1289 1290For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1291 1292| ID| Error Message | 1293| -------- | ------------------------------------------------------------ | 1294| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1295| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1296| 17500001 | Internal error. | 1297 1298**Example** 1299 1300```ts 1301import { certificateManager } from '@kit.DeviceCertificateKit'; 1302import { BusinessError } from '@kit.BasicServicesKit'; 1303 1304try { 1305 /* Obtain the user root CA certificates of the current user. To obtain the user root CA certificates accessible to all users, pass in GLOBAL_USER. */ 1306 let scope: certificateManager.CertScope = certificateManager.CertScope.CURRENT_USER; 1307 certificateManager.getAllUserTrustedCertificates(scope).then((cmResult) => { 1308 if (cmResult == undefined) { // If the number of root CA certificates is 0, return undefined in cmResult. 1309 console.info('the count of the user trusted certificates is 0'); 1310 } else if (cmResult.certList == undefined) { 1311 console.info('The result of getting current user trusted certificates is undefined.'); 1312 } else { 1313 let list = cmResult.certList; 1314 console.info('Succeeded in getting current user trusted certificates.'); 1315 } 1316 }).catch((err: BusinessError) => { 1317 console.error(`Failed to get current user trusted certificates. Code: ${err.code}, message: ${err.message}`); 1318 }) 1319} catch (error) { 1320 console.error(`Failed to get current user trusted certificates. Code: ${error.code}, message: ${error.message}`); 1321} 1322``` 1323 1324## certificateManager.getUserTrustedCertificate<sup>12+</sup> 1325 1326getUserTrustedCertificate(certUri: string): Promise\<CMResult> 1327 1328Obtains the detailed information about a user root CA certificate. This API uses a promise to return the result. 1329 1330**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1331 1332**System capability**: System SystemCapability.Security.CertificateManager 1333 1334**Parameters** 1335 1336| Name | Type | Mandatory| Description | 1337| -------- | ------------------------------------------------- | ---- | -------------------------- | 1338| certUri | string | Yes | Unique identifier of the user root CA certificate.| 1339 1340**Return value** 1341 1342| Type | Description | 1343| ------------------------------- | ------------------------------------------------------------ | 1344| Promise\<[CMResult](#cmresult)> | Promise used to return the detailed CA certificate information obtained, that is, **certInfo** in the [CMResult](#cmresult) object.| 1345 1346**Error codes** 1347 1348For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1349 1350| ID| Error Message | 1351| -------- | ------------- | 1352| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1353| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1354| 17500001 | Internal error. | 1355| 17500002 | The certificate does not exist. | 1356 1357**Example** 1358```ts 1359import { certificateManager } from '@kit.DeviceCertificateKit'; 1360import { BusinessError } from '@kit.BasicServicesKit'; 1361 1362let certUri: string = 'testUserCert'; /* Unique identifier of the user root CA certificate. The process of installing the user root CA certificate is omitted here. */ 1363try { 1364 certificateManager.getUserTrustedCertificate(certUri).then((cmResult) => { 1365 if (cmResult?.certInfo == undefined) { 1366 console.info('The result of getting user trusted certificate is undefined.'); 1367 } else { 1368 let cert = cmResult.certInfo; 1369 console.info('Succeeded in getting user trusted certificate.'); 1370 } 1371 }).catch((err: BusinessError) => { 1372 console.error(`Failed to get user trusted certificate. Code: ${err.code}, message: ${err.message}`); 1373 }) 1374} catch (error) { 1375 console.error(`Failed to get user trusted certificate. Code: ${error.code}, message: ${error.message}`); 1376} 1377``` 1378## certificateManager.getPrivateCertificates<sup>13+</sup> 1379 1380getPrivateCertificates(): Promise\<CMResult> 1381 1382Obtains the credentials for installing the application. This API uses a promise to return the result asynchronously. 1383 1384**Required permissions**: ohos.permission.ACCESS_CERT_MANAGER 1385 1386**System capability**: System SystemCapability.Security.CertificateManager 1387 1388**Return value** 1389 1390| Type | Description | 1391| ------------------------------- | ------------------------------------------------------------ | 1392| Promise\<[CMResult](#cmresult)> | Promise used to return the credentials obtained, which is **credentialList** in [CMResult](#cmresult).| 1393 1394**Error codes** 1395 1396For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1397 1398| ID| Error Message | 1399| -------- | ------------- | 1400| 201 | Permission verification failed. The application does not have the permission required to call the API. | 1401| 17500001 | Internal error. | 1402 1403**Example** 1404```ts 1405import { certificateManager } from '@kit.DeviceCertificateKit'; 1406import { BusinessError } from '@kit.BasicServicesKit'; 1407 1408try { 1409 certificateManager.getPrivateCertificates().then((cmResult) => { 1410 if (cmResult = = undefined) { // If the number of certificate credentials is 0, return undefined in cmResult. 1411 console.info('the count of the private certificates is 0'); 1412 } else if (cmResult.credentialList == undefined) { 1413 console.info('The result of getting all private certificates installed by the application is undefined.'); 1414 } else { 1415 let list = cmResult.credentialList; 1416 console.info('Succeeded in getting all private certificates installed by the application.'); 1417 } 1418 }).catch((err: BusinessError) => { 1419 console.error(`Failed to get all private certificates installed by the application. Code: ${err.code}, message: ${err.message}`); 1420 }) 1421} catch (error) { 1422 console.error(`Failed to get all private certificates installed by the application. Code: ${error.code}, message: ${error.message}`); 1423} 1424``` 1425## certificateManager.getCertificateStorePath<sup>16+</sup> 1426 1427getCertificateStorePath(property: CertStoreProperty): string; 1428 1429Obtains the certificate storage path. 1430 1431**System capability**: System SystemCapability.Security.CertificateManager 1432 1433**Parameters** 1434 1435| Name | Type | Mandatory| Description | 1436| -------- | ----------------------------------------- | ---- | -------------------------------- | 1437| property | [CertStoreProperty](#certstoreproperty16) | Yes | Storage information about the target certificate.| 1438 1439**Return value** 1440 1441| Type | Description | 1442| ------ | -------------------- | 1443| string | Certificate storage path obtained.| 1444 1445**Error codes** 1446 1447For details about the following error codes, see [Certificate Management Error Codes](errorcode-certManager.md). 1448 1449| ID| Error Message | 1450| -------- | ------------- | 1451| 401 | Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 2. Incorrect parameter types; 3. Parameter verification failed. | 1452| 17500001 | Internal error. | 1453 1454**Example** 1455```ts 1456import { certificateManager } from '@kit.DeviceCertificateKit'; 1457 1458try { 1459 /* Obtain the storage path of the system CA certificates. */ 1460 let property1: certificateManager.CertStoreProperty = { 1461 certType: certificateManager.CertType.CA_CERT_SYSTEM, 1462 } 1463 let systemCAPath = certificateManager.getCertificateStorePath(property1); 1464 console.info(`Success to get system ca path: ${systemCAPath}`); 1465 1466 /* Obtain the storage path of the CA certificates for the current user. */ 1467 let property2: certificateManager.CertStoreProperty = { 1468 certType: certificateManager.CertType.CA_CERT_USER, 1469 certScope: certificateManager.CertScope.CURRENT_USER, 1470 } 1471 let userCACurrentPath = certificateManager.getCertificateStorePath(property2); 1472 console.info(`Success to get current user's user ca path: ${userCACurrentPath}`); 1473 1474 /* Obtain the storage path of the CA certificates for all users. */ 1475 let property3: certificateManager.CertStoreProperty = { 1476 certType: certificateManager.CertType.CA_CERT_USER, 1477 certScope: certificateManager.CertScope.GLOBAL_USER, 1478 } 1479 let globalCACurrentPath = certificateManager.getCertificateStorePath(property3); 1480 console.info(`Success to get global user's user ca path: ${globalCACurrentPath}`); 1481} catch (error) { 1482 console.error(`Failed to get store path. Code: ${error.code}, message: ${error.message}`); 1483} 1484``` 1485