1# @ohos.security.cert (证书模块) 2 3证书算法库框架提供证书相关接口。其中,依赖加解密算法库框架的基础算法能力的部分,详细接口说明可参考[cryptoFramework API参考](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md)。 4 5> **说明:** 6> 7> 本模块首批接口从API version 9开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8 9## 导入模块 10 11```ts 12import { cert } from '@kit.DeviceCertificateKit'; 13import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 14``` 15 16## CertResult 17 18 表示执行结果的枚举。 19 20 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 21 22 **系统能力:** SystemCapability.Security.Cert 23 24| 名称 | 值 | 说明 | 25| --------------------------------------| -------- | -----------------------------| 26| INVALID_PARAMS | 401 | 非法入参。 | 27| NOT_SUPPORT | 801 | 操作不支持。 | 28| ERR_OUT_OF_MEMORY | 19020001 | 内存错误。 | 29| ERR_RUNTIME_ERROR | 19020002 | 运行时外部错误。 | 30| ERR_CRYPTO_OPERATION | 19030001 | 调用三方算法库API出错。 | 31| ERR_CERT_SIGNATURE_FAILURE | 19030002 | 证书签名验证错误。 | 32| ERR_CERT_NOT_YET_VALID | 19030003 | 证书尚未生效。 | 33| ERR_CERT_HAS_EXPIRED | 19030004 | 证书过期。 | 34| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | 无法获取证书的颁发者。 | 35| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | 证书的秘钥用途不含证书签名。 | 36| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | 证书的秘钥用途不含数字签名。 | 37| ERR_MAYBE_WRONG_PASSWORD<sup>18+</sup> | 19030008 | 私钥密码错误。 <br> **原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 | 38 39## DataBlob 40buffer数组。 41 42 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 43 44 **系统能力:** SystemCapability.Security.Cert 45| 名称 | 类型 | 可读 | 可写 | 说明 | 46| -------------- | -------------- | ---- | ---- | ----------------| 47| data | Uint8Array | 是 | 是 | 数据。 | 48 49## DataArray 50 51buffer数组的列表。 52 53 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 54 55 **系统能力:** SystemCapability.Security.Cert 56| 名称 | 类型 | 可读 | 可写 | 说明 | 57| -------------- | -------------- | ---- | ---- | ----------------| 58| data | Array\<Uint8Array> | 是 | 是 | 数据列表。 | 59 60## EncodingFormat 61 62 表示证书编码格式的枚举。 63 64**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 65 66 **系统能力:** SystemCapability.Security.Cert 67 68| 名称 | 值 | 说明 | 69| ---------- | ------ | --------- | 70| FORMAT_DER | 0 | DER格式。 | 71| FORMAT_PEM | 1 | PEM格式。 | 72| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS7格式。 | 73 74## EncodingBaseFormat<sup>18+</sup> 75 76 表示生成CSR的编码格式的枚举。 77 78**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 79 80 **系统能力:** SystemCapability.Security.Cert 81 82| 名称 | 值 | 说明 | 83| ---------- | ------ | --------- | 84| PEM | 0 | PEM格式。 | 85| DER | 1 | DER格式。 | 86 87## CsrAttribute<sup>18+</sup> 88 表示生成CSR的编码格式配置参数中的拓展。 89 90openssl中规定了拓展类型,例如challengePassword、keyUsage等。 91 92**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 93 94 **系统能力:** SystemCapability.Security.Cert 95 96| 名称 | 值 | 说明 | 97| ---------- | ------ | --------- | 98| type | 指定的拓展类型 | openssl指定的拓展类型。 | 99| value | 拓展值 | 拓展值。 | 100 101## CsrGenerationConfig<sup>18+</sup> 102RSA私钥生成CSR时的配置参数,包含主体、拓展、摘要算法、输出格式等。 103 104**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 105 106**系统能力:** SystemCapability.Security.Cert 107 108| 名称 | 类型 | 可读 | 可写 | 说明 | 109| ------- | ------ | ---- | ---- | ------------------------------------------------------------ | 110| subject | [X500DistinguishedName](#x500distinguishedname12) | 是 | 是 | X509定义的Name类型的对象。 | 111| mdName | string | 是 | 是 | 摘要算法名。 | 112| attributes | Array\<[CsrAttribute](#csrattribute18)> | 是 | 是 | 拓展。 | 113| outFormat | [EncodingBaseFormat](#encodingbaseformat18) | 是 | 是 | 输出类型。 | 114 115> **说明:** 116> 117> - subject是X509定义的Name类型的对象。 118> 119> - mdName是摘要算法名,当前支持SHA1、SHA256、SHA384、SHA512。 120> 121> - attributes是可选参数,可以指定openssl中规定的拓展类型跟拓展值生成CSR。例如challengePassword、keyUsage等。 122> 123> - outFormat指定输出CSR的格式,若不指定默认为PEM格式。 124 125## CertItemType<sup>10+</sup> 126 127 表示获取证书字段的枚举。 128 129**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 130 131 **系统能力:** SystemCapability.Security.Cert 132 133| 名称 | 值 | 说明 | 134| -------------------------------- | ---- | ------------------------------ | 135| CERT_ITEM_TYPE_TBS | 0 | 表示获取证书的待签名信息。 | 136| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | 表示获取证书的公钥信息。 | 137| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | 表示获取证书的颁发者唯一编号。 | 138| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | 表示获取证书的主体唯一编号。 | 139| CERT_ITEM_TYPE_EXTENSIONS | 4 | 表示获取证书的扩展域信息。 | 140 141## ExtensionOidType<sup>10+</sup> 142 143 表示获取扩展域中对象标识符类型的枚举。 144 145 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 146 147 **系统能力:** SystemCapability.Security.Cert 148 149| 名称 | 值 | 说明 | 150| ----------------------------- | ---- | --------------------------------------------- | 151| EXTENSION_OID_TYPE_ALL | 0 | 表示获取扩展域中所有的对象标识符。 | 152| EXTENSION_OID_TYPE_CRITICAL | 1 | 表示获取扩展域中critical为true的对象标识符。 | 153| EXTENSION_OID_TYPE_UNCRITICAL | 2 | 表示获取扩展域中critical为false的对象标识符。 | 154 155## ExtensionEntryType<sup>10+</sup> 156 157 表示获取扩展域中对象类型的枚举。 158 159 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 160 161 **系统能力:** SystemCapability.Security.Cert 162 163| 名称 | 值 | 说明 | 164| ----------------------------------- | ---- | ---------------------------- | 165| EXTENSION_ENTRY_TYPE_ENTRY | 0 | 表示获取整个对象。 | 166| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | 表示获取对象的critical属性。 | 167| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | 表示获取对象的数据。 | 168 169## EncodingType<sup>12+</sup> 170 171 表示获取X509证书主体名称编码格式的枚举。 172 173**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 174 175 **系统能力:** SystemCapability.Security.Cert 176 177| 名称 | 值 | 说明 | 178| ---------- | ------ | --------- | 179| ENCODING_UTF8 | 0 | UTF8编码格式。 | 180 181## EncodingBlob 182 183带编码格式的证书二进制数组。 184 185### 属性 186 187**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 188 189**系统能力:** SystemCapability.Security.Cert 190 191| 名称 | 类型 | 可读 | 可写 | 说明 | 192| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 193| data | Uint8Array | 是 | 是 | 传入的证书数据。 | 194| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 195 196 197## CertChainData 198 199证书链数据,在证书链校验时,作为入参传入。 200 201### 属性 202 203**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 204 205**系统能力:** SystemCapability.Security.Cert 206 207| 名称 | 类型 | 可读 | 可写 | 说明 | 208| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 209| data | Uint8Array | 是 | 是 | 证书数据,按照长度(2字节)-数据的形式传入,如:08ABCDEFGH07ABCDEFG,第一本证书,前2个字节表示证书的长度为8字节,后面附加8字节的证书数据;第2本证书前2个字节表示证书的长度为7字节,后面附加7字节的证书数据。 | 210| count | number | 是 | 是 | 传入的数据中,包含的证书数量。 | 211| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 212 213## GeneralNameType<sup>12+</sup> 214 215表示证书主体用途的枚举。 216 217**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 218 219**系统能力:** SystemCapability.Security.Cert 220 221| 名称 | 值 | 说明 | 222| -------------- | --------------------------------- | ------------------ | 223| GENERAL_NAME_TYPE_OTHER_NAME | 0 | 表示其他名称。 | 224| GENERAL_NAME_TYPE_RFC822_NAME | 1 | 表示电子邮件地址。 | 225| GENERAL_NAME_TYPE_DNS_NAME | 2 | 表示一个DNS名称。 | 226| GENERAL_NAME_TYPE_X400_ADDRESS | 3 | 表示X.400地址。 | 227| GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | 表示一个目录名称。 | 228| GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | 表示特定的EDI实体。 | 229| GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | 表示一个统一资源标识符。 | 230| GENERAL_NAME_TYPE_IP_ADDRESS | 7 | 表示一个IP地址。 | 231| GENERAL_NAME_TYPE_REGISTERED_ID | 8 | 表示一个已注册的对象标识符。 | 232 233## GeneralName<sup>12+</sup> 234 235用于表示证书主体信息对象。 236 237**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 238 239**系统能力:** SystemCapability.Security.Cert 240 241| 名称 | 类型 | 必填 | 说明 | 242| -------------- | --------------------------------- | ---- | ------------------ | 243| type | [GeneralNameType](#generalname12) | 是 | 指定具体的证书主体类型。 | 244| name | Uint8Array | 否 | 指定具体的证书主体DER格式内容。 | 245 246## X509CertMatchParameters<sup>11+</sup> 247 248用于匹配证书的过滤参数。如果参数中任一项都未指定,则匹配所有证书。 249 250**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 251 252**系统能力:** SystemCapability.Security.Cert 253 254| 名称 | 类型 | 必填 | 说明 | 255| -------------- | --------------------------------- | ---- | ------------------ | 256| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象。 | 257| validDate | string | 否 | 指定证书有效期。 | 258| issuer | Uint8Array | 否 | 指定证书颁发者,为DER编码格式。 | 259| keyUsage | Array\<boolean> | 否 | 指定是否需要匹配密钥用途。true为需要,false为不需要。 | 260| serialNumber | bigint | 否 | 指定证书的序列号。 | 261| subject | Uint8Array | 否 | 指定证书主题,DER编码格式。 | 262| publicKey | [DataBlob](#datablob) | 否 | 指定证书公钥,DER编码格式。 | 263| publicKeyAlgID | string | 否 | 指定证书公钥的算法。 | 264| subjectAlternativeNames<sup>12+</sup> | Array\<[GeneralName](#generalname12)> | 否 | 指定证书主体名称。 | 265| matchAllSubjectAltNames<sup>12+</sup> | boolean | 否 | 指定是否需要匹配证书主体名称。true为需要,false为不需要。 | 266| authorityKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书颁发机构秘钥。 | 267| minPathLenConstraint<sup>12+</sup> | number | 否 | 指定证书CA路径长度。 | 268| extendedKeyUsage<sup>12+</sup> | Array\<string> | 否 | 指定证书扩展用途。 | 269| nameConstraints<sup>12+</sup> | Uint8Array | 否 | 指定证书的使用者名称。 | 270| certPolicy<sup>12+</sup> | Array\<string> | 否 | 指定证书策略。 | 271| privateKeyValid<sup>12+</sup> | string | 否 | 指定证书私钥有效期。 | 272| subjectKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书公钥。 | 273 274## X509CRLMatchParameters<sup>11+</sup> 275 276用于匹配证书吊销列表的过滤参数。如果参数中任一项都未指定,则匹配所有证书吊销列表。 277 278**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 279 280**系统能力:** SystemCapability.Security.Cert 281 282| 名称 | 类型 | 必填 | 说明 | 283| -------------- | --------------------------------- | ---- | ------------------ | 284| issuer | Array\<Uint8Array> | 否 | 指定颁发者作为过滤条件, 至少要匹配到其中一个issuer。 | 285| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象作为过滤条件, 判断该证书是否在CRL列表中。 | 286| updateDateTime<sup>12+</sup> | string | 否 | 指定证书更新时间。 | 287| maxCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最大值。 | 288| minCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最小值。 | 289 290## CertChainBuildParameters<sup>12+</sup> 291 292用于指定证书链创建参数。 293 294**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 295 296**系统能力:** SystemCapability.Security.Cert 297 298| 名称 | 类型 | 必填 | 说明 | 299| -------------- | --------------------------------- | ---- | ------------------ | 300| certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 指定过滤条件。 | 301| maxLength | number | 否 | 指定最终证书链中CA证书的最大长度。 | 302| validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 指定验证条件。 | 303 304## CertChainBuildResult<sup>12+</sup> 305 306用于指定证书链创建结果。 307 308**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 309 310**系统能力:** SystemCapability.Security.Cert 311 312| 名称 | 类型 | 必填 | 说明 | 313| -------------- | --------------------------------- | ---- | ------------------ | 314| certChain | [X509CertChain](#x509certchain11) | 是 | 生成的证书链对象。 | 315| validationResult | [CertChainValidationResult](#certchainvalidationresult11) | 是 | 指定最终证书链的最大长度。 | 316 317## X509TrustAnchor<sup>11+</sup> 318 319表示X509信任锚,用于校验证书链。使用信任锚中的证书或者公钥作为可信根,对证书链进行校验。 320 321**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 322 323**系统能力:** SystemCapability.Security.Cert 324 325| 名称 | 类型 | 可读 | 可写 | 说明 | 326| --------- | --------------------- | ---- | ---- | --------------------------- | 327| CACert | [X509Cert](#x509cert) | 是 | 是 | 信任的CA证书。 | 328| CAPubKey | Uint8Array | 是 | 是 | 信任的CA证书公钥, DER格式。 | 329| CASubject | Uint8Array | 是 | 是 | 信任的CA证书主题, DER格式。 | 330| nameConstraints<sup>12+</sup> | Uint8Array | 是 | 是 | 名称约束, DER格式。 | 331 332## RevocationCheckOptions<sup>12+</sup> 333 334 表示证书链在线校验证书吊销状态选项的枚举。 335 336 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 337 338 **系统能力:** SystemCapability.Security.Cert 339 340| 名称 | 值 | 说明 | 341| --------------------------------------| -------- | -----------------------------| 342| REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | 优先采用OCSP进行校验,默认采用CRL校验。 | 343| REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | 支持通过访问网络获取CRL或OCSP响应进行吊销状态的校验,默认为关闭。 | 344| REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | 当ACCESS_NETWORK选项打开时有效,如果优选的校验方法由于网络原因导致无法校验证书状态,则采用备选的方案进行校验。 | 345| REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | 当ACCESS_NETWORK选项打开时有效,如果在线获取CRL和OCSP响应都由于网络的原因导致无法校验证书状态,则采用本地设置的CRL和OCSP响应进行校验。 | 346 347## ValidationPolicyType<sup>12+</sup> 348 349 表示证书链在线校验策略的枚举。 350 351 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 352 353 **系统能力:** SystemCapability.Security.Cert 354 355| 名称 | 值 | 说明 | 356| --------------------------------------| -------- | -----------------------------| 357| VALIDATION_POLICY_TYPE_X509 | 0 | 默认值,不需要校验证书中的sslHostname或dNSName。 | 358| VALIDATION_POLICY_TYPE_SSL | 1 | 需要校验证书中的sslHostname或dNSName。 | 359 360## KeyUsageType<sup>12+</sup> 361 362 表示证书中密钥用途的枚举。 363 364 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 365 366 **系统能力:** SystemCapability.Security.Cert 367 368| 名称 | 值 | 说明 | 369| --------------------------------------| -------- | -----------------------------| 370| KEYUSAGE_DIGITAL_SIGNATURE | 0 | 证书持有者可以用证书中包含的私钥进行数字签名操作。 | 371| KEYUSAGE_NON_REPUDIATION | 1 | 证书持有者不可否认使用证书中包含的私钥进行的数字签名操作。 | 372| KEYUSAGE_KEY_ENCIPHERMENT | 2 | 证书持有者可以使用证书中包含的公钥进行密钥加密操作。 | 373| KEYUSAGE_DATA_ENCIPHERMENT | 3 | 证书持有者可以使用证书中包含的公钥进行数据加密操作。 | 374| KEYUSAGE_KEY_AGREEMENT | 4 | 证书持有者可以使用证书中包含的私钥进行密钥协商操作。 | 375| KEYUSAGE_KEY_CERT_SIGN | 5 | 证书持有者可以使用证书中包含的私钥对其他证书进行签名。 | 376| KEYUSAGE_CRL_SIGN | 6 | 证书持有者可以使用证书中包含的私钥对证书吊销列表(CRL)进行签名。 | 377| KEYUSAGE_ENCIPHER_ONLY | 7 | 证书持有者只能进行加密操作,不能进行解密操作。 | 378| KEYUSAGE_DECIPHER_ONLY | 8 | 证书持有者只能进行解密操作,不能进行加密操作。 | 379 380## RevocationCheckParameter<sup>12+</sup> 381 382表示证书链校验证书吊销状态的参数。 383 384**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 385 386**系统能力:** SystemCapability.Security.Cert 387 388| 名称 | 类型 | 必填 | 说明 | 389| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 390| ocspRequestExtension | Array\<Uint8Array> | 否 | 表示发送OCSP请求的扩展字段。| 391| ocspResponderURI | string | 否 | 表示用于OCSP请求的备选服务器URL地址,支持HTTP/HTTPS,具体配置由与服务器协商决定。 | 392| ocspResponderCert | [X509Cert](#x509cert) | 否 | 表示用于OCSP响应的签名校验的签名证书。 | 393| ocspResponses | Uint8Array | 否 | 表示用于OCSP服务器响应的备选数据。 | 394| crlDownloadURI | string | 否 | 表示用于CRL请求的备选下载地址。 | 395| options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | 否 | 表示证书吊销状态查询的策略组合。 | 396| ocspDigest | string | 否 | 表示OCSP通信时创建证书ID使用的哈希算法。默认为SHA256,支持可配置MD5、SHA1、SHA224、SHA256、SHA384、SHA512算法。 | 397 398## CertChainValidationParameters<sup>11+</sup> 399 400表示证书链校验的参数。 401 402**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 403 404**系统能力:** SystemCapability.Security.Cert 405 406| 名称 | 类型 | 必填 | 说明 | 407| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 408| date | string | 否 | 表示需要校验证书的有效期。 | 409| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | 是 | 表示信任锚列表。 | 410| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | 否 | 表示需要校验证书是否在证书吊销列表中。 | 411| revocationCheckParam<sup>12+</sup> | [RevocationCheckParameter](#revocationcheckparameter12) | 否 | 表示需要在线校验证证书吊销状态的参数对象。 | 412| policy<sup>12+</sup> | [ValidationPolicyType](#validationpolicytype12) | 否 | 表示需要校验证书的策略类型。 | 413| sslHostname<sup>12+</sup> | string | 否 | 表示需要校验证书中主机名,与policy配合使用。 | 414| keyUsage<sup>12+</sup> | Array\<[KeyUsageType](#keyusagetype12)> | 否 | 表示需要校验证书中的密钥用途。 | 415 416## CertChainValidationResult<sup>11+</sup> 417 418表示证书链校验的返回值。 419 420**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 421 422**系统能力:** SystemCapability.Security.Cert 423 424| 名称 | 类型 | 可读 | 可写 | 说明 | 425| ----------- | ------------------------------------- | ---- | ---- | -------------- | 426| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | 是 | 否 | 表示信任锚。 | 427| entityCert | [X509Cert](#x509cert) | 是 | 否 | 表示实体证书。 | 428 429## EncodingBaseFormat<sup>18+</sup> 430 431编码基础格式。 432 433**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 434 435**系统能力:** SystemCapability.Security.Cert 436 437| 名称 | 值 | 说明 | 438| ---- | --- | ------------------ | 439| PEM | 0 | 表示PEM格式。 | 440| DER | 1 | 表示DER格式。 | 441 442## Pkcs12Data<sup>18+</sup> 443 444表示返回P12文件的解析后的证书、私钥及其他证书合集。 445 446**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 447 448**系统能力:** SystemCapability.Security.Cert 449 450| 名称 | 类型 | 必填 | 说明 | 451| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 452| privateKey | string \| Uint8Array | 否 | 表示P12文件解析后的私钥。 | 453| cert | [X509Cert](#x509cert) | 否 | 表示P12文件解析后的证书。 | 454| otherCerts | Array\<[X509Cert](#x509cert)> | 否 | 表示P12文件解析后的其他证书合集。 | 455 456## Pkcs12ParsingConfig<sup>18+</sup> 457 458表示解析P12文件的配置。 459 460**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 461 462**系统能力:** SystemCapability.Security.Cert 463 464| 名称 | 类型 | 必填 | 说明 | 465| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 466| password | string | 是 | 表示P12文件的密码。 | 467| needsPrivateKey | boolean | 否 | 表示是否获取私钥。默认为true。true为获取,false为不获取。 | 468| privateKeyFormat | [EncodingBaseFormat](#encodingbaseformat18) | 否 | 表示获取私钥的格式。默认为PEM。 | 469| needsCert | boolean | 否 | 表示是否获取证书。默认为true。true为获取,false为不获取。 | 470| needsOtherCerts | boolean | 否 | 表示是否获取其他证书合集。默认为false。true为获取,false为不获取。 | 471 472## CmsContentType<sup>18+</sup> 473 474表示Cms内容类型的枚举。 475 476**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 477 478**系统能力:** SystemCapability.Security.Cert 479 480| 名称 | 值 | 说明 | 481| --------------------------------------| -------- | -----------------------------| 482| SIGNED_DATA | 0 | 签名数据。 | 483 484## CmsContentDataFormat<sup>18+</sup> 485 486表示Cms内容数据格式的枚举。 487 488**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 489 490**系统能力:** SystemCapability.Security.Cert 491 492| 名称 | 值 | 说明 | 493| ------ | --- | ------------------------ | 494| BINARY | 0 | 表示二进制数据格式。 | 495| TEXT | 1 | 表示文本数据格式。 | 496 497## CmsFormat<sup>18+</sup> 498 499表示Cms签名格式的枚举。 500 501**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 502 503**系统能力:** SystemCapability.Security.Cert 504 505| 名称 | 值 | 说明 | 506| ---- | --- | ------------------ | 507| PEM | 0 | 表示PEM格式。 | 508| DER | 1 | 表示DER格式。 | 509 510## PrivateKeyInfo<sup>18+</sup> 511 512表示私钥信息。 513 514**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 515 516**系统能力:** SystemCapability.Security.Cert 517 518| 名称 | 类型 | 必填 | 说明 | 519| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 520| key | string \| Uint8Array | 是 | 未加密或加密的私钥,支持PEM或DER格式。 | 521| password | string | 否 | 私钥的密码,如果私钥是加密的。 | 522 523## CmsSignerConfig<sup>18+</sup> 524 525表示Cms签名者的配置选项。 526 527**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 528 529**系统能力:** SystemCapability.Security.Cert 530 531| 名称 | 类型 | 必填 | 说明 | 532| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 533| mdName | string | 是 | 消息摘要算法的名称,例如 "SHA384", 当前支持"SHA1"、"SHA256"、"SHA384"、"SHA512"。 | 534| addCert | boolean | 否 | 是否添加证书。默认为true。true为需要,false为不需要。 | 535| addAttr | boolean | 否 | 是否添加签名属性。默认为true。true为需要,false为不需要。 | 536| addSmimeCapAttr | boolean | 否 | 是否将SMIME能力添加到Cms对象。默认为true。true为需要,false为不需要。 | 537 538## CmsGeneratorOptions<sup>18+</sup> 539 540表示生成Cms签名结果的配置选项。 541 542**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 543 544**系统能力:** SystemCapability.Security.Cert 545 546| 名称 | 类型 | 必填 | 说明 | 547| --------------------- | ----------------------------- | ---- | ------------------------------------------------------ | 548| contentDataFormat | [CmsContentDataFormat](#cmscontentdataformat18) | 否 | 内容数据的格式。默认为CmsContentDataFormat.BINARY。 | 549| outFormat | [CmsFormat](#cmsformat18) | 否 | Cms最终数据的输出格式。默认为DER。 | 550| isDetached | boolean | 否 | Cms最终数据是否不包含原始数据。默认为false。true为包含,false为不包含。 | 551 552## cert.createX509Cert 553 554createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 555 556表示创建X509证书对象,使用Callback回调异步返回结果。 557 558**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 559 560**系统能力:** SystemCapability.Security.Cert 561 562**参数:** 563 564| 参数名 | 类型 | 必填 | 说明 | 565| -------- | ------------------------------------- | ---- | -------------------------- | 566| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 567| callback | AsyncCallback\<[X509Cert](#x509cert)> | 是 | 回调函数,表示X509证书对象。 | 568 569**错误码:** 570 571以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 572 573| 错误码ID | 错误信息 | 574| -------- | ------------- | 575| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 576| 801 | this operation is not supported. | 577| 19020001 | memory error. | 578| 19030001 | crypto operation error. | 579 580**示例:** 581 582```ts 583import { cert } from '@kit.DeviceCertificateKit'; 584 585// string转Uint8Array。 586function stringToUint8Array(str: string): Uint8Array { 587 let arr: Array<number> = []; 588 for (let i = 0, j = str.length; i < j; i++) { 589 arr.push(str.charCodeAt(i)); 590 } 591 return new Uint8Array(arr); 592} 593 594// 证书二进制数据,需业务自行赋值。 595let certData = '-----BEGIN CERTIFICATE-----\n' + 596 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 597 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 598 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 599 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 600 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 601 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 602 'Qw==\n' + 603 '-----END CERTIFICATE-----\n'; 604 605let encodingBlob: cert.EncodingBlob = { 606 data: stringToUint8Array(certData), 607 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 608 encodingFormat: cert.EncodingFormat.FORMAT_PEM 609}; 610 611cert.createX509Cert(encodingBlob, (error, x509Cert) => { 612 if (error) { 613 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 614 } else { 615 console.log('createX509Cert success'); 616 } 617}); 618``` 619 620## cert.createX509Cert 621 622createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 623 624表示创建X509证书对象,使用Promise方式异步返回结果。 625 626**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 627 628**系统能力:** SystemCapability.Security.Cert 629 630**参数:** 631 632| 参数名 | 类型 | 必填 | 说明 | 633| -------- | ----------------------------- | ---- | ------------------ | 634| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 635 636**返回值:** 637 638| 类型 | 说明 | 639| ------- | ---------------- | 640| Promise\<[X509Cert](#x509cert)> | 表示X509证书对象。 | 641 642**错误码:** 643 644以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 645 646| 错误码ID | 错误信息 | 647| -------- | ------------- | 648| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 649| 801 | this operation is not supported. | 650| 19020001 | memory error. | 651| 19030001 | crypto operation error. | 652 653**示例:** 654 655```ts 656import { cert } from '@kit.DeviceCertificateKit'; 657import { BusinessError } from '@kit.BasicServicesKit'; 658 659// string转Uint8Array。 660function stringToUint8Array(str: string): Uint8Array { 661 let arr: Array<number> = []; 662 for (let i = 0, j = str.length; i < j; i++) { 663 arr.push(str.charCodeAt(i)); 664 } 665 return new Uint8Array(arr); 666} 667 668// 证书二进制数据,需业务自行赋值。 669let certData = '-----BEGIN CERTIFICATE-----\n' + 670 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 671 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 672 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 673 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 674 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 675 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 676 'Qw==\n' + 677 '-----END CERTIFICATE-----\n'; 678 679let encodingBlob: cert.EncodingBlob = { 680 data: stringToUint8Array(certData), 681 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 682 encodingFormat: cert.EncodingFormat.FORMAT_PEM 683}; 684 685cert.createX509Cert(encodingBlob).then(x509Cert => { 686 console.log('createX509Cert success'); 687}).catch((error: BusinessError) => { 688 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 689}); 690``` 691 692## X509Cert 693 694X509证书类。 695 696### verify 697 698verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 699 700表示对证书验签,使用Callback回调异步返回结果。 701 702**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 703 704**系统能力:** SystemCapability.Security.Cert 705 706**参数:** 707 708| 参数名 | 类型 | 必填 | 说明 | 709| -------- | --------------------- | ---- | ------------------------------------------------------------ | 710| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象。 | 711| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,不为null表示失败。 | 712 713**错误码:** 714 715以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 716 717| 错误码ID | 错误信息 | 718| -------- | ------------------ | 719| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 720| 19030001 | crypto operation error. | 721 722**示例:** 723 724```ts 725import { cert } from '@kit.DeviceCertificateKit'; 726import { BusinessError } from '@kit.BasicServicesKit'; 727 728// string转Uint8Array。 729function stringToUint8Array(str: string): Uint8Array { 730 let arr: Array<number> = []; 731 for (let i = 0, j = str.length; i < j; i++) { 732 arr.push(str.charCodeAt(i)); 733 } 734 return new Uint8Array(arr); 735} 736 737// 证书二进制数据,需业务自行赋值。 738let certData = '-----BEGIN CERTIFICATE-----\n' + 739 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 740 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 741 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 742 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 743 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 744 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 745 'Qw==\n' + 746 '-----END CERTIFICATE-----\n'; 747 748let encodingBlob: cert.EncodingBlob = { 749 data: stringToUint8Array(certData), 750 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 751 encodingFormat: cert.EncodingFormat.FORMAT_PEM 752}; 753 754cert.createX509Cert(encodingBlob, (error, x509Cert) => { 755 if (error) { 756 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 757 } else { 758 console.log('createX509Cert success'); 759 760 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey。 761 try { 762 let pubKey = x509Cert.getPublicKey(); 763 764 // 验证证书签名。 765 x509Cert.verify(pubKey, (err, data) => { 766 if (err) { 767 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 768 } else { 769 console.log('verify success'); 770 } 771 }); 772 } catch (error) { 773 let e: BusinessError = error as BusinessError; 774 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 775 } 776 } 777}); 778``` 779 780### verify 781 782verify(key : cryptoFramework.PubKey) : Promise\<void> 783 784表示对证书验签,使用Promise方式异步返回结果。 785 786**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 787 788**系统能力:** SystemCapability.Security.Cert 789 790**参数:** 791 792| 参数名 | 类型 | 必填 | 说明 | 793| ------ | ------ | ---- | ------------------ | 794| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象。 | 795 796**返回值:** 797 798| 类型 | 说明 | 799| -------------- | ----------- | 800| Promise\<void> | Promise对象。 | 801 802**错误码:** 803 804以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 805 806| 错误码ID | 错误信息 | 807| -------- | ------------------ | 808| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 809| 19030001 | crypto operation error. | 810 811**示例:** 812 813```ts 814import { cert } from '@kit.DeviceCertificateKit'; 815import { BusinessError } from '@kit.BasicServicesKit'; 816 817// string转Uint8Array。 818function stringToUint8Array(str: string): Uint8Array { 819 let arr: Array<number> = []; 820 for (let i = 0, j = str.length; i < j; i++) { 821 arr.push(str.charCodeAt(i)); 822 } 823 return new Uint8Array(arr); 824} 825 826// 证书二进制数据,需业务自行赋值。 827let certData = '-----BEGIN CERTIFICATE-----\n' + 828 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 829 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 830 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 831 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 832 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 833 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 834 'Qw==\n' + 835 '-----END CERTIFICATE-----\n'; 836 837let encodingBlob: cert.EncodingBlob = { 838 data: stringToUint8Array(certData), 839 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 840 encodingFormat: cert.EncodingFormat.FORMAT_PEM 841}; 842 843cert.createX509Cert(encodingBlob).then(x509Cert => { 844 console.log('createX509Cert success'); 845 846 try { 847 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey。 848 let pubKey = x509Cert.getPublicKey(); 849 x509Cert.verify(pubKey).then(result => { 850 console.log('verify success'); 851 }).catch((error: BusinessError) => { 852 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 853 }); 854 } catch (err) { 855 console.error('get public key failed'); 856 } 857}).catch((error: BusinessError) => { 858 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 859}); 860``` 861 862### getEncoded 863 864getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 865 866表示获取X509证书序列化数据,使用Callback回调异步返回结果。 867 868**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 869 870**系统能力:** SystemCapability.Security.Cert 871 872**参数**: 873 874| 参数名 | 类型 | 必填 | 说明 | 875| -------- | --------------------------------------------- | ---- | -------------------------------- | 876| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示X509证书序列化数据。 | 877 878**错误码:** 879 880以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 881 882| 错误码ID | 错误信息 | 883| -------- | ------------------------------------------------- | 884| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 885| 19020001 | memory error. | 886| 19020002 | runtime error. | 887| 19030001 | crypto operation error.| 888 889**示例:** 890 891```ts 892import { cert } from '@kit.DeviceCertificateKit'; 893 894// string转Uint8Array。 895function stringToUint8Array(str: string): Uint8Array { 896 let arr: Array<number> = []; 897 for (let i = 0, j = str.length; i < j; i++) { 898 arr.push(str.charCodeAt(i)); 899 } 900 return new Uint8Array(arr); 901} 902 903// 证书二进制数据,需业务自行赋值。 904let certData = '-----BEGIN CERTIFICATE-----\n' + 905 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 906 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 907 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 908 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 909 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 910 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 911 'Qw==\n' + 912 '-----END CERTIFICATE-----\n'; 913 914let encodingBlob: cert.EncodingBlob = { 915 data: stringToUint8Array(certData), 916 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 917 encodingFormat: cert.EncodingFormat.FORMAT_PEM 918}; 919 920cert.createX509Cert(encodingBlob, (error, x509Cert) => { 921 if (error) { 922 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 923 } else { 924 console.log('createX509Cert success'); 925 x509Cert.getEncoded((error, data) => { 926 if (error) { 927 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 928 } else { 929 console.log('getEncoded success'); 930 } 931 }); 932 } 933}); 934``` 935 936### getEncoded 937 938getEncoded() : Promise\<EncodingBlob> 939 940表示获取X509证书序列化数据,使用Promise方式异步返回结果。 941 942**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 943 944**系统能力:** SystemCapability.Security.Cert 945 946**返回值**: 947 948| 类型 | 说明 | 949| --------------------------------------- | ---------------------- | 950| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书序列化数据。 | 951 952**错误码:** 953 954以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 955 956| 错误码ID | 错误信息 | 957| -------- | ------------------------------------------------- | 958| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 959| 19020001 | memory error. | 960| 19020002 | runtime error. | 961| 19030001 | crypto operation error.| 962 963**示例:** 964 965```ts 966import { cert } from '@kit.DeviceCertificateKit'; 967import { BusinessError } from '@kit.BasicServicesKit'; 968 969// string转Uint8Array。 970function stringToUint8Array(str: string): Uint8Array { 971 let arr: Array<number> = []; 972 for (let i = 0, j = str.length; i < j; i++) { 973 arr.push(str.charCodeAt(i)); 974 } 975 return new Uint8Array(arr); 976} 977 978// 证书二进制数据,需业务自行赋值。 979let certData = '-----BEGIN CERTIFICATE-----\n' + 980 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 981 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 982 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 983 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 984 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 985 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 986 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 987 '-----END CERTIFICATE-----\n'; 988 989// 证书二进制数据,需业务自行赋值。 990let encodingBlob: cert.EncodingBlob = { 991 data: stringToUint8Array(certData), 992 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 993 encodingFormat: cert.EncodingFormat.FORMAT_PEM 994}; 995cert.createX509Cert(encodingBlob).then(x509Cert => { 996 console.log('createX509Cert success'); 997 x509Cert.getEncoded().then(result => { 998 console.log('getEncoded success'); 999 }).catch((error: BusinessError) => { 1000 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1001 }); 1002}).catch((error: BusinessError) => { 1003 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1004}); 1005``` 1006 1007### getPublicKey 1008 1009getPublicKey() : cryptoFramework.PubKey 1010 1011表示获取X509证书公钥。 1012 1013**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1014 1015**系统能力:** SystemCapability.Security.Cert 1016 1017**返回值**: 1018 1019| 类型 | 说明 | 1020| ------ | ---------------- | 1021| [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | X509证书公钥对象:仅用于X509Cert的verify接口。 | 1022 1023**错误码:** 1024 1025以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1026 1027| 错误码ID | 错误信息 | 1028| -------- | ------------------------------------------------- | 1029| 19020001 | memory error. | 1030| 19030001 | crypto operation error.| 1031 1032**示例:** 1033 1034```ts 1035import { cert } from '@kit.DeviceCertificateKit'; 1036import { BusinessError } from '@kit.BasicServicesKit'; 1037 1038// string转Uint8Array。 1039function stringToUint8Array(str: string): Uint8Array { 1040 let arr: Array<number> = []; 1041 for (let i = 0, j = str.length; i < j; i++) { 1042 arr.push(str.charCodeAt(i)); 1043 } 1044 return new Uint8Array(arr); 1045} 1046 1047// 证书二进制数据,需业务自行赋值。 1048let certData = '-----BEGIN CERTIFICATE-----\n' + 1049 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1050 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1051 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1052 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1053 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1054 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1055 'Qw==\n' + 1056 '-----END CERTIFICATE-----\n'; 1057 1058let encodingBlob: cert.EncodingBlob = { 1059 data: stringToUint8Array(certData), 1060 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1061 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1062}; 1063 1064cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1065 if (error) { 1066 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1067 } else { 1068 console.log('createX509Cert success'); 1069 try { 1070 let pubKey = x509Cert.getPublicKey(); 1071 } catch (error) { 1072 let e: BusinessError = error as BusinessError; 1073 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1074 } 1075 } 1076}); 1077``` 1078 1079### checkValidityWithDate 1080 1081checkValidityWithDate(date: string) : void 1082 1083表示检查X509证书有效期。 1084 1085**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1086 1087**系统能力:** SystemCapability.Security.Cert 1088 1089**参数**: 1090 1091| 参数名 | 类型 | 必填 | 说明 | 1092| -------- | -------------- | ---- | ---------- | 1093| date | string | 是 | 日期,为ASN.1时间格式。 | 1094 1095**错误码:** 1096 1097以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1098 1099| 错误码ID | 错误信息 | 1100| -------- | ------------------------------------------------- | 1101| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 1102| 19020001 | memory error. | 1103| 19030001 | crypto operation error.| 1104| 19030003 | the certificate has not taken effect. | 1105| 19030004 | the certificate has expired.| 1106 1107**示例:** 1108 1109```ts 1110import { cert } from '@kit.DeviceCertificateKit'; 1111import { BusinessError } from '@kit.BasicServicesKit'; 1112 1113// string转Uint8Array。 1114function stringToUint8Array(str: string): Uint8Array { 1115 let arr: Array<number> = []; 1116 for (let i = 0, j = str.length; i < j; i++) { 1117 arr.push(str.charCodeAt(i)); 1118 } 1119 return new Uint8Array(arr); 1120} 1121 1122// 证书二进制数据,需业务自行赋值。 1123let certData = '-----BEGIN CERTIFICATE-----\n' + 1124 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1125 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1126 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1127 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1128 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1129 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1130 'Qw==\n' + 1131 '-----END CERTIFICATE-----\n'; 1132 1133let encodingBlob: cert.EncodingBlob = { 1134 data: stringToUint8Array(certData), 1135 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1136 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1137}; 1138 1139cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1140 if (error) { 1141 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1142 } else { 1143 console.log('createX509Cert success'); 1144 1145 let date = '231001000001Z'; 1146 // Verify the certificate validity period. 1147 try { 1148 x509Cert.checkValidityWithDate(date); 1149 } catch (error) { 1150 let e: BusinessError = error as BusinessError; 1151 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1152 } 1153 } 1154}); 1155``` 1156 1157### getVersion 1158 1159getVersion() : number 1160 1161表示获取X509证书版本。 1162 1163**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1164 1165**系统能力:** SystemCapability.Security.Cert 1166 1167**返回值**: 1168 1169| 类型 | 说明 | 1170| ------ | ---------------- | 1171| number | 表示X509证书版本。 | 1172 1173**示例:** 1174 1175```ts 1176import { cert } from '@kit.DeviceCertificateKit'; 1177 1178// string转Uint8Array。 1179function stringToUint8Array(str: string): Uint8Array { 1180 let arr: Array<number> = []; 1181 for (let i = 0, j = str.length; i < j; i++) { 1182 arr.push(str.charCodeAt(i)); 1183 } 1184 return new Uint8Array(arr); 1185} 1186 1187// 证书二进制数据,需业务自行赋值。 1188let certData = '-----BEGIN CERTIFICATE-----\n' + 1189 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1190 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1191 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1192 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1193 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1194 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1195 'Qw==\n' + 1196 '-----END CERTIFICATE-----\n'; 1197 1198let encodingBlob: cert.EncodingBlob = { 1199 data: stringToUint8Array(certData), 1200 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1201 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1202}; 1203cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1204 if (error) { 1205 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1206 } else { 1207 console.log('createX509Cert success'); 1208 let version = x509Cert.getVersion(); 1209 } 1210}); 1211``` 1212 1213### getSerialNumber<sup>(deprecated)</sup> 1214 1215getSerialNumber() : number 1216 1217表示获取X509证书序列号。 1218 1219> **说明:** 1220> 1221> 从API version 9开始支持,从API version 10开始废弃,建议使用[getCertSerialNumber](#getcertserialnumber10)替代。 1222 1223**系统能力:** SystemCapability.Security.Cert 1224 1225**返回值**: 1226 1227| 类型 | 说明 | 1228| ------ | ------------------ | 1229| number | 表示X509证书序列号。 | 1230 1231**示例:** 1232 1233```ts 1234import { cert } from '@kit.DeviceCertificateKit'; 1235 1236// string转Uint8Array。 1237function stringToUint8Array(str: string): Uint8Array { 1238 let arr: Array<number> = []; 1239 for (let i = 0, j = str.length; i < j; i++) { 1240 arr.push(str.charCodeAt(i)); 1241 } 1242 return new Uint8Array(arr); 1243} 1244 1245// 证书二进制数据,需业务自行赋值。 1246let certData = '-----BEGIN CERTIFICATE-----\n' + 1247 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1248 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1249 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1250 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1251 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1252 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1253 'Qw==\n' + 1254 '-----END CERTIFICATE-----\n'; 1255 1256let encodingBlob: cert.EncodingBlob = { 1257 data: stringToUint8Array(certData), 1258 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1259 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1260}; 1261 1262cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1263 if (error) { 1264 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1265 } else { 1266 console.log('createX509Cert success'); 1267 let serialNumber = x509Cert.getSerialNumber(); 1268 } 1269}); 1270``` 1271 1272### getCertSerialNumber<sup>10+</sup> 1273 1274getCertSerialNumber() : bigint 1275 1276表示获取X509证书序列号。 1277 1278**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1279 1280**系统能力:** SystemCapability.Security.Cert 1281 1282**返回值**: 1283 1284| 类型 | 说明 | 1285| ------ | ------------------ | 1286| bigint | 表示X509证书序列号。 | 1287 1288**错误码:** 1289 1290以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1291 1292| 错误码ID | 错误信息 | 1293| -------- | ------------------------------------------------- | 1294| 19020002 | runtime error. | 1295 1296**示例:** 1297 1298```ts 1299import { cert } from '@kit.DeviceCertificateKit'; 1300import { BusinessError } from '@kit.BasicServicesKit'; 1301 1302// string转Uint8Array。 1303function stringToUint8Array(str: string): Uint8Array { 1304 let arr: Array<number> = []; 1305 for (let i = 0, j = str.length; i < j; i++) { 1306 arr.push(str.charCodeAt(i)); 1307 } 1308 return new Uint8Array(arr); 1309} 1310 1311// 证书二进制数据,需业务自行赋值。 1312let certData = '-----BEGIN CERTIFICATE-----\n' + 1313 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1314 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1315 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1316 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1317 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1318 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1319 'Qw==\n' + 1320 '-----END CERTIFICATE-----\n'; 1321 1322let encodingBlob: cert.EncodingBlob = { 1323 data: stringToUint8Array(certData), 1324 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1325 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1326}; 1327 1328cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1329 if (error) { 1330 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1331 } else { 1332 console.log('createX509Cert success'); 1333 try { 1334 let serialNumber = x509Cert.getCertSerialNumber(); 1335 } catch (err) { 1336 let e: BusinessError = err as BusinessError; 1337 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1338 } 1339 } 1340}); 1341``` 1342 1343### getIssuerName 1344 1345getIssuerName() : DataBlob 1346 1347表示获取X509证书颁发者名称。 1348 1349> **说明:** 1350> 1351> 获取到的X509证书颁发者名称数据带字符串结束符。 1352 1353**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1354 1355**系统能力:** SystemCapability.Security.Cert 1356 1357**返回值**: 1358 1359| 类型 | 说明 | 1360| --------------------- | ---------------------- | 1361| [DataBlob](#datablob) | 表示X509证书颁发者名称。 | 1362 1363**错误码:** 1364 1365以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1366 1367| 错误码ID | 错误信息 | 1368| -------- | ------------------------------------------------- | 1369| 19020001 | memory error. | 1370| 19020002 | runtime error. | 1371| 19030001 | crypto operation error.| 1372 1373**示例:** 1374 1375```ts 1376import { cert } from '@kit.DeviceCertificateKit'; 1377import { BusinessError } from '@kit.BasicServicesKit'; 1378 1379// string转Uint8Array。 1380function stringToUint8Array(str: string): Uint8Array { 1381 let arr: Array<number> = []; 1382 for (let i = 0, j = str.length; i < j; i++) { 1383 arr.push(str.charCodeAt(i)); 1384 } 1385 return new Uint8Array(arr); 1386} 1387 1388// 证书二进制数据,需业务自行赋值。 1389let certData = '-----BEGIN CERTIFICATE-----\n' + 1390 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1391 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1392 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1393 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1394 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1395 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1396 'Qw==\n' + 1397 '-----END CERTIFICATE-----\n'; 1398 1399let encodingBlob: cert.EncodingBlob = { 1400 data: stringToUint8Array(certData), 1401 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1402 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1403}; 1404 1405cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1406 if (error) { 1407 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1408 } else { 1409 console.log('createX509Cert success'); 1410 try { 1411 let issuerName = x509Cert.getIssuerName(); 1412 } catch (err) { 1413 let e: BusinessError = err as BusinessError; 1414 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1415 } 1416 } 1417}); 1418``` 1419 1420### getSubjectName 1421 1422getSubjectName(encodingType?: EncodingType) : DataBlob 1423 1424表示获取X509证书主体名称。 1425 1426> **说明:** 1427> 1428> 获取到的X509证书主体名称数据带字符串结束符。 1429 1430**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1431 1432**系统能力:** SystemCapability.Security.Cert 1433 1434**参数**: 1435 1436| 参数名 | 类型 | 必填 | 说明 | 1437| -------- | ------------------------------------- | ---- | ------------------------------ | 1438| encodingType | [EncodingType](#encodingtype12) | 否 | 编码类型。设置参数表示获取UTF8格式编码;不设置默认获取ASCII格式编码。<br>API 12后支持设置此参数。 | 1439 1440**返回值**: 1441 1442| 类型 | 说明 | 1443| --------------------- | -------------------- | 1444| [DataBlob](#datablob) | 表示X509证书主体名称,转化成字符串后使用逗号分隔相对可分辨名称。 | 1445 1446**错误码:** 1447 1448以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1449 1450| 错误码ID | 错误信息 | 1451| -------- | ------------------------------------------------- | 1452| 401 | invalid parameters. Possible causes: <br>1. Incorrect parameter types;<br>2. Parameter verification failed. | 1453| 19020001 | memory error. | 1454| 19020002 | runtime error. | 1455| 19030001 | crypto operation error.| 1456 1457**示例:** 1458 1459```ts 1460import { cert } from '@kit.DeviceCertificateKit'; 1461import { BusinessError } from '@kit.BasicServicesKit'; 1462 1463// string转Uint8Array。 1464function stringToUint8Array(str: string): Uint8Array { 1465 let arr: Array<number> = []; 1466 for (let i = 0, j = str.length; i < j; i++) { 1467 arr.push(str.charCodeAt(i)); 1468 } 1469 return new Uint8Array(arr); 1470} 1471 1472// 证书二进制数据,需业务自行赋值。 1473let certData = '-----BEGIN CERTIFICATE-----\n' + 1474 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1475 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1476 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1477 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1478 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1479 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1480 'Qw==\n' + 1481 '-----END CERTIFICATE-----\n'; 1482 1483let encodingBlob: cert.EncodingBlob = { 1484 data: stringToUint8Array(certData), 1485 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1486 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1487}; 1488 1489cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1490 if (error) { 1491 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1492 } else { 1493 console.log('createX509Cert success'); 1494 try { 1495 let subjectName = x509Cert.getSubjectName(); 1496 } catch (err) { 1497 let e: BusinessError = err as BusinessError; 1498 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1499 } 1500 try { 1501 let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); 1502 } catch (err) { 1503 let e: BusinessError = err as BusinessError; 1504 console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1505 } 1506 } 1507}); 1508``` 1509 1510### getNotBeforeTime 1511 1512getNotBeforeTime() : string 1513 1514表示获取X509证书有效期起始时间。 1515 1516**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1517 1518**系统能力:** SystemCapability.Security.Cert 1519 1520**返回值**: 1521 1522| 类型 | 说明 | 1523| ------ | ------------------------------------------------------------ | 1524| string | 表示X509证书有效期起始时间,日期为ASN.1时间格式。 | 1525 1526**错误码:** 1527 1528以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1529 1530| 错误码ID | 错误信息 | 1531| -------- | ------------------------------------------------- | 1532| 19020001 | memory error. | 1533| 19020002 | runtime error. | 1534| 19030001 | crypto operation error.| 1535 1536**示例:** 1537 1538```ts 1539import { cert } from '@kit.DeviceCertificateKit'; 1540import { BusinessError } from '@kit.BasicServicesKit'; 1541 1542// string转Uint8Array。 1543function stringToUint8Array(str: string): Uint8Array { 1544 let arr: Array<number> = []; 1545 for (let i = 0, j = str.length; i < j; i++) { 1546 arr.push(str.charCodeAt(i)); 1547 } 1548 return new Uint8Array(arr); 1549} 1550 1551// 证书二进制数据,需业务自行赋值。 1552let certData = '-----BEGIN CERTIFICATE-----\n' + 1553 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1554 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1555 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1556 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1557 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1558 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1559 'Qw==\n' + 1560 '-----END CERTIFICATE-----\n'; 1561 1562let encodingBlob: cert.EncodingBlob = { 1563 data: stringToUint8Array(certData), 1564 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1565 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1566}; 1567 1568cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1569 if (error) { 1570 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1571 } else { 1572 console.log('createX509Cert success'); 1573 try { 1574 let notBefore = x509Cert.getNotBeforeTime(); 1575 } catch (err) { 1576 let e: BusinessError = err as BusinessError; 1577 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1578 } 1579 } 1580}); 1581``` 1582 1583### getNotAfterTime 1584 1585getNotAfterTime() : string 1586 1587表示获取X509证书有效期截止时间。 1588 1589**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1590 1591**系统能力:** SystemCapability.Security.Cert 1592 1593**返回值**: 1594 1595| 类型 | 说明 | 1596| ------ | ------------------------------------------------------------ | 1597| string | 表示X509证书有效期截止时间,日期为ASN.1时间格式。 | 1598 1599**错误码:** 1600 1601以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1602 1603| 错误码ID | 错误信息 | 1604| -------- | ------------------------------------------------- | 1605| 19020001 | memory error. | 1606| 19020002 | runtime error. | 1607| 19030001 | crypto operation error.| 1608 1609**示例:** 1610 1611```ts 1612import { cert } from '@kit.DeviceCertificateKit'; 1613 1614import { BusinessError } from '@kit.BasicServicesKit'; 1615 1616// string转Uint8Array。 1617function stringToUint8Array(str: string): Uint8Array { 1618 let arr: Array<number> = []; 1619 for (let i = 0, j = str.length; i < j; i++) { 1620 arr.push(str.charCodeAt(i)); 1621 } 1622 return new Uint8Array(arr); 1623} 1624 1625// 证书二进制数据,需业务自行赋值。 1626let certData = '-----BEGIN CERTIFICATE-----\n' + 1627 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1628 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1629 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1630 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1631 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1632 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1633 'Qw==\n' + 1634 '-----END CERTIFICATE-----\n'; 1635 1636let encodingBlob: cert.EncodingBlob = { 1637 data: stringToUint8Array(certData), 1638 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1639 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1640}; 1641 1642cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1643 if (error) { 1644 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1645 } else { 1646 console.log('createX509Cert success'); 1647 try { 1648 let notAfter = x509Cert.getNotAfterTime(); 1649 } catch (err) { 1650 let e: BusinessError = err as BusinessError; 1651 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1652 } 1653 } 1654}); 1655``` 1656 1657### getSignature 1658 1659getSignature() : DataBlob 1660 1661表示获取X509证书签名数据。 1662 1663**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1664 1665**系统能力:** SystemCapability.Security.Cert 1666 1667**返回值**: 1668 1669| 类型 | 说明 | 1670| --------------------- | -------------------- | 1671| [DataBlob](#datablob) | 表示X509证书签名数据。 | 1672 1673**错误码:** 1674 1675以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1676 1677| 错误码ID | 错误信息 | 1678| -------- | ------------------------------------------------- | 1679| 19020001 | memory error. | 1680| 19020002 | runtime error. | 1681| 19030001 | crypto operation error.| 1682 1683**示例:** 1684 1685```ts 1686import { cert } from '@kit.DeviceCertificateKit'; 1687 1688import { BusinessError } from '@kit.BasicServicesKit'; 1689 1690// string转Uint8Array。 1691function stringToUint8Array(str: string): Uint8Array { 1692 let arr: Array<number> = []; 1693 for (let i = 0, j = str.length; i < j; i++) { 1694 arr.push(str.charCodeAt(i)); 1695 } 1696 return new Uint8Array(arr); 1697} 1698 1699// 证书二进制数据,需业务自行赋值。 1700let certData = '-----BEGIN CERTIFICATE-----\n' + 1701 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1702 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1703 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1704 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1705 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1706 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1707 'Qw==\n' + 1708 '-----END CERTIFICATE-----\n'; 1709 1710let encodingBlob: cert.EncodingBlob = { 1711 data: stringToUint8Array(certData), 1712 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1713 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1714}; 1715 1716cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1717 if (error) { 1718 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1719 } else { 1720 console.log('createX509Cert success'); 1721 try { 1722 let signature = x509Cert.getSignature(); 1723 } catch (err) { 1724 let e: BusinessError = err as BusinessError; 1725 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1726 } 1727 } 1728}); 1729``` 1730 1731### getSignatureAlgName 1732 1733getSignatureAlgName() : string 1734 1735表示获取X509证书签名算法名称。 1736 1737**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1738 1739**系统能力:** SystemCapability.Security.Cert 1740 1741**返回值**: 1742 1743| 类型 | 说明 | 1744| ------ | ------------------------ | 1745| string | 表示X509证书签名算法名称。 | 1746 1747**错误码:** 1748 1749以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1750 1751| 错误码ID | 错误信息 | 1752| -------- | ------------------------------------------------- | 1753| 19020001 | memory error. | 1754| 19020002 | runtime error. | 1755| 19030001 | crypto operation error.| 1756 1757**示例:** 1758 1759```ts 1760import { cert } from '@kit.DeviceCertificateKit'; 1761 1762import { BusinessError } from '@kit.BasicServicesKit'; 1763 1764// string转Uint8Array。 1765function stringToUint8Array(str: string): Uint8Array { 1766 let arr: Array<number> = []; 1767 for (let i = 0, j = str.length; i < j; i++) { 1768 arr.push(str.charCodeAt(i)); 1769 } 1770 return new Uint8Array(arr); 1771} 1772 1773// 证书二进制数据,需业务自行赋值。 1774let certData = '-----BEGIN CERTIFICATE-----\n' + 1775 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1776 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1777 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1778 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1779 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1780 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1781 'Qw==\n' + 1782 '-----END CERTIFICATE-----\n'; 1783 1784let encodingBlob: cert.EncodingBlob = { 1785 data: stringToUint8Array(certData), 1786 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1787 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1788}; 1789 1790cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1791 if (error) { 1792 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1793 } else { 1794 console.log('createX509Cert success'); 1795 try { 1796 let sigAlgName = x509Cert.getSignatureAlgName(); 1797 } catch (err) { 1798 let e: BusinessError = err as BusinessError; 1799 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1800 } 1801 } 1802}); 1803``` 1804 1805### getSignatureAlgOid 1806 1807getSignatureAlgOid() : string 1808 1809表示获取X509证书签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 1810 1811**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1812 1813**系统能力:** SystemCapability.Security.Cert 1814 1815**返回值**: 1816 1817| 类型 | 说明 | 1818| ------ | --------------------------------- | 1819| string | 表示X509证书签名算法对象标志符OID。若OID长度超过128字节,则会被截断。 | 1820 1821**错误码:** 1822 1823以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1824 1825| 错误码ID | 错误信息 | 1826| -------- | ------------------------------------------------- | 1827| 19020001 | memory error. | 1828| 19020002 | runtime error. | 1829| 19030001 | crypto operation error.| 1830 1831**示例:** 1832 1833```ts 1834import { cert } from '@kit.DeviceCertificateKit'; 1835import { BusinessError } from '@kit.BasicServicesKit'; 1836 1837// string转Uint8Array。 1838function stringToUint8Array(str: string): Uint8Array { 1839 let arr: Array<number> = []; 1840 for (let i = 0, j = str.length; i < j; i++) { 1841 arr.push(str.charCodeAt(i)); 1842 } 1843 return new Uint8Array(arr); 1844} 1845 1846// 证书二进制数据,需业务自行赋值。 1847let certData = '-----BEGIN CERTIFICATE-----\n' + 1848 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1849 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1850 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1851 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1852 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1853 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1854 'Qw==\n' + 1855 '-----END CERTIFICATE-----\n'; 1856 1857let encodingBlob: cert.EncodingBlob = { 1858 data: stringToUint8Array(certData), 1859 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1860 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1861}; 1862 1863cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1864 if (error) { 1865 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1866 } else { 1867 console.log('createX509Cert success'); 1868 try { 1869 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1870 } catch (err) { 1871 let e: BusinessError = err as BusinessError; 1872 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1873 } 1874 } 1875}); 1876``` 1877 1878### getSignatureAlgParams 1879 1880getSignatureAlgParams() : DataBlob 1881 1882表示获取X509证书签名算法参数。 1883 1884**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1885 1886**系统能力:** SystemCapability.Security.Cert 1887 1888**返回值**: 1889 1890| 类型 | 说明 | 1891| --------------------- | ------------------------ | 1892| [DataBlob](#datablob) | 表示X509证书签名算法参数。 | 1893 1894**错误码:** 1895 1896以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1897 1898| 错误码ID | 错误信息 | 1899| -------- | ------------------------------------------------- | 1900| 801 | this operation is not supported. | 1901| 19020001 | memory error. | 1902| 19020002 | runtime error. | 1903| 19030001 | crypto operation error.| 1904 1905**示例:** 1906 1907```ts 1908import { cert } from '@kit.DeviceCertificateKit'; 1909import { BusinessError } from '@kit.BasicServicesKit'; 1910 1911// string转Uint8Array。 1912function stringToUint8Array(str: string): Uint8Array { 1913 let arr: Array<number> = []; 1914 for (let i = 0, j = str.length; i < j; i++) { 1915 arr.push(str.charCodeAt(i)); 1916 } 1917 return new Uint8Array(arr); 1918} 1919 1920// 证书二进制数据,需业务自行赋值。 1921let certData = '-----BEGIN CERTIFICATE-----\n' + 1922 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1923 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1924 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1925 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1926 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1927 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1928 'Qw==\n' + 1929 '-----END CERTIFICATE-----\n'; 1930 1931let encodingBlob: cert.EncodingBlob = { 1932 data: stringToUint8Array(certData), 1933 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1934 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1935}; 1936 1937cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1938 if (error) { 1939 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1940 } else { 1941 console.log('createX509Cert success'); 1942 try { 1943 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1944 } catch (err) { 1945 let e: BusinessError = err as BusinessError; 1946 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1947 } 1948 } 1949}); 1950``` 1951 1952### getKeyUsage 1953 1954getKeyUsage() : DataBlob 1955 1956表示获取X509证书秘钥用途。 1957 1958**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1959 1960**系统能力:** SystemCapability.Security.Cert 1961 1962**返回值**: 1963 1964| 类型 | 说明 | 1965| --------------------- | -------------------- | 1966| [DataBlob](#datablob) | 表示X509证书秘钥用途。 | 1967 1968**错误码:** 1969 1970以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1971 1972| 错误码ID | 错误信息 | 1973| -------- | ------------------------------------------------- | 1974| 19020001 | memory error. | 1975| 19030001 | crypto operation error.| 1976 1977**示例:** 1978 1979```ts 1980import { cert } from '@kit.DeviceCertificateKit'; 1981import { BusinessError } from '@kit.BasicServicesKit'; 1982 1983// string转Uint8Array。 1984function stringToUint8Array(str: string): Uint8Array { 1985 let arr: Array<number> = []; 1986 for (let i = 0, j = str.length; i < j; i++) { 1987 arr.push(str.charCodeAt(i)); 1988 } 1989 return new Uint8Array(arr); 1990} 1991 1992// 证书二进制数据,需业务自行赋值。 1993let certData = '-----BEGIN CERTIFICATE-----\n' + 1994 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1995 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1996 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1997 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1998 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1999 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2000 'Qw==\n' + 2001 '-----END CERTIFICATE-----\n'; 2002 2003let encodingBlob: cert.EncodingBlob = { 2004 data: stringToUint8Array(certData), 2005 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2006 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2007}; 2008 2009cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2010 if (error) { 2011 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2012 } else { 2013 console.log('createX509Cert success'); 2014 try { 2015 let keyUsage = x509Cert.getKeyUsage(); 2016 } catch (err) { 2017 let e: BusinessError = err as BusinessError; 2018 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2019 } 2020 } 2021}); 2022``` 2023 2024### getExtKeyUsage 2025 2026getExtKeyUsage() : DataArray 2027 2028表示获取X509证书扩展秘钥用途。 2029 2030**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2031 2032**系统能力:** SystemCapability.Security.Cert 2033 2034**返回值**: 2035 2036| 类型 | 说明 | 2037| ----------------------- | ------------------------ | 2038| [DataArray](#dataarray) | 表示X509证书扩展秘钥用途。 | 2039 2040**错误码:** 2041 2042以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2043 2044| 错误码ID | 错误信息 | 2045| -------- | ------------------------------------------------- | 2046| 19020001 | memory error. | 2047| 19020002 | runtime error. | 2048| 19030001 | crypto operation error.| 2049 2050**示例:** 2051 2052```ts 2053import { cert } from '@kit.DeviceCertificateKit'; 2054import { BusinessError } from '@kit.BasicServicesKit'; 2055 2056// string转Uint8Array。 2057function stringToUint8Array(str: string): Uint8Array { 2058 let arr: Array<number> = []; 2059 for (let i = 0, j = str.length; i < j; i++) { 2060 arr.push(str.charCodeAt(i)); 2061 } 2062 return new Uint8Array(arr); 2063} 2064 2065// 证书二进制数据,需业务自行赋值。 2066let certData = '-----BEGIN CERTIFICATE-----\n' + 2067 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2068 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2069 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2070 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2071 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2072 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2073 'Qw==\n' + 2074 '-----END CERTIFICATE-----\n'; 2075 2076let encodingBlob: cert.EncodingBlob = { 2077 data: stringToUint8Array(certData), 2078 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2079 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2080}; 2081 2082cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2083 if (error) { 2084 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2085 } else { 2086 console.log('createX509Cert success'); 2087 try { 2088 let extKeyUsage = x509Cert.getExtKeyUsage(); 2089 } catch (err) { 2090 let e: BusinessError = err as BusinessError; 2091 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2092 } 2093 } 2094}); 2095``` 2096 2097### getBasicConstraints 2098 2099getBasicConstraints() : number 2100 2101表示获取X509证书基本约束。 2102 2103**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2104 2105**系统能力:** SystemCapability.Security.Cert 2106 2107**返回值**: 2108 2109| 类型 | 说明 | 2110| ------ | -------------------- | 2111| number | 表示X509证书基本约束。 | 2112 2113**示例:** 2114 2115```ts 2116import { cert } from '@kit.DeviceCertificateKit'; 2117 2118// string转Uint8Array。 2119function stringToUint8Array(str: string): Uint8Array { 2120 let arr: Array<number> = []; 2121 for (let i = 0, j = str.length; i < j; i++) { 2122 arr.push(str.charCodeAt(i)); 2123 } 2124 return new Uint8Array(arr); 2125} 2126 2127// 证书二进制数据,需业务自行赋值。 2128let certData = '-----BEGIN CERTIFICATE-----\n' + 2129 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2130 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2131 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2132 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2133 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2134 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2135 'Qw==\n' + 2136 '-----END CERTIFICATE-----\n'; 2137 2138let encodingBlob: cert.EncodingBlob = { 2139 data: stringToUint8Array(certData), 2140 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2141 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2142}; 2143 2144cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2145 if (error) { 2146 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2147 } else { 2148 console.log('createX509Cert success'); 2149 let basicConstraints = x509Cert.getBasicConstraints(); 2150 } 2151}); 2152``` 2153 2154### getSubjectAltNames 2155 2156getSubjectAltNames() : DataArray 2157 2158表示获取X509证书主体可选名称。 2159 2160> **说明:** 2161> 2162> 获取到的X509证书主体可选名称数据带字符串结束符。 2163 2164**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2165 2166**系统能力:** SystemCapability.Security.Cert 2167 2168**返回值**: 2169 2170| 类型 | 说明 | 2171| ----------------------- | ------------------------ | 2172| [DataArray](#dataarray) | 表示X509证书主体可选名称。 | 2173 2174**错误码:** 2175 2176以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2177 2178| 错误码ID | 错误信息 | 2179| -------- | ------------------------------------------------- | 2180| 19020001 | memory error. | 2181| 19020002 | runtime error. | 2182| 19030001 | crypto operation error.| 2183 2184**示例:** 2185 2186```ts 2187import { cert } from '@kit.DeviceCertificateKit'; 2188import { BusinessError } from '@kit.BasicServicesKit'; 2189 2190// string转Uint8Array。 2191function stringToUint8Array(str: string): Uint8Array { 2192 let arr: Array<number> = []; 2193 for (let i = 0, j = str.length; i < j; i++) { 2194 arr.push(str.charCodeAt(i)); 2195 } 2196 return new Uint8Array(arr); 2197} 2198 2199// 证书二进制数据,需业务自行赋值。 2200let certData = '-----BEGIN CERTIFICATE-----\n' + 2201 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2202 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2203 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2204 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2205 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2206 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2207 'Qw==\n' + 2208 '-----END CERTIFICATE-----\n'; 2209 2210let encodingBlob: cert.EncodingBlob = { 2211 data: stringToUint8Array(certData), 2212 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2213 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2214}; 2215 2216cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2217 if (error) { 2218 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2219 } else { 2220 console.log('createX509Cert success'); 2221 try { 2222 let subjectAltNames = x509Cert.getSubjectAltNames(); 2223 } catch (err) { 2224 let e: BusinessError = err as BusinessError; 2225 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2226 } 2227 } 2228}); 2229``` 2230 2231### getIssuerAltNames 2232 2233getIssuerAltNames() : DataArray 2234 2235表示获取X509证书颁发者可选名称。 2236 2237> **说明:** 2238> 2239> 获取到的X509证书颁发者可选名称数据带字符串结束符。 2240 2241**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2242 2243**系统能力:** SystemCapability.Security.Cert 2244 2245**返回值**: 2246 2247| 类型 | 说明 | 2248| ----------------------- | -------------------------- | 2249| [DataArray](#dataarray) | 表示X509证书颁发者可选名称。 | 2250 2251**错误码:** 2252 2253以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2254 2255| 错误码ID | 错误信息 | 2256| -------- | ------------------------------------------------- | 2257| 19020001 | memory error. | 2258| 19020002 | runtime error. | 2259| 19030001 | crypto operation error.| 2260 2261**示例:** 2262 2263```ts 2264import { cert } from '@kit.DeviceCertificateKit'; 2265import { BusinessError } from '@kit.BasicServicesKit'; 2266 2267// string转Uint8Array。 2268function stringToUint8Array(str: string): Uint8Array { 2269 let arr: Array<number> = []; 2270 for (let i = 0, j = str.length; i < j; i++) { 2271 arr.push(str.charCodeAt(i)); 2272 } 2273 return new Uint8Array(arr); 2274} 2275 2276// 证书二进制数据,需业务自行赋值。 2277let certData = '-----BEGIN CERTIFICATE-----\n' + 2278 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2279 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2280 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2281 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2282 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2283 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2284 'Qw==\n' + 2285 '-----END CERTIFICATE-----\n'; 2286 2287let encodingBlob: cert.EncodingBlob = { 2288 data: stringToUint8Array(certData), 2289 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2290 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2291}; 2292 2293cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2294 if (error) { 2295 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2296 } else { 2297 console.log('createX509Cert success'); 2298 try { 2299 let issuerAltNames = x509Cert.getIssuerAltNames(); 2300 } catch (err) { 2301 let e: BusinessError = err as BusinessError; 2302 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2303 } 2304 } 2305}); 2306``` 2307 2308### getItem<sup>10+</sup> 2309 2310getItem(itemType: CertItemType) : DataBlob 2311 2312表示获取X509证书对应的字段。 2313 2314**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2315 2316**系统能力:** SystemCapability.Security.Cert 2317 2318**参数**: 2319 2320| 参数名 | 类型 | 必填 | 说明 | 2321| --------- | ------ | ---- | ------------------------------------------ | 2322| itemType | [CertItemType](#certitemtype10) | 是 | 表示需要获取的证书字段。 | 2323 2324**返回值**: 2325 2326| 类型 | 说明 | 2327| --------------------- | ----------------------------------------- | 2328| [DataBlob](#datablob) | 表示X509证书对应的字段,返回值为DER格式。 | 2329 2330**错误码:** 2331 2332以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2333 2334| 错误码ID | 错误信息 | 2335| -------- | ----------------------- | 2336| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2337| 19020001 | memory error. | 2338| 19020002 | runtime error. | 2339| 19030001 | crypto operation error. | 2340 2341**示例:** 2342 2343```ts 2344import { cert } from '@kit.DeviceCertificateKit'; 2345import { BusinessError } from '@kit.BasicServicesKit'; 2346 2347// string转Uint8Array。 2348function stringToUint8Array(str: string): Uint8Array { 2349 let arr: Array<number> = []; 2350 for (let i = 0, j = str.length; i < j; i++) { 2351 arr.push(str.charCodeAt(i)); 2352 } 2353 return new Uint8Array(arr); 2354} 2355 2356// 证书二进制数据,需业务自行赋值。 2357let certData = '-----BEGIN CERTIFICATE-----\n' + 2358 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2359 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2360 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2361 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2362 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2363 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2364 'Qw==\n' + 2365 '-----END CERTIFICATE-----\n'; 2366 2367let encodingBlob: cert.EncodingBlob = { 2368 data: stringToUint8Array(certData), 2369 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2370 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2371}; 2372 2373cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2374 if (error) { 2375 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2376 } else { 2377 console.log('createX509Cert success'); 2378 try { 2379 let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); 2380 let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 2381 } catch (err) { 2382 let e: BusinessError = err as BusinessError; 2383 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2384 } 2385 } 2386}); 2387``` 2388### match<sup>11+</sup> 2389 2390match(param: X509CertMatchParameters): boolean 2391 2392判断证书是否与输入参数匹配。 2393 2394**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2395 2396**系统能力:** SystemCapability.Security.Cert 2397 2398**参数**: 2399 2400| 参数名 | 类型 | 必填 | 说明 | 2401| --------- | ------ | ---- | ------------------------------------------ | 2402| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示需要匹配的参数。 | 2403 2404**返回值**: 2405 2406| 类型 | 说明 | 2407| --------------------- | ----------------------------------------- | 2408| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 2409 2410**错误码:** 2411 2412以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2413 2414| 错误码ID | 错误信息 | 2415| -------- | ------------- | 2416| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2417| 19020001 | memory error. | 2418| 19030001 | crypto operation error. | 2419 2420**示例:** 2421 2422```ts 2423import { cert } from '@kit.DeviceCertificateKit'; 2424import { BusinessError } from '@kit.BasicServicesKit'; 2425 2426// string转Uint8Array。 2427function stringToUint8Array(str: string): Uint8Array { 2428 let arr: Array<number> = []; 2429 for (let i = 0, j = str.length; i < j; i++) { 2430 arr.push(str.charCodeAt(i)); 2431 } 2432 return new Uint8Array(arr); 2433} 2434 2435async function createX509Cert(): Promise<cert.X509Cert> { 2436 let certData = '-----BEGIN CERTIFICATE-----\n' + 2437 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 2438 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 2439 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 2440 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + 2441 '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 2442 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 2443 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 2444 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 2445 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 2446 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 2447 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 2448 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 2449 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 2450 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 2451 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 2452 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 2453 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 2454 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + 2455 '-----END CERTIFICATE-----\n'; 2456 2457 let encodingBlob: cert.EncodingBlob = { 2458 data: stringToUint8Array(certData), 2459 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2460 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2461 }; 2462 2463 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2464 try { 2465 x509Cert = await cert.createX509Cert(encodingBlob); 2466 } catch (err) { 2467 let e: BusinessError = err as BusinessError; 2468 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2469 } 2470 return x509Cert; 2471} 2472 2473async function matchX509Cert() { 2474 const x509Cert = await createX509Cert(); 2475 try { 2476 // 需业务自行赋值。 2477 const param: cert.X509CertMatchParameters = { 2478 x509Cert, 2479 validDate: '20241121074700Z', 2480 keyUsage: [true, false, false, false, false, false, false, false, false], 2481 publicKeyAlgID: '1.2.840.113549.1.1.1' 2482 }; 2483 const result = x509Cert.match(param); 2484 console.log('call x509Cert match success'); 2485 } catch (err) { 2486 console.error('call x509Cert match failed'); 2487 } 2488} 2489``` 2490 2491### getCRLDistributionPoint<sup>12+</sup> 2492 2493getCRLDistributionPoint(): DataArray 2494 2495获取X509证书CRL的分发点统一资源标识符。 2496 2497**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2498 2499**系统能力:** SystemCapability.Security.Cert 2500 2501**返回值**: 2502 2503| 类型 | 说明 | 2504| ----------------------- | -------------------------- | 2505| [DataArray](#dataarray) | 表示X509证书CRL的分发点统一资源标识符。 | 2506 2507**错误码:** 2508 2509以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2510 2511| 错误码ID | 错误信息 | 2512| -------- | ------------- | 2513| 19020001 | memory error. | 2514| 19020002 | runtime error. | 2515| 19030001 | crypto operation error. | 2516 2517**示例:** 2518 2519```ts 2520import { cert } from '@kit.DeviceCertificateKit'; 2521import { BusinessError } from '@kit.BasicServicesKit'; 2522 2523// string转Uint8Array。 2524function stringToUint8Array(str: string): Uint8Array { 2525 let arr: Array<number> = []; 2526 for (let i = 0, j = str.length; i < j; i++) { 2527 arr.push(str.charCodeAt(i)); 2528 } 2529 return new Uint8Array(arr); 2530} 2531 2532let certData = "-----BEGIN CERTIFICATE-----\n" + 2533 "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + 2534 "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + 2535 "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + 2536 "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + 2537 "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + 2538 "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + 2539 "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + 2540 "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + 2541 "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + 2542 "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + 2543 "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + 2544 "-----END CERTIFICATE-----\n"; 2545 2546 // 证书二进制数据,需业务自行赋值。 2547let encodingBlob: cert.EncodingBlob = { 2548 data: stringToUint8Array(certData), 2549 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2550 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2551}; 2552 2553async function certGetCRLDistributionPoint() { 2554 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2555 try { 2556 x509Cert = await cert.createX509Cert(encodingBlob); 2557 console.log('createX509Cert success'); 2558 let point = x509Cert.getCRLDistributionPoint(); 2559 } catch (err) { 2560 let e: BusinessError = err as BusinessError; 2561 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2562 } 2563} 2564``` 2565 2566### getIssuerX500DistinguishedName<sup>12+</sup> 2567 2568getIssuerX500DistinguishedName(): X500DistinguishedName 2569 2570获取颁发者的X509可分辨名称。 2571 2572**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2573 2574**系统能力:** SystemCapability.Security.Cert 2575 2576**返回值**: 2577 2578| 类型 | 说明 | 2579| --------------------- | ----------------------------------------- | 2580| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2581 2582**错误码:** 2583 2584以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2585 2586| 错误码ID | 错误信息 | 2587| -------- | ------------- | 2588| 19020001 | memory error. | 2589| 19020002 | runtime error. | 2590| 19030001 | crypto operation error. | 2591 2592**示例:** 2593 2594```ts 2595import { cert } from '@kit.DeviceCertificateKit'; 2596import { BusinessError } from '@kit.BasicServicesKit'; 2597 2598// string转Uint8Array。 2599function stringToUint8Array(str: string): Uint8Array { 2600 let arr: Array<number> = []; 2601 for (let i = 0, j = str.length; i < j; i++) { 2602 arr.push(str.charCodeAt(i)); 2603 } 2604 return new Uint8Array(arr); 2605} 2606 2607let certData = "-----BEGIN CERTIFICATE-----\n" + 2608 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2609 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2610 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2611 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2612 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2613 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2614 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2615 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2616 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2617 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2618 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2619 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2620 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2621 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2622 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2623 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2624 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2625 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2626 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2627 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2628 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2629 "-----END CERTIFICATE-----\n" 2630 2631 // 证书二进制数据,需业务自行赋值。 2632 let encodingBlob: cert.EncodingBlob = { 2633 data: stringToUint8Array(certData), 2634 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2635 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2636 }; 2637 2638async function certGetIssuerX500DistinguishedName() { 2639 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2640 try { 2641 x509Cert = await cert.createX509Cert(encodingBlob); 2642 console.log('createX509Cert success'); 2643 let name = x509Cert.getIssuerX500DistinguishedName(); 2644 } catch (err) { 2645 let e: BusinessError = err as BusinessError; 2646 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2647 } 2648} 2649``` 2650 2651### getSubjectX500DistinguishedName<sup>12+</sup> 2652 2653getSubjectX500DistinguishedName(): X500DistinguishedName 2654 2655获取证书主题的X509可分辨名称。 2656 2657**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2658 2659**系统能力:** SystemCapability.Security.Cert 2660 2661**返回值**: 2662 2663| 类型 | 说明 | 2664| --------------------- | ----------------------------------------- | 2665| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2666 2667**错误码:** 2668 2669以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2670 2671| 错误码ID | 错误信息 | 2672| -------- | ------------- | 2673| 19020001 | memory error. | 2674| 19020002 | runtime error. | 2675| 19030001 | crypto operation error. | 2676 2677**示例:** 2678 2679```ts 2680import { cert } from '@kit.DeviceCertificateKit'; 2681import { BusinessError } from '@kit.BasicServicesKit'; 2682 2683// string转Uint8Array。 2684function stringToUint8Array(str: string): Uint8Array { 2685 let arr: Array<number> = []; 2686 for (let i = 0, j = str.length; i < j; i++) { 2687 arr.push(str.charCodeAt(i)); 2688 } 2689 return new Uint8Array(arr); 2690} 2691 2692let certData = "-----BEGIN CERTIFICATE-----\n" + 2693 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2694 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2695 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2696 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2697 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2698 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2699 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2700 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2701 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2702 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2703 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2704 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2705 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2706 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2707 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2708 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2709 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2710 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2711 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2712 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2713 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2714 "-----END CERTIFICATE-----\n" 2715 2716 // 证书二进制数据,需业务自行赋值。 2717 let encodingBlob: cert.EncodingBlob = { 2718 data: stringToUint8Array(certData), 2719 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2720 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2721 }; 2722 2723async function certGetSubjectX500DistinguishedName() { 2724 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2725 try { 2726 x509Cert = await cert.createX509Cert(encodingBlob); 2727 console.log('createX509Cert success'); 2728 let name = x509Cert.getSubjectX500DistinguishedName(); 2729 } catch (err) { 2730 let e: BusinessError = err as BusinessError; 2731 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2732 } 2733} 2734``` 2735 2736### toString<sup>12+</sup> 2737 2738toString(): string 2739 2740获取对象的字符串类型数据。 2741 2742**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2743 2744**系统能力:** SystemCapability.Security.Cert 2745 2746**返回值**: 2747 2748| 类型 | 说明 | 2749| --------------------- | ----------------------------------------- | 2750| string | 对象的字符串类型数据。| 2751 2752**错误码:** 2753 2754以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2755 2756| 错误码ID | 错误信息 | 2757| -------- | ------------- | 2758| 19020001 | memory error. | 2759| 19020002 | runtime error. | 2760| 19030001 | crypto operation error. | 2761 2762**示例:** 2763 2764```ts 2765import { cert } from '@kit.DeviceCertificateKit'; 2766import { BusinessError } from '@kit.BasicServicesKit'; 2767 2768// string转Uint8Array。 2769function stringToUint8Array(str: string): Uint8Array { 2770 let arr: Array<number> = []; 2771 for (let i = 0, j = str.length; i < j; i++) { 2772 arr.push(str.charCodeAt(i)); 2773 } 2774 return new Uint8Array(arr); 2775} 2776 2777let certData = "-----BEGIN CERTIFICATE-----\n" + 2778 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2779 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2780 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2781 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2782 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2783 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2784 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2785 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2786 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2787 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2788 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2789 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2790 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2791 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2792 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2793 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2794 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2795 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2796 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2797 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2798 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2799 "-----END CERTIFICATE-----\n" 2800 2801 // 证书二进制数据,需业务自行赋值。 2802 let encodingBlob: cert.EncodingBlob = { 2803 data: stringToUint8Array(certData), 2804 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2805 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2806 }; 2807 2808async function certToString() { 2809 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2810 try { 2811 x509Cert = await cert.createX509Cert(encodingBlob); 2812 console.log('createX509Cert success'); 2813 console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); 2814 } catch (err) { 2815 let e: BusinessError = err as BusinessError; 2816 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2817 } 2818} 2819``` 2820 2821### hashCode<sup>12+</sup> 2822 2823hashCode(): Uint8Array 2824 2825获取DER格式数据的哈希值。 2826 2827**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2828 2829**系统能力:** SystemCapability.Security.Cert 2830 2831**返回值**: 2832 2833| 类型 | 说明 | 2834| --------------------- | ----------------------------------------- | 2835| Uint8Array | DER格式数据的哈希值。| 2836 2837**错误码:** 2838 2839以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2840 2841| 错误码ID | 错误信息 | 2842| -------- | ------------- | 2843| 19020001 | memory error. | 2844| 19020002 | runtime error. | 2845| 19030001 | crypto operation error. | 2846 2847**示例:** 2848 2849```ts 2850import { cert } from '@kit.DeviceCertificateKit'; 2851import { BusinessError } from '@kit.BasicServicesKit'; 2852 2853// string转Uint8Array。 2854function stringToUint8Array(str: string): Uint8Array { 2855 let arr: Array<number> = []; 2856 for (let i = 0, j = str.length; i < j; i++) { 2857 arr.push(str.charCodeAt(i)); 2858 } 2859 return new Uint8Array(arr); 2860} 2861 2862let certData = "-----BEGIN CERTIFICATE-----\n" + 2863 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2864 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2865 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2866 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2867 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2868 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2869 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2870 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2871 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2872 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2873 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2874 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2875 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2876 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2877 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2878 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2879 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2880 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2881 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2882 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2883 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2884 "-----END CERTIFICATE-----\n" 2885 2886 // 证书二进制数据,需业务自行赋值。 2887 let encodingBlob: cert.EncodingBlob = { 2888 data: stringToUint8Array(certData), 2889 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2890 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2891 }; 2892 2893async function certHashCode() { 2894 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2895 try { 2896 x509Cert = await cert.createX509Cert(encodingBlob); 2897 console.log('createX509Cert success'); 2898 console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); 2899 } catch (err) { 2900 let e: BusinessError = err as BusinessError; 2901 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2902 } 2903} 2904``` 2905 2906### getExtensionsObject<sup>12+</sup> 2907 2908getExtensionsObject(): CertExtension 2909 2910获取对应实体的扩展域DER格式数据。 2911 2912**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2913 2914**系统能力:** SystemCapability.Security.Cert 2915 2916**返回值**: 2917 2918| 类型 | 说明 | 2919| --------------------- | ----------------------------------------- | 2920| [CertExtension](#certextension10) | 证书扩展域段类对象。| 2921 2922**错误码:** 2923 2924以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2925 2926| 错误码ID | 错误信息 | 2927| -------- | ------------- | 2928| 19020001 | memory error. | 2929| 19020002 | runtime error. | 2930| 19030001 | crypto operation error. | 2931 2932**示例:** 2933 2934```ts 2935import { cert } from '@kit.DeviceCertificateKit'; 2936import { BusinessError } from '@kit.BasicServicesKit'; 2937 2938// string转Uint8Array。 2939function stringToUint8Array(str: string): Uint8Array { 2940 let arr: Array<number> = []; 2941 for (let i = 0, j = str.length; i < j; i++) { 2942 arr.push(str.charCodeAt(i)); 2943 } 2944 return new Uint8Array(arr); 2945} 2946 2947let certData = "-----BEGIN CERTIFICATE-----\n" + 2948 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2949 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2950 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2951 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2952 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2953 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2954 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2955 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2956 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2957 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2958 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2959 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2960 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2961 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2962 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2963 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2964 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2965 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2966 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2967 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2968 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2969 "-----END CERTIFICATE-----\n" 2970 2971 // 证书二进制数据,需业务自行赋值。 2972 let encodingBlob: cert.EncodingBlob = { 2973 data: stringToUint8Array(certData), 2974 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2975 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2976 }; 2977 2978async function certGetExtensionsObject() { 2979 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2980 try { 2981 x509Cert = await cert.createX509Cert(encodingBlob); 2982 console.log('createX509Cert success'); 2983 let object = x509Cert.getExtensionsObject(); 2984 } catch (err) { 2985 let e: BusinessError = err as BusinessError; 2986 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2987 } 2988} 2989``` 2990 2991## cert.createCertExtension<sup>10+</sup> 2992 2993createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 2994 2995表示创建证书扩展域段的对象,使用Callback回调异步返回结果。 2996 2997**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2998 2999**系统能力:** SystemCapability.Security.Cert 3000 3001**参数**: 3002 3003| 参数名 | 类型 | 必填 | 说明 | 3004| -------- | ------------------------------------------------- | ---- | -------------------------- | 3005| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据。 | 3006| callback | AsyncCallback\<[CertExtension](#certextension10)> | 是 | 回调函数,表示扩展域段对象。 | 3007 3008**错误码:** 3009 3010以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3011 3012| 错误码ID | 错误信息 | 3013| -------- | ------------- | 3014| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3015| 801 | this operation is not supported. | 3016| 19020001 | memory error. | 3017| 19030001 | crypto operation error. | 3018 3019**示例:** 3020 3021```ts 3022import { cert } from '@kit.DeviceCertificateKit'; 3023 3024// 证书扩展域段二进制数据,需业务自行赋值。 3025let extData = new Uint8Array([ 3026 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3027 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3028 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3029 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3030 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3031 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3032 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3033 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3034 0xD9, 0xE4 3035]); 3036 3037let encodingBlob: cert.EncodingBlob = { 3038 data: extData, 3039 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3040 encodingFormat: cert.EncodingFormat.FORMAT_DER 3041}; 3042 3043cert.createCertExtension(encodingBlob, (error, certExt) => { 3044 if (error) { 3045 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3046 } else { 3047 console.log('createCertExtension success'); 3048 } 3049}); 3050``` 3051 3052## cert.createCertExtension<sup>10+</sup> 3053 3054createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 3055 3056表示创建证书扩展域段的对象,使用Promise方式异步返回结果。 3057 3058**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3059 3060**系统能力:** SystemCapability.Security.Cert 3061 3062**参数**: 3063 3064| 参数名 | 类型 | 必填 | 说明 | 3065| -------- | ----------------------------- | ---- | -------------------------- | 3066| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据。 | 3067 3068**返回值**: 3069 3070| 类型 | 说明 | 3071| ------------------------------------------- | -------------------- | 3072| Promise\<[CertExtension](#certextension10)> | 表示证书扩展域段对象。 | 3073 3074**错误码:** 3075 3076以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3077 3078| 错误码ID | 错误信息 | 3079| -------- | ------------- | 3080| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3081| 801 | this operation is not supported. | 3082| 19020001 | memory error. | 3083| 19030001 | crypto operation error. | 3084 3085**示例:** 3086 3087```ts 3088import { cert } from '@kit.DeviceCertificateKit'; 3089import { BusinessError } from '@kit.BasicServicesKit'; 3090 3091// 证书扩展域段二进制数据,需业务自行赋值。 3092let extData = new Uint8Array([ 3093 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3094 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3095 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3096 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3097 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3098 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3099 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3100 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3101 0xD9, 0xE4 3102]); 3103 3104let encodingBlob: cert.EncodingBlob = { 3105 data: extData, 3106 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3107 encodingFormat: cert.EncodingFormat.FORMAT_DER 3108}; 3109 3110cert.createCertExtension(encodingBlob).then(certExt => { 3111 console.log('createCertExtension success'); 3112}).catch((error: BusinessError) => { 3113 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3114}); 3115``` 3116 3117## CertExtension<sup>10+</sup> 3118 3119证书扩展域段类。 3120 3121### getEncoded<sup>10+</sup> 3122 3123getEncoded() : EncodingBlob 3124 3125表示获取证书扩展域段序列化数据。 3126 3127**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3128 3129**系统能力:** SystemCapability.Security.Cert 3130 3131**返回值**: 3132 3133| 类型 | 说明 | 3134| ----------------------------- | ---------------------------- | 3135| [EncodingBlob](#encodingblob) | 表示证书扩展域段序列化数据。 | 3136 3137**错误码:** 3138 3139以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3140 3141| 错误码ID | 错误信息 | 3142| -------- | ----------------------- | 3143| 19020001 | memory error. | 3144| 19020002 | runtime error. | 3145| 19030001 | crypto operation error. | 3146 3147**示例:** 3148 3149```ts 3150import { cert } from '@kit.DeviceCertificateKit'; 3151import { BusinessError } from '@kit.BasicServicesKit'; 3152 3153// 证书扩展域段二进制数据,需业务自行赋值。 3154let extData = new Uint8Array([ 3155 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3156 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3157 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3158 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3159 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3160 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3161 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3162 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3163 0xD9, 0xE4 3164]); 3165 3166let encodingBlob: cert.EncodingBlob = { 3167 data: extData, 3168 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3169 encodingFormat: cert.EncodingFormat.FORMAT_DER 3170}; 3171 3172cert.createCertExtension(encodingBlob, (error, certExt) => { 3173 if (error) { 3174 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3175 } else { 3176 console.log('createCertExtension success'); 3177 try { 3178 let extEncodedBlob = certExt.getEncoded(); 3179 } catch (err) { 3180 let e: BusinessError = err as BusinessError; 3181 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3182 } 3183 } 3184}); 3185``` 3186 3187### getOidList<sup>10+</sup> 3188 3189getOidList(valueType : ExtensionOidType) : DataArray 3190 3191表示获取证书扩展域段对象标识符列表。 3192 3193**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3194 3195**系统能力:** SystemCapability.Security.Cert 3196 3197**参数**: 3198 3199| 参数名 | 类型 | 必填 | 说明 | 3200| --------- | ------------------------------------- | ---- | ------------------------------ | 3201| valueType | [ExtensionOidType](#extensionoidtype10) | 是 | 表示证书扩展域段对象标识符类型。 | 3202 3203**返回值**: 3204 3205| 类型 | 说明 | 3206| ----------------------- | -------------------------------- | 3207| [DataArray](#dataarray) | 表示证书扩展域段对象标识符列表。 | 3208 3209**错误码:** 3210 3211以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3212 3213| 错误码ID | 错误信息 | 3214| -------- | ----------------------- | 3215| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3216| 19020001 | memory error. | 3217| 19020002 | runtime error. | 3218| 19030001 | crypto operation error. | 3219 3220**示例:** 3221 3222```ts 3223import { cert } from '@kit.DeviceCertificateKit'; 3224import { BusinessError } from '@kit.BasicServicesKit'; 3225 3226// 证书扩展域段二进制数据,需业务自行赋值。 3227let extData = new Uint8Array([ 3228 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3229 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3230 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3231 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3232 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3233 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3234 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3235 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3236 0xD9, 0xE4 3237]); 3238 3239let encodingBlob: cert.EncodingBlob = { 3240 data: extData, 3241 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3242 encodingFormat: cert.EncodingFormat.FORMAT_DER 3243}; 3244 3245cert.createCertExtension(encodingBlob, (error, certExt) => { 3246 if (error) { 3247 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3248 } else { 3249 console.log('createCertExtension success'); 3250 try { 3251 let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 3252 } catch (err) { 3253 let e: BusinessError = err as BusinessError; 3254 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3255 } 3256 } 3257}); 3258``` 3259 3260### getEntry<sup>10+</sup> 3261 3262getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 3263 3264表示获取证书扩展域段对象信息。 3265 3266**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3267 3268**系统能力:** SystemCapability.Security.Cert 3269 3270**参数**: 3271 3272| 参数名 | 类型 | 必填 | 说明 | 3273| --------- | ----------------------------------------- | ---- | -------------------------------- | 3274| valueType | [ExtensionEntryType](#extensionentrytype10) | 是 | 表示证书扩展域段获取的类型。 | 3275| oid | [DataBlob](#datablob) | 是 | 表示证书扩展域段获取的对象标识符。 | 3276 3277**返回值**: 3278 3279| 类型 | 说明 | 3280| --------------------- | ---------------------------- | 3281| [DataBlob](#datablob) | 表示证书扩展域段对象的数据。 | 3282 3283**错误码:** 3284 3285以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3286 3287| 错误码ID | 错误信息 | 3288| -------- | ----------------------- | 3289| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3290| 19020001 | memory error. | 3291| 19020002 | runtime error. | 3292| 19030001 | crypto operation error. | 3293 3294**示例:** 3295 3296```ts 3297import { cert } from '@kit.DeviceCertificateKit'; 3298import { BusinessError } from '@kit.BasicServicesKit'; 3299 3300// 证书扩展域段二进制数据,需业务自行赋值。 3301let extData = new Uint8Array([ 3302 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3303 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3304 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3305 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3306 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3307 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3308 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3309 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3310 0xD9, 0xE4 3311]); 3312 3313let encodingBlob: cert.EncodingBlob = { 3314 data: extData, 3315 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3316 encodingFormat: cert.EncodingFormat.FORMAT_DER 3317}; 3318 3319cert.createCertExtension(encodingBlob, (error, certExt) => { 3320 if (error) { 3321 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3322 } else { 3323 console.log('createCertExtension success'); 3324 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 3325 let oidBlob: cert.DataBlob = { 3326 data: oid 3327 } 3328 try { 3329 let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 3330 } catch (err) { 3331 let e: BusinessError = err as BusinessError; 3332 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3333 } 3334 } 3335}); 3336``` 3337 3338 3339### checkCA<sup>10+</sup> 3340 3341checkCA() : number 3342 3343表示校验证书是否为CA证书。 3344 3345**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3346 3347**系统能力:** SystemCapability.Security.Cert 3348 3349**返回值**: 3350 3351| 类型 | 说明 | 3352| ------ | ------------------------------------------------------------ | 3353| number | 当证书扩展域段中密钥用途包含签名用途,并且基本约束中cA字段为true时,表示证书为CA证书。如果不是CA,则返回-1;否则返回基本约束中的路径长度。如果证书是CA证书,但是基本约束中未给定路径长度,则返回-2,表示无路径长度限制。 | 3354 3355**错误码:** 3356 3357以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3358 3359| 错误码ID | 错误信息 | 3360| -------- | ----------------------- | 3361| 19020001 | memory error. | 3362| 19020002 | runtime error. | 3363| 19030001 | crypto operation error. | 3364 3365**示例:** 3366 3367```ts 3368import { cert } from '@kit.DeviceCertificateKit'; 3369import { BusinessError } from '@kit.BasicServicesKit'; 3370 3371// 证书扩展域段二进制数据,需业务自行赋值。 3372let extData = new Uint8Array([ 3373 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3374 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3375 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3376 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3377 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3378 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3379 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3380 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3381 0xD9, 0xE4 3382]); 3383 3384let encodingBlob: cert.EncodingBlob = { 3385 data: extData, 3386 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3387 encodingFormat: cert.EncodingFormat.FORMAT_DER 3388}; 3389cert.createCertExtension(encodingBlob, (error, certExt) => { 3390 if (error) { 3391 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3392 } else { 3393 console.log('createCertExtension success'); 3394 try { 3395 let res = certExt.checkCA(); 3396 } catch (err) { 3397 let e: BusinessError = err as BusinessError; 3398 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3399 } 3400 } 3401}); 3402``` 3403 3404### hasUnsupportedCriticalExtension<sup>11+</sup> 3405 3406hasUnsupportedCriticalExtension(): boolean 3407 3408判断是否存在不支持的关键扩展。 3409 3410**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3411 3412**系统能力:** SystemCapability.Security.Cert 3413 3414**返回值**: 3415 3416| 类型 | 说明 | 3417| ------- | ------------------------------------------------------- | 3418| boolean | 当存在不支持的关键扩展时,该方法返回true,否则返回false。 | 3419 3420**错误码:** 3421 3422以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3423 3424| 错误码ID | 错误信息 | 3425| -------- | ----------------------- | 3426| 19020001 | memory error. | 3427| 19020002 | runtime error. | 3428| 19030001 | crypto operation error. | 3429 3430**示例:** 3431 3432```ts 3433import { cert } from '@kit.DeviceCertificateKit'; 3434import { BusinessError } from '@kit.BasicServicesKit'; 3435 3436let encodingData = new Uint8Array([ 3437 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3438 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3439 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3440 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3441 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3442 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3443 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3444 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3445 0xD9, 0xE4 3446]); 3447let encodingBlob: cert.EncodingBlob = { 3448 data: new Uint8Array(encodingData), 3449 encodingFormat: cert.EncodingFormat.FORMAT_DER 3450}; 3451 3452cert.createCertExtension(encodingBlob).then((extensionObj) => { 3453 console.log('createCertExtension success!'); 3454 const result = extensionObj.hasUnsupportedCriticalExtension() 3455 console.log('has unsupported critical extension result is:' + result); 3456}).catch((err: BusinessError) => { 3457 console.error('createCertExtension failed'); 3458}); 3459``` 3460 3461## cert.createX509Crl<sup>(deprecated)</sup> 3462 3463createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 3464 3465表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3466 3467> **说明:** 3468> 3469> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11)替代。 3470 3471**系统能力:** SystemCapability.Security.Cert 3472 3473**参数**: 3474 3475| 参数名 | 类型 | 必填 | 说明 | 3476| -------- | ----------------------------------- | ---- | ------------------------------ | 3477| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3478| callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | 是 | 回调函数,表示证书吊销列表对象。 | 3479 3480**错误码:** 3481 3482以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3483 3484| 错误码ID | 错误信息 | 3485| -------- | ------------- | 3486| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3487| 801 | this operation is not supported. | 3488| 19020001 | memory error. | 3489 3490**示例:** 3491 3492```ts 3493import { cert } from '@kit.DeviceCertificateKit'; 3494 3495// string转Uint8Array。 3496function stringToUint8Array(str: string): Uint8Array { 3497 let arr: Array<number> = []; 3498 for (let i = 0, j = str.length; i < j; i++) { 3499 arr.push(str.charCodeAt(i)); 3500 } 3501 return new Uint8Array(arr); 3502} 3503 3504let crlData = '-----BEGIN X509 CRL-----\n' + 3505 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3506 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3507 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3508 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3509 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3510 'eavsH0Q3\n' + 3511 '-----END X509 CRL-----\n'; 3512 3513// 证书吊销列表二进制数据,需业务自行赋值。 3514let encodingBlob: cert.EncodingBlob = { 3515 data: stringToUint8Array(crlData), 3516 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3517 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3518}; 3519 3520cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3521 if (error) { 3522 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3523 } else { 3524 console.log('createX509Crl success'); 3525 } 3526}); 3527``` 3528 3529## cert.createX509Crl<sup>(deprecated)</sup> 3530 3531createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 3532 3533表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3534 3535> **说明:** 3536> 3537> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11-1)替代。 3538 3539**系统能力:** SystemCapability.Security.Cert 3540 3541**参数**: 3542 3543| 参数名 | 类型 | 必填 | 说明 | 3544| -------- | ----------------------------- | ---- | -------------------------- | 3545| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3546 3547**返回值**: 3548 3549| 类型 | 说明 | 3550| ----------------------------- | -------------------- | 3551| Promise\<[X509Crl](#x509crldeprecated)> | 表示证书吊销列表对象。 | 3552 3553**错误码:** 3554 3555以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3556 3557| 错误码ID | 错误信息 | 3558| -------- | ------------- | 3559| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3560| 801 | this operation is not supported. | 3561| 19020001 | memory error. | 3562 3563**示例:** 3564 3565```ts 3566import { cert } from '@kit.DeviceCertificateKit'; 3567import { BusinessError } from '@kit.BasicServicesKit'; 3568 3569// string转Uint8Array。 3570function stringToUint8Array(str: string): Uint8Array { 3571 let arr: Array<number> = []; 3572 for (let i = 0, j = str.length; i < j; i++) { 3573 arr.push(str.charCodeAt(i)); 3574 } 3575 return new Uint8Array(arr); 3576} 3577 3578let crlData = '-----BEGIN X509 CRL-----\n' + 3579 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3580 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3581 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3582 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3583 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3584 'eavsH0Q3\n' + 3585 '-----END X509 CRL-----\n'; 3586 3587// 证书吊销列表二进制数据,需业务自行赋值。 3588let encodingBlob: cert.EncodingBlob = { 3589 data: stringToUint8Array(crlData), 3590 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3591 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3592}; 3593 3594cert.createX509Crl(encodingBlob).then(x509Crl => { 3595 console.log('createX509Crl success'); 3596}).catch((error: BusinessError) => { 3597 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3598}); 3599``` 3600 3601## cert.createX509CRL<sup>11+</sup> 3602 3603createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 3604 3605表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3606 3607**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3608 3609**系统能力:** SystemCapability.Security.Cert 3610 3611**参数**: 3612 3613| 参数名 | 类型 | 必填 | 说明 | 3614| -------- | ------------------------------------- | ---- | ------------------------------ | 3615| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。当前支持的数据长度不超过8192字节。 | 3616| callback | AsyncCallback\<[X509CRL](#x509crl11)> | 是 | 回调函数,表示证书吊销列表对象。 | 3617 3618**错误码:** 3619 3620以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3621 3622| 错误码ID | 错误信息 | 3623| -------- | ------------- | 3624| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3625| 801 | this operation is not supported. | 3626| 19020001 | memory error. | 3627 3628**示例:** 3629 3630```ts 3631import { cert } from '@kit.DeviceCertificateKit'; 3632 3633// string转Uint8Array。 3634function stringToUint8Array(str: string): Uint8Array { 3635 let arr: Array<number> = []; 3636 for (let i = 0, j = str.length; i < j; i++) { 3637 arr.push(str.charCodeAt(i)); 3638 } 3639 return new Uint8Array(arr); 3640} 3641 3642let crlData = '-----BEGIN X509 CRL-----\n' + 3643 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3644 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3645 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3646 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3647 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3648 'eavsH0Q3\n' + 3649 '-----END X509 CRL-----\n'; 3650 3651// 证书吊销列表二进制数据,需业务自行赋值。 3652let encodingBlob: cert.EncodingBlob = { 3653 data: stringToUint8Array(crlData), 3654 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3655 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3656}; 3657 3658cert.createX509CRL(encodingBlob, (error, X509CRL) => { 3659 if (error) { 3660 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3661 } else { 3662 console.log('createX509CRL success'); 3663 } 3664}); 3665``` 3666 3667## cert.createX509CRL<sup>11+</sup> 3668 3669createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 3670 3671表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3672 3673**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3674 3675**系统能力:** SystemCapability.Security.Cert 3676 3677**参数**: 3678 3679| 参数名 | 类型 | 必填 | 说明 | 3680| -------- | ----------------------------- | ---- | -------------------------- | 3681| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。当前支持的数据长度不超过8192字节。 | 3682 3683**返回值**: 3684 3685| 类型 | 说明 | 3686| ------------------------------- | -------------------- | 3687| Promise\<[X509CRL](#x509crl11)> | 表示证书吊销列表对象。 | 3688 3689**错误码:** 3690 3691以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3692 3693| 错误码ID | 错误信息 | 3694| -------- | ------------- | 3695| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3696| 801 | this operation is not supported. | 3697| 19020001 | memory error. | 3698 3699**示例:** 3700 3701```ts 3702import { cert } from '@kit.DeviceCertificateKit'; 3703import { BusinessError } from '@kit.BasicServicesKit'; 3704 3705// string转Uint8Array。 3706function stringToUint8Array(str: string): Uint8Array { 3707 let arr: Array<number> = []; 3708 for (let i = 0, j = str.length; i < j; i++) { 3709 arr.push(str.charCodeAt(i)); 3710 } 3711 return new Uint8Array(arr); 3712} 3713 3714let crlData = '-----BEGIN X509 CRL-----\n' + 3715 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3716 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3717 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3718 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3719 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3720 'eavsH0Q3\n' + 3721 '-----END X509 CRL-----\n'; 3722 3723// 证书吊销列表二进制数据,需业务自行赋值。 3724let encodingBlob: cert.EncodingBlob = { 3725 data: stringToUint8Array(crlData), 3726 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3727 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3728}; 3729 3730cert.createX509CRL(encodingBlob).then(X509CRL => { 3731 console.log('createX509CRL success'); 3732}).catch((error: BusinessError) => { 3733 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3734}); 3735``` 3736 3737## X509Crl<sup>(deprecated)</sup> 3738 3739X509证书吊销列表对象。 3740 3741> **说明:** 3742> 3743> 从API version 11开始废弃,建议使用[X509CRL](#x509crl11)替代。 3744 3745### isRevoked<sup>(deprecated)</sup> 3746 3747isRevoked(cert : X509Cert) : boolean 3748 3749表示检查证书是否吊销。 3750 3751> **说明:** 3752> 3753> 从API version 11开始废弃,建议使用[X509CRL.isRevoked](#isrevoked11)替代。 3754 3755**系统能力:** SystemCapability.Security.Cert 3756 3757**参数**: 3758 3759| 参数名 | 类型 | 必填 | 说明 | 3760| ------ | -------- | ---- | -------------------- | 3761| cert | X509Cert | 是 | 表示被检查的证书对象。 | 3762 3763**返回值**: 3764 3765| 类型 | 说明 | 3766| --------- | --------------------------------------------- | 3767| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销。 | 3768 3769**错误码:** 3770 3771以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3772 3773| 错误码ID | 错误信息 | 3774| -------- | ------------- | 3775| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3776 3777**示例:** 3778 3779```ts 3780import { cert } from '@kit.DeviceCertificateKit'; 3781import { BusinessError } from '@kit.BasicServicesKit'; 3782 3783// string转Uint8Array。 3784function stringToUint8Array(str: string): Uint8Array { 3785 let arr: Array<number> = []; 3786 for (let i = 0, j = str.length; i < j; i++) { 3787 arr.push(str.charCodeAt(i)); 3788 } 3789 return new Uint8Array(arr); 3790} 3791 3792let crlData = '-----BEGIN X509 CRL-----\n' + 3793 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3794 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3795 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3796 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3797 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3798 'eavsH0Q3\n' + 3799 '-----END X509 CRL-----\n'; 3800 3801let certData = '-----BEGIN CERTIFICATE-----\n' + 3802 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 3803 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 3804 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 3805 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 3806 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 3807 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 3808 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 3809 '-----END CERTIFICATE-----\n'; 3810 3811// 证书吊销列表二进制数据,需业务自行赋值。 3812let encodingBlob: cert.EncodingBlob = { 3813 data: stringToUint8Array(crlData), 3814 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3815 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3816}; 3817 3818let certEncodingBlob: cert.EncodingBlob = { 3819 data: stringToUint8Array(certData), 3820 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3821 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3822}; 3823 3824cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3825 if (error) { 3826 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3827 } else { 3828 console.log('createX509Crl success'); 3829 // Create an X509Cert instance. 3830 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 3831 if (error) { 3832 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3833 } else { 3834 try { 3835 let revokedFlag = x509Crl.isRevoked(x509Cert); 3836 } catch (error) { 3837 let e: BusinessError = error as BusinessError; 3838 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3839 } 3840 } 3841 }); 3842 } 3843}); 3844``` 3845 3846### getType<sup>(deprecated)</sup> 3847 3848getType() : string 3849 3850表示获取证书吊销列表类型。 3851 3852> **说明:** 3853> 3854> 从API version 11开始废弃,建议使用[X509CRL.getType](#gettype11)替代。 3855 3856**系统能力:** SystemCapability.Security.Cert 3857 3858**返回值**: 3859 3860| 类型 | 说明 | 3861| ------ | -------------------- | 3862| string | 表示证书吊销列表类型。 | 3863 3864**示例:** 3865 3866```ts 3867import { cert } from '@kit.DeviceCertificateKit'; 3868 3869// string转Uint8Array。 3870function stringToUint8Array(str: string): Uint8Array { 3871 let arr: Array<number> = []; 3872 for (let i = 0, j = str.length; i < j; i++) { 3873 arr.push(str.charCodeAt(i)); 3874 } 3875 return new Uint8Array(arr); 3876} 3877 3878let crlData = '-----BEGIN X509 CRL-----\n' + 3879 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3880 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3881 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3882 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3883 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3884 'eavsH0Q3\n' + 3885 '-----END X509 CRL-----\n'; 3886 3887// 证书吊销列表二进制数据,需业务自行赋值。 3888let encodingBlob: cert.EncodingBlob = { 3889 data: stringToUint8Array(crlData), 3890 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3891 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3892}; 3893 3894cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3895 if (error) { 3896 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3897 } else { 3898 console.log('createX509Crl success'); 3899 let type = x509Crl.getType(); 3900 } 3901}); 3902``` 3903 3904### getEncoded<sup>(deprecated)</sup> 3905 3906getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 3907 3908表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 3909 3910> **说明:** 3911> 3912> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11)替代。 3913 3914**系统能力:** SystemCapability.Security.Cert 3915 3916**参数**: 3917 3918| 参数名 | 类型 | 必填 | 说明 | 3919| -------- | ---------------------------- | ---- | ------------------------------------------ | 3920| callback | AsyncCallback\<EncodingBlob> | 是 | 回调函数,表示X509证书吊销列表的序列化数据。 | 3921 3922**错误码:** 3923 3924以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3925 3926| 错误码ID | 错误信息 | 3927| -------- | ----------------------- | 3928| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3929| 19020001 | memory error. | 3930| 19020002 | runtime error. | 3931| 19030001 | crypto operation error. | 3932 3933**示例:** 3934 3935```ts 3936import { cert } from '@kit.DeviceCertificateKit'; 3937 3938// string转Uint8Array。 3939function stringToUint8Array(str: string): Uint8Array { 3940 let arr: Array<number> = []; 3941 for (let i = 0, j = str.length; i < j; i++) { 3942 arr.push(str.charCodeAt(i)); 3943 } 3944 return new Uint8Array(arr); 3945} 3946 3947let crlData = '-----BEGIN X509 CRL-----\n' + 3948 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3949 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3950 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3951 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3952 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3953 'eavsH0Q3\n' + 3954 '-----END X509 CRL-----\n'; 3955 3956// 证书吊销列表二进制数据,需业务自行赋值。 3957let encodingBlob: cert.EncodingBlob = { 3958 data: stringToUint8Array(crlData), 3959 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3960 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3961}; 3962 3963cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3964 if (error) { 3965 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3966 } else { 3967 console.log('createX509Crl success'); 3968 x509Crl.getEncoded((error, data) => { 3969 if (error) { 3970 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3971 } else { 3972 console.log('getEncoded success'); 3973 } 3974 }); 3975 } 3976}); 3977``` 3978 3979### getEncoded<sup>(deprecated)</sup> 3980 3981getEncoded() : Promise\<EncodingBlob> 3982 3983表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 3984 3985> **说明:** 3986> 3987> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11-1)替代。 3988 3989**系统能力:** SystemCapability.Security.Cert 3990 3991**返回值**: 3992 3993| 类型 | 说明 | 3994| ---------------------- | -------------------------------- | 3995| Promise\<EncodingBlob> | 表示X509证书吊销列表的序列化数据。 | 3996 3997**错误码:** 3998 3999以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4000 4001| 错误码ID | 错误信息 | 4002| -------- | ----------------------- | 4003| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4004| 19020001 | memory error. | 4005| 19020002 | runtime error. | 4006| 19030001 | crypto operation error. | 4007 4008**示例:** 4009 4010```ts 4011import { cert } from '@kit.DeviceCertificateKit'; 4012import { BusinessError } from '@kit.BasicServicesKit'; 4013 4014// string转Uint8Array。 4015function stringToUint8Array(str: string): Uint8Array { 4016 let arr: Array<number> = []; 4017 for (let i = 0, j = str.length; i < j; i++) { 4018 arr.push(str.charCodeAt(i)); 4019 } 4020 return new Uint8Array(arr); 4021} 4022 4023let crlData = '-----BEGIN X509 CRL-----\n' + 4024 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4025 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4026 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4027 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4028 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4029 'eavsH0Q3\n' + 4030 '-----END X509 CRL-----\n'; 4031 4032// 证书吊销列表二进制数据,需业务自行赋值。 4033let encodingBlob: cert.EncodingBlob = { 4034 data: stringToUint8Array(crlData), 4035 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4036 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4037}; 4038 4039cert.createX509Crl(encodingBlob).then(x509Crl => { 4040 console.log('createX509Crl success'); 4041 x509Crl.getEncoded().then(result => { 4042 console.log('getEncoded success'); 4043 }).catch((error: BusinessError) => { 4044 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4045 }); 4046}).catch((error: BusinessError) => { 4047 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4048}); 4049``` 4050 4051### verify<sup>(deprecated)</sup> 4052 4053verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 4054 4055表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 4056 4057> **说明:** 4058> 4059> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11)替代。 4060 4061**系统能力:** SystemCapability.Security.Cert 4062 4063**参数**: 4064 4065| 参数名 | 类型 | 必填 | 说明 | 4066| -------- | -------------------- | ---- | ------------------------------------------------------------ | 4067| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 4068| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 4069 4070**错误码:** 4071 4072以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4073 4074| 错误码ID | 错误信息 | 4075| -------- | ----------------------- | 4076| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4077| 19030001 | crypto operation error. | 4078 4079**示例:** 4080 4081```ts 4082import { cert } from '@kit.DeviceCertificateKit'; 4083import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 4084import { BusinessError } from '@kit.BasicServicesKit'; 4085 4086// string转Uint8Array。 4087function stringToUint8Array(str: string): Uint8Array { 4088 let arr: Array<number> = []; 4089 for (let i = 0, j = str.length; i < j; i++) { 4090 arr.push(str.charCodeAt(i)); 4091 } 4092 return new Uint8Array(arr); 4093} 4094 4095let crlData = '-----BEGIN X509 CRL-----\n' + 4096 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4097 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4098 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4099 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4100 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4101 'eavsH0Q3\n' + 4102 '-----END X509 CRL-----\n'; 4103 4104let pubKeyData = new Uint8Array([ 4105 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4106 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4107 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4108 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4109 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4110 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4111 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4112 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4113 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4114 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4115 0x00, 0x01 4116]); 4117 4118let priKeyData = new Uint8Array([ 4119 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4120 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4121 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4122 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4123 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4124 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4125 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4126 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4127 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4128 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4129 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4130 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4131 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4132 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4133 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4134 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4135 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4136 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4137 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4138 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4139 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4140 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4141 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4142 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4143 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4144 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4145 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4146 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4147 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4148 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4149 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4150 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4151 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4152 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4153 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4154 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4155 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4156 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4157 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4158 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4159]); 4160 4161// 证书吊销列表二进制数据,需业务自行赋值。 4162let encodingBlob: cert.EncodingBlob = { 4163 data: stringToUint8Array(crlData), 4164 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4165 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4166}; 4167 4168cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4169 if (error) { 4170 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4171 } else { 4172 console.log('createX509Crl success'); 4173 try { 4174 // Generate the public key by AsyKeyGenerator. 4175 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4176 console.log('createAsyKeyGenerator success'); 4177 let priEncodingBlob: cryptoFramework.DataBlob = { 4178 data: priKeyData, 4179 }; 4180 let pubEncodingBlob: cryptoFramework.DataBlob = { 4181 data: pubKeyData, 4182 }; 4183 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 4184 if (e) { 4185 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 4186 } else { 4187 console.log('convert key success'); 4188 x509Crl.verify(keyPair.pubKey, (err, data) => { 4189 if (err) { 4190 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4191 } else { 4192 console.log('verify success'); 4193 } 4194 }); 4195 } 4196 }) 4197 } catch (error) { 4198 let e: BusinessError = error as BusinessError; 4199 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4200 } 4201 } 4202}); 4203``` 4204 4205### verify<sup>(deprecated)</sup> 4206 4207verify(key : cryptoFramework.PubKey) : Promise\<void> 4208 4209表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 4210 4211> **说明:** 4212> 4213> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11-1)替代。 4214 4215**系统能力:** SystemCapability.Security.Cert 4216 4217**参数**: 4218 4219| 参数名 | 类型 | 必填 | 说明 | 4220| ------ | ------ | ---- | ---------------------- | 4221| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 4222 4223**返回值**: 4224 4225| 类型 | 说明 | 4226| ---- | ------------------------------------------------------------ | 4227| Promise\<void> | Promise对象。 | 4228 4229**错误码:** 4230 4231以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4232 4233| 错误码ID | 错误信息 | 4234| -------- | ----------------------- | 4235| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4236| 19030001 | crypto operation error. | 4237 4238**示例:** 4239 4240```ts 4241import { cert } from '@kit.DeviceCertificateKit'; 4242import { cryptoFramework } from '@kit.CryptoArchitectureKit' 4243import { BusinessError } from '@kit.BasicServicesKit'; 4244 4245// string转Uint8Array。 4246function stringToUint8Array(str: string): Uint8Array { 4247 let arr: Array<number> = []; 4248 for (let i = 0, j = str.length; i < j; i++) { 4249 arr.push(str.charCodeAt(i)); 4250 } 4251 return new Uint8Array(arr); 4252} 4253 4254let crlData = '-----BEGIN X509 CRL-----\n' + 4255 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4256 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4257 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4258 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4259 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4260 'eavsH0Q3\n' + 4261 '-----END X509 CRL-----\n'; 4262 4263let pubKeyData = new Uint8Array([ 4264 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4265 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4266 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4267 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4268 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4269 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4270 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4271 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4272 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4273 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4274 0x00, 0x01 4275]); 4276 4277let priKeyData = new Uint8Array([ 4278 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4279 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4280 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4281 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4282 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4283 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4284 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4285 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4286 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4287 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4288 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4289 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4290 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4291 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4292 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4293 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4294 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4295 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4296 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4297 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4298 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4299 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4300 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4301 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4302 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4303 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4304 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4305 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4306 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4307 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4308 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4309 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4310 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4311 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4312 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4313 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4314 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4315 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4316 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4317 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4318]); 4319 4320// 证书吊销列表二进制数据,需业务自行赋值。 4321let encodingBlob: cert.EncodingBlob = { 4322 data: stringToUint8Array(crlData), 4323 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4324 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4325}; 4326 4327cert.createX509Crl(encodingBlob).then(x509Crl => { 4328 console.log('createX509Crl success'); 4329 4330 try { 4331 // 生成公钥对象。 4332 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4333 console.log('createAsyKeyGenerator success'); 4334 let priEncodingBlob: cryptoFramework.DataBlob = { 4335 data: priKeyData, 4336 }; 4337 let pubEncodingBlob: cryptoFramework.DataBlob = { 4338 data: pubKeyData, 4339 }; 4340 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4341 console.log('convert key success'); 4342 x509Crl.verify(keyPair.pubKey).then(result => { 4343 console.log('verify success'); 4344 }).catch((error: BusinessError) => { 4345 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4346 }); 4347 }).catch((error: BusinessError) => { 4348 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4349 }); 4350 } catch (error) { 4351 let e: BusinessError = error as BusinessError; 4352 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4353 } 4354}).catch((error: BusinessError) => { 4355 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4356}); 4357``` 4358 4359### getVersion<sup>(deprecated)</sup> 4360 4361getVersion() : number 4362 4363表示获取X509证书吊销列表的版本号。 4364 4365> **说明:** 4366> 4367> 从API version 11开始废弃,建议使用[X509CRL.getVersion](#getversion11)替代。 4368 4369**系统能力:** SystemCapability.Security.Cert 4370 4371**返回值**: 4372 4373| 类型 | 说明 | 4374| ------ | -------------------------------- | 4375| number | 表示获取X509证书吊销列表的版本号。 | 4376 4377**示例:** 4378 4379```ts 4380import { cert } from '@kit.DeviceCertificateKit'; 4381 4382// string转Uint8Array。 4383function stringToUint8Array(str: string): Uint8Array { 4384 let arr: Array<number> = []; 4385 for (let i = 0, j = str.length; i < j; i++) { 4386 arr.push(str.charCodeAt(i)); 4387 } 4388 return new Uint8Array(arr); 4389} 4390 4391let crlData = '-----BEGIN X509 CRL-----\n' + 4392 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4393 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4394 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4395 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4396 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4397 'eavsH0Q3\n' + 4398 '-----END X509 CRL-----\n'; 4399 4400// 证书吊销列表二进制数据,需业务自行赋值。 4401let encodingBlob: cert.EncodingBlob = { 4402 data: stringToUint8Array(crlData), 4403 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4404 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4405}; 4406 4407cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4408 if (error) { 4409 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4410 } else { 4411 console.log('createX509Crl success'); 4412 let version = x509Crl.getVersion(); 4413 } 4414}); 4415``` 4416 4417### getIssuerName<sup>(deprecated)</sup> 4418 4419getIssuerName() : DataBlob 4420 4421表示获取X509证书吊销列表颁发者名称。 4422 4423> **说明:** 4424> 4425> 从API version 11开始废弃,建议使用[X509CRL.getIssuerName](#getissuername11)替代。 4426 4427**系统能力:** SystemCapability.Security.Cert 4428 4429**返回值**: 4430 4431| 类型 | 说明 | 4432| --------------------- | ------------------------------ | 4433| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称。 | 4434 4435**错误码:** 4436 4437以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4438 4439| 错误码ID | 错误信息 | 4440| -------- | ----------------------- | 4441| 19020001 | memory error. | 4442| 19020002 | runtime error. | 4443| 19030001 | crypto operation error. | 4444 4445**示例:** 4446 4447```ts 4448import { cert } from '@kit.DeviceCertificateKit'; 4449import { BusinessError } from '@kit.BasicServicesKit'; 4450 4451// string转Uint8Array。 4452function stringToUint8Array(str: string): Uint8Array { 4453 let arr: Array<number> = []; 4454 for (let i = 0, j = str.length; i < j; i++) { 4455 arr.push(str.charCodeAt(i)); 4456 } 4457 return new Uint8Array(arr); 4458} 4459 4460let crlData = '-----BEGIN X509 CRL-----\n' + 4461 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4462 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4463 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4464 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4465 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4466 'eavsH0Q3\n' + 4467 '-----END X509 CRL-----\n'; 4468 4469// 证书吊销列表二进制数据,需业务自行赋值。 4470let encodingBlob: cert.EncodingBlob = { 4471 data: stringToUint8Array(crlData), 4472 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4473 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4474}; 4475 4476cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4477 if (error) { 4478 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4479 } else { 4480 console.log('createX509Crl success'); 4481 try { 4482 let issuerName = x509Crl.getIssuerName(); 4483 } catch (err) { 4484 let e: BusinessError = err as BusinessError; 4485 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4486 } 4487 } 4488}); 4489``` 4490 4491### getLastUpdate<sup>(deprecated)</sup> 4492 4493getLastUpdate() : string 4494 4495表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 4496 4497> **说明:** 4498> 4499> 从API version 11开始废弃,建议使用[X509CRL.getLastUpdate](#getlastupdate11)替代。 4500 4501**系统能力:** SystemCapability.Security.Cert 4502 4503**返回值**: 4504 4505| 类型 | 说明 | 4506| ------ | ------------------------------------ | 4507| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 4508 4509**错误码:** 4510 4511以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4512 4513| 错误码ID | 错误信息 | 4514| -------- | ----------------------- | 4515| 19020001 | memory error. | 4516| 19020002 | runtime error. | 4517| 19030001 | crypto operation error. | 4518 4519**示例:** 4520 4521```ts 4522import { cert } from '@kit.DeviceCertificateKit'; 4523import { BusinessError } from '@kit.BasicServicesKit'; 4524 4525// string转Uint8Array。 4526function stringToUint8Array(str: string): Uint8Array { 4527 let arr: Array<number> = []; 4528 for (let i = 0, j = str.length; i < j; i++) { 4529 arr.push(str.charCodeAt(i)); 4530 } 4531 return new Uint8Array(arr); 4532} 4533 4534let crlData = '-----BEGIN X509 CRL-----\n' + 4535 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4536 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4537 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4538 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4539 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4540 'eavsH0Q3\n' + 4541 '-----END X509 CRL-----\n'; 4542 4543// 证书吊销列表二进制数据,需业务自行赋值。 4544let encodingBlob: cert.EncodingBlob = { 4545 data: stringToUint8Array(crlData), 4546 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4547 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4548}; 4549 4550cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4551 if (error) { 4552 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4553 } else { 4554 console.log('createX509Crl success'); 4555 try { 4556 let lastUpdate = x509Crl.getLastUpdate(); 4557 } catch (err) { 4558 let e: BusinessError = err as BusinessError; 4559 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4560 } 4561 } 4562}); 4563``` 4564 4565### getNextUpdate<sup>(deprecated)</sup> 4566 4567getNextUpdate() : string 4568 4569表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 4570 4571> **说明:** 4572> 4573> 从API version 11开始废弃,建议使用[X509CRL.getNextUpdate](#getnextupdate11)替代。 4574 4575**系统能力:** SystemCapability.Security.Cert 4576 4577**返回值**: 4578 4579| 类型 | 说明 | 4580| ------ | ------------------------------------ | 4581| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 4582 4583**错误码:** 4584 4585以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4586 4587| 错误码ID | 错误信息 | 4588| -------- | ----------------------- | 4589| 19020001 | memory error. | 4590| 19020002 | runtime error. | 4591| 19030001 | crypto operation error. | 4592 4593**示例:** 4594 4595```ts 4596import { cert } from '@kit.DeviceCertificateKit'; 4597import { BusinessError } from '@kit.BasicServicesKit'; 4598 4599// string转Uint8Array。 4600function stringToUint8Array(str: string): Uint8Array { 4601 let arr: Array<number> = []; 4602 for (let i = 0, j = str.length; i < j; i++) { 4603 arr.push(str.charCodeAt(i)); 4604 } 4605 return new Uint8Array(arr); 4606} 4607 4608let crlData = '-----BEGIN X509 CRL-----\n' + 4609 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4610 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4611 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4612 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4613 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4614 'eavsH0Q3\n' + 4615 '-----END X509 CRL-----\n'; 4616 4617// 证书吊销列表二进制数据,需业务自行赋值。 4618let encodingBlob: cert.EncodingBlob = { 4619 data: stringToUint8Array(crlData), 4620 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4621 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4622}; 4623 4624cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4625 if (error) { 4626 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4627 } else { 4628 console.log('createX509Crl success'); 4629 try { 4630 let nextUpdate = x509Crl.getNextUpdate(); 4631 } catch (err) { 4632 let e: BusinessError = err as BusinessError; 4633 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4634 } 4635 } 4636}); 4637``` 4638 4639### getRevokedCert<sup>(deprecated)</sup> 4640 4641getRevokedCert(serialNumber : number) : X509CrlEntry 4642 4643表示通过指定证书序列号获取被吊销X509证书对象。 4644 4645> **说明:** 4646> 4647> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCert](#getrevokedcert11)替代。 4648 4649**系统能力:** SystemCapability.Security.Cert 4650 4651**参数**: 4652 4653| 参数名 | 类型 | 必填 | 说明 | 4654| ------------ | ------ | ---- | -------------- | 4655| serialNumber | number | 是 | 表示证书序列号。 | 4656 4657**返回值**: 4658 4659| 类型 | 说明 | 4660| ---------------------- | --------------------- | 4661| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象。 | 4662 4663**错误码:** 4664 4665以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4666 4667| 错误码ID | 错误信息 | 4668| -------- | ----------------------- | 4669| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4670| 19020001 | memory error. | 4671| 19030001 | crypto operation error. | 4672 4673**示例:** 4674 4675```ts 4676import { cert } from '@kit.DeviceCertificateKit'; 4677import { BusinessError } from '@kit.BasicServicesKit'; 4678 4679// string转Uint8Array。 4680function stringToUint8Array(str: string): Uint8Array { 4681 let arr: Array<number> = []; 4682 for (let i = 0, j = str.length; i < j; i++) { 4683 arr.push(str.charCodeAt(i)); 4684 } 4685 return new Uint8Array(arr); 4686} 4687 4688let crlData = '-----BEGIN X509 CRL-----\n' + 4689 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4690 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4691 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4692 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4693 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4694 'eavsH0Q3\n' + 4695 '-----END X509 CRL-----\n'; 4696 4697// 证书吊销列表二进制数据,需业务自行赋值。 4698let encodingBlob: cert.EncodingBlob = { 4699 data: stringToUint8Array(crlData), 4700 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4701 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4702}; 4703 4704cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4705 if (error) { 4706 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4707 } else { 4708 console.log('createX509Crl success'); 4709 let serialNumber = 1000; 4710 try { 4711 let entry = x509Crl.getRevokedCert(serialNumber); 4712 } catch (error) { 4713 let e: BusinessError = error as BusinessError; 4714 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4715 } 4716 } 4717}); 4718``` 4719 4720### getRevokedCertWithCert<sup>(deprecated)</sup> 4721 4722getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 4723 4724表示通过指定证书对象获取被吊销X509证书对象。 4725 4726> **说明:** 4727> 4728> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11)替代。 4729 4730**系统能力:** SystemCapability.Security.Cert 4731 4732**参数**: 4733 4734| 参数名 | 类型 | 必填 | 说明 | 4735| ------ | --------------------- | ---- | ------------ | 4736| cert | [X509Cert](#x509cert) | 是 | 表示证书对象。 | 4737 4738**返回值**: 4739 4740| 类型 | 说明 | 4741| ------------ | -------------------- | 4742| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象。 | 4743 4744**错误码:** 4745 4746以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4747 4748| 错误码ID | 错误信息 | 4749| -------- | ----------------------- | 4750| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4751| 19020001 | memory error. | 4752| 19030001 | crypto operation error. | 4753 4754**示例:** 4755 4756```ts 4757import { cert } from '@kit.DeviceCertificateKit'; 4758import { BusinessError } from '@kit.BasicServicesKit'; 4759 4760// string转Uint8Array。 4761function stringToUint8Array(str: string): Uint8Array { 4762 let arr: Array<number> = []; 4763 for (let i = 0, j = str.length; i < j; i++) { 4764 arr.push(str.charCodeAt(i)); 4765 } 4766 return new Uint8Array(arr); 4767} 4768 4769let crlData = '-----BEGIN X509 CRL-----\n' + 4770 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 4771 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 4772 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 4773 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 4774 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 4775 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 4776 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 4777 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 4778 '+i2osvdPWRia0dJCL1PCA14k\n' + 4779 '-----END X509 CRL-----\n'; 4780 4781// 证书二进制数据,需业务自行赋值。 4782let certData = '-----BEGIN CERTIFICATE-----\n' + 4783 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 4784 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 4785 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 4786 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 4787 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 4788 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 4789 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 4790 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 4791 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 4792 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 4793 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 4794 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 4795 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 4796 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 4797 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 4798 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 4799 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 4800 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 4801 '-----END CERTIFICATE-----\n'; 4802 4803let certEncodingBlob: cert.EncodingBlob = { 4804 data: stringToUint8Array(certData), 4805 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4806 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4807}; 4808 4809// 证书吊销列表二进制数据,需业务自行赋值。 4810let encodingBlob: cert.EncodingBlob = { 4811 data: stringToUint8Array(crlData), 4812 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4813 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4814}; 4815 4816cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4817 if (error) { 4818 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4819 } else { 4820 console.log('createX509Crl success'); 4821 // 创建X509证书对象。 4822 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 4823 try { 4824 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 4825 console.log('getRevokedCertWithCert success'); 4826 } catch (error) { 4827 let e: BusinessError = error as BusinessError; 4828 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4829 } 4830 }).catch((error: BusinessError) => { 4831 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4832 }) 4833 } 4834}); 4835``` 4836 4837### getRevokedCerts<sup>(deprecated)</sup> 4838 4839getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 4840 4841表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 4842 4843> **说明:** 4844> 4845> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11)替代。 4846 4847**系统能力:** SystemCapability.Security.Cert 4848 4849**参数**: 4850 4851| 参数名 | 类型 | 必填 | 说明 | 4852| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 4853| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 是 | 回调函数,表示被吊销X509证书列表。 | 4854 4855**错误码:** 4856 4857以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4858 4859| 错误码ID | 错误信息 | 4860| -------- | ----------------------- | 4861| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4862| 19020001 | memory error. | 4863| 19030001 | crypto operation error. | 4864 4865**示例:** 4866 4867```ts 4868import { cert } from '@kit.DeviceCertificateKit'; 4869import { BusinessError } from '@kit.BasicServicesKit'; 4870 4871// string转Uint8Array。 4872function stringToUint8Array(str: string): Uint8Array { 4873 let arr: Array<number> = []; 4874 for (let i = 0, j = str.length; i < j; i++) { 4875 arr.push(str.charCodeAt(i)); 4876 } 4877 return new Uint8Array(arr); 4878} 4879 4880let crlData = '-----BEGIN X509 CRL-----\n' + 4881 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4882 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4883 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4884 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4885 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4886 'eavsH0Q3\n' + 4887 '-----END X509 CRL-----\n'; 4888 4889// 证书吊销列表二进制数据,需业务自行赋值。 4890let encodingBlob: cert.EncodingBlob = { 4891 data: stringToUint8Array(crlData), 4892 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4893 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4894}; 4895 4896cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4897 if (error) { 4898 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4899 } else { 4900 console.log('createX509Crl success'); 4901 x509Crl.getRevokedCerts((error, array) => { 4902 if (error) { 4903 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4904 } else { 4905 console.log('getRevokedCerts success'); 4906 } 4907 }); 4908 } 4909}); 4910``` 4911 4912### getRevokedCerts<sup>(deprecated)</sup> 4913 4914getRevokedCerts() : Promise<Array\<X509CrlEntry>> 4915 4916表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 4917 4918> **说明:** 4919> 4920> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11-1)替代。 4921 4922**系统能力:** SystemCapability.Security.Cert 4923 4924**返回值**: 4925 4926| 类型 | 说明 | 4927| ---------------------------------------------- | ---------------------- | 4928| Promise<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 表示被吊销X509证书列表。 | 4929 4930**错误码:** 4931 4932以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4933 4934| 错误码ID | 错误信息 | 4935| -------- | ----------------------- | 4936| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4937| 19020001 | memory error. | 4938| 19030001 | crypto operation error. | 4939 4940**示例:** 4941 4942```ts 4943import { cert } from '@kit.DeviceCertificateKit'; 4944import { BusinessError } from '@kit.BasicServicesKit'; 4945 4946// string转Uint8Array。 4947function stringToUint8Array(str: string): Uint8Array { 4948 let arr: Array<number> = []; 4949 for (let i = 0, j = str.length; i < j; i++) { 4950 arr.push(str.charCodeAt(i)); 4951 } 4952 return new Uint8Array(arr); 4953} 4954 4955let crlData = '-----BEGIN X509 CRL-----\n' + 4956 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4957 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4958 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4959 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4960 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4961 'eavsH0Q3\n' + 4962 '-----END X509 CRL-----\n'; 4963 4964// 证书吊销列表二进制数据,需业务自行赋值。 4965let encodingBlob: cert.EncodingBlob = { 4966 data: stringToUint8Array(crlData), 4967 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4968 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4969}; 4970 4971cert.createX509Crl(encodingBlob).then(x509Crl => { 4972 console.log('createX509Crl success'); 4973 x509Crl.getRevokedCerts().then(array => { 4974 console.log('getRevokedCerts success'); 4975 }).catch((error: BusinessError) => { 4976 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4977 }); 4978}).catch((error: BusinessError) => { 4979 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4980}); 4981``` 4982 4983### getTbsInfo<sup>(deprecated)</sup> 4984 4985getTbsInfo() : DataBlob 4986 4987表示获取证书吊销列表的tbsCertList信息。 4988 4989> **说明:** 4990> 4991> 从API version 11开始废弃,建议使用[X509CRL.getTBSInfo](#gettbsinfo11)替代。 4992 4993**系统能力:** SystemCapability.Security.Cert 4994 4995**返回值**: 4996 4997| 类型 | 说明 | 4998| --------------------- | ------------------------------- | 4999| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息。 | 5000 5001**错误码:** 5002 5003以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5004 5005| 错误码ID | 错误信息 | 5006| -------- | ----------------------- | 5007| 19020001 | memory error. | 5008| 19020002 | runtime error. | 5009| 19030001 | crypto operation error. | 5010 5011**示例:** 5012 5013```ts 5014import { cert } from '@kit.DeviceCertificateKit'; 5015import { BusinessError } from '@kit.BasicServicesKit'; 5016 5017// string转Uint8Array。 5018function stringToUint8Array(str: string): Uint8Array { 5019 let arr: Array<number> = []; 5020 for (let i = 0, j = str.length; i < j; i++) { 5021 arr.push(str.charCodeAt(i)); 5022 } 5023 return new Uint8Array(arr); 5024} 5025 5026let crlData = '-----BEGIN X509 CRL-----\n' + 5027 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5028 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5029 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5030 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5031 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5032 'eavsH0Q3\n' + 5033 '-----END X509 CRL-----\n'; 5034 5035// 证书吊销列表二进制数据,需业务自行赋值。 5036let encodingBlob: cert.EncodingBlob = { 5037 data: stringToUint8Array(crlData), 5038 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5039 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5040}; 5041 5042cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5043 if (error) { 5044 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5045 } else { 5046 console.log('createX509Crl success'); 5047 try { 5048 let tbsInfo = x509Crl.getTbsInfo(); 5049 } catch (error) { 5050 let e: BusinessError = error as BusinessError; 5051 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5052 } 5053 } 5054}); 5055``` 5056 5057### getSignature<sup>(deprecated)</sup> 5058 5059getSignature() : DataBlob 5060 5061表示获取X509证书吊销列表的签名数据。 5062 5063> **说明:** 5064> 5065> 从API version 11开始废弃,建议使用[X509CRL.getSignature](#getsignature11)替代。 5066 5067**系统能力:** SystemCapability.Security.Cert 5068 5069**返回值**: 5070 5071| 类型 | 说明 | 5072| --------------------- | ------------------------------ | 5073| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据。 | 5074 5075**错误码:** 5076 5077以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5078 5079| 错误码ID | 错误信息 | 5080| -------- | ----------------------- | 5081| 19020001 | memory error. | 5082| 19020002 | runtime error. | 5083| 19030001 | crypto operation error. | 5084 5085**示例:** 5086 5087```ts 5088import { cert } from '@kit.DeviceCertificateKit'; 5089import { BusinessError } from '@kit.BasicServicesKit'; 5090 5091// string转Uint8Array。 5092function stringToUint8Array(str: string): Uint8Array { 5093 let arr: Array<number> = []; 5094 for (let i = 0, j = str.length; i < j; i++) { 5095 arr.push(str.charCodeAt(i)); 5096 } 5097 return new Uint8Array(arr); 5098} 5099 5100let crlData = '-----BEGIN X509 CRL-----\n' + 5101 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5102 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5103 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5104 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5105 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5106 'eavsH0Q3\n' + 5107 '-----END X509 CRL-----\n'; 5108 5109// 证书吊销列表二进制数据,需业务自行赋值。 5110let encodingBlob: cert.EncodingBlob = { 5111 data: stringToUint8Array(crlData), 5112 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5113 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5114}; 5115 5116cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5117 if (error) { 5118 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5119 } else { 5120 console.log('createX509Crl success'); 5121 try { 5122 let signature = x509Crl.getSignature(); 5123 } catch (err) { 5124 let e: BusinessError = err as BusinessError; 5125 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5126 } 5127 } 5128}); 5129``` 5130 5131### getSignatureAlgName<sup>(deprecated)</sup> 5132 5133getSignatureAlgName() : string 5134 5135表示获取X509证书吊销列表签名的算法名称。 5136 5137> **说明:** 5138> 5139> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgName](#getsignaturealgname11)替代。 5140 5141**系统能力:** SystemCapability.Security.Cert 5142 5143**返回值**: 5144 5145| 类型 | 说明 | 5146| ------ | -------------------------------- | 5147| string | 表示X509证书吊销列表签名的算法名。 | 5148 5149**错误码:** 5150 5151以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5152 5153| 错误码ID | 错误信息 | 5154| -------- | ----------------------- | 5155| 19020001 | memory error. | 5156| 19020002 | runtime error. | 5157| 19030001 | crypto operation error. | 5158 5159**示例:** 5160 5161```ts 5162import { cert } from '@kit.DeviceCertificateKit'; 5163import { BusinessError } from '@kit.BasicServicesKit'; 5164 5165// string转Uint8Array。 5166function stringToUint8Array(str: string): Uint8Array { 5167 let arr: Array<number> = []; 5168 for (let i = 0, j = str.length; i < j; i++) { 5169 arr.push(str.charCodeAt(i)); 5170 } 5171 return new Uint8Array(arr); 5172} 5173 5174let crlData = '-----BEGIN X509 CRL-----\n' + 5175 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5176 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5177 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5178 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5179 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5180 'eavsH0Q3\n' + 5181 '-----END X509 CRL-----\n'; 5182 5183// 证书吊销列表二进制数据,需业务自行赋值。。 5184let encodingBlob: cert.EncodingBlob = { 5185 data: stringToUint8Array(crlData), 5186 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5187 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5188}; 5189 5190cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5191 if (error) { 5192 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5193 } else { 5194 console.log('createX509Crl success'); 5195 try { 5196 let sigAlgName = x509Crl.getSignatureAlgName(); 5197 } catch (err) { 5198 let e: BusinessError = err as BusinessError; 5199 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5200 } 5201 } 5202}); 5203``` 5204 5205### getSignatureAlgOid<sup>(deprecated)</sup> 5206 5207getSignatureAlgOid() : string 5208 5209表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 5210 5211> **说明:** 5212> 5213> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgOid](#getsignaturealgoid11)替代。 5214 5215**系统能力:** SystemCapability.Security.Cert 5216 5217**返回值**: 5218 5219| 类型 | 说明 | 5220| ------ | --------------------------------------------- | 5221| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 5222 5223**错误码:** 5224 5225以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5226 5227| 错误码ID | 错误信息 | 5228| -------- | ----------------------- | 5229| 19020001 | memory error. | 5230| 19020002 | runtime error. | 5231| 19030001 | crypto operation error. | 5232 5233**示例:** 5234 5235```ts 5236import { cert } from '@kit.DeviceCertificateKit'; 5237import { BusinessError } from '@kit.BasicServicesKit'; 5238 5239// string转Uint8Array。 5240function stringToUint8Array(str: string): Uint8Array { 5241 let arr: Array<number> = []; 5242 for (let i = 0, j = str.length; i < j; i++) { 5243 arr.push(str.charCodeAt(i)); 5244 } 5245 return new Uint8Array(arr); 5246} 5247 5248let crlData = '-----BEGIN X509 CRL-----\n' + 5249 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5250 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5251 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5252 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5253 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5254 'eavsH0Q3\n' + 5255 '-----END X509 CRL-----\n'; 5256 5257// 证书吊销列表二进制数据,需业务自行赋值。 5258let encodingBlob: cert.EncodingBlob = { 5259 data: stringToUint8Array(crlData), 5260 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5261 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5262}; 5263 5264cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5265 if (error) { 5266 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5267 } else { 5268 console.log('createX509Crl success'); 5269 try { 5270 let sigAlgOid = x509Crl.getSignatureAlgOid(); 5271 } catch (err) { 5272 let e: BusinessError = err as BusinessError; 5273 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5274 } 5275 } 5276}); 5277``` 5278 5279### getSignatureAlgParams<sup>(deprecated)</sup> 5280 5281getSignatureAlgParams() : DataBlob 5282 5283表示获取X509证书吊销列表签名的算法参数。 5284 5285> **说明:** 5286> 5287> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgParams](#getsignaturealgparams11)替代。 5288 5289**系统能力:** SystemCapability.Security.Cert 5290 5291**返回值**: 5292 5293| 类型 | 说明 | 5294| --------------------- | ---------------------------------- | 5295| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数。 | 5296 5297**错误码:** 5298 5299以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5300 5301| 错误码ID | 错误信息 | 5302| -------- | ----------------------- | 5303| 801 | this operation is not supported. | 5304| 19020001 | memory error. | 5305| 19020002 | runtime error. | 5306| 19030001 | crypto operation error. | 5307 5308**示例:** 5309 5310```ts 5311import { cert } from '@kit.DeviceCertificateKit'; 5312import { BusinessError } from '@kit.BasicServicesKit'; 5313 5314// string转Uint8Array。 5315function stringToUint8Array(str: string): Uint8Array { 5316 let arr: Array<number> = []; 5317 for (let i = 0, j = str.length; i < j; i++) { 5318 arr.push(str.charCodeAt(i)); 5319 } 5320 return new Uint8Array(arr); 5321} 5322 5323let crlData = '-----BEGIN X509 CRL-----\n' + 5324 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5325 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5326 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5327 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5328 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5329 'eavsH0Q3\n' + 5330 '-----END X509 CRL-----\n'; 5331 5332// 证书吊销列表二进制数据,需业务自行赋值。 5333let encodingBlob: cert.EncodingBlob = { 5334 data: stringToUint8Array(crlData), 5335 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5336 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5337}; 5338 5339cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5340 if (error) { 5341 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5342 } else { 5343 console.log('createX509Crl success'); 5344 try { 5345 let sigAlgParams = x509Crl.getSignatureAlgParams(); 5346 } catch (err) { 5347 let e: BusinessError = err as BusinessError; 5348 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5349 } 5350 } 5351}); 5352``` 5353## X509CRL<sup>11+</sup> 5354 5355被吊销证书列表对象。 5356 5357### isRevoked<sup>11+</sup> 5358 5359isRevoked(cert : X509Cert) : boolean 5360 5361表示检查证书是否吊销。 5362 5363**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5364 5365**系统能力:** SystemCapability.Security.Cert 5366 5367**参数**: 5368 5369| 参数名 | 类型 | 必填 | 说明 | 5370| ------ | -------- | ---- | -------------------- | 5371| cert | [X509Cert](#x509cert) | 是 | 表示被检查的证书对象。 | 5372 5373**返回值**: 5374 5375| 类型 | 说明 | 5376| ------- | ------------------------------------------------- | 5377| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销。 | 5378 5379**错误码:** 5380 5381以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5382 5383| 错误码ID | 错误信息 | 5384| -------- | ----------------------- | 5385| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5386 5387**示例:** 5388 5389```ts 5390import { cert } from '@kit.DeviceCertificateKit'; 5391import { BusinessError } from '@kit.BasicServicesKit'; 5392 5393// string转Uint8Array。 5394function stringToUint8Array(str: string): Uint8Array { 5395 let arr: Array<number> = []; 5396 for (let i = 0, j = str.length; i < j; i++) { 5397 arr.push(str.charCodeAt(i)); 5398 } 5399 return new Uint8Array(arr); 5400} 5401 5402let crlData = '-----BEGIN X509 CRL-----\n' + 5403 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5404 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5405 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5406 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5407 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5408 'eavsH0Q3\n' + 5409 '-----END X509 CRL-----\n'; 5410 5411let certData = '-----BEGIN CERTIFICATE-----\n' + 5412 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 5413 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 5414 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 5415 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 5416 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 5417 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 5418 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 5419 '-----END CERTIFICATE-----\n'; 5420 5421// 证书吊销列表二进制数据,需业务自行赋值。 5422let encodingBlob: cert.EncodingBlob = { 5423 data: stringToUint8Array(crlData), 5424 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5425 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5426}; 5427 5428let certEncodingBlob: cert.EncodingBlob = { 5429 data: stringToUint8Array(certData), 5430 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5431 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5432}; 5433 5434cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5435 if (error) { 5436 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5437 } else { 5438 console.log('createX509CRL success'); 5439 // Create an X509Cert instance. 5440 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 5441 if (error) { 5442 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5443 } else { 5444 try { 5445 let revokedFlag = x509CRL.isRevoked(x509Cert); 5446 } catch (error) { 5447 let e: BusinessError = error as BusinessError; 5448 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5449 } 5450 } 5451 }); 5452 } 5453}); 5454``` 5455 5456### getType<sup>11+</sup> 5457 5458getType() : string 5459 5460表示获取证书吊销列表类型。 5461 5462**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5463 5464**系统能力:** SystemCapability.Security.Cert 5465 5466**返回值**: 5467 5468| 类型 | 说明 | 5469| ------ | -------------------- | 5470| string | 表示证书吊销列表类型。 | 5471 5472**示例:** 5473 5474```ts 5475import { cert } from '@kit.DeviceCertificateKit'; 5476 5477// string转Uint8Array。 5478function stringToUint8Array(str: string): Uint8Array { 5479 let arr: Array<number> = []; 5480 for (let i = 0, j = str.length; i < j; i++) { 5481 arr.push(str.charCodeAt(i)); 5482 } 5483 return new Uint8Array(arr); 5484} 5485 5486let crlData = '-----BEGIN X509 CRL-----\n' + 5487 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5488 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5489 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5490 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5491 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5492 'eavsH0Q3\n' + 5493 '-----END X509 CRL-----\n'; 5494 5495// 证书吊销列表二进制数据,需业务自行赋值。 5496let encodingBlob: cert.EncodingBlob = { 5497 data: stringToUint8Array(crlData), 5498 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5499 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5500}; 5501 5502cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5503 if (error) { 5504 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5505 } else { 5506 console.log('createX509CRL success'); 5507 let type = x509CRL.getType(); 5508 } 5509}); 5510``` 5511 5512### getEncoded<sup>11+</sup> 5513 5514getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 5515 5516表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 5517 5518**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5519 5520**系统能力:** SystemCapability.Security.Cert 5521 5522**参数**: 5523 5524| 参数名 | 类型 | 必填 | 说明 | 5525| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 5526| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示X509证书吊销列表的序列化数据。 | 5527 5528**错误码:** 5529 5530以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5531 5532| 错误码ID | 错误信息 | 5533| -------- | ----------------------- | 5534| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5535| 19020001 | memory error. | 5536| 19020002 | runtime error. | 5537| 19030001 | crypto operation error. | 5538 5539**示例:** 5540 5541```ts 5542import { cert } from '@kit.DeviceCertificateKit'; 5543 5544// string转Uint8Array。 5545function stringToUint8Array(str: string): Uint8Array { 5546 let arr: Array<number> = []; 5547 for (let i = 0, j = str.length; i < j; i++) { 5548 arr.push(str.charCodeAt(i)); 5549 } 5550 return new Uint8Array(arr); 5551} 5552 5553let crlData = '-----BEGIN X509 CRL-----\n' + 5554 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5555 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5556 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5557 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5558 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5559 'eavsH0Q3\n' + 5560 '-----END X509 CRL-----\n'; 5561 5562// 证书吊销列表二进制数据,需业务自行赋值。 5563let encodingBlob: cert.EncodingBlob = { 5564 data: stringToUint8Array(crlData), 5565 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5566 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5567}; 5568 5569cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5570 if (error) { 5571 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5572 } else { 5573 console.log('createX509CRL success'); 5574 x509CRL.getEncoded((error, data) => { 5575 if (error) { 5576 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5577 } else { 5578 console.log('getEncoded success'); 5579 } 5580 }); 5581 } 5582}); 5583``` 5584 5585### getEncoded<sup>11+</sup> 5586 5587getEncoded() : Promise\<EncodingBlob> 5588 5589表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 5590 5591**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5592 5593**系统能力:** SystemCapability.Security.Cert 5594 5595**返回值**: 5596 5597| 类型 | 说明 | 5598| --------------------------------------- | -------------------------------- | 5599| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书吊销列表的序列化数据。 | 5600**错误码:** 5601 5602以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5603 5604| 错误码ID | 错误信息 | 5605| -------- | ----------------------- | 5606| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5607| 19020001 | memory error. | 5608| 19020002 | runtime error. | 5609| 19030001 | crypto operation error. | 5610 5611**示例:** 5612 5613```ts 5614import { cert } from '@kit.DeviceCertificateKit'; 5615import { BusinessError } from '@kit.BasicServicesKit'; 5616 5617// string转Uint8Array。 5618function stringToUint8Array(str: string): Uint8Array { 5619 let arr: Array<number> = []; 5620 for (let i = 0, j = str.length; i < j; i++) { 5621 arr.push(str.charCodeAt(i)); 5622 } 5623 return new Uint8Array(arr); 5624} 5625 5626let crlData = '-----BEGIN X509 CRL-----\n' + 5627 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5628 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5629 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5630 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5631 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5632 'eavsH0Q3\n' + 5633 '-----END X509 CRL-----\n'; 5634 5635// 证书吊销列表二进制数据,需业务自行赋值。 5636let encodingBlob: cert.EncodingBlob = { 5637 data: stringToUint8Array(crlData), 5638 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5639 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5640}; 5641 5642cert.createX509CRL(encodingBlob).then(x509CRL => { 5643 console.log('createX509CRL success'); 5644 x509CRL.getEncoded().then(result => { 5645 console.log('getEncoded success'); 5646 }).catch((error: BusinessError) => { 5647 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5648 }); 5649}).catch((error: BusinessError) => { 5650 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5651}); 5652``` 5653 5654### verify<sup>11+</sup> 5655 5656verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 5657 5658表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 5659 5660**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5661 5662**系统能力:** SystemCapability.Security.Cert 5663 5664**参数**: 5665 5666| 参数名 | 类型 | 必填 | 说明 | 5667| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 5668| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 5669| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 5670 5671**错误码:** 5672 5673以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5674 5675| 错误码ID | 错误信息 | 5676| -------- | ----------------------- | 5677| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5678| 19030001 | crypto operation error. | 5679 5680**示例:** 5681 5682```ts 5683import { cert } from '@kit.DeviceCertificateKit'; 5684import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 5685import { BusinessError } from '@kit.BasicServicesKit'; 5686 5687// string转Uint8Array。 5688function stringToUint8Array(str: string): Uint8Array { 5689 let arr: Array<number> = []; 5690 for (let i = 0, j = str.length; i < j; i++) { 5691 arr.push(str.charCodeAt(i)); 5692 } 5693 return new Uint8Array(arr); 5694} 5695 5696let crlData = '-----BEGIN X509 CRL-----\n' + 5697 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5698 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5699 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5700 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5701 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5702 'eavsH0Q3\n' + 5703 '-----END X509 CRL-----\n'; 5704 5705let pubKeyData = new Uint8Array([ 5706 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5707 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5708 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5709 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5710 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5711 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5712 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5713 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5714 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5715 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5716 0x00, 0x01 5717]); 5718 5719let priKeyData = new Uint8Array([ 5720 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5721 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5722 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5723 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5724 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5725 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5726 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5727 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5728 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5729 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5730 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5731 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5732 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5733 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5734 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5735 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5736 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5737 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5738 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5739 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5740 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5741 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5742 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5743 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5744 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5745 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5746 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5747 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5748 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5749 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5750 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5751 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5752 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5753 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5754 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5755 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5756 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5757 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5758 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5759 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5760]); 5761 5762// 证书吊销列表二进制数据,需业务自行赋值。 5763let encodingBlob: cert.EncodingBlob = { 5764 data: stringToUint8Array(crlData), 5765 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5766 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5767}; 5768 5769cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5770 if (error) { 5771 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5772 } else { 5773 console.log('createX509Crl success'); 5774 try { 5775 // Generate the public key by AsyKeyGenerator. 5776 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5777 console.log('createAsyKeyGenerator success'); 5778 let priEncodingBlob: cryptoFramework.DataBlob = { 5779 data: priKeyData, 5780 }; 5781 let pubEncodingBlob: cryptoFramework.DataBlob = { 5782 data: pubKeyData, 5783 }; 5784 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 5785 if (e) { 5786 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 5787 } else { 5788 console.log('convert key success'); 5789 x509CRL.verify(keyPair.pubKey, (err, data) => { 5790 if (err) { 5791 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 5792 } else { 5793 console.log('verify success'); 5794 } 5795 }); 5796 } 5797 }) 5798 } catch (error) { 5799 let e: BusinessError = error as BusinessError; 5800 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5801 } 5802 } 5803}); 5804``` 5805 5806### verify<sup>11+</sup> 5807 5808verify(key : cryptoFramework.PubKey) : Promise\<void> 5809 5810表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 5811 5812**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5813 5814**系统能力:** SystemCapability.Security.Cert 5815 5816**参数**: 5817 5818| 参数名 | 类型 | 必填 | 说明 | 5819| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 5820| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 5821 5822**返回值**: 5823 5824| 类型 | 说明 | 5825| -------------- | ----------- | 5826| Promise\<void> | Promise对象。 | 5827 5828**错误码:** 5829 5830以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5831 5832| 错误码ID | 错误信息 | 5833| -------- | ----------------------- | 5834| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5835| 19030001 | crypto operation error. | 5836 5837**示例:** 5838 5839```ts 5840import { cert } from '@kit.DeviceCertificateKit'; 5841import { cryptoFramework } from '@kit.CryptoArchitectureKit' 5842import { BusinessError } from '@kit.BasicServicesKit'; 5843 5844// string转Uint8Array。 5845function stringToUint8Array(str: string): Uint8Array { 5846 let arr: Array<number> = []; 5847 for (let i = 0, j = str.length; i < j; i++) { 5848 arr.push(str.charCodeAt(i)); 5849 } 5850 return new Uint8Array(arr); 5851} 5852 5853let crlData = '-----BEGIN X509 CRL-----\n' + 5854 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5855 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5856 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5857 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5858 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5859 'eavsH0Q3\n' + 5860 '-----END X509 CRL-----\n'; 5861 5862let pubKeyData = new Uint8Array([ 5863 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5864 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5865 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5866 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5867 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5868 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5869 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5870 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5871 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5872 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5873 0x00, 0x01 5874]); 5875 5876let priKeyData = new Uint8Array([ 5877 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5878 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5879 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5880 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5881 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5882 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5883 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5884 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5885 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5886 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5887 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5888 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5889 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5890 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5891 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5892 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5893 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5894 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5895 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5896 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5897 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5898 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5899 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5900 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5901 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5902 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5903 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5904 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5905 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5906 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5907 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5908 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5909 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5910 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5911 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5912 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5913 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5914 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5915 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5916 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5917]); 5918 5919// 证书吊销列表二进制数据,需业务自行赋值。 5920let encodingBlob: cert.EncodingBlob = { 5921 data: stringToUint8Array(crlData), 5922 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5923 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5924}; 5925 5926cert.createX509CRL(encodingBlob).then(x509CRL => { 5927 console.log('createX509Crl success'); 5928 5929 try { 5930 // 生成公钥对象。 5931 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5932 console.log('createAsyKeyGenerator success'); 5933 let priEncodingBlob: cryptoFramework.DataBlob = { 5934 data: priKeyData, 5935 }; 5936 let pubEncodingBlob: cryptoFramework.DataBlob = { 5937 data: pubKeyData, 5938 }; 5939 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 5940 console.log('convert key success'); 5941 x509CRL.verify(keyPair.pubKey).then(result => { 5942 console.log('verify success'); 5943 }).catch((error: BusinessError) => { 5944 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5945 }); 5946 }).catch((error: BusinessError) => { 5947 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 5948 }); 5949 } catch (error) { 5950 let e: BusinessError = error as BusinessError; 5951 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5952 } 5953}).catch((error: BusinessError) => { 5954 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5955}); 5956``` 5957 5958### getVersion<sup>11+</sup> 5959 5960getVersion() : number 5961 5962表示获取X509证书吊销列表的版本号。 5963 5964**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5965 5966**系统能力:** SystemCapability.Security.Cert 5967 5968**返回值**: 5969 5970| 类型 | 说明 | 5971| ------ | -------------------------------- | 5972| number | 表示获取X509证书吊销列表的版本号。 | 5973 5974**示例:** 5975 5976```ts 5977import { cert } from '@kit.DeviceCertificateKit'; 5978 5979// string转Uint8Array。 5980function stringToUint8Array(str: string): Uint8Array { 5981 let arr: Array<number> = []; 5982 for (let i = 0, j = str.length; i < j; i++) { 5983 arr.push(str.charCodeAt(i)); 5984 } 5985 return new Uint8Array(arr); 5986} 5987 5988let crlData = '-----BEGIN X509 CRL-----\n' + 5989 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5990 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5991 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5992 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5993 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5994 'eavsH0Q3\n' + 5995 '-----END X509 CRL-----\n'; 5996 5997// 证书吊销列表二进制数据,需业务自行赋值。 5998let encodingBlob: cert.EncodingBlob = { 5999 data: stringToUint8Array(crlData), 6000 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6001 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6002}; 6003 6004cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6005 if (error) { 6006 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6007 } else { 6008 console.log('createX509CRL success'); 6009 let version = x509CRL.getVersion(); 6010 } 6011}); 6012``` 6013 6014### getIssuerName<sup>11+</sup> 6015 6016getIssuerName() : DataBlob 6017 6018表示获取X509证书吊销列表颁发者名称。 6019 6020> **说明:** 6021> 6022> 获取到的X509证书吊销列表颁发者名称数据带字符串结束符。 6023 6024**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6025 6026**系统能力:** SystemCapability.Security.Cert 6027 6028**返回值**: 6029 6030| 类型 | 说明 | 6031| --------------------- | ------------------------------ | 6032| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称。 | 6033 6034**错误码:** 6035 6036以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6037 6038| 错误码ID | 错误信息 | 6039| -------- | ----------------------- | 6040| 19020001 | memory error. | 6041| 19020002 | runtime error. | 6042| 19030001 | crypto operation error. | 6043 6044**示例:** 6045 6046```ts 6047import { cert } from '@kit.DeviceCertificateKit'; 6048import { BusinessError } from '@kit.BasicServicesKit'; 6049 6050// string转Uint8Array。 6051function stringToUint8Array(str: string): Uint8Array { 6052 let arr: Array<number> = []; 6053 for (let i = 0, j = str.length; i < j; i++) { 6054 arr.push(str.charCodeAt(i)); 6055 } 6056 return new Uint8Array(arr); 6057} 6058 6059let crlData = '-----BEGIN X509 CRL-----\n' + 6060 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6061 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6062 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6063 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6064 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6065 'eavsH0Q3\n' + 6066 '-----END X509 CRL-----\n'; 6067 6068// 证书吊销列表二进制数据,需业务自行赋值。 6069let encodingBlob: cert.EncodingBlob = { 6070 data: stringToUint8Array(crlData), 6071 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6072 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6073}; 6074 6075cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6076 if (error) { 6077 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6078 } else { 6079 console.log('createX509CRL success'); 6080 try { 6081 let issuerName = x509CRL.getIssuerName(); 6082 } catch (err) { 6083 let e: BusinessError = err as BusinessError; 6084 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6085 } 6086 } 6087}); 6088``` 6089 6090### getLastUpdate<sup>11+</sup> 6091 6092getLastUpdate() : string 6093 6094表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 6095 6096**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6097 6098**系统能力:** SystemCapability.Security.Cert 6099 6100**返回值**: 6101 6102| 类型 | 说明 | 6103| ------ | ------------------------------------ | 6104| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 6105 6106**错误码:** 6107 6108以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6109 6110| 错误码ID | 错误信息 | 6111| -------- | ----------------------- | 6112| 19020001 | memory error. | 6113| 19020002 | runtime error. | 6114| 19030001 | crypto operation error. | 6115 6116**示例:** 6117 6118```ts 6119import { cert } from '@kit.DeviceCertificateKit'; 6120import { BusinessError } from '@kit.BasicServicesKit'; 6121 6122// string转Uint8Array。 6123function stringToUint8Array(str: string): Uint8Array { 6124 let arr: Array<number> = []; 6125 for (let i = 0, j = str.length; i < j; i++) { 6126 arr.push(str.charCodeAt(i)); 6127 } 6128 return new Uint8Array(arr); 6129} 6130 6131let crlData = '-----BEGIN X509 CRL-----\n' + 6132 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6133 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6134 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6135 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6136 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6137 'eavsH0Q3\n' + 6138 '-----END X509 CRL-----\n'; 6139 6140// 证书吊销列表二进制数据,需业务自行赋值。 6141let encodingBlob: cert.EncodingBlob = { 6142 data: stringToUint8Array(crlData), 6143 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6144 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6145}; 6146 6147cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6148 if (error) { 6149 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6150 } else { 6151 console.log('createX509CRL success'); 6152 try { 6153 let lastUpdate = x509CRL.getLastUpdate(); 6154 } catch (err) { 6155 let e: BusinessError = err as BusinessError; 6156 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6157 } 6158 } 6159}); 6160``` 6161 6162### getNextUpdate<sup>11+</sup> 6163 6164getNextUpdate() : string 6165 6166表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 6167 6168**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6169 6170**系统能力:** SystemCapability.Security.Cert 6171 6172**返回值**: 6173 6174| 类型 | 说明 | 6175| ------ | ------------------------------------ | 6176| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 6177 6178**错误码:** 6179 6180以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6181 6182| 错误码ID | 错误信息 | 6183| -------- | ----------------------- | 6184| 19020001 | memory error. | 6185| 19020002 | runtime error. | 6186| 19030001 | crypto operation error. | 6187 6188**示例:** 6189 6190```ts 6191import { cert } from '@kit.DeviceCertificateKit'; 6192import { BusinessError } from '@kit.BasicServicesKit'; 6193 6194// string转Uint8Array。 6195function stringToUint8Array(str: string): Uint8Array { 6196 let arr: Array<number> = []; 6197 for (let i = 0, j = str.length; i < j; i++) { 6198 arr.push(str.charCodeAt(i)); 6199 } 6200 return new Uint8Array(arr); 6201} 6202 6203let crlData = '-----BEGIN X509 CRL-----\n' + 6204 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6205 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6206 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6207 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6208 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6209 'eavsH0Q3\n' + 6210 '-----END X509 CRL-----\n'; 6211 6212// 证书吊销列表二进制数据,需业务自行赋值。 6213let encodingBlob: cert.EncodingBlob = { 6214 data: stringToUint8Array(crlData), 6215 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6216 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6217}; 6218 6219cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6220 if (error) { 6221 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6222 } else { 6223 console.log('createX509CRL success'); 6224 try { 6225 let nextUpdate = x509CRL.getNextUpdate(); 6226 } catch (err) { 6227 let e: BusinessError = err as BusinessError; 6228 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6229 } 6230 } 6231}); 6232``` 6233 6234### getRevokedCert<sup>11+</sup> 6235 6236getRevokedCert(serialNumber : bigint) : X509CRLEntry 6237 6238表示通过指定证书序列号获取被吊销X509证书对象。 6239 6240**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6241 6242**系统能力:** SystemCapability.Security.Cert 6243 6244**参数**: 6245 6246| 参数名 | 类型 | 必填 | 说明 | 6247| ------------ | ------ | ---- | -------------- | 6248| serialNumber | bigint | 是 | 表示证书序列号。 | 6249 6250**返回值**: 6251 6252| 类型 | 说明 | 6253| ------------------------------- | ---------------------- | 6254| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象。 | 6255 6256**错误码:** 6257 6258以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6259 6260| 错误码ID | 错误信息 | 6261| -------- | ----------------------- | 6262| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6263| 19020001 | memory error. | 6264| 19030001 | crypto operation error. | 6265 6266**示例:** 6267 6268```ts 6269import { cert } from '@kit.DeviceCertificateKit'; 6270import { BusinessError } from '@kit.BasicServicesKit'; 6271 6272// string转Uint8Array。 6273function stringToUint8Array(str: string): Uint8Array { 6274 let arr: Array<number> = []; 6275 for (let i = 0, j = str.length; i < j; i++) { 6276 arr.push(str.charCodeAt(i)); 6277 } 6278 return new Uint8Array(arr); 6279} 6280 6281let crlData = '-----BEGIN X509 CRL-----\n' + 6282 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6283 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6284 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6285 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6286 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6287 'eavsH0Q3\n' + 6288 '-----END X509 CRL-----\n'; 6289 6290// 证书吊销列表二进制数据,需业务自行赋值。 6291let encodingBlob: cert.EncodingBlob = { 6292 data: stringToUint8Array(crlData), 6293 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6294 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6295}; 6296 6297cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6298 if (error) { 6299 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6300 } else { 6301 console.log('createX509CRL success'); 6302 let serialNumber = BigInt(1000); 6303 try { 6304 let entry = x509CRL.getRevokedCert(serialNumber); 6305 } catch (error) { 6306 let e: BusinessError = error as BusinessError; 6307 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6308 } 6309 } 6310}); 6311``` 6312 6313### getRevokedCertWithCert<sup>11+</sup> 6314 6315getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 6316 6317表示通过指定证书对象获取被吊销X509证书对象。 6318 6319**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6320 6321**系统能力:** SystemCapability.Security.Cert 6322 6323**参数**: 6324 6325| 参数名 | 类型 | 必填 | 说明 | 6326| ------ | --------------------- | ---- | ------------ | 6327| cert | [X509Cert](#x509cert) | 是 | 表示证书对象。 | 6328 6329**返回值**: 6330 6331| 类型 | 说明 | 6332| ------------------------------- | ---------------------- | 6333| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象。 | 6334 6335**错误码:** 6336 6337以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6338 6339| 错误码ID | 错误信息 | 6340| -------- | ----------------------- | 6341| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6342| 19020001 | memory error. | 6343| 19030001 | crypto operation error. | 6344 6345**示例:** 6346 6347```ts 6348import { cert } from '@kit.DeviceCertificateKit'; 6349import { BusinessError } from '@kit.BasicServicesKit'; 6350 6351// string转Uint8Array。 6352function stringToUint8Array(str: string): Uint8Array { 6353 let arr: Array<number> = []; 6354 for (let i = 0, j = str.length; i < j; i++) { 6355 arr.push(str.charCodeAt(i)); 6356 } 6357 return new Uint8Array(arr); 6358} 6359 6360let crlData = '-----BEGIN X509 CRL-----\n' + 6361 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6362 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6363 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6364 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6365 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6366 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6367 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6368 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6369 '+i2osvdPWRia0dJCL1PCA14k\n' + 6370 '-----END X509 CRL-----\n'; 6371 6372// 证书二进制数据,需业务自行赋值。 6373let certData = '-----BEGIN CERTIFICATE-----\n' + 6374 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 6375 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 6376 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 6377 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 6378 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 6379 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 6380 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 6381 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 6382 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 6383 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 6384 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 6385 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 6386 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 6387 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 6388 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 6389 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 6390 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 6391 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 6392 '-----END CERTIFICATE-----\n'; 6393 6394let certEncodingBlob: cert.EncodingBlob = { 6395 data: stringToUint8Array(certData), 6396 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6397 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6398}; 6399 6400// 证书吊销列表二进制数据,需业务自行赋值。 6401let encodingBlob: cert.EncodingBlob = { 6402 data: stringToUint8Array(crlData), 6403 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6404 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6405}; 6406 6407cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6408 if (error) { 6409 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6410 } else { 6411 console.log('createX509CRL success'); 6412 // 创建X509证书对象。 6413 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 6414 try { 6415 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 6416 console.log('getRevokedCertWithCert success'); 6417 } catch (error) { 6418 let e: BusinessError = error as BusinessError; 6419 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6420 } 6421 }).catch((error: BusinessError) => { 6422 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6423 }) 6424 } 6425}); 6426``` 6427 6428### getRevokedCerts<sup>11+</sup> 6429 6430getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 6431 6432表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 6433 6434**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6435 6436**系统能力:** SystemCapability.Security.Cert 6437 6438**参数**: 6439 6440| 参数名 | 类型 | 必填 | 说明 | 6441| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 6442| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | 是 | 回调函数,表示被吊销X509证书列表。 | 6443 6444**错误码:** 6445 6446以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6447 6448| 错误码ID | 错误信息 | 6449| -------- | ----------------------- | 6450| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6451| 19020001 | memory error. | 6452| 19030001 | crypto operation error. | 6453 6454**示例:** 6455 6456```ts 6457import { cert } from '@kit.DeviceCertificateKit'; 6458import { BusinessError } from '@kit.BasicServicesKit'; 6459 6460// string转Uint8Array。 6461function stringToUint8Array(str: string): Uint8Array { 6462 let arr: Array<number> = []; 6463 for (let i = 0, j = str.length; i < j; i++) { 6464 arr.push(str.charCodeAt(i)); 6465 } 6466 return new Uint8Array(arr); 6467} 6468 6469let crlData = '-----BEGIN X509 CRL-----\n' + 6470 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6471 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6472 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6473 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6474 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6475 'eavsH0Q3\n' + 6476 '-----END X509 CRL-----\n'; 6477 6478// 证书吊销列表二进制数据,需业务自行赋值。 6479let encodingBlob: cert.EncodingBlob = { 6480 data: stringToUint8Array(crlData), 6481 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6482 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6483}; 6484 6485cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6486 if (error) { 6487 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6488 } else { 6489 console.log('createX509CRL success'); 6490 x509CRL.getRevokedCerts((error, array) => { 6491 if (error) { 6492 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6493 } else { 6494 console.log('getRevokedCerts success'); 6495 } 6496 }); 6497 } 6498}); 6499``` 6500 6501### getRevokedCerts<sup>11+</sup> 6502 6503getRevokedCerts() : Promise<Array\<X509CRLEntry>> 6504 6505表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 6506 6507**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6508 6509**系统能力:** SystemCapability.Security.Cert 6510 6511**返回值**: 6512 6513| 类型 | 说明 | 6514| ------------------------------------------------ | ---------------------- | 6515| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | 表示被吊销X509证书列表。 | 6516 6517**错误码:** 6518 6519以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6520 6521| 错误码ID | 错误信息 | 6522| -------- | ----------------------- | 6523| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6524| 19020001 | memory error. | 6525| 19030001 | crypto operation error. | 6526 6527**示例:** 6528 6529```ts 6530import { cert } from '@kit.DeviceCertificateKit'; 6531import { BusinessError } from '@kit.BasicServicesKit'; 6532 6533// string转Uint8Array。 6534function stringToUint8Array(str: string): Uint8Array { 6535 let arr: Array<number> = []; 6536 for (let i = 0, j = str.length; i < j; i++) { 6537 arr.push(str.charCodeAt(i)); 6538 } 6539 return new Uint8Array(arr); 6540} 6541 6542let crlData = '-----BEGIN X509 CRL-----\n' + 6543 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6544 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6545 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6546 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6547 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6548 'eavsH0Q3\n' + 6549 '-----END X509 CRL-----\n'; 6550 6551// 证书吊销列表二进制数据,需业务自行赋值。 6552let encodingBlob: cert.EncodingBlob = { 6553 data: stringToUint8Array(crlData), 6554 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6555 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6556}; 6557 6558cert.createX509CRL(encodingBlob).then(x509CRL => { 6559 console.log('createX509CRL success'); 6560 x509CRL.getRevokedCerts().then(array => { 6561 console.log('getRevokedCerts success'); 6562 }).catch((error: BusinessError) => { 6563 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6564 }); 6565}).catch((error: BusinessError) => { 6566 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6567}); 6568``` 6569 6570### getSignature<sup>11+</sup> 6571 6572getSignature() : DataBlob 6573 6574表示获取X509证书吊销列表的签名数据。 6575 6576**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6577 6578**系统能力:** SystemCapability.Security.Cert 6579 6580**返回值**: 6581 6582| 类型 | 说明 | 6583| --------------------- | ------------------------------ | 6584| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据。 | 6585 6586**错误码:** 6587 6588以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6589 6590| 错误码ID | 错误信息 | 6591| -------- | ----------------------- | 6592| 19020001 | memory error. | 6593| 19020002 | runtime error. | 6594| 19030001 | crypto operation error. | 6595 6596**示例:** 6597 6598```ts 6599import { cert } from '@kit.DeviceCertificateKit'; 6600import { BusinessError } from '@kit.BasicServicesKit'; 6601 6602// string转Uint8Array。 6603function stringToUint8Array(str: string): Uint8Array { 6604 let arr: Array<number> = []; 6605 for (let i = 0, j = str.length; i < j; i++) { 6606 arr.push(str.charCodeAt(i)); 6607 } 6608 return new Uint8Array(arr); 6609} 6610 6611let crlData = '-----BEGIN X509 CRL-----\n' + 6612 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6613 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6614 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6615 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6616 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6617 'eavsH0Q3\n' + 6618 '-----END X509 CRL-----\n'; 6619 6620// 证书吊销列表二进制数据,需业务自行赋值。 6621let encodingBlob: cert.EncodingBlob = { 6622 data: stringToUint8Array(crlData), 6623 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6624 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6625}; 6626 6627cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6628 if (error) { 6629 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6630 } else { 6631 console.log('createX509CRL success'); 6632 try { 6633 let signature = x509CRL.getSignature(); 6634 } catch (err) { 6635 let e: BusinessError = err as BusinessError; 6636 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6637 } 6638 } 6639}); 6640``` 6641 6642### getSignatureAlgName<sup>11+</sup> 6643 6644getSignatureAlgName() : string 6645 6646表示获取X509证书吊销列表签名的算法名称。 6647 6648**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6649 6650**系统能力:** SystemCapability.Security.Cert 6651 6652**返回值**: 6653 6654| 类型 | 说明 | 6655| ------ | -------------------------------- | 6656| string | 表示X509证书吊销列表签名的算法名。 | 6657 6658**错误码:** 6659 6660以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6661 6662| 错误码ID | 错误信息 | 6663| -------- | ----------------------- | 6664| 19020001 | memory error. | 6665| 19020002 | runtime error. | 6666| 19030001 | crypto operation error. | 6667 6668**示例:** 6669 6670```ts 6671import { cert } from '@kit.DeviceCertificateKit'; 6672import { BusinessError } from '@kit.BasicServicesKit'; 6673 6674// string转Uint8Array。 6675function stringToUint8Array(str: string): Uint8Array { 6676 let arr: Array<number> = []; 6677 for (let i = 0, j = str.length; i < j; i++) { 6678 arr.push(str.charCodeAt(i)); 6679 } 6680 return new Uint8Array(arr); 6681} 6682 6683let crlData = '-----BEGIN X509 CRL-----\n' + 6684 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6685 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6686 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6687 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6688 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6689 'eavsH0Q3\n' + 6690 '-----END X509 CRL-----\n'; 6691 6692// 证书吊销列表二进制数据,需业务自行赋值。 6693let encodingBlob: cert.EncodingBlob = { 6694 data: stringToUint8Array(crlData), 6695 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6696 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6697}; 6698 6699cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6700 if (error) { 6701 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6702 } else { 6703 console.log('createX509CRL success'); 6704 try { 6705 let sigAlgName = x509CRL.getSignatureAlgName(); 6706 } catch (err) { 6707 let e: BusinessError = err as BusinessError; 6708 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6709 } 6710 } 6711}); 6712``` 6713 6714### getSignatureAlgOid<sup>11+</sup> 6715 6716getSignatureAlgOid() : string 6717 6718表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 6719 6720**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6721 6722**系统能力:** SystemCapability.Security.Cert 6723 6724**返回值**: 6725 6726| 类型 | 说明 | 6727| ------ | --------------------------------------------- | 6728| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 6729 6730**错误码:** 6731 6732以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6733 6734| 错误码ID | 错误信息 | 6735| -------- | ----------------------- | 6736| 19020001 | memory error. | 6737| 19020002 | runtime error. | 6738| 19030001 | crypto operation error. | 6739 6740**示例:** 6741 6742```ts 6743import { cert } from '@kit.DeviceCertificateKit'; 6744import { BusinessError } from '@kit.BasicServicesKit'; 6745 6746// string转Uint8Array。 6747function stringToUint8Array(str: string): Uint8Array { 6748 let arr: Array<number> = []; 6749 for (let i = 0, j = str.length; i < j; i++) { 6750 arr.push(str.charCodeAt(i)); 6751 } 6752 return new Uint8Array(arr); 6753} 6754 6755let crlData = '-----BEGIN X509 CRL-----\n' + 6756 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6757 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6758 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6759 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6760 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6761 'eavsH0Q3\n' + 6762 '-----END X509 CRL-----\n'; 6763 6764// 证书吊销列表二进制数据,需业务自行赋值。 6765let encodingBlob: cert.EncodingBlob = { 6766 data: stringToUint8Array(crlData), 6767 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6768 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6769}; 6770 6771cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6772 if (error) { 6773 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6774 } else { 6775 console.log('createX509CRL success'); 6776 try { 6777 let sigAlgOid = x509CRL.getSignatureAlgOid(); 6778 } catch (err) { 6779 let e: BusinessError = err as BusinessError; 6780 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6781 } 6782 } 6783}); 6784``` 6785 6786### getSignatureAlgParams<sup>11+</sup> 6787 6788getSignatureAlgParams() : DataBlob 6789 6790表示获取X509证书吊销列表签名的算法参数。 6791 6792**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6793 6794**系统能力:** SystemCapability.Security.Cert 6795 6796**返回值**: 6797 6798| 类型 | 说明 | 6799| --------------------- | ---------------------------------- | 6800| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数。 | 6801 6802**错误码:** 6803 6804以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6805 6806| 错误码ID | 错误信息 | 6807| -------- | ----------------------- | 6808| 801 | this operation is not supported. | 6809| 19020001 | memory error. | 6810| 19020002 | runtime error. | 6811| 19030001 | crypto operation error. | 6812 6813**示例:** 6814 6815```ts 6816import { cert } from '@kit.DeviceCertificateKit'; 6817import { BusinessError } from '@kit.BasicServicesKit'; 6818 6819// string转Uint8Array。 6820function stringToUint8Array(str: string): Uint8Array { 6821 let arr: Array<number> = []; 6822 for (let i = 0, j = str.length; i < j; i++) { 6823 arr.push(str.charCodeAt(i)); 6824 } 6825 return new Uint8Array(arr); 6826} 6827 6828let crlData = '-----BEGIN X509 CRL-----\n' + 6829 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6830 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6831 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6832 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6833 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6834 'eavsH0Q3\n' + 6835 '-----END X509 CRL-----\n'; 6836 6837// 证书吊销列表二进制数据,需业务自行赋值。 6838let encodingBlob: cert.EncodingBlob = { 6839 data: stringToUint8Array(crlData), 6840 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6841 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6842}; 6843 6844cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6845 if (error) { 6846 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6847 } else { 6848 console.log('createX509CRL success'); 6849 try { 6850 let sigAlgParams = x509CRL.getSignatureAlgParams(); 6851 } catch (err) { 6852 let e: BusinessError = err as BusinessError; 6853 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6854 } 6855 } 6856}); 6857``` 6858 6859### getTBSInfo<sup>11+</sup> 6860 6861getTBSInfo() : DataBlob 6862 6863表示获取证书吊销列表的tbsCertList信息。 6864 6865**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6866 6867**系统能力:** SystemCapability.Security.Cert 6868 6869**返回值**: 6870 6871| 类型 | 说明 | 6872| --------------------- | --------------------------------- | 6873| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息。 | 6874 6875**错误码:** 6876 6877以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6878 6879| 错误码ID | 错误信息 | 6880| -------- | ----------------------- | 6881| 19020001 | memory error. | 6882| 19020002 | runtime error. | 6883| 19030001 | crypto operation error. | 6884 6885**示例:** 6886 6887```ts 6888import { cert } from '@kit.DeviceCertificateKit'; 6889import { BusinessError } from '@kit.BasicServicesKit'; 6890 6891// string转Uint8Array。 6892function stringToUint8Array(str: string): Uint8Array { 6893 let arr: Array<number> = []; 6894 for (let i = 0, j = str.length; i < j; i++) { 6895 arr.push(str.charCodeAt(i)); 6896 } 6897 return new Uint8Array(arr); 6898} 6899 6900let crlData = '-----BEGIN X509 CRL-----\n' + 6901 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6902 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6903 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6904 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6905 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6906 'eavsH0Q3\n' + 6907 '-----END X509 CRL-----\n'; 6908 6909// 证书吊销列表二进制数据,需业务自行赋值。 6910let encodingBlob: cert.EncodingBlob = { 6911 data: stringToUint8Array(crlData), 6912 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6913 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6914}; 6915 6916cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6917 if (error) { 6918 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6919 } else { 6920 console.log('createX509CRL success'); 6921 try { 6922 let tbsInfo = x509CRL.getTBSInfo(); 6923 } catch (error) { 6924 let e: BusinessError = error as BusinessError; 6925 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6926 } 6927 } 6928}); 6929``` 6930 6931### getExtensions<sup>11+</sup> 6932 6933getExtensions(): DataBlob 6934 6935表示获取CRL的扩展。 6936 6937**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6938 6939**系统能力:** SystemCapability.Security.Cert 6940 6941**返回值**: 6942 6943| 类型 | 说明 | 6944| --------------------- | ------------------- | 6945| [DataBlob](#datablob) | 表示X509CRL扩展用途。 | 6946 6947**错误码:** 6948 6949以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6950 6951| 错误码ID | 错误信息 | 6952| -------- | ----------------------- | 6953| 19020001 | memory error. | 6954| 19020002 | runtime error. | 6955| 19030001 | crypto operation error. | 6956 6957**示例:** 6958 6959```ts 6960import { cert } from '@kit.DeviceCertificateKit'; 6961import { BusinessError } from '@kit.BasicServicesKit'; 6962 6963// string转Uint8Array。 6964function stringToUint8Array(str: string): Uint8Array { 6965 let arr: Array<number> = []; 6966 for (let i = 0, j = str.length; i < j; i++) { 6967 arr.push(str.charCodeAt(i)); 6968 } 6969 return new Uint8Array(arr); 6970} 6971 6972let crlData = '-----BEGIN X509 CRL-----\n' + 6973 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6974 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6975 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6976 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6977 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6978 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6979 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6980 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6981 '+i2osvdPWRia0dJCL1PCA14k\n' + 6982 '-----END X509 CRL-----\n'; 6983 6984// 证书吊销列表二进制数据,需业务自行赋值。 6985let encodingBlob: cert.EncodingBlob = { 6986 data: stringToUint8Array(crlData), 6987 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6988 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6989}; 6990 6991cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6992 if (error) { 6993 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6994 } else { 6995 console.log('createX509CRL success'); 6996 try { 6997 let extensions = x509CRL.getExtensions(); 6998 } catch (error) { 6999 let e: BusinessError = error as BusinessError; 7000 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7001 } 7002 } 7003}); 7004``` 7005 7006### match<sup>11+</sup> 7007 7008match(param: X509CRLMatchParameters): boolean 7009 7010判断证书吊销列表是否与输入参数匹配。 7011 7012**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7013 7014**系统能力:** SystemCapability.Security.Cert 7015 7016**参数**: 7017 7018| 参数名 | 类型 | 必填 | 说明 | 7019| --------- | ------ | ---- | ------------------------------------------ | 7020| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| 是 | 表示需要匹配的参数。 | 7021 7022**返回值**: 7023 7024| 类型 | 说明 | 7025| --------------------- | ----------------------------------------- | 7026| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 7027 7028**错误码:** 7029 7030以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7031 7032| 错误码ID | 错误信息 | 7033| -------- | -------------- | 7034| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7035| 19020001 | memory error. | 7036| 19030001 | crypto operation error. | 7037 7038**示例:** 7039 7040```ts 7041import { cert } from '@kit.DeviceCertificateKit'; 7042import { BusinessError } from '@kit.BasicServicesKit'; 7043 7044// string转Uint8Array。 7045function stringToUint8Array(str: string): Uint8Array { 7046 let arr: Array<number> = []; 7047 for (let i = 0, j = str.length; i < j; i++) { 7048 arr.push(str.charCodeAt(i)); 7049 } 7050 return new Uint8Array(arr); 7051} 7052 7053let crlData = '-----BEGIN X509 CRL-----\n' + 7054 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7055 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7056 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7057 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7058 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7059 'eavsH0Q3\n' + 7060 '-----END X509 CRL-----\n'; 7061 7062// 证书吊销列表二进制数据,需业务自行赋值。 7063let crlEncodingBlob: cert.EncodingBlob = { 7064 data: stringToUint8Array(crlData), 7065 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7066 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7067}; 7068 7069const certData = "-----BEGIN CERTIFICATE-----\r\n" + 7070 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 7071 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 7072 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 7073 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 7074 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 7075 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 7076 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 7077 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 7078 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 7079 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 7080 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 7081 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 7082 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 7083 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 7084 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 7085 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 7086 "-----END CERTIFICATE-----\r\n"; 7087const certEncodingBlob: cert.EncodingBlob = { 7088 data: stringToUint8Array(certData), 7089 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 7090}; 7091 7092async function crlMatch() { 7093 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 7094 try { 7095 x509Cert = await cert.createX509Cert(certEncodingBlob); 7096 console.log('createX509Cert success'); 7097 } catch (err) { 7098 console.error('createX509Cert failed'); 7099 } 7100 7101 cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 7102 if (error) { 7103 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7104 } else { 7105 console.log('createX509CRL success'); 7106 try { 7107 const param: cert.X509CRLMatchParameters = { 7108 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 7109 x509Cert: x509Cert 7110 } 7111 const result = x509CRL.match(param); 7112 } catch (error) { 7113 let e: BusinessError = error as BusinessError; 7114 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7115 } 7116 } 7117 }); 7118} 7119``` 7120 7121### getIssuerX500DistinguishedName<sup>12+</sup> 7122 7123getIssuerX500DistinguishedName(): X500DistinguishedName 7124 7125获取颁发者的X509可分辨名称。 7126 7127**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7128 7129**系统能力:** SystemCapability.Security.Cert 7130 7131**返回值**: 7132 7133| 类型 | 说明 | 7134| --------------------- | ----------------------------------------- | 7135| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。 | 7136 7137**错误码:** 7138 7139以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7140 7141| 错误码ID | 错误信息 | 7142| -------- | -------------- | 7143| 19020001 | memory error. | 7144| 19020002 | runtime error. | 7145| 19030001 | crypto operation error. | 7146 7147**示例:** 7148 7149```ts 7150import { cert } from '@kit.DeviceCertificateKit'; 7151import { BusinessError } from '@kit.BasicServicesKit'; 7152 7153// string转Uint8Array。 7154function stringToUint8Array(str: string): Uint8Array { 7155 let arr: Array<number> = []; 7156 for (let i = 0, j = str.length; i < j; i++) { 7157 arr.push(str.charCodeAt(i)); 7158 } 7159 return new Uint8Array(arr); 7160} 7161 7162let crlData = '-----BEGIN X509 CRL-----\n' + 7163 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7164 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7165 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7166 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7167 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7168 'eavsH0Q3\n' + 7169 '-----END X509 CRL-----\n'; 7170 7171// 证书吊销列表二进制数据,需业务自行赋值。 7172let crlEncodingBlob: cert.EncodingBlob = { 7173 data: stringToUint8Array(crlData), 7174 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7175 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7176}; 7177 7178async function crlGetIssuerX500DistinguishedName() { 7179 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7180 try { 7181 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7182 console.log('createX509CRL success'); 7183 let name = x509Crl.getIssuerX500DistinguishedName(); 7184 } catch (err) { 7185 let e: BusinessError = err as BusinessError; 7186 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7187 } 7188} 7189``` 7190 7191### toString<sup>12+</sup> 7192 7193toString(): string 7194 7195获取对象的字符串类型数据。 7196 7197**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7198 7199**系统能力:** SystemCapability.Security.Cert 7200 7201**返回值**: 7202 7203| 类型 | 说明 | 7204| --------------------- | ----------------------------------------- | 7205| string | 对象的字符串类型数据。 | 7206 7207**错误码:** 7208 7209以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7210 7211| 错误码ID | 错误信息 | 7212| -------- | -------------- | 7213| 19020001 | memory error. | 7214| 19020002 | runtime error. | 7215| 19030001 | crypto operation error. | 7216 7217**示例:** 7218 7219```ts 7220import { cert } from '@kit.DeviceCertificateKit'; 7221import { BusinessError } from '@kit.BasicServicesKit'; 7222 7223// string转Uint8Array。 7224function stringToUint8Array(str: string): Uint8Array { 7225 let arr: Array<number> = []; 7226 for (let i = 0, j = str.length; i < j; i++) { 7227 arr.push(str.charCodeAt(i)); 7228 } 7229 return new Uint8Array(arr); 7230} 7231 7232let crlData = '-----BEGIN X509 CRL-----\n' + 7233 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7234 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7235 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7236 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7237 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7238 'eavsH0Q3\n' + 7239 '-----END X509 CRL-----\n'; 7240 7241// 证书吊销列表二进制数据,需业务自行赋值。 7242let crlEncodingBlob: cert.EncodingBlob = { 7243 data: stringToUint8Array(crlData), 7244 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7245 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7246}; 7247 7248async function crlToString() { 7249 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7250 try { 7251 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7252 console.log('createX509CRL success'); 7253 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); 7254 } catch (err) { 7255 let e: BusinessError = err as BusinessError; 7256 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7257 } 7258} 7259``` 7260 7261### hashCode<sup>12+</sup> 7262 7263hashCode(): Uint8Array 7264 7265获取DER格式数据的哈希值。 7266 7267**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7268 7269**系统能力:** SystemCapability.Security.Cert 7270 7271**返回值**: 7272 7273| 类型 | 说明 | 7274| --------------------- | ----------------------------------------- | 7275| Uint8Array | DER格式数据的哈希值。 | 7276 7277**错误码:** 7278 7279以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7280 7281| 错误码ID | 错误信息 | 7282| -------- | -------------- | 7283| 19020001 | memory error. | 7284| 19020002 | runtime error. | 7285| 19030001 | crypto operation error. | 7286 7287**示例:** 7288 7289```ts 7290import { cert } from '@kit.DeviceCertificateKit'; 7291import { BusinessError } from '@kit.BasicServicesKit'; 7292 7293// string转Uint8Array。 7294function stringToUint8Array(str: string): Uint8Array { 7295 let arr: Array<number> = []; 7296 for (let i = 0, j = str.length; i < j; i++) { 7297 arr.push(str.charCodeAt(i)); 7298 } 7299 return new Uint8Array(arr); 7300} 7301 7302let crlData = '-----BEGIN X509 CRL-----\n' + 7303 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7304 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7305 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7306 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7307 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7308 'eavsH0Q3\n' + 7309 '-----END X509 CRL-----\n'; 7310 7311// 证书吊销列表二进制数据,需业务自行赋值。 7312let crlEncodingBlob: cert.EncodingBlob = { 7313 data: stringToUint8Array(crlData), 7314 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7315 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7316}; 7317 7318async function crlHashCode() { 7319 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7320 try { 7321 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7322 console.log('createX509CRL success'); 7323 console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); 7324 } catch (err) { 7325 let e: BusinessError = err as BusinessError; 7326 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7327 } 7328} 7329``` 7330 7331### getExtensionsObject<sup>12+</sup> 7332 7333getExtensionsObject(): CertExtension 7334 7335获取对应实体的扩展域DER格式数据。 7336 7337**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7338 7339**系统能力:** SystemCapability.Security.Cert 7340 7341**返回值**: 7342 7343| 类型 | 说明 | 7344| --------------------- | ----------------------------------------- | 7345| [CertExtension](#certextension10) | 证书扩展域段类对象。| 7346 7347**错误码:** 7348 7349以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7350 7351| 错误码ID | 错误信息 | 7352| -------- | -------------- | 7353| 19020001 | memory error. | 7354| 19020002 | runtime error. | 7355| 19030001 | crypto operation error. | 7356 7357**示例:** 7358 7359```ts 7360import { cert } from '@kit.DeviceCertificateKit'; 7361import { BusinessError } from '@kit.BasicServicesKit'; 7362 7363// string转Uint8Array。 7364function stringToUint8Array(str: string): Uint8Array { 7365 let arr: Array<number> = []; 7366 for (let i = 0, j = str.length; i < j; i++) { 7367 arr.push(str.charCodeAt(i)); 7368 } 7369 return new Uint8Array(arr); 7370} 7371 7372let crlData = '-----BEGIN X509 CRL-----\n' + 7373 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 7374 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 7375 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + 7376 '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 7377 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + 7378 '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 7379 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + 7380 '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 7381 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 7382 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + 7383 '+X48g7VE2o2X4cfy\n' + 7384 '-----END X509 CRL-----\n'; 7385 7386// 证书吊销列表二进制数据,需业务自行赋值。 7387let crlEncodingBlob: cert.EncodingBlob = { 7388 data: stringToUint8Array(crlData), 7389 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7390 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7391}; 7392 7393async function crlHashCode() { 7394 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7395 try { 7396 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7397 console.log('createX509CRL success'); 7398 let object = x509Crl.getExtensionsObject(); 7399 } catch (err) { 7400 let e: BusinessError = err as BusinessError; 7401 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7402 } 7403} 7404``` 7405 7406## cert.createCertChainValidator 7407 7408createCertChainValidator(algorithm :string) : CertChainValidator 7409 7410表示创建证书链校验器对象。 7411 7412**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7413 7414**系统能力:** SystemCapability.Security.Cert 7415 7416**参数**: 7417 7418| 参数名 | 类型 | 必填 | 说明 | 7419| --------- | ------ | ---- | ------------------------------------------ | 7420| algorithm | string | 是 | 表示证书链校验器算法。当前仅支持输入“PKIX”。 | 7421 7422**返回值**: 7423 7424| 类型 | 说明 | 7425| ------------------ | -------------------- | 7426| [CertChainValidator](#certchainvalidator) | 表示证书链校验器对象。 | 7427 7428**错误码:** 7429 7430以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7431 7432| 错误码ID | 错误信息 | 7433| -------- | ----------------------- | 7434| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7435| 801 | this operation is not supported. | 7436| 19020001 | memory error. | 7437| 19020002 | runtime error. | 7438| 19030001 | crypto operation error. | 7439 7440**示例:** 7441 7442```ts 7443import { cert } from '@kit.DeviceCertificateKit'; 7444import { BusinessError } from '@kit.BasicServicesKit'; 7445 7446try { 7447 let validator = cert.createCertChainValidator('PKIX'); 7448} catch (error) { 7449 let e: BusinessError = error as BusinessError; 7450 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7451} 7452``` 7453 7454## CertChainValidator 7455 7456证书链校验器对象。 7457 7458 7459**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7460 7461**系统能力:** SystemCapability.Security.Cert 7462 7463| 名称 | 类型 | 可读 | 可写 | 说明 | 7464| ------- | ------ | ---- | ---- | -------------------------- | 7465| algorithm | string | 是 | 否 | X509证书链校验器算法名称。 | 7466 7467 7468### validate 7469 7470validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 7471 7472表示校验X509证书链,使用Callback回调异步返回结果。 7473由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7474 7475**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7476 7477**系统能力:** SystemCapability.Security.Cert 7478 7479**参数**: 7480 7481| 参数名 | 类型 | 必填 | 说明 | 7482| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 7483| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据。 | 7484| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否校验成功,error为null表示成功,error不为null表示失败。 | 7485 7486**错误码:** 7487 7488以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7489 7490| 错误码ID | 错误信息 | 7491| -------- | ------------------------------------------------- | 7492| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7493| 19020001 | memory error. | 7494| 19020002 | runtime error. | 7495| 19030001 | crypto operation error. | 7496| 19030002 | the certificate signature verification failed. | 7497| 19030003 | the certificate has not taken effect. | 7498| 19030004 | the certificate has expired. | 7499| 19030005 | failed to obtain the certificate issuer. | 7500| 19030006 | the key cannot be used for signing a certificate. | 7501| 19030007 | the key cannot be used for digital signature. | 7502 7503**示例:** 7504 7505```ts 7506import { cert } from '@kit.DeviceCertificateKit'; 7507import { BusinessError } from '@kit.BasicServicesKit'; 7508 7509// string转Uint8Array。 7510function stringToUint8Array(str: string): Uint8Array { 7511 let arr: Array<number> = []; 7512 for (let i = 0, j = str.length; i < j; i++) { 7513 arr.push(str.charCodeAt(i)); 7514 } 7515 return new Uint8Array(arr); 7516} 7517 7518// 证书链二进制数据。 7519let certPem = '-----BEGIN CERTIFICATE-----\n' + 7520 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7521 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7522 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7523 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7524 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7525 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7526 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7527 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7528 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7529 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7530 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7531 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7532 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7533 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7534 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7535 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7536 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7537 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7538 '-----END CERTIFICATE-----'; 7539 7540let caPem = '-----BEGIN CERTIFICATE-----\n' + 7541'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7542'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7543'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7544'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7545'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7546'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7547'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7548'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7549'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7550'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7551'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7552'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7553'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7554'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7555'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7556'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7557'sSus\n' + 7558'-----END CERTIFICATE-----'; 7559 7560let certPemData = stringToUint8Array(certPem); 7561let caPemData = stringToUint8Array(caPem); 7562 7563let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7564let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7565 7566let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7567certChainBuff.set(certPemDataLenData) 7568certChainBuff.set(certPemData, certPemDataLenData.length) 7569certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7570certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7571 7572let certChainData: cert.CertChainData = { 7573 data: certChainBuff, 7574 // 证书链包含的证书个数,需业务自行赋值。 7575 count: 2, 7576 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7577 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7578}; 7579 7580try { 7581 let validator = cert.createCertChainValidator('PKIX'); 7582 validator.validate(certChainData, (error, data) => { 7583 if (error) { 7584 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7585 } else { 7586 console.log('validate success'); 7587 } 7588 }); 7589} catch (error) { 7590 let e: BusinessError = error as BusinessError; 7591 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7592} 7593``` 7594 7595### validate 7596 7597validate(certChain : CertChainData) : Promise\<void> 7598 7599表示校验X509证书链,使用Promise方式异步返回结果。 7600由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7601 7602**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7603 7604**系统能力:** SystemCapability.Security.Cert 7605 7606**参数**: 7607 7608| 参数名 | 类型 | 必填 | 说明 | 7609| --------- | ------------------------------- | ---- | -------------------------- | 7610| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据。 | 7611 7612**返回值**: 7613 7614| 类型 | 说明 | 7615| -------------- | ----------- | 7616| Promise\<void> | Promise对象。 | 7617 7618**错误码:** 7619 7620以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7621 7622| 错误码ID | 错误信息 | 7623| -------- | ------------------------------------------------- | 7624| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7625| 19020001 | memory error. | 7626| 19020002 | runtime error. | 7627| 19030001 | crypto operation error. | 7628| 19030002 | the certificate signature verification failed. | 7629| 19030003 | the certificate has not taken effect. | 7630| 19030004 | the certificate has expired. | 7631| 19030005 | failed to obtain the certificate issuer. | 7632| 19030006 | the key cannot be used for signing a certificate. | 7633| 19030007 | the key cannot be used for digital signature. | 7634 7635**示例:** 7636 7637```ts 7638import { cert } from '@kit.DeviceCertificateKit'; 7639import { BusinessError } from '@kit.BasicServicesKit'; 7640 7641// string转Uint8Array。 7642function stringToUint8Array(str: string): Uint8Array { 7643 let arr: Array<number> = []; 7644 for (let i = 0, j = str.length; i < j; i++) { 7645 arr.push(str.charCodeAt(i)); 7646 } 7647 return new Uint8Array(arr); 7648} 7649 7650// 证书链数据。 7651let certPem = '-----BEGIN CERTIFICATE-----\n' + 7652 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7653 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7654 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7655 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7656 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7657 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7658 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7659 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7660 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7661 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7662 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7663 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7664 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7665 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7666 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7667 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7668 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7669 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7670 '-----END CERTIFICATE-----'; 7671 7672let caPem = '-----BEGIN CERTIFICATE-----\n' + 7673'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7674'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7675'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7676'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7677'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7678'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7679'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7680'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7681'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7682'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7683'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7684'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7685'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7686'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7687'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7688'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7689'sSus\n' + 7690'-----END CERTIFICATE-----'; 7691 7692let certPemData = stringToUint8Array(certPem); 7693let caPemData = stringToUint8Array(caPem); 7694 7695let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7696let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7697 7698let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7699certChainBuff.set(certPemDataLenData) 7700certChainBuff.set(certPemData, certPemDataLenData.length) 7701certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7702certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7703 7704let certChainData: cert.CertChainData = { 7705 data: certChainBuff, 7706 // 证书链包含的证书个数,需业务自行赋值。 7707 count: 2, 7708 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7709 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7710}; 7711 7712try { 7713 let validator = cert.createCertChainValidator('PKIX'); 7714 validator.validate(certChainData).then(result => { 7715 console.log('validate success'); 7716 }).catch((error: BusinessError) => { 7717 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7718 }); 7719} catch (error) { 7720 let e: BusinessError = error as BusinessError; 7721 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7722} 7723``` 7724 7725## X509CrlEntry<sup>(deprecated)</sup> 7726 7727被吊销证书对象。 7728 7729> **说明:** 7730> 7731> 从API version 11开始废弃,建议使用[X509CrlEntry](#x509crlentry11)替代。 7732 7733### getEncoded<sup>(deprecated)</sup> 7734 7735getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7736 7737表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 7738 7739> **说明:** 7740> 7741> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-2)替代。 7742 7743**系统能力:** SystemCapability.Security.Cert 7744 7745**参数**: 7746 7747| 参数名 | 类型 | 必填 | 说明 | 7748| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7749| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示被吊销证书的序列化数据。 | 7750 7751**错误码:** 7752 7753以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7754 7755| 错误码ID | 错误信息 | 7756| -------- | ----------------------- | 7757| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7758| 19020001 | memory error. | 7759| 19020002 | runtime error. | 7760| 19030001 | crypto operation error. | 7761 7762**示例:** 7763 7764```ts 7765import { cert } from '@kit.DeviceCertificateKit'; 7766import { BusinessError } from '@kit.BasicServicesKit'; 7767 7768// string转Uint8Array。 7769function stringToUint8Array(str: string): Uint8Array { 7770 let arr: Array<number> = []; 7771 for (let i = 0, j = str.length; i < j; i++) { 7772 arr.push(str.charCodeAt(i)); 7773 } 7774 return new Uint8Array(arr); 7775} 7776 7777let crlData = '-----BEGIN X509 CRL-----\n' + 7778 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7779 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7780 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7781 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7782 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7783 'eavsH0Q3\n' + 7784 '-----END X509 CRL-----\n' 7785 7786let encodingBlob: cert.EncodingBlob = { 7787 data: stringToUint8Array(crlData), 7788 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7789 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7790}; 7791 7792cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7793 if (err) { 7794 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7795 } else { 7796 console.log('create x509 crl success'); 7797 7798 try { 7799 let serialNumber = 1000; 7800 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7801 crlEntry.getEncoded((error, data) => { 7802 if (error) { 7803 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7804 } else { 7805 console.log('getEncoded success'); 7806 } 7807 }); 7808 } catch (error) { 7809 let e: BusinessError = error as BusinessError; 7810 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7811 } 7812 } 7813}) 7814``` 7815 7816### getEncoded<sup>(deprecated)</sup> 7817 7818getEncoded() : Promise\<EncodingBlob> 7819 7820表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 7821 7822> **说明:** 7823> 7824> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-3)替代。 7825 7826**系统能力:** SystemCapability.Security.Cert 7827 7828**返回值**: 7829 7830| 类型 | 说明 | 7831| --------------------------------------- | -------------------------- | 7832| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据。 | 7833 7834**错误码:** 7835 7836以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7837 7838| 错误码ID | 错误信息 | 7839| -------- | ----------------------- | 7840| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7841| 19020001 | memory error. | 7842| 19020002 | runtime error. | 7843| 19030001 | crypto operation error. | 7844 7845**示例:** 7846 7847```ts 7848import { cert } from '@kit.DeviceCertificateKit'; 7849import { BusinessError } from '@kit.BasicServicesKit'; 7850 7851// string转Uint8Array。 7852function stringToUint8Array(str: string): Uint8Array { 7853 let arr: Array<number> = []; 7854 for (let i = 0, j = str.length; i < j; i++) { 7855 arr.push(str.charCodeAt(i)); 7856 } 7857 return new Uint8Array(arr); 7858} 7859 7860let crlData = '-----BEGIN X509 CRL-----\n' + 7861 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7862 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7863 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7864 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7865 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7866 'eavsH0Q3\n' + 7867 '-----END X509 CRL-----\n' 7868 7869let encodingBlob: cert.EncodingBlob = { 7870 data: stringToUint8Array(crlData), 7871 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7872 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7873}; 7874 7875cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7876 if (err) { 7877 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7878 } else { 7879 console.log('create x509 crl success'); 7880 7881 try { 7882 let serialNumber = 1000; 7883 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7884 crlEntry.getEncoded().then(result => { 7885 console.log('getEncoded success'); 7886 }).catch((error: BusinessError) => { 7887 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7888 }); 7889 } catch (error) { 7890 let e: BusinessError = error as BusinessError; 7891 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7892 } 7893 } 7894}) 7895``` 7896 7897### getSerialNumber<sup>(deprecated)</sup> 7898 7899getSerialNumber() : number 7900 7901表示获取被吊销证书的序列号。 7902 7903> **说明:** 7904> 7905> 从API version 11开始废弃,建议使用[X509CRLEntry.getSerialNumber](#getserialnumber11)替代。 7906 7907**系统能力:** SystemCapability.Security.Cert 7908 7909**返回值**: 7910 7911| 类型 | 说明 | 7912| ------ | ---------------------- | 7913| number | 表示被吊销证书的序列号。 | 7914 7915**示例:** 7916 7917```ts 7918import { cert } from '@kit.DeviceCertificateKit'; 7919import { BusinessError } from '@kit.BasicServicesKit'; 7920 7921// string转Uint8Array。 7922function stringToUint8Array(str: string): Uint8Array { 7923 let arr: Array<number> = []; 7924 for (let i = 0, j = str.length; i < j; i++) { 7925 arr.push(str.charCodeAt(i)); 7926 } 7927 return new Uint8Array(arr); 7928} 7929 7930let crlData = '-----BEGIN X509 CRL-----\n' + 7931 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7932 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7933 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7934 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7935 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7936 'eavsH0Q3\n' + 7937 '-----END X509 CRL-----\n' 7938 7939let encodingBlob: cert.EncodingBlob = { 7940 data: stringToUint8Array(crlData), 7941 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7942 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7943}; 7944 7945cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7946 if (err) { 7947 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7948 } else { 7949 console.log('create x509 crl success'); 7950 7951 try { 7952 let serialNumber = 1000; 7953 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7954 serialNumber = crlEntry.getSerialNumber(); 7955 } catch (error) { 7956 let e: BusinessError = error as BusinessError; 7957 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7958 } 7959 } 7960}) 7961``` 7962 7963### getCertIssuer<sup>(deprecated)</sup> 7964 7965getCertIssuer() : DataBlob 7966 7967表示获取被吊销证书的颁发者信息。 7968 7969> **说明:** 7970> 7971> 从API version 11开始废弃,建议使用[X509CRLEntry.getCertIssuer](#getcertissuer11)替代。 7972 7973**系统能力:** SystemCapability.Security.Cert 7974 7975**返回值**: 7976 7977| 类型 | 说明 | 7978| --------------------- | ----------------------- | 7979| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息。 | 7980 7981**错误码:** 7982 7983以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7984 7985| 错误码ID | 错误信息 | 7986| -------- | -------------- | 7987| 801 | this operation is not supported. | 7988| 19020001 | memory error. | 7989| 19020002 | runtime error. | 7990 7991**示例:** 7992 7993```ts 7994import { cert } from '@kit.DeviceCertificateKit'; 7995import { BusinessError } from '@kit.BasicServicesKit'; 7996 7997// string转Uint8Array。 7998function stringToUint8Array(str: string): Uint8Array { 7999 let arr: Array<number> = []; 8000 for (let i = 0, j = str.length; i < j; i++) { 8001 arr.push(str.charCodeAt(i)); 8002 } 8003 return new Uint8Array(arr); 8004} 8005 8006let crlData = '-----BEGIN X509 CRL-----\n' + 8007 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8008 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8009 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8010 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8011 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8012 'eavsH0Q3\n' + 8013 '-----END X509 CRL-----\n' 8014 8015let encodingBlob: cert.EncodingBlob = { 8016 data: stringToUint8Array(crlData), 8017 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8018 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8019}; 8020 8021cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8022 if (err) { 8023 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8024 } else { 8025 console.log('create x509 crl success'); 8026 8027 try { 8028 let serialNumber = 1000; 8029 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8030 let issuer = crlEntry.getCertIssuer(); 8031 } catch (error) { 8032 let e: BusinessError = error as BusinessError; 8033 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8034 } 8035 } 8036}) 8037``` 8038 8039### getRevocationDate<sup>(deprecated)</sup> 8040 8041getRevocationDate() : string 8042 8043表示获取证书被吊销的日期,日期为ASN.1时间格式。 8044 8045> **说明:** 8046> 8047> 从API version 11开始废弃,建议使用[X509CRLEntry.getRevocationDate](#getrevocationdate11)替代。 8048 8049**系统能力:** SystemCapability.Security.Cert 8050 8051**返回值**: 8052 8053| 类型 | 说明 | 8054| ------ | ------------------ | 8055| string | 表示证书被吊销的日期,日期为ASN.1时间格式。 | 8056 8057**错误码:** 8058 8059以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8060 8061| 错误码ID | 错误信息 | 8062| -------- | ----------------------- | 8063| 19020001 | memory error. | 8064| 19020002 | runtime error. | 8065| 19030001 | crypto operation error. | 8066 8067**示例:** 8068 8069```ts 8070import { cert } from '@kit.DeviceCertificateKit'; 8071import { BusinessError } from '@kit.BasicServicesKit'; 8072 8073// string转Uint8Array。 8074function stringToUint8Array(str: string): Uint8Array { 8075 let arr: Array<number> = []; 8076 for (let i = 0, j = str.length; i < j; i++) { 8077 arr.push(str.charCodeAt(i)); 8078 } 8079 return new Uint8Array(arr); 8080} 8081 8082let crlData = '-----BEGIN X509 CRL-----\n' + 8083 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8084 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8085 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8086 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8087 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8088 'eavsH0Q3\n' + 8089 '-----END X509 CRL-----\n' 8090 8091let encodingBlob: cert.EncodingBlob = { 8092 data: stringToUint8Array(crlData), 8093 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8094 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8095}; 8096 8097cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8098 if (err) { 8099 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8100 } else { 8101 console.log('create x509 crl success'); 8102 8103 try { 8104 let serialNumber = 1000; 8105 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8106 let date = crlEntry.getRevocationDate(); 8107 } catch (error) { 8108 let e: BusinessError = error as BusinessError; 8109 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8110 } 8111 } 8112}) 8113``` 8114 8115## X509CRLEntry<sup>11+</sup> 8116 8117被吊销证书对象。 8118 8119### getEncoded<sup>11+</sup> 8120 8121getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 8122 8123表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 8124 8125**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8126 8127**系统能力:** SystemCapability.Security.Cert 8128 8129**参数**: 8130 8131| 参数名 | 类型 | 必填 | 说明 | 8132| -------- | --------------------------------------------- | ---- | ------------------------------------ | 8133| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示被吊销证书的序列化数据。 | 8134 8135**错误码:** 8136 8137以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8138 8139| 错误码ID | 错误信息 | 8140| -------- | ----------------------- | 8141| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8142| 19020001 | memory error. | 8143| 19020002 | runtime error. | 8144| 19030001 | crypto operation error. | 8145 8146**示例:** 8147 8148```ts 8149import { cert } from '@kit.DeviceCertificateKit'; 8150import { BusinessError } from '@kit.BasicServicesKit'; 8151 8152// string转Uint8Array。 8153function stringToUint8Array(str: string): Uint8Array { 8154 let arr: Array<number> = []; 8155 for (let i = 0, j = str.length; i < j; i++) { 8156 arr.push(str.charCodeAt(i)); 8157 } 8158 return new Uint8Array(arr); 8159} 8160 8161let crlData = '-----BEGIN X509 CRL-----\n' + 8162 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8163 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8164 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8165 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8166 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8167 'eavsH0Q3\n' + 8168 '-----END X509 CRL-----\n' 8169 8170let encodingBlob: cert.EncodingBlob = { 8171 data: stringToUint8Array(crlData), 8172 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8173 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8174}; 8175 8176cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8177 if (err) { 8178 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8179 } else { 8180 console.log('create x509 CRL success'); 8181 8182 try { 8183 let serialNumber = BigInt(1000); 8184 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8185 crlEntry.getEncoded((error, data) => { 8186 if (error) { 8187 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8188 } else { 8189 console.log('getEncoded success'); 8190 } 8191 }); 8192 } catch (error) { 8193 let e: BusinessError = error as BusinessError; 8194 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8195 } 8196 } 8197}) 8198``` 8199 8200### getEncoded<sup>11+</sup> 8201 8202getEncoded() : Promise\<EncodingBlob> 8203 8204表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 8205 8206**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8207 8208**系统能力:** SystemCapability.Security.Cert 8209 8210**返回值**: 8211 8212| 类型 | 说明 | 8213| --------------------------------------- | -------------------------- | 8214| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据。 | 8215 8216**错误码:** 8217 8218以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8219 8220| 错误码ID | 错误信息 | 8221| -------- | ----------------------- | 8222| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8223| 19020001 | memory error. | 8224| 19020002 | runtime error. | 8225| 19030001 | crypto operation error. | 8226 8227**示例:** 8228 8229```ts 8230import { cert } from '@kit.DeviceCertificateKit'; 8231import { BusinessError } from '@kit.BasicServicesKit'; 8232 8233// string转Uint8Array。 8234function stringToUint8Array(str: string): Uint8Array { 8235 let arr: Array<number> = []; 8236 for (let i = 0, j = str.length; i < j; i++) { 8237 arr.push(str.charCodeAt(i)); 8238 } 8239 return new Uint8Array(arr); 8240} 8241 8242let crlData = '-----BEGIN X509 CRL-----\n' + 8243 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8244 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8245 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8246 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8247 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8248 'eavsH0Q3\n' + 8249 '-----END X509 CRL-----\n' 8250 8251let encodingBlob: cert.EncodingBlob = { 8252 data: stringToUint8Array(crlData), 8253 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8254 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8255}; 8256 8257cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8258 if (err) { 8259 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8260 } else { 8261 console.log('create x509 CRL success'); 8262 8263 try { 8264 let serialNumber = BigInt(1000); 8265 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8266 crlEntry.getEncoded().then(result => { 8267 console.log('getEncoded success'); 8268 }).catch((error: BusinessError) => { 8269 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8270 }); 8271 } catch (error) { 8272 let e: BusinessError = error as BusinessError; 8273 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8274 } 8275 } 8276}) 8277``` 8278 8279### getSerialNumber<sup>11+</sup> 8280 8281getSerialNumber() : bigint 8282 8283表示获取被吊销证书的序列号。 8284 8285**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8286 8287**系统能力:** SystemCapability.Security.Cert 8288 8289**返回值**: 8290 8291| 类型 | 说明 | 8292| ------ | ---------------------- | 8293| bigint | 表示被吊销证书的序列号。 | 8294 8295**错误码:** 8296 8297以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8298 8299| 错误码ID | 错误信息 | 8300| -------- | ----------------------- | 8301| 19020001 | memory error. | 8302| 19020002 | runtime error. | 8303| 19030001 | crypto operation error. | 8304 8305**示例:** 8306 8307```ts 8308import { cert } from '@kit.DeviceCertificateKit'; 8309import { BusinessError } from '@kit.BasicServicesKit'; 8310 8311// string转Uint8Array。 8312function stringToUint8Array(str: string): Uint8Array { 8313 let arr: Array<number> = []; 8314 for (let i = 0, j = str.length; i < j; i++) { 8315 arr.push(str.charCodeAt(i)); 8316 } 8317 return new Uint8Array(arr); 8318} 8319 8320let crlData = '-----BEGIN X509 CRL-----\n' + 8321 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8322 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8323 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8324 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8325 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8326 'eavsH0Q3\n' + 8327 '-----END X509 CRL-----\n' 8328 8329let encodingBlob: cert.EncodingBlob = { 8330 data: stringToUint8Array(crlData), 8331 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8332 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8333}; 8334 8335cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8336 if (err) { 8337 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8338 } else { 8339 console.log('create x509 crl success'); 8340 8341 try { 8342 let serialNumber = BigInt(1000); 8343 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8344 serialNumber = crlEntry.getSerialNumber(); 8345 } catch (error) { 8346 let e: BusinessError = error as BusinessError; 8347 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8348 } 8349 } 8350}) 8351``` 8352 8353### getCertIssuer<sup>11+</sup> 8354 8355getCertIssuer() : DataBlob 8356 8357表示获取被吊销证书的颁发者信息。 8358 8359> **说明:** 8360> 8361> 获取到的被吊销证书的颁发者信息数据带字符串结束符。 8362 8363**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8364 8365**系统能力:** SystemCapability.Security.Cert 8366 8367**返回值**: 8368 8369| 类型 | 说明 | 8370| --------------------- | -------------------------- | 8371| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息。 | 8372 8373**错误码:** 8374 8375以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8376 8377| 错误码ID | 错误信息 | 8378| -------- | ----------------------- | 8379| 801 | this operation is not supported. | 8380| 19020001 | memory error. | 8381| 19020002 | runtime error. | 8382| 19030001 | crypto operation error. | 8383 8384**示例:** 8385 8386```ts 8387import { cert } from '@kit.DeviceCertificateKit'; 8388import { BusinessError } from '@kit.BasicServicesKit'; 8389 8390// string转Uint8Array。 8391function stringToUint8Array(str: string): Uint8Array { 8392 let arr: Array<number> = []; 8393 for (let i = 0, j = str.length; i < j; i++) { 8394 arr.push(str.charCodeAt(i)); 8395 } 8396 return new Uint8Array(arr); 8397} 8398 8399let crlData = '-----BEGIN X509 CRL-----\n' + 8400 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8401 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8402 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8403 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8404 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8405 'eavsH0Q3\n' + 8406 '-----END X509 CRL-----\n' 8407 8408let encodingBlob: cert.EncodingBlob = { 8409 data: stringToUint8Array(crlData), 8410 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8411 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8412}; 8413 8414cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8415 if (err) { 8416 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8417 } else { 8418 console.log('create x509 CRL success'); 8419 8420 try { 8421 let serialNumber = BigInt(1000); 8422 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8423 let issuer = crlEntry.getCertIssuer(); 8424 } catch (error) { 8425 let e: BusinessError = error as BusinessError; 8426 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8427 } 8428 } 8429}) 8430``` 8431 8432### getRevocationDate<sup>11+</sup> 8433 8434getRevocationDate() : string 8435 8436表示获取证书被吊销的日期。 8437 8438**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8439 8440**系统能力:** SystemCapability.Security.Cert 8441 8442**返回值**: 8443 8444| 类型 | 说明 | 8445| ------ | -------------------- | 8446| string | 表示证书被吊销的日期。 | 8447 8448**错误码:** 8449 8450以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8451 8452| 错误码ID | 错误信息 | 8453| -------- | ----------------------- | 8454| 19020001 | memory error. | 8455| 19020002 | runtime error. | 8456| 19030001 | crypto operation error. | 8457 8458**示例:** 8459 8460```ts 8461import { cert } from '@kit.DeviceCertificateKit'; 8462import { BusinessError } from '@kit.BasicServicesKit'; 8463 8464// string转Uint8Array。 8465function stringToUint8Array(str: string): Uint8Array { 8466 let arr: Array<number> = []; 8467 for (let i = 0, j = str.length; i < j; i++) { 8468 arr.push(str.charCodeAt(i)); 8469 } 8470 return new Uint8Array(arr); 8471} 8472 8473let crlData = '-----BEGIN X509 CRL-----\n' + 8474 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8475 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8476 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8477 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8478 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8479 'eavsH0Q3\n' + 8480 '-----END X509 CRL-----\n' 8481 8482let encodingBlob: cert.EncodingBlob = { 8483 data: stringToUint8Array(crlData), 8484 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8485 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8486}; 8487 8488cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8489 if (err) { 8490 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8491 } else { 8492 console.log('create x509 CRL success'); 8493 8494 try { 8495 let serialNumber = BigInt(1000); 8496 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8497 let date = crlEntry.getRevocationDate(); 8498 } catch (error) { 8499 let e: BusinessError = error as BusinessError; 8500 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8501 } 8502 } 8503}) 8504``` 8505 8506### getExtensions<sup>11+</sup> 8507 8508getExtensions(): DataBlob 8509 8510表示获取CRL的扩展。 8511 8512**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8513 8514**系统能力:** SystemCapability.Security.Cert 8515 8516**返回值**: 8517 8518| 类型 | 说明 | 8519| --------------------- | ------------------------ | 8520| [DataBlob](#datablob) | 表示X509CRLEntry扩展用途。 | 8521 8522**错误码:** 8523 8524以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8525 8526| 错误码ID | 错误信息 | 8527| -------- | ----------------------- | 8528| 19020001 | memory error. | 8529| 19020002 | runtime error. | 8530| 19030001 | crypto operation error. | 8531 8532**示例:** 8533 8534```ts 8535import { cert } from '@kit.DeviceCertificateKit'; 8536import { BusinessError } from '@kit.BasicServicesKit'; 8537 8538// string转Uint8Array。 8539function stringToUint8Array(str: string): Uint8Array { 8540 let arr: Array<number> = []; 8541 for (let i = 0, j = str.length; i < j; i++) { 8542 arr.push(str.charCodeAt(i)); 8543 } 8544 return new Uint8Array(arr); 8545} 8546 8547let crlData = '-----BEGIN X509 CRL-----\n' + 8548 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 8549 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 8550 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 8551 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 8552 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 8553 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 8554 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 8555 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 8556 '+i2osvdPWRia0dJCL1PCA14k\n' + 8557 '-----END X509 CRL-----\n'; 8558 8559let encodingBlob: cert.EncodingBlob = { 8560 data: stringToUint8Array(crlData), 8561 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8562 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8563}; 8564 8565cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8566 if (err) { 8567 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8568 } else { 8569 console.log('create x509 CRL success'); 8570 8571 try { 8572 let serialNumber = BigInt(4); 8573 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8574 let extensions = crlEntry.getExtensions(); 8575 } catch (error) { 8576 let e: BusinessError = error as BusinessError; 8577 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8578 } 8579 } 8580}) 8581``` 8582 8583### hasExtensions<sup>11+</sup> 8584 8585hasExtensions(): boolean 8586 8587表示判断CRL Entry是否有扩展。 8588 8589**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8590 8591**系统能力:** SystemCapability.Security.Cert 8592 8593**返回值**: 8594 8595| 类型 | 说明 | 8596| ------- | ---------------------------------------------------- | 8597| boolean | 返回true则表示CRL Entry有扩展,返回false则表示无扩展。 | 8598 8599**错误码:** 8600 8601以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8602 8603| 错误码ID | 错误信息 | 8604| -------- | ----------------------- | 8605| 19020001 | memory error. | 8606| 19020002 | runtime error. | 8607| 19030001 | crypto operation error. | 8608 8609**示例:** 8610 8611```ts 8612import { cert } from '@kit.DeviceCertificateKit'; 8613import { BusinessError } from '@kit.BasicServicesKit'; 8614 8615// string转Uint8Array。 8616function stringToUint8Array(str: string): Uint8Array { 8617 let arr: Array<number> = []; 8618 for (let i = 0, j = str.length; i < j; i++) { 8619 arr.push(str.charCodeAt(i)); 8620 } 8621 return new Uint8Array(arr); 8622} 8623 8624let crlData = '-----BEGIN X509 CRL-----\n' + 8625 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8626 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8627 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8628 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8629 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8630 'eavsH0Q3\n' + 8631 '-----END X509 CRL-----\n' 8632 8633let encodingBlob: cert.EncodingBlob = { 8634 data: stringToUint8Array(crlData), 8635 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8636 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8637}; 8638 8639cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8640 if (err) { 8641 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8642 } else { 8643 console.log('create x509 CRL success'); 8644 8645 try { 8646 let serialNumber = BigInt(1000); 8647 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8648 let hasExtensions = crlEntry.hasExtensions(); 8649 } catch (error) { 8650 let e: BusinessError = error as BusinessError; 8651 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8652 } 8653 } 8654}) 8655``` 8656 8657### getCertIssuerX500DistinguishedName<sup>12+</sup> 8658 8659getCertIssuerX500DistinguishedName(): X500DistinguishedName 8660 8661获取证书颁发者的X509可分辨名称。 8662 8663**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8664 8665**系统能力:** SystemCapability.Security.Cert 8666 8667**返回值**: 8668 8669| 类型 | 说明 | 8670| ------- | ---------------------------------------------------- | 8671| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 8672 8673**错误码:** 8674 8675以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8676 8677| 错误码ID | 错误信息 | 8678| -------- | ----------------------- | 8679| 19020001 | memory error. | 8680| 19020002 | runtime error. | 8681| 19030001 | crypto operation error. | 8682 8683**示例:** 8684 8685```ts 8686import { cert } from '@kit.DeviceCertificateKit'; 8687import { BusinessError } from '@kit.BasicServicesKit'; 8688 8689// string转Uint8Array。 8690function stringToUint8Array(str: string): Uint8Array { 8691 let arr: Array<number> = []; 8692 for (let i = 0, j = str.length; i < j; i++) { 8693 arr.push(str.charCodeAt(i)); 8694 } 8695 return new Uint8Array(arr); 8696} 8697 8698let crlData = '-----BEGIN X509 CRL-----\n' + 8699 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8700 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8701 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8702 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8703 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8704 'eavsH0Q3\n' + 8705 '-----END X509 CRL-----\n' 8706 8707let encodingBlob: cert.EncodingBlob = { 8708 data: stringToUint8Array(crlData), 8709 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8710 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8711}; 8712 8713async function certGetCertIssuerX500DistinguishedName() { 8714 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8715 try { 8716 x509Crl = await cert.createX509CRL(encodingBlob); 8717 console.log('createX509CRL success'); 8718 let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); 8719 } catch (error) { 8720 let e: BusinessError = error as BusinessError; 8721 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8722 } 8723} 8724``` 8725 8726### toString<sup>12+</sup> 8727 8728toString(): string 8729 8730获取对象的字符串类型数据。 8731 8732**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8733 8734**系统能力:** SystemCapability.Security.Cert 8735 8736**返回值**: 8737 8738| 类型 | 说明 | 8739| ------- | ---------------------------------------------------- | 8740| string | 对象的字符串类型数据。| 8741 8742**错误码:** 8743 8744以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8745 8746| 错误码ID | 错误信息 | 8747| -------- | ----------------------- | 8748| 19020001 | memory error. | 8749| 19020002 | runtime error. | 8750| 19030001 | crypto operation error. | 8751 8752**示例:** 8753 8754```ts 8755import { cert } from '@kit.DeviceCertificateKit'; 8756import { BusinessError } from '@kit.BasicServicesKit'; 8757 8758// string转Uint8Array。 8759function stringToUint8Array(str: string): Uint8Array { 8760 let arr: Array<number> = []; 8761 for (let i = 0, j = str.length; i < j; i++) { 8762 arr.push(str.charCodeAt(i)); 8763 } 8764 return new Uint8Array(arr); 8765} 8766 8767let crlData = '-----BEGIN X509 CRL-----\n' + 8768 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8769 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8770 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8771 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8772 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8773 'eavsH0Q3\n' + 8774 '-----END X509 CRL-----\n' 8775 8776let encodingBlob: cert.EncodingBlob = { 8777 data: stringToUint8Array(crlData), 8778 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8779 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8780}; 8781 8782async function certToString() { 8783 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8784 try { 8785 x509Crl = await cert.createX509CRL(encodingBlob); 8786 console.log('createX509CRL success'); 8787 console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); 8788 } catch (error) { 8789 let e: BusinessError = error as BusinessError; 8790 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8791 } 8792} 8793``` 8794 8795### hashCode<sup>12+</sup> 8796 8797hashCode(): Uint8Array 8798 8799获取DER格式数据的哈希值。 8800 8801**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8802 8803**系统能力:** SystemCapability.Security.Cert 8804 8805**返回值**: 8806 8807| 类型 | 说明 | 8808| ------- | ---------------------------------------------------- | 8809| Uint8Array | DER格式数据的哈希值。| 8810 8811**错误码:** 8812 8813以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8814 8815| 错误码ID | 错误信息 | 8816| -------- | ----------------------- | 8817| 19020001 | memory error. | 8818| 19020002 | runtime error. | 8819| 19030001 | crypto operation error. | 8820 8821**示例:** 8822 8823```ts 8824import { cert } from '@kit.DeviceCertificateKit'; 8825import { BusinessError } from '@kit.BasicServicesKit'; 8826 8827// string转Uint8Array。 8828function stringToUint8Array(str: string): Uint8Array { 8829 let arr: Array<number> = []; 8830 for (let i = 0, j = str.length; i < j; i++) { 8831 arr.push(str.charCodeAt(i)); 8832 } 8833 return new Uint8Array(arr); 8834} 8835 8836let crlData = '-----BEGIN X509 CRL-----\n' + 8837 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8838 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8839 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8840 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8841 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8842 'eavsH0Q3\n' + 8843 '-----END X509 CRL-----\n' 8844 8845let encodingBlob: cert.EncodingBlob = { 8846 data: stringToUint8Array(crlData), 8847 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8848 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8849}; 8850 8851async function certHashCode() { 8852 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8853 try { 8854 x509Crl = await cert.createX509CRL(encodingBlob); 8855 console.log('createX509CRL success'); 8856 console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); 8857 } catch (error) { 8858 let e: BusinessError = error as BusinessError; 8859 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8860 } 8861} 8862``` 8863 8864### getExtensionsObject<sup>12+</sup> 8865 8866getExtensionsObject(): CertExtension 8867 8868获取对应实体的扩展域DER格式数据。 8869 8870**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8871 8872**系统能力:** SystemCapability.Security.Cert 8873 8874**返回值**: 8875 8876| 类型 | 说明 | 8877| ------- | ---------------------------------------------------- | 8878| [CertExtension](#certextension10) | 证书扩展域段类对象。| 8879 8880**错误码:** 8881 8882以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8883 8884| 错误码ID | 错误信息 | 8885| -------- | ----------------------- | 8886| 19020001 | memory error. | 8887| 19020002 | runtime error. | 8888| 19030001 | crypto operation error. | 8889 8890**示例:** 8891 8892```ts 8893import { cert } from '@kit.DeviceCertificateKit'; 8894import { BusinessError } from '@kit.BasicServicesKit'; 8895 8896// string转Uint8Array。 8897function stringToUint8Array(str: string): Uint8Array { 8898 let arr: Array<number> = []; 8899 for (let i = 0, j = str.length; i < j; i++) { 8900 arr.push(str.charCodeAt(i)); 8901 } 8902 return new Uint8Array(arr); 8903} 8904 8905let crlData = '-----BEGIN X509 CRL-----\n' + 8906 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 8907 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 8908 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 8909 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 8910 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 8911 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 8912 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 8913 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 8914 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + 8915 '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 8916 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 8917 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 8918 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 8919 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 8920 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 8921 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + 8922 '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 8923 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 8924 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 8925 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 8926 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 8927 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 8928 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 8929 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 8930 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 8931 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 8932 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 8933 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 8934 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + 8935 '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 8936 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 8937 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 8938 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 8939 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 8940 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 8941 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 8942 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 8943 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 8944 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 8945 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 8946 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 8947 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 8948 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 8949 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 8950 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 8951 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 8952 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 8953 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 8954 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 8955 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 8956 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 8957 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 8958 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + 8959 '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 8960 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 8961 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 8962 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 8963 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 8964 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 8965 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 8966 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 8967 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + 8968 '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 8969 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 8970 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 8971 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 8972 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 8973 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + 8974 '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 8975 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 8976 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + 8977 '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 8978 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + 8979 '-----END X509 CRL-----\n'; 8980 8981let encodingBlob: cert.EncodingBlob = { 8982 data: stringToUint8Array(crlData), 8983 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8984 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8985}; 8986 8987async function certGetExtensionsObject() { 8988 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8989 try { 8990 x509Crl = await cert.createX509CRL(encodingBlob); 8991 console.log('createX509CRL success'); 8992 let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); 8993 } catch (error) { 8994 let e: BusinessError = error as BusinessError; 8995 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8996 } 8997} 8998``` 8999 9000## cert.createCertCRLCollection<sup>11+</sup> 9001 9002createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 9003 9004表示创建证书和证书吊销列表集合对象,并返回相应的结果。 9005 9006**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9007 9008**系统能力:** SystemCapability.Security.Cert 9009 9010**参数**: 9011 9012| 参数名 | 类型 | 必填 | 说明 | 9013| -------- | ------------------------------------- | ---- | ------------------------------ | 9014| certs | Array\<[X509Cert](#x509cert)> | 是 | X509Cert数组。 | 9015| crls | Array\<[X509CRL](#x509crl11)> | 否 | X509CRL数组。 | 9016 9017**返回值**: 9018 9019| 类型 | 说明 | 9020| ------------------ | -------------------- | 9021| [CertCRLCollection](#certcrlcollection11) | 表示证书和证书吊销列表集合对象。 | 9022 9023**错误码:** 9024 9025以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9026 9027| 错误码ID | 错误信息 | 9028| -------- | ----------------------- | 9029| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9030| 19020001 | memory error. | 9031 9032**示例:** 9033 9034```ts 9035import { cert } from '@kit.DeviceCertificateKit'; 9036import { BusinessError } from '@kit.BasicServicesKit'; 9037 9038// string转Uint8Array。 9039function stringToUint8Array(str: string): Uint8Array { 9040 let arr: Array<number> = []; 9041 for (let i = 0, j = str.length; i < j; i++) { 9042 arr.push(str.charCodeAt(i)); 9043 } 9044 return new Uint8Array(arr); 9045} 9046 9047async function createX509CRL(): Promise<cert.X509CRL> { 9048 let crlData = '-----BEGIN X509 CRL-----\n' + 9049 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9050 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9051 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9052 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9053 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9054 'eavsH0Q3\n' + 9055 '-----END X509 CRL-----\n'; 9056 9057 // 证书吊销列表二进制数据,需业务自行赋值。 9058 let encodingBlob: cert.EncodingBlob = { 9059 data: stringToUint8Array(crlData), 9060 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9061 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9062 }; 9063 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9064 try { 9065 x509CRL = await cert.createX509CRL(encodingBlob); 9066 } catch (err) { 9067 let e: BusinessError = err as BusinessError; 9068 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9069 } 9070 return x509CRL; 9071} 9072 9073async function createX509Cert(): Promise<cert.X509Cert> { 9074 let certData = '-----BEGIN CERTIFICATE-----\n' + 9075 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9076 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9077 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9078 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9079 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9080 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9081 'Qw==\n' + 9082 '-----END CERTIFICATE-----\n'; 9083 9084 let encodingBlob: cert.EncodingBlob = { 9085 data: stringToUint8Array(certData), 9086 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9087 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9088 }; 9089 9090 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9091 try { 9092 x509Cert = await cert.createX509Cert(encodingBlob); 9093 } catch (err) { 9094 let e: BusinessError = err as BusinessError; 9095 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9096 } 9097 return x509Cert; 9098} 9099 9100async function createCollection() { 9101 const x509Cert = await createX509Cert(); 9102 const x509CRL = await createX509CRL(); 9103 try { 9104 const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 9105 console.log('createCertCRLCollection success'); 9106 } catch (err) { 9107 console.error('createCertCRLCollection failed'); 9108 } 9109} 9110``` 9111 9112## CertCRLCollection<sup>11+</sup> 9113 9114证书和证书吊销列表集合对象。 9115 9116### selectCerts<sup>11+</sup> 9117 9118selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 9119 9120查找证书和证书吊销列表集合中所有与参数匹配的证书对象,使用Promise方式异步返回结果。 9121 9122**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9123 9124**系统能力:** SystemCapability.Security.Cert 9125 9126**参数**: 9127 9128| 参数名 | 类型 | 必填 | 说明 | 9129| --------- | ------------------------------- | ---- | ------------ | 9130| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 9131 9132**返回值**: 9133 9134| 类型 | 说明 | 9135| --------------------------------------- | --------------------------------------- | 9136| Promise\<Array\<[X509Cert](#x509cert)>> | Promise对象。表示匹配到的证书对象数组。 | 9137 9138**错误码:** 9139 9140以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9141 9142| 错误码ID | 错误信息 | 9143| -------- | ----------------------- | 9144| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9145| 19020001 | memory error. | 9146| 19030001 | crypto operation error. | 9147 9148**示例:** 9149 9150```ts 9151import { cert } from '@kit.DeviceCertificateKit'; 9152import { BusinessError } from '@kit.BasicServicesKit'; 9153 9154// string转Uint8Array。 9155function stringToUint8Array(str: string): Uint8Array { 9156 let arr: Array<number> = []; 9157 for (let i = 0, j = str.length; i < j; i++) { 9158 arr.push(str.charCodeAt(i)); 9159 } 9160 return new Uint8Array(arr); 9161} 9162 9163async function createX509Cert(): Promise<cert.X509Cert> { 9164 let certData = '-----BEGIN CERTIFICATE-----\n' + 9165 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9166 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9167 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9168 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9169 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9170 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9171 'Qw==\n' + 9172 '-----END CERTIFICATE-----\n'; 9173 9174 let encodingBlob: cert.EncodingBlob = { 9175 data: stringToUint8Array(certData), 9176 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9177 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9178 }; 9179 9180 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9181 try { 9182 x509Cert = await cert.createX509Cert(encodingBlob); 9183 } catch (err) { 9184 let e: BusinessError = err as BusinessError; 9185 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9186 } 9187 return x509Cert; 9188} 9189 9190async function selectCerts() { 9191 const x509Cert = await createX509Cert(); 9192 const collection = cert.createCertCRLCollection([x509Cert]); 9193 9194 try { 9195 const param: cert.X509CertMatchParameters = { 9196 x509Cert, 9197 validDate: '20231121074700Z', 9198 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9199 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9200 publicKeyAlgID: '1.2.840.10045.2.1' 9201 }; 9202 const certs = await collection.selectCerts(param); 9203 console.log('call selectCerts success'); 9204 } catch (err) { 9205 console.error('call selectCerts failed'); 9206 } 9207} 9208``` 9209 9210### selectCerts<sup>11+</sup> 9211 9212selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 9213 9214查找证书和证书吊销列表集合中所有与参数匹配的证书对象, 使用Callback回调异步返回结果。 9215 9216**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9217 9218**系统能力:** SystemCapability.Security.Cert 9219 9220**参数**: 9221 9222| 参数名 | 类型 | 必填 | 说明 | 9223| --------- | ------------------------------- | ---- | ----------------- | 9224| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 9225| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | 是 | 回调函数,表示匹配到的证书对象数组。 | 9226 9227**错误码:** 9228 9229以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9230 9231| 错误码ID | 错误信息 | 9232| -------- | ----------------------- | 9233| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9234| 19020001 | memory error. | 9235| 19030001 | crypto operation error. | 9236 9237**示例:** 9238 9239```ts 9240import { cert } from '@kit.DeviceCertificateKit'; 9241import { BusinessError } from '@kit.BasicServicesKit'; 9242 9243// string转Uint8Array。 9244function stringToUint8Array(str: string): Uint8Array { 9245 let arr: Array<number> = []; 9246 for (let i = 0, j = str.length; i < j; i++) { 9247 arr.push(str.charCodeAt(i)); 9248 } 9249 return new Uint8Array(arr); 9250} 9251 9252async function createX509Cert(): Promise<cert.X509Cert> { 9253 let certData = '-----BEGIN CERTIFICATE-----\n' + 9254 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9255 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9256 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9257 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9258 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9259 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9260 'Qw==\n' + 9261 '-----END CERTIFICATE-----\n'; 9262 9263 let encodingBlob: cert.EncodingBlob = { 9264 data: stringToUint8Array(certData), 9265 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9266 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9267 }; 9268 9269 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9270 try { 9271 x509Cert = await cert.createX509Cert(encodingBlob); 9272 } catch (err) { 9273 let e: BusinessError = err as BusinessError; 9274 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9275 } 9276 return x509Cert; 9277} 9278 9279async function selectCerts() { 9280 const x509Cert = await createX509Cert(); 9281 const collection = cert.createCertCRLCollection([x509Cert]); 9282 // 需业务自行赋值。 9283 const param: cert.X509CertMatchParameters = { 9284 x509Cert, 9285 validDate: '20231121074700Z', 9286 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9287 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9288 publicKeyAlgID: '1.2.840.10045.2.1' 9289 }; 9290 collection.selectCerts(param, (err, certs) => { 9291 if (err) { 9292 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9293 } else { 9294 console.log('selectCerts success'); 9295 } 9296 }); 9297} 9298``` 9299 9300### selectCRLs<sup>11+</sup> 9301 9302selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 9303 9304查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Promise方式异步返回结果。 9305 9306**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9307 9308**系统能力:** SystemCapability.Security.Cert 9309 9310**参数**: 9311 9312| 参数名 | 类型 | 必填 | 说明 | 9313| --------- | ------------------------------- | ---- | ------------ | 9314| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数。 | 9315 9316**返回值**: 9317 9318| 类型 | 说明 | 9319| -------------- | ----------- | 9320| Promise\<Array\<[X509CRL](#x509crl11)>> | Promise对象,表示匹配到的证书吊销列表对象数组。 | 9321 9322**错误码:** 9323 9324以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9325 9326| 错误码ID | 错误信息 | 9327| -------- | ----------------------- | 9328| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9329| 19020001 | memory error. | 9330| 19030001 | crypto operation error. | 9331 9332**示例:** 9333 9334```ts 9335import { cert } from '@kit.DeviceCertificateKit'; 9336import { BusinessError } from '@kit.BasicServicesKit'; 9337 9338// string转Uint8Array。 9339function stringToUint8Array(str: string): Uint8Array { 9340 let arr: Array<number> = []; 9341 for (let i = 0, j = str.length; i < j; i++) { 9342 arr.push(str.charCodeAt(i)); 9343 } 9344 return new Uint8Array(arr); 9345} 9346 9347async function createX509CRL(): Promise<cert.X509CRL> { 9348 let crlData = '-----BEGIN X509 CRL-----\n' + 9349 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9350 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9351 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9352 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9353 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9354 'eavsH0Q3\n' + 9355 '-----END X509 CRL-----\n'; 9356 9357 // 证书吊销列表二进制数据,需业务自行赋值。 9358 let encodingBlob: cert.EncodingBlob = { 9359 data: stringToUint8Array(crlData), 9360 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9361 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9362 }; 9363 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9364 try { 9365 x509CRL = await cert.createX509CRL(encodingBlob); 9366 } catch (err) { 9367 let e: BusinessError = err as BusinessError; 9368 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9369 } 9370 return x509CRL; 9371} 9372 9373async function createX509Cert(): Promise<cert.X509Cert> { 9374 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9375 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9376 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9377 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9378 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9379 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9380 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9381 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9382 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9383 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9384 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9385 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9386 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9387 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9388 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9389 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9390 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9391 "-----END CERTIFICATE-----\r\n"; 9392 const certEncodingBlob: cert.EncodingBlob = { 9393 data: stringToUint8Array(certData), 9394 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9395 }; 9396 9397 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9398 try { 9399 x509Cert = await cert.createX509Cert(certEncodingBlob); 9400 console.log('createX509Cert success'); 9401 } catch (err) { 9402 console.error('createX509Cert failed'); 9403 } 9404 return x509Cert; 9405} 9406 9407async function selectCRLs() { 9408 const x509CRL = await createX509CRL(); 9409 const x509Cert = await createX509Cert(); 9410 const collection = cert.createCertCRLCollection([], [x509CRL]); 9411 9412 const param: cert.X509CRLMatchParameters = { 9413 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9414 x509Cert: x509Cert 9415 } 9416 try { 9417 const crls = await collection.selectCRLs(param); 9418 console.log('selectCRLs success'); 9419 } catch (err) { 9420 console.error('selectCRLs failed'); 9421 } 9422} 9423``` 9424 9425### selectCRLs<sup>11+</sup> 9426 9427selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 9428 9429查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Callback回调异步返回结果。 9430 9431**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9432 9433**系统能力:** SystemCapability.Security.Cert 9434 9435**参数**: 9436 9437| 参数名 | 类型 | 必填 | 说明 | 9438| --------- | ------------------------------- | ---- | ----------------- | 9439| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数对象。 | 9440| callback | AsyncCallback\<Array\<[X509CRL](#x509crl11)>> | 是 | 回调函数,表示匹配到的证书吊销列表对象数组。 | 9441 9442**错误码:** 9443 9444以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9445 9446| 错误码ID | 错误信息 | 9447| -------- | ----------------------- | 9448| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9449| 19020001 | memory error. | 9450| 19030001 | crypto operation error. | 9451 9452**示例:** 9453 9454```ts 9455import { cert } from '@kit.DeviceCertificateKit'; 9456import { BusinessError } from '@kit.BasicServicesKit'; 9457 9458// string转Uint8Array。 9459function stringToUint8Array(str: string): Uint8Array { 9460 let arr: Array<number> = []; 9461 for (let i = 0, j = str.length; i < j; i++) { 9462 arr.push(str.charCodeAt(i)); 9463 } 9464 return new Uint8Array(arr); 9465} 9466 9467async function createX509CRL(): Promise<cert.X509CRL> { 9468 let crlData = '-----BEGIN X509 CRL-----\n' + 9469 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9470 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9471 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9472 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9473 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9474 'eavsH0Q3\n' + 9475 '-----END X509 CRL-----\n'; 9476 9477 // 证书吊销列表二进制数据,需业务自行赋值。 9478 let encodingBlob: cert.EncodingBlob = { 9479 data: stringToUint8Array(crlData), 9480 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9481 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9482 }; 9483 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9484 try { 9485 x509CRL = await cert.createX509CRL(encodingBlob); 9486 } catch (err) { 9487 let e: BusinessError = err as BusinessError; 9488 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9489 } 9490 return x509CRL; 9491} 9492 9493async function createX509Cert(): Promise<cert.X509Cert> { 9494 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9495 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9496 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9497 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9498 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9499 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9500 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9501 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9502 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9503 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9504 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9505 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9506 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9507 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9508 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9509 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9510 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9511 "-----END CERTIFICATE-----\r\n"; 9512 const certEncodingBlob: cert.EncodingBlob = { 9513 data: stringToUint8Array(certData), 9514 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9515 }; 9516 9517 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9518 try { 9519 x509Cert = await cert.createX509Cert(certEncodingBlob); 9520 console.log('createX509Cert success'); 9521 } catch (err) { 9522 console.error('createX509Cert failed'); 9523 } 9524 return x509Cert; 9525} 9526 9527async function selectCRLs() { 9528 const x509CRL = await createX509CRL(); 9529 const x509Cert = await createX509Cert(); 9530 const collection = cert.createCertCRLCollection([], [x509CRL]); 9531 9532 const param: cert.X509CRLMatchParameters = { 9533 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9534 x509Cert: x509Cert 9535 } 9536 collection.selectCRLs(param, (err, crls) => { 9537 if (err) { 9538 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9539 } else { 9540 console.log('selectCRLs success'); 9541 } 9542 }); 9543} 9544``` 9545 9546## cert.createX509CertChain<sup>11+</sup> 9547 9548createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 9549 9550表示创建X509证书链对象,使用Promise方式异步返回结果。 9551 9552**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9553 9554**系统能力:** SystemCapability.Security.Cert 9555 9556**参数:** 9557 9558| 参数名 | 类型 | 必填 | 说明 | 9559| -------- | ----------------------------- | ---- | -------------------- | 9560| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9561 9562**返回值:** 9563 9564| 类型 | 说明 | 9565| ------------------------------- | ---------------- | 9566| Promise\<[X509CertChain](#x509certchain11)> | 表示X509证书链对象。 | 9567 9568**错误码:** 9569 9570以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9571 9572| 错误码ID | 错误信息 | 9573| -------- | ------------- | 9574| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9575| 19020001 | memory error. | 9576| 19030001 | crypto operation error. | 9577 9578**示例:** 9579 9580```ts 9581import { cert } from '@kit.DeviceCertificateKit'; 9582import { BusinessError } from '@kit.BasicServicesKit'; 9583 9584// string转Uint8Array。 9585function stringToUint8Array(str: string): Uint8Array { 9586 let arr: Array<number> = []; 9587 for (let i = 0, j = str.length; i < j; i++) { 9588 arr.push(str.charCodeAt(i)); 9589 } 9590 return new Uint8Array(arr); 9591} 9592 9593async function createX509CertChain(): Promise<cert.X509CertChain> { 9594 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9595 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9596 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9597 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9598 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9599 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9600 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9601 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9602 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9603 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9604 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9605 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9606 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9607 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9608 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9609 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9610 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9611 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9612 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9613 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9614 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9615 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9616 "-----END CERTIFICATE-----\n" + 9617 "-----BEGIN CERTIFICATE-----\n" + 9618 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9619 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9620 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9621 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9622 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9623 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9624 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9625 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9626 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9627 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9628 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9629 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9630 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9631 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9632 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9633 "uKPWR9dKBA==\n" + 9634 "-----END CERTIFICATE-----\n" + 9635 "-----BEGIN CERTIFICATE-----\n" + 9636 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9637 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9638 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9639 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9640 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9641 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9642 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9643 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9644 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9645 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9646 "xjoE\n" + 9647 "-----END CERTIFICATE-----\n"; 9648 9649 // 证书链二进制数据,需业务自行赋值。 9650 let encodingBlob: cert.EncodingBlob = { 9651 data: stringToUint8Array(certChainData), 9652 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 9653 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9654 }; 9655 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9656 try { 9657 x509CertChain = await cert.createX509CertChain(encodingBlob); 9658 } catch (error) { 9659 let e: BusinessError = error as BusinessError; 9660 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9661 } 9662 return x509CertChain; 9663} 9664 9665createX509CertChain(); 9666``` 9667 9668## cert.createX509CertChain<sup>11+</sup> 9669 9670createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 9671 9672表示创建X509证书链对象,使用Callback回调异步返回结果。 9673 9674**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9675 9676**系统能力:** SystemCapability.Security.Cert 9677 9678**参数:** 9679 9680| 参数名 | 类型 | 必填 | 说明 | 9681| -------- | ------------------------------------- | ---- | -------------------------- | 9682| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9683| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | 是 | 回调函数,表示X509证书链对象。 | 9684 9685**错误码:** 9686 9687以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9688 9689| 错误码ID | 错误信息 | 9690| -------- | ------------- | 9691| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9692| 19020001 | memory error. | 9693| 19030001 | crypto operation error. | 9694 9695**示例:** 9696 9697```ts 9698import { cert } from '@kit.DeviceCertificateKit'; 9699 9700// string转Uint8Array。 9701function stringToUint8Array(str: string): Uint8Array { 9702 let arr: Array<number> = []; 9703 for (let i = 0, j = str.length; i < j; i++) { 9704 arr.push(str.charCodeAt(i)); 9705 } 9706 return new Uint8Array(arr); 9707} 9708 9709let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9710 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9711 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9712 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9713 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9714 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9715 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9716 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9717 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9718 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9719 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9720 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9721 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9722 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9723 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9724 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9725 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9726 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9727 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9728 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9729 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9730 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9731 "-----END CERTIFICATE-----\n" + 9732 "-----BEGIN CERTIFICATE-----\n" + 9733 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9734 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9735 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9736 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9737 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9738 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9739 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9740 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9741 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9742 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9743 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9744 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9745 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9746 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9747 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9748 "uKPWR9dKBA==\n" + 9749 "-----END CERTIFICATE-----\n" + 9750 "-----BEGIN CERTIFICATE-----\n" + 9751 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9752 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9753 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9754 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9755 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9756 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9757 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9758 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9759 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9760 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9761 "xjoE\n" + 9762 "-----END CERTIFICATE-----\n"; 9763 9764// 证书链二进制数据,需业务自行赋值。 9765let encodingBlob: cert.EncodingBlob = { 9766 data: stringToUint8Array(certChainData), 9767 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 9768 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9769}; 9770 9771cert.createX509CertChain(encodingBlob, (err, certChain) => { 9772 if (err) { 9773 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9774 } else { 9775 console.log('createX509CertChain success'); 9776 } 9777}); 9778``` 9779 9780## cert.createX509CertChain<sup>11+</sup> 9781 9782createX509CertChain(certs: Array\<X509Cert>): X509CertChain 9783 9784表示使用X509Cert数组方式创建X509证书链对象,并同步返回结果。 9785 9786**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9787 9788**系统能力:** SystemCapability.Security.Cert 9789 9790**参数:** 9791 9792| 参数名 | 类型 | 必填 | 说明 | 9793| -------- | -------------------- | ---- | -------------------------- | 9794| certs | Array\<[X509Cert](#x509cert)> | 是 | X509证书对象数组。 | 9795 9796**返回值:** 9797 9798| 类型 | 说明 | 9799| --------------------------------- | -------------------- | 9800| [X509CertChain](#x509certchain11) | 表示X509证书链对象。 | 9801 9802**错误码:** 9803 9804以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9805 9806| 错误码ID | 错误信息 | 9807| -------- | ------------- | 9808| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9809| 19020001 | memory error. | 9810| 19030001 | crypto operation error. | 9811 9812**示例:** 9813 9814```ts 9815import { cert } from '@kit.DeviceCertificateKit'; 9816import { BusinessError } from '@kit.BasicServicesKit'; 9817 9818// string转Uint8Array。 9819function stringToUint8Array(str: string): Uint8Array { 9820 let arr: Array<number> = []; 9821 for (let i = 0, j = str.length; i < j; i++) { 9822 arr.push(str.charCodeAt(i)); 9823 } 9824 return new Uint8Array(arr); 9825} 9826 9827async function createX509Cert(): Promise<cert.X509Cert> { 9828 let certData = '-----BEGIN CERTIFICATE-----\n' + 9829 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9830 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9831 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9832 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9833 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9834 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9835 'Qw==\n' + 9836 '-----END CERTIFICATE-----\n'; 9837 9838 // 证书二进制数据,需业务自行赋值。 9839 let encodingBlob: cert.EncodingBlob = { 9840 data: stringToUint8Array(certData), 9841 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9842 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9843 }; 9844 9845 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9846 try { 9847 x509Cert = await cert.createX509Cert(encodingBlob); 9848 } catch (error) { 9849 let e: BusinessError = error as BusinessError; 9850 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9851 } 9852 return x509Cert; 9853} 9854 9855async function createX509CertChain(): Promise<cert.X509CertChain> { 9856 const x509Cert = await createX509Cert(); 9857 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9858 try { 9859 x509CertChain = cert.createX509CertChain([x509Cert]); 9860 } catch (error) { 9861 let e: BusinessError = error as BusinessError; 9862 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9863 } 9864 return x509CertChain; 9865} 9866 9867createX509CertChain(); 9868``` 9869 9870## cert.buildX509CertChain<sup>12+</sup> 9871 9872buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\<CertChainBuildResult> 9873 9874表示使用CertChainBuildParameters对象方式创建X509证书链对象,并用Promise方式返回结果。 9875 9876**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9877 9878**系统能力:** SystemCapability.Security.Cert 9879 9880**参数:** 9881 9882| 参数名 | 类型 | 必填 | 说明 | 9883| -------- | -------------------- | ---- | -------------------------- | 9884| param | [CertChainBuildParameters](#certchainbuildparameters12) | 是 | 构建证书链的参数对象。 <br> [CertChainBuildParameters](#certchainbuildparameters12)中的maxLength要小于证书集合中证书数量。 | 9885 9886**返回值:** 9887 9888| 类型 | 说明 | 9889| --------------------------------- | -------------------- | 9890| [CertChainBuildResult](#certchainbuildresult12) | 表示X509证书链对象。 | 9891 9892**错误码:** 9893 9894以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9895 9896| 错误码ID | 错误信息 | 9897| -------- | ------------------------------------------------- | 9898| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9899| 19020001 | memory error. | 9900| 19020002 | runtime error. | 9901| 19030001 | crypto operation error. | 9902| 19030002 | the certificate signature verification failed. | 9903| 19030003 | the certificate has not taken effect. | 9904| 19030004 | the certificate has expired. | 9905| 19030005 | failed to obtain the certificate issuer. | 9906| 19030006 | the key cannot be used for signing a certificate. | 9907| 19030007 | the key cannot be used for digital signature. | 9908 9909**示例:** 9910 9911```ts 9912import { cert } from '@kit.DeviceCertificateKit'; 9913import { BusinessError } from '@kit.BasicServicesKit'; 9914 9915// string转Uint8Array。 9916function stringToUint8Array(str: string): Uint8Array { 9917 let arr: Array<number> = []; 9918 for (let i = 0, j = str.length; i < j; i++) { 9919 arr.push(str.charCodeAt(i)); 9920 } 9921 return new Uint8Array(arr); 9922} 9923 9924// 证书链数据。 9925let certPem = '-----BEGIN CERTIFICATE-----\n' + 9926 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9927 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 9928 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 9929 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 9930 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 9931 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 9932 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 9933 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 9934 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 9935 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 9936 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 9937 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 9938 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 9939 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 9940 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 9941 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 9942 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 9943 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 9944 '-----END CERTIFICATE-----'; 9945 9946let caPem = '-----BEGIN CERTIFICATE-----\n' + 9947'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9948'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 9949'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 9950'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 9951'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 9952'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 9953'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 9954'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 9955'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 9956'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 9957'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 9958'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 9959'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 9960'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 9961'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 9962'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 9963'sSus\n' + 9964'-----END CERTIFICATE-----'; 9965 9966async function createX509Cert(certData: string): Promise<cert.X509Cert> { 9967 // 证书二进制数据,需业务自行赋值。 9968 let encodingBlob: cert.EncodingBlob = { 9969 data: stringToUint8Array(certData), 9970 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9971 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9972 }; 9973 9974 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9975 try { 9976 x509Cert = await cert.createX509Cert(encodingBlob); 9977 } catch (error) { 9978 let e: BusinessError = error as BusinessError; 9979 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9980 } 9981 return x509Cert; 9982} 9983 9984async function buildX509CertChain() { 9985 try { 9986 const caCert = await createX509Cert(caPem); 9987 const x509Cert = await createX509Cert(certPem); 9988 let certCrlCollection = cert.createCertCRLCollection([x509Cert]); 9989 let param: cert.CertChainBuildParameters = { 9990 certMatchParameters: {validDate:'20240812080000Z'}, 9991 maxLength: 3, 9992 validationParameters: { 9993 date: '20240812080000Z', 9994 certCRLs: [certCrlCollection], 9995 trustAnchors: [{CACert:caCert}, {CACert:caCert}], 9996 } 9997 } 9998 let certChainBuildResult = await cert.buildX509CertChain(param); 9999 console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) 10000 console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) 10001 } catch (error) { 10002 let e: BusinessError = error as BusinessError; 10003 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10004 } 10005} 10006 10007buildX509CertChain(); 10008``` 10009 10010## cert.parsePkcs12<sup>18+</sup> 10011 10012parsePkcs12(data: Uint8Array, config: Pkcs12ParsingConfig): Pkcs12Data 10013 10014表示从P12文件中解析证书、私钥及其他证书合集,并返回结果。 10015 10016**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 10017 10018**系统能力:** SystemCapability.Security.Cert 10019 10020**参数:** 10021 10022| 参数名 | 类型 | 必填 | 说明 | 10023| -------- | -------------------- | ---- | -------------------------- | 10024| data | Uint8Array | 是 | P12文件,DER格式。 | 10025| config | [Pkcs12ParsingConfig](#pkcs12parsingconfig18) | 是 | P12文件的解析配置。 | 10026 10027**返回值:** 10028 10029| 类型 | 说明 | 10030| --------------------------------- | -------------------- | 10031| [Pkcs12Data](#pkcs12data18) | 表示P12文件解析后的证书、私钥及其他证书合集。 | 10032 10033**错误码:** 10034 10035以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10036 10037| 错误码ID | 错误信息 | 10038| -------- | ------------------------------------------------- | 10039| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10040| 19020001 | memory error. | 10041| 19020002 | runtime error. | 10042| 19030001 | crypto operation error. | 10043| 19030008 | maybe wrong password. | 10044 10045**示例:** 10046 10047```ts 10048import { cert } from '@kit.DeviceCertificateKit'; 10049import { BusinessError } from '@kit.BasicServicesKit'; 10050 10051function doTestParsePkcs12() { 10052 try { 10053 let p12_cert = new Uint8Array([0x30, 0x82, 0x09, 0x51, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 10054 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x09, 0x08, 0x04, 0x82, 0x09, 0x04, 0x30, 0x82, 10055 0x09, 0x00, 0x30, 0x82, 0x03, 0xb7, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 10056 0x06, 0xa0, 0x82, 0x03, 0xa8, 0x30, 0x82, 0x03, 0xa4, 0x02, 0x01, 0x00, 0x30, 0x82, 0x03, 0x9d, 10057 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 10058 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x7c, 0xd8, 0x60, 10059 0x3a, 0x07, 0xfb, 0x87, 0x8b, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x03, 0x70, 0x4d, 0x64, 0xbe, 10060 0x82, 0xc2, 0x59, 0x58, 0x65, 0xf0, 0x37, 0x46, 0x4f, 0x6b, 0xfa, 0x43, 0x2e, 0x9d, 0xd9, 0x4f, 10061 0xd3, 0x54, 0x71, 0x69, 0x6e, 0x03, 0xf8, 0xb8, 0xf9, 0x05, 0xa2, 0x70, 0xa8, 0x70, 0xfb, 0xe6, 10062 0xda, 0x73, 0xdb, 0x4e, 0xdf, 0x72, 0xcd, 0xb6, 0x88, 0x81, 0xec, 0x3f, 0x8d, 0x7b, 0xdc, 0xa6, 10063 0x62, 0xd3, 0xd1, 0xdc, 0xef, 0xb9, 0x76, 0xb5, 0xd3, 0xb3, 0xfb, 0x61, 0x50, 0xeb, 0x22, 0x9b, 10064 0x72, 0x20, 0xb4, 0xe9, 0x7c, 0x5e, 0xaf, 0xa9, 0xb6, 0x40, 0x69, 0x70, 0xea, 0x79, 0x02, 0x1d, 10065 0x66, 0x71, 0x62, 0x39, 0x31, 0xd3, 0x31, 0xb1, 0x6f, 0x2a, 0x2d, 0x13, 0x59, 0xe9, 0xb7, 0x98, 10066 0xbe, 0x67, 0xfa, 0x5d, 0x6f, 0x8f, 0x7a, 0x43, 0x10, 0x5a, 0x3f, 0x13, 0xda, 0xb0, 0x94, 0x08, 10067 0x82, 0xf4, 0x39, 0x1d, 0x42, 0x26, 0x4a, 0xbe, 0x13, 0xe9, 0x89, 0x55, 0x52, 0xa4, 0x16, 0x3d, 10068 0x50, 0x83, 0x5c, 0xb9, 0x00, 0x5e, 0x03, 0x35, 0x65, 0x13, 0x1f, 0xd8, 0xf8, 0xeb, 0x28, 0xe5, 10069 0x00, 0x09, 0x9a, 0x62, 0x65, 0xab, 0x28, 0x21, 0x2e, 0x55, 0x11, 0x77, 0x7e, 0x64, 0xae, 0x12, 10070 0xc1, 0x5e, 0x85, 0xf2, 0xe7, 0xf7, 0x2b, 0x51, 0x46, 0xa6, 0xf8, 0x55, 0x2c, 0xc4, 0x0a, 0x80, 10071 0x6a, 0xc2, 0xa8, 0xba, 0x94, 0xf8, 0xee, 0x18, 0xf7, 0x32, 0x50, 0x53, 0xcc, 0x1e, 0x53, 0x85, 10072 0xeb, 0x0d, 0x1e, 0xec, 0xe2, 0xbb, 0xc2, 0xf3, 0xf7, 0x80, 0xfd, 0x81, 0x63, 0x8f, 0x87, 0x98, 10073 0x09, 0x47, 0x72, 0xee, 0x2d, 0x5a, 0x18, 0x89, 0x6b, 0x95, 0xef, 0x52, 0xde, 0x4d, 0xf5, 0x48, 10074 0x2a, 0x38, 0x6f, 0x4b, 0x98, 0x3c, 0x6d, 0x41, 0xdd, 0x1b, 0xfd, 0x65, 0x1b, 0x87, 0x8a, 0xcf, 10075 0xec, 0x47, 0xe3, 0x7a, 0xa0, 0x56, 0xd9, 0x36, 0x36, 0xcb, 0x17, 0xaa, 0x1b, 0x24, 0x79, 0x96, 10076 0xc6, 0x60, 0xd4, 0xe4, 0xa8, 0x59, 0x35, 0x5e, 0x4e, 0x00, 0xbf, 0x9a, 0xf5, 0x5c, 0x2a, 0xd7, 10077 0xd7, 0x92, 0x98, 0x79, 0xad, 0x13, 0xda, 0xea, 0xde, 0xcd, 0x65, 0x81, 0x26, 0xbd, 0x55, 0x0f, 10078 0xa4, 0x73, 0x54, 0x7b, 0x2f, 0x55, 0x2a, 0x2f, 0xb9, 0x2d, 0x6e, 0x04, 0xc8, 0x37, 0x5e, 0x93, 10079 0x09, 0xa7, 0x7f, 0xb1, 0x6b, 0x4a, 0x9f, 0xea, 0x59, 0x19, 0x57, 0xd0, 0xc1, 0xa1, 0x6b, 0xaf, 10080 0x27, 0x2b, 0xac, 0x81, 0xec, 0xcd, 0x2e, 0xa2, 0xa6, 0x08, 0x01, 0xfc, 0xa1, 0xbc, 0xc9, 0xdc, 10081 0x97, 0xb9, 0x48, 0xa8, 0x65, 0x5d, 0x63, 0xdb, 0x5c, 0x7e, 0x55, 0xe7, 0x47, 0xf2, 0x74, 0x17, 10082 0x67, 0xfe, 0x56, 0x20, 0x54, 0x65, 0x11, 0xdf, 0xec, 0x75, 0x70, 0x49, 0x59, 0xd1, 0xea, 0x6b, 10083 0x8f, 0x39, 0xec, 0x5d, 0x81, 0x82, 0x9a, 0xec, 0xce, 0x6c, 0x0c, 0x32, 0x14, 0xbd, 0xef, 0xac, 10084 0xae, 0x04, 0xd0, 0x75, 0x62, 0xf5, 0x82, 0x16, 0xd1, 0xa8, 0xfb, 0x22, 0x2a, 0xc2, 0xe7, 0x7a, 10085 0x75, 0x08, 0x59, 0x99, 0x34, 0x3d, 0xd9, 0xd7, 0x66, 0xb8, 0xcd, 0xaa, 0xf4, 0x48, 0xcc, 0x21, 10086 0x25, 0x83, 0xae, 0xad, 0x55, 0x0e, 0xff, 0x44, 0xf3, 0xcc, 0xd1, 0x89, 0x72, 0x0f, 0x9f, 0xe3, 10087 0xe5, 0xc7, 0xd4, 0x53, 0x94, 0xd6, 0xfb, 0x35, 0xd5, 0xd8, 0x2f, 0xa7, 0x4b, 0xf9, 0x50, 0x15, 10088 0x1e, 0x35, 0xfc, 0x3d, 0xca, 0xad, 0xb6, 0x49, 0x16, 0xee, 0xff, 0xd7, 0x8a, 0xcc, 0xf0, 0x96, 10089 0x11, 0x97, 0x22, 0xf3, 0xf7, 0x7c, 0x7a, 0x50, 0x49, 0x12, 0x68, 0x6e, 0x0e, 0x62, 0x32, 0xc7, 10090 0xe9, 0xc3, 0xa0, 0x1b, 0xfe, 0x29, 0x8c, 0x46, 0xc2, 0x7e, 0xe1, 0xea, 0xc3, 0xcb, 0x30, 0xaf, 10091 0xe4, 0x60, 0xe5, 0xa5, 0xa5, 0xb8, 0xf4, 0x16, 0xfa, 0x19, 0xd0, 0x1c, 0x14, 0xce, 0xf9, 0xa8, 10092 0x0b, 0x3f, 0x87, 0x89, 0xd3, 0xed, 0x9e, 0x16, 0x14, 0xbb, 0xd3, 0x64, 0xeb, 0x00, 0xe7, 0x48, 10093 0x1f, 0xd4, 0x47, 0xbc, 0xa9, 0x6f, 0x03, 0xe0, 0x0e, 0xaf, 0xb9, 0xad, 0x05, 0xa0, 0x1d, 0xee, 10094 0x0a, 0xcd, 0x0f, 0xd0, 0xb8, 0xf1, 0x35, 0x80, 0xa7, 0x72, 0xcd, 0x36, 0x8e, 0xce, 0x72, 0xf9, 10095 0x9f, 0xd5, 0x29, 0xae, 0x02, 0xb7, 0xbe, 0x65, 0xff, 0x38, 0x45, 0xf8, 0x8d, 0x87, 0x2f, 0xf8, 10096 0xdd, 0xc1, 0x72, 0x17, 0x2b, 0xdd, 0x3e, 0xfe, 0x01, 0xa0, 0x59, 0xb3, 0x19, 0x92, 0xf0, 0x59, 10097 0xf5, 0x06, 0x77, 0x8b, 0x1a, 0x41, 0x1d, 0x8b, 0x80, 0x74, 0x95, 0x8b, 0x30, 0x03, 0x18, 0xdd, 10098 0x1e, 0x1b, 0x21, 0x36, 0xdf, 0xde, 0xc3, 0xa2, 0x68, 0xe0, 0x3d, 0x94, 0x37, 0x6b, 0x48, 0xb2, 10099 0xb9, 0x41, 0x53, 0xd6, 0x65, 0xef, 0x7a, 0x3d, 0xdc, 0x09, 0x17, 0x66, 0xb4, 0x05, 0x58, 0x8a, 10100 0x5d, 0x2f, 0x40, 0x4a, 0x91, 0x8a, 0xa5, 0xb7, 0x29, 0xfb, 0x37, 0x81, 0x71, 0x77, 0x50, 0x8d, 10101 0x34, 0x80, 0x7e, 0xab, 0xb9, 0xc8, 0xdc, 0xb7, 0x2c, 0x7e, 0xbc, 0xad, 0x7c, 0x14, 0x5c, 0xf6, 10102 0x90, 0x88, 0x0e, 0x0d, 0x50, 0x7a, 0x4e, 0xa6, 0x85, 0xe4, 0x2a, 0xe7, 0x67, 0x21, 0x53, 0xbb, 10103 0x73, 0xd5, 0x30, 0x78, 0xbd, 0x08, 0x2b, 0x42, 0x44, 0x3e, 0x5d, 0x2b, 0x2f, 0x09, 0x8e, 0x82, 10104 0xc3, 0x5b, 0x9e, 0xd8, 0x20, 0xc6, 0xb7, 0x42, 0xe5, 0xb3, 0x60, 0x0b, 0x9b, 0x01, 0x76, 0x26, 10105 0xf7, 0xc1, 0xf7, 0xe1, 0xd1, 0x46, 0xf7, 0x9c, 0x21, 0xfd, 0x66, 0xb7, 0x14, 0x1d, 0x89, 0xb5, 10106 0xd3, 0xa1, 0x4e, 0x57, 0x97, 0xe7, 0xe4, 0x63, 0x96, 0xe2, 0x6f, 0x10, 0x6a, 0xb7, 0x8e, 0x83, 10107 0x64, 0x22, 0x10, 0x02, 0x27, 0x87, 0x6d, 0xb6, 0x11, 0x51, 0xe9, 0xe6, 0x68, 0x1a, 0xc8, 0xd3, 10108 0x6b, 0x23, 0x33, 0x68, 0x66, 0xab, 0x4d, 0xf9, 0x92, 0x11, 0x67, 0x9d, 0x24, 0xee, 0x18, 0xa8, 10109 0x3c, 0x5a, 0xfe, 0x79, 0x76, 0x99, 0xeb, 0x9f, 0x19, 0x9d, 0x74, 0xee, 0x13, 0xd9, 0xb1, 0x7b, 10110 0x4e, 0xcf, 0x30, 0x05, 0xdb, 0x5a, 0x3e, 0x00, 0x7e, 0x0a, 0xed, 0x6f, 0xaf, 0x0d, 0x1b, 0xf3, 10111 0x61, 0x24, 0x06, 0xe7, 0xf2, 0x57, 0x72, 0xf8, 0x61, 0x4d, 0x5f, 0x00, 0x78, 0x1f, 0x4d, 0xc7, 10112 0x28, 0x5e, 0xc4, 0x9b, 0xed, 0xac, 0x4f, 0x16, 0xaf, 0x81, 0x85, 0x33, 0x16, 0xbd, 0x6a, 0xb9, 10113 0xb2, 0x8e, 0x25, 0xbc, 0xaf, 0xfd, 0xea, 0xb7, 0x20, 0x32, 0x15, 0x62, 0x77, 0x52, 0xa1, 0xf2, 10114 0xd0, 0x9d, 0x12, 0x4c, 0x85, 0x71, 0x08, 0x03, 0xa7, 0x94, 0x34, 0xb4, 0x96, 0x30, 0x82, 0x05, 10115 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, 10116 0x04, 0x82, 0x05, 0x2e, 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, 10117 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 10118 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 10119 0x0e, 0x04, 0x08, 0x30, 0xee, 0xbd, 0x7c, 0xcb, 0xb5, 0xa5, 0x1b, 0x02, 0x02, 0x08, 0x00, 0x04, 10120 0x82, 0x04, 0xc8, 0x1e, 0xd0, 0x7f, 0x7e, 0x86, 0x1c, 0x6f, 0x0e, 0xac, 0x6c, 0xe3, 0x35, 0xcb, 10121 0xff, 0xe4, 0x84, 0x88, 0x97, 0x45, 0xf3, 0x48, 0xa9, 0x98, 0xeb, 0x74, 0x91, 0x53, 0x07, 0x7a, 10122 0xe4, 0x78, 0x89, 0x13, 0xe7, 0xce, 0xa3, 0xc5, 0xab, 0x2c, 0x16, 0xe5, 0x02, 0x64, 0xc6, 0xb5, 10123 0x11, 0x36, 0x69, 0x0b, 0x5f, 0x7e, 0x95, 0x27, 0x59, 0x9a, 0xac, 0x98, 0x12, 0x76, 0x39, 0x31, 10124 0xaa, 0x4f, 0x22, 0x55, 0x21, 0x71, 0x20, 0xeb, 0x4e, 0x5e, 0x2d, 0xd8, 0xab, 0xd9, 0x64, 0x38, 10125 0x13, 0x9a, 0x14, 0x48, 0x7f, 0x48, 0x05, 0xec, 0x49, 0x55, 0x80, 0x49, 0xaf, 0x4e, 0x29, 0xdf, 10126 0x4a, 0xfb, 0xa1, 0x20, 0x2f, 0x98, 0x35, 0xf7, 0x8f, 0xb9, 0x41, 0x8b, 0x00, 0x14, 0x23, 0x9a, 10127 0x43, 0xfe, 0x55, 0xfc, 0xe5, 0x57, 0x19, 0xa9, 0x74, 0x44, 0x1f, 0xdd, 0xc3, 0xc8, 0x9f, 0xfa, 10128 0x9f, 0x67, 0x93, 0xed, 0x79, 0x11, 0xe1, 0x4e, 0xed, 0xd6, 0x20, 0x82, 0xc8, 0x85, 0xdf, 0x4e, 10129 0xa0, 0xcd, 0xd8, 0x36, 0x37, 0x4f, 0x67, 0x9d, 0x84, 0x44, 0x14, 0xce, 0xc0, 0xc9, 0xa6, 0xbd, 10130 0x73, 0x06, 0x27, 0xb7, 0x16, 0x97, 0x8c, 0x61, 0xd9, 0x63, 0xb2, 0x56, 0x8d, 0x28, 0x9e, 0x2e, 10131 0xcf, 0xa3, 0xfe, 0x8d, 0xaa, 0xef, 0x69, 0x32, 0x7b, 0x32, 0xbe, 0xd5, 0x62, 0x2c, 0x2e, 0x7f, 10132 0x72, 0xdb, 0x3c, 0x4b, 0xe4, 0x76, 0xa3, 0xa9, 0xa1, 0x67, 0x84, 0x86, 0xea, 0x14, 0x15, 0x6c, 10133 0x74, 0xd2, 0xac, 0x0e, 0xe2, 0x54, 0x54, 0xd4, 0x31, 0xa3, 0x88, 0x66, 0x89, 0x31, 0x7b, 0xf7, 10134 0x3c, 0x92, 0xce, 0x3e, 0x86, 0xfb, 0x57, 0xc8, 0x65, 0xae, 0x85, 0x6d, 0x48, 0xf6, 0xe6, 0x37, 10135 0xeb, 0x77, 0xcf, 0x06, 0xd6, 0x9e, 0x54, 0xb4, 0xd8, 0x9a, 0x5f, 0xdd, 0xc5, 0xa5, 0x05, 0xa0, 10136 0x4b, 0xd1, 0x54, 0xab, 0x4f, 0xd0, 0x3e, 0x6b, 0x8f, 0x03, 0x66, 0xd4, 0xe2, 0x90, 0xea, 0x2d, 10137 0x9b, 0x6a, 0x2b, 0xc4, 0x7b, 0x9d, 0xf1, 0xb5, 0x22, 0xdf, 0x86, 0xc2, 0xfd, 0x13, 0x0a, 0x69, 10138 0x29, 0x59, 0xe9, 0x45, 0xcd, 0xdf, 0xcd, 0xa5, 0x71, 0x7e, 0x70, 0xc3, 0x60, 0x9e, 0x47, 0x5d, 10139 0xd4, 0x6c, 0xcc, 0x15, 0x51, 0x23, 0x5b, 0x4e, 0xee, 0x72, 0x80, 0x49, 0xd6, 0xac, 0x89, 0x16, 10140 0x65, 0xf4, 0x95, 0x57, 0x19, 0x13, 0xab, 0x9c, 0x08, 0xe8, 0xdf, 0x0a, 0xe2, 0x39, 0xfc, 0xff, 10141 0x42, 0x02, 0xac, 0xaf, 0xf1, 0xb6, 0x56, 0xef, 0x75, 0x60, 0x2f, 0xc2, 0x5d, 0xef, 0xf5, 0x79, 10142 0xb5, 0x46, 0xa0, 0xb5, 0x03, 0x67, 0xef, 0x78, 0x3d, 0x49, 0xd0, 0xc5, 0x0e, 0xff, 0x42, 0x72, 10143 0x02, 0x86, 0x99, 0x93, 0xaa, 0xa3, 0x9e, 0x2c, 0xc7, 0xec, 0xa2, 0xdf, 0x25, 0x4e, 0x28, 0x81, 10144 0x82, 0x3e, 0x29, 0xd3, 0x37, 0xfd, 0x32, 0xf4, 0x85, 0x46, 0x42, 0xb9, 0x94, 0x44, 0x8a, 0xbf, 10145 0xd9, 0x14, 0xcb, 0xb6, 0xd3, 0xc5, 0xe7, 0x6b, 0x28, 0x70, 0xc3, 0x9c, 0xc2, 0x93, 0x9d, 0x2f, 10146 0xab, 0xd6, 0xb2, 0x19, 0x28, 0x9a, 0xda, 0x0d, 0x90, 0x5b, 0xba, 0x64, 0x6f, 0xcc, 0x11, 0xef, 10147 0x6c, 0x88, 0x18, 0x4f, 0x86, 0x6e, 0xed, 0xcf, 0xde, 0x0d, 0xec, 0xe2, 0x12, 0xc3, 0x89, 0x0a, 10148 0x3f, 0xbb, 0x3d, 0x8c, 0x8f, 0xa9, 0x40, 0xe6, 0xf8, 0xd1, 0x1a, 0x9a, 0x7e, 0x8a, 0xd7, 0x7b, 10149 0x56, 0xf4, 0x5d, 0x80, 0x64, 0xd5, 0x88, 0x86, 0x85, 0x18, 0x30, 0x5d, 0x64, 0x04, 0xb3, 0xc2, 10150 0xc7, 0x80, 0xda, 0x3e, 0xc4, 0xd6, 0xf6, 0xc4, 0x95, 0x56, 0xd5, 0xad, 0x82, 0x86, 0xcc, 0x1a, 10151 0x05, 0x69, 0x06, 0x08, 0x5b, 0x19, 0xea, 0x10, 0xc5, 0xcd, 0x67, 0x93, 0xab, 0x0f, 0xe3, 0xba, 10152 0xb0, 0x0d, 0xac, 0x99, 0x0d, 0x35, 0x6f, 0xe5, 0x41, 0xb2, 0x7c, 0x87, 0x91, 0x6c, 0xe2, 0x75, 10153 0x9b, 0x64, 0x62, 0x06, 0x2a, 0x8b, 0xd9, 0x4d, 0x23, 0xcd, 0x2b, 0xef, 0xf5, 0x61, 0x82, 0x8e, 10154 0x3f, 0xf6, 0x2b, 0xe1, 0x6f, 0xcf, 0xbd, 0xaa, 0x07, 0x97, 0x49, 0x4e, 0x02, 0x9d, 0xa5, 0x9e, 10155 0xc5, 0xd7, 0x8b, 0xd3, 0xe1, 0xd9, 0x35, 0x96, 0x9d, 0x1f, 0xa2, 0xf6, 0x91, 0xee, 0xd1, 0x3b, 10156 0xa8, 0xfe, 0x4d, 0xeb, 0xf9, 0xfc, 0xe4, 0xab, 0x60, 0xb7, 0x86, 0x9d, 0x2a, 0x35, 0xb0, 0x00, 10157 0xd4, 0x3c, 0x2a, 0x7e, 0x6d, 0x65, 0x5f, 0xf3, 0x7c, 0x23, 0x57, 0x52, 0x2a, 0x8c, 0x5b, 0x36, 10158 0x74, 0xb7, 0x61, 0x49, 0xf0, 0xdf, 0xcf, 0x8a, 0x28, 0xc5, 0x8d, 0xbc, 0x20, 0xcc, 0xac, 0x86, 10159 0x20, 0xd8, 0x2d, 0x86, 0x99, 0xf5, 0xf0, 0xdb, 0xed, 0x8d, 0xf9, 0xd7, 0x4e, 0xa8, 0xde, 0x84, 10160 0x35, 0x50, 0xc1, 0x7c, 0xbd, 0xdf, 0xc2, 0x24, 0x1a, 0x49, 0x24, 0x9a, 0x37, 0x93, 0xca, 0x2d, 10161 0x73, 0x47, 0x8f, 0x83, 0xed, 0x4d, 0xca, 0xf8, 0xf0, 0xd3, 0x9b, 0xe0, 0x4b, 0x3b, 0xf1, 0x86, 10162 0xeb, 0x78, 0x7b, 0x42, 0xa1, 0xb9, 0x36, 0x15, 0xde, 0x63, 0xab, 0x8b, 0x8b, 0x5d, 0xa2, 0x92, 10163 0x10, 0x95, 0xdf, 0xda, 0xd7, 0xba, 0xa0, 0x26, 0xb9, 0xdc, 0x83, 0xeb, 0xdc, 0xd2, 0x1f, 0xf1, 10164 0xb1, 0x8d, 0x21, 0x51, 0x71, 0x59, 0x0e, 0xe8, 0x7e, 0xf1, 0x53, 0x08, 0x98, 0x79, 0x05, 0x3b, 10165 0x22, 0xf1, 0xda, 0x07, 0x0d, 0xf7, 0x89, 0x5e, 0xc4, 0x62, 0x8c, 0xf9, 0x19, 0xc8, 0xbc, 0xa4, 10166 0x0c, 0x6f, 0x41, 0x34, 0x56, 0x22, 0x6b, 0xe6, 0xee, 0x7c, 0x4a, 0xd9, 0x26, 0x8c, 0x56, 0x12, 10167 0xf3, 0x03, 0x12, 0x1c, 0x5b, 0x8d, 0x64, 0x5c, 0x1c, 0xb6, 0x0f, 0x93, 0xaf, 0xb1, 0x67, 0x6f, 10168 0x13, 0xdd, 0xe3, 0xcf, 0x0e, 0xe6, 0x06, 0xf3, 0xb2, 0xbc, 0x99, 0xf5, 0xb0, 0xd7, 0xe9, 0x7e, 10169 0xb0, 0x6a, 0xb9, 0xb5, 0xda, 0xcf, 0x88, 0xf1, 0xc5, 0x58, 0x54, 0x05, 0x5c, 0x9d, 0x79, 0xc2, 10170 0xcd, 0xbb, 0xc6, 0xf2, 0x69, 0xa9, 0xe3, 0x4e, 0x05, 0x0d, 0x02, 0xb6, 0x4d, 0x8e, 0x7d, 0x60, 10171 0x8e, 0xda, 0x4d, 0x28, 0xd2, 0xec, 0x8a, 0x11, 0xe3, 0xe7, 0x17, 0x20, 0x07, 0x7b, 0xfc, 0x9b, 10172 0x4e, 0xf7, 0x79, 0xf5, 0x0a, 0x6e, 0xd1, 0x1e, 0x7b, 0x83, 0x66, 0x5e, 0x1b, 0x9d, 0x36, 0x32, 10173 0x89, 0xf6, 0x72, 0xa5, 0x58, 0x54, 0x42, 0xba, 0x90, 0xf3, 0xbb, 0x05, 0x46, 0xa4, 0x91, 0x1c, 10174 0xdb, 0xab, 0xf3, 0x68, 0x56, 0x7a, 0xd3, 0xff, 0x3f, 0x9f, 0xc5, 0x4a, 0x47, 0xbd, 0x89, 0x46, 10175 0xf6, 0x94, 0x3a, 0x94, 0xd4, 0x30, 0xd3, 0xae, 0x0d, 0x99, 0x95, 0xf7, 0x75, 0xfe, 0x14, 0x10, 10176 0x9e, 0xed, 0x21, 0x0f, 0x0d, 0x54, 0x7d, 0x54, 0xc5, 0x80, 0x21, 0x4d, 0xf2, 0xaf, 0x67, 0xaf, 10177 0x8a, 0x76, 0x9e, 0x34, 0x32, 0x74, 0x89, 0x2a, 0x32, 0xf9, 0x48, 0x20, 0x90, 0xe6, 0x4a, 0xa3, 10178 0x7f, 0xf2, 0x2a, 0x51, 0x22, 0x93, 0xe5, 0xdd, 0x59, 0xb3, 0x83, 0xa8, 0x47, 0xf5, 0x6b, 0x38, 10179 0x24, 0xc2, 0xac, 0x2d, 0x03, 0xda, 0xb1, 0x17, 0x19, 0xe0, 0x38, 0x2c, 0xb3, 0xa6, 0x4c, 0x8e, 10180 0xae, 0x63, 0xa7, 0xae, 0x96, 0xb1, 0x07, 0x8c, 0x8f, 0x6a, 0x08, 0x32, 0x15, 0x1f, 0x33, 0x97, 10181 0x21, 0x3b, 0x51, 0x70, 0xc5, 0x1f, 0xa6, 0xa3, 0x8a, 0xd0, 0x8f, 0x0b, 0xda, 0x64, 0xab, 0xbe, 10182 0xee, 0x4b, 0x14, 0xfd, 0x32, 0x87, 0x9e, 0xa7, 0x19, 0x75, 0xc9, 0xaa, 0xd3, 0xed, 0xa7, 0xa0, 10183 0x01, 0xe7, 0xa0, 0xe5, 0x28, 0xdd, 0x3b, 0x7c, 0x49, 0xe4, 0x24, 0x7d, 0x92, 0x86, 0x25, 0x03, 10184 0xb3, 0x66, 0x04, 0xf3, 0xa1, 0x40, 0x11, 0x35, 0x3a, 0x1d, 0xbf, 0x1c, 0x02, 0x83, 0x3d, 0x37, 10185 0x51, 0x88, 0xa3, 0x2b, 0x10, 0x8c, 0x8e, 0x10, 0xdd, 0xdc, 0xef, 0xa4, 0xe9, 0x14, 0x77, 0xb6, 10186 0x8e, 0x75, 0xb6, 0x8e, 0xea, 0xaa, 0x57, 0x16, 0x1f, 0xb0, 0x0c, 0xbc, 0x44, 0xed, 0x92, 0x94, 10187 0x9a, 0xb4, 0xf3, 0x31, 0x64, 0x02, 0x5c, 0xa1, 0x51, 0x63, 0x39, 0x42, 0x74, 0x7a, 0x1d, 0xf2, 10188 0xf5, 0x92, 0x50, 0xf1, 0x5a, 0x8a, 0xde, 0xb3, 0x4e, 0xf1, 0x6e, 0x67, 0xd9, 0x5b, 0x00, 0xa7, 10189 0xd1, 0x90, 0x58, 0x36, 0xc4, 0x15, 0x80, 0xbb, 0xa5, 0xbb, 0x98, 0xc0, 0x8a, 0x9b, 0x17, 0x35, 10190 0x36, 0x3b, 0x62, 0x0f, 0x29, 0xcd, 0xe9, 0x04, 0x0e, 0x9d, 0xca, 0x43, 0x04, 0xdf, 0x17, 0x49, 10191 0xbf, 0xb6, 0x7a, 0x7a, 0x3c, 0xdb, 0x0d, 0x6d, 0xd5, 0x89, 0xb9, 0x69, 0x94, 0xd8, 0xb2, 0xd6, 10192 0x38, 0x8a, 0xcc, 0x78, 0x44, 0x40, 0x63, 0x9f, 0x1e, 0x0e, 0x40, 0x33, 0x51, 0xd3, 0x65, 0xf8, 10193 0xf1, 0x42, 0x06, 0x75, 0x84, 0xe7, 0xb1, 0xe9, 0xd6, 0xa4, 0x5e, 0x7f, 0xb0, 0x48, 0x6f, 0x80, 10194 0x92, 0xf8, 0xfc, 0x2a, 0xdb, 0x18, 0x97, 0xe5, 0xe7, 0xc7, 0x46, 0xb6, 0x59, 0x8c, 0x3a, 0x09, 10195 0x91, 0xc1, 0x49, 0x55, 0xf9, 0xf3, 0x87, 0x19, 0xdc, 0x72, 0x56, 0xd3, 0x20, 0x5e, 0xc5, 0x3d, 10196 0xfb, 0x19, 0xea, 0x6a, 0xdf, 0x09, 0xb2, 0x8f, 0xb6, 0xdd, 0x26, 0x31, 0x25, 0x30, 0x23, 0x06, 10197 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x3b, 0xd2, 10198 0xb3, 0x51, 0x4c, 0x57, 0xd0, 0xca, 0x34, 0xa4, 0xf0, 0x06, 0xdd, 0xe9, 0x76, 0x08, 0xdb, 0x7b, 10199 0x3a, 0xb0, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 10200 0x00, 0x04, 0x14, 0x8e, 0x7f, 0x87, 0x67, 0x78, 0x64, 0x93, 0x36, 0x35, 0xe5, 0x93, 0x9d, 0xac, 10201 0x61, 0x09, 0x4f, 0xdc, 0x95, 0xd7, 0x4f, 0x04, 0x08, 0x23, 0xc2, 0xc0, 0xc6, 0x8d, 0x5f, 0x70, 10202 0x7e, 0x02, 0x02, 0x08, 0x00]); 10203 10204 let conf: cert.Pkcs12ParsingConfig = { 10205 password: "123456", 10206 needsCert: false, 10207 needsPrivateKey: true, 10208 privateKeyFormat: cert.EncodingBaseFormat.DER, 10209 needsOtherCerts: false, 10210 }; 10211 let p12: cert.Pkcs12Data = cert.parsePkcs12(p12_cert, conf); 10212 console.info("parsePKCS12 succeed."); 10213 if (p12.privateKey) { 10214 console.info("privateKey:" + p12.privateKey.toString()) 10215 } 10216 } catch (error) { 10217 console.error('parsePKCS12 failed:' + JSON.stringify(error)); 10218 } 10219} 10220``` 10221 10222## cert.createTrustAnchorsWithKeyStore<sup>12+</sup> 10223 10224createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array\<[X509TrustAnchor](#x509trustanchor11)>> 10225 10226表示从P12文件中读取ca证书来构造[TrustAnchor](#x509trustanchor11)对象数组,并用Promise方式返回结果。 10227 10228**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10229 10230**系统能力:** SystemCapability.Security.Cert 10231 10232**参数:** 10233 10234| 参数名 | 类型 | 必填 | 说明 | 10235| -------- | -------------------- | ---- | -------------------------- | 10236| keystore | Uint8Array | 是 | P12文件,DER格式。 | 10237| pwd | string | 是 | P12文件的密码。 | 10238 10239**返回值:** 10240 10241| 类型 | 说明 | 10242| --------------------------------- | -------------------- | 10243| Array\<[X509TrustAnchor](#x509trustanchor11)> | 表示X509TrustAnchor对象数组。 | 10244 10245**错误码:** 10246 10247以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10248 10249| 错误码ID | 错误信息 | 10250| -------- | ------------------------------------------------- | 10251| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10252| 19020001 | memory error. | 10253| 19020002 | runtime error. | 10254| 19030001 | crypto operation error. | 10255| 19030002 | the certificate signature verification failed. | 10256| 19030003 | the certificate has not taken effect. | 10257| 19030004 | the certificate has expired. | 10258| 19030005 | failed to obtain the certificate issuer. | 10259| 19030006 | the key cannot be used for signing a certificate. | 10260| 19030007 | the key cannot be used for digital signature. | 10261 10262**示例:** 10263 10264```ts 10265import { cert } from '@kit.DeviceCertificateKit'; 10266import { BusinessError } from '@kit.BasicServicesKit'; 10267 10268try { 10269 cert.createTrustAnchorsWithKeyStore( 10270 new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), 10271 '123456').then((data) => { 10272 console.log('createTrustAnchorsWithKeyStore sucess, number of the result is: ' + JSON.stringify(data.length)); 10273 }).catch((err : BusinessError) => { 10274 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); 10275 }) 10276} catch (error) { 10277 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); 10278} 10279``` 10280 10281## X509CertChain<sup>11+</sup> 10282 10283X509证书链对象。 10284 10285### getCertList<sup>11+</sup> 10286 10287getCertList(): Array\<X509Cert> 10288 10289获取X509证书列表。 10290 10291**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10292 10293**系统能力:** SystemCapability.Security.Cert 10294 10295**返回值**: 10296 10297| 类型 | 说明 | 10298| -------------- | ----------- | 10299| Array\<[X509Cert](#x509cert)> | X509证书数组。 | 10300 10301**错误码:** 10302 10303以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10304 10305| 错误码ID | 错误信息 | 10306| -------- | ----------------------- | 10307| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10308| 19020001 | memory error. | 10309| 19030001 | crypto operation error. | 10310 10311**示例:** 10312 10313```ts 10314import { cert } from '@kit.DeviceCertificateKit'; 10315import { BusinessError } from '@kit.BasicServicesKit'; 10316 10317// string转Uint8Array。 10318function stringToUint8Array(str: string): Uint8Array { 10319 let arr: Array<number> = []; 10320 for (let i = 0, j = str.length; i < j; i++) { 10321 arr.push(str.charCodeAt(i)); 10322 } 10323 return new Uint8Array(arr); 10324} 10325 10326let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10327 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10328 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10329 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10330 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10331 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10332 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10333 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10334 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10335 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10336 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10337 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10338 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10339 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10340 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10341 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10342 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10343 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10344 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10345 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10346 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10347 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10348 "-----END CERTIFICATE-----\n" + 10349 "-----BEGIN CERTIFICATE-----\n" + 10350 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10351 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10352 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10353 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10354 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10355 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10356 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10357 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10358 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10359 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10360 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10361 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10362 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10363 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10364 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10365 "uKPWR9dKBA==\n" + 10366 "-----END CERTIFICATE-----\n" + 10367 "-----BEGIN CERTIFICATE-----\n" + 10368 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10369 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10370 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10371 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10372 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10373 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10374 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10375 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10376 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10377 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10378 "xjoE\n" + 10379 "-----END CERTIFICATE-----\n"; 10380 10381// 证书链二进制数据,需业务自行赋值。 10382let encodingBlob: cert.EncodingBlob = { 10383 data: stringToUint8Array(certChainData), 10384 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10385 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10386}; 10387 10388cert.createX509CertChain(encodingBlob, (err, certChain) => { 10389 if (err) { 10390 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10391 } else { 10392 console.log('createX509CertChain success'); 10393 try { 10394 let certList = certChain.getCertList(); 10395 } catch (err) { 10396 let e: BusinessError = err as BusinessError; 10397 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10398 } 10399 } 10400}); 10401``` 10402 10403### validate<sup>11+</sup> 10404 10405validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 10406 10407校验证书链,并使用Promise方式异步返回结果。 10408 10409**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10410 10411**系统能力:** SystemCapability.Security.Cert 10412 10413**参数**: 10414 10415| 参数名 | 类型 | 必填 | 说明 | 10416| --------- | ------------------------------- | ---- | ----------------- | 10417| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 10418 10419**返回值**: 10420 10421| 类型 | 说明 | 10422| ------------------------------------------------------------ | --------------------------------- | 10423| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise对象,返回证书链校验结果。 | 10424 10425**错误码:** 10426 10427以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10428 10429| 错误码ID | 错误信息 | 10430| -------- | ----------------------- | 10431| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10432| 19020001 | memory error. | 10433| 19020002 | runtime error. | 10434| 19030001 | crypto operation error. | 10435| 19030002 | the certificate signature verification failed. | 10436| 19030003 | the certificate has not taken effect. | 10437| 19030004 | the certificate has expired. | 10438| 19030005 | failed to obtain the certificate issuer. | 10439| 19030006 | the key cannot be used for signing a certificate. | 10440| 19030007 | the key cannot be used for digital signature. | 10441 10442**示例:** 10443 10444```ts 10445import { cert } from '@kit.DeviceCertificateKit'; 10446import { BusinessError } from '@kit.BasicServicesKit'; 10447 10448// string转Uint8Array。 10449function stringToUint8Array(str: string): Uint8Array { 10450 let arr: Array<number> = []; 10451 for (let i = 0, j = str.length; i < j; i++) { 10452 arr.push(str.charCodeAt(i)); 10453 } 10454 return new Uint8Array(arr); 10455} 10456 10457async function createX509CertChain(): Promise<cert.X509CertChain> { 10458 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10459 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10460 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10461 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10462 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10463 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10464 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10465 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10466 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10467 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10468 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10469 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10470 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10471 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10472 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10473 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10474 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10475 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10476 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10477 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10478 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10479 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10480 "-----END CERTIFICATE-----\n" + 10481 "-----BEGIN CERTIFICATE-----\n" + 10482 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10483 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10484 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10485 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10486 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10487 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10488 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10489 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10490 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10491 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10492 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10493 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10494 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10495 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10496 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10497 "uKPWR9dKBA==\n" + 10498 "-----END CERTIFICATE-----\n" + 10499 "-----BEGIN CERTIFICATE-----\n" + 10500 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10501 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10502 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10503 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10504 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10505 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10506 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10507 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10508 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10509 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10510 "xjoE\n" + 10511 "-----END CERTIFICATE-----\n"; 10512 10513 // 证书链二进制数据,需业务自行赋值。 10514 let encodingBlob: cert.EncodingBlob = { 10515 data: stringToUint8Array(certChainData), 10516 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10517 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10518 }; 10519 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10520 try { 10521 x509CertChain = await cert.createX509CertChain(encodingBlob); 10522 } 10523 catch (error) { 10524 let e: BusinessError = error as BusinessError; 10525 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10526 } 10527 return x509CertChain; 10528} 10529 10530async function validate() { 10531 const certChain = await createX509CertChain(); 10532 // 证书链校验数据,需业务自行赋值。 10533 const param: cert.CertChainValidationParameters = { 10534 date: '20231212080000Z', 10535 trustAnchors: [{ 10536 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10537 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10538 }] 10539 } 10540 try { 10541 const validationRes = await certChain.validate(param); 10542 console.log('X509CertChain validate success'); 10543 } 10544 catch (err) { 10545 console.error('X509CertChain validate failed'); 10546 } 10547} 10548 10549validate(); 10550``` 10551 10552### validate<sup>11+</sup> 10553 10554validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 10555 10556使用校验参数校验证书链并使用callback方式异步返回结果。 10557 10558**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10559 10560**系统能力:** SystemCapability.Security.Cert 10561 10562**参数**: 10563 10564| 参数名 | 类型 | 必填 | 说明 | 10565| --------- | ------------------------------- | ---- | ------------ | 10566| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 10567| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | 是 | 回调函数,返回证书链校验结果。 | 10568 10569**错误码:** 10570 10571以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10572 10573| 错误码ID | 错误信息 | 10574| -------- | ----------------------- | 10575| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10576| 19020001 | memory error. | 10577| 19020002 | runtime error. | 10578| 19030001 | crypto operation error. | 10579| 19030002 | the certificate signature verification failed. | 10580| 19030003 | the certificate has not taken effect. | 10581| 19030004 | the certificate has expired. | 10582| 19030005 | failed to obtain the certificate issuer. | 10583| 19030006 | the key cannot be used for signing a certificate. | 10584| 19030007 | the key cannot be used for digital signature. | 10585 10586**示例:** 10587 10588```ts 10589import { cert } from '@kit.DeviceCertificateKit'; 10590 10591// string转Uint8Array。 10592function stringToUint8Array(str: string): Uint8Array { 10593 let arr: Array<number> = []; 10594 for (let i = 0, j = str.length; i < j; i++) { 10595 arr.push(str.charCodeAt(i)); 10596 } 10597 return new Uint8Array(arr); 10598} 10599 10600let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10601 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10602 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10603 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10604 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10605 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10606 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10607 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10608 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10609 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10610 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10611 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10612 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10613 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10614 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10615 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10616 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10617 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10618 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10619 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10620 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10621 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10622 "-----END CERTIFICATE-----\n" + 10623 "-----BEGIN CERTIFICATE-----\n" + 10624 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10625 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10626 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10627 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10628 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10629 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10630 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10631 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10632 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10633 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10634 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10635 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10636 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10637 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10638 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10639 "uKPWR9dKBA==\n" + 10640 "-----END CERTIFICATE-----\n" + 10641 "-----BEGIN CERTIFICATE-----\n" + 10642 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10643 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10644 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10645 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10646 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10647 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10648 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10649 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10650 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10651 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10652 "xjoE\n" + 10653 "-----END CERTIFICATE-----\n"; 10654 10655// 证书链二进制数据,需业务自行赋值。 10656let encodingBlob: cert.EncodingBlob = { 10657 data: stringToUint8Array(certChainData), 10658 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10659 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10660}; 10661 10662// 证书链校验数据,需业务自行赋值。 10663let param: cert.CertChainValidationParameters = { 10664 date: '20231212080000Z', 10665 trustAnchors: [{ 10666 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10667 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10668 }] 10669}; 10670 10671cert.createX509CertChain(encodingBlob, (err, certChain) => { 10672 if (err) { 10673 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10674 } else { 10675 console.log('createX509CertChain success'); 10676 certChain.validate(param, (error, validationRes) => { 10677 if (error) { 10678 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 10679 } else { 10680 console.log('X509CertChain validate success'); 10681 } 10682 }); 10683 } 10684}); 10685``` 10686 10687### toString<sup>12+</sup> 10688 10689toString(): string 10690 10691获取对象的字符串类型数据。 10692 10693**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10694 10695**系统能力:** SystemCapability.Security.Cert 10696 10697**返回值**: 10698 10699| 类型 | 说明 | 10700| ------- | ---------------------------------------------------- | 10701| string | 对象的字符串类型数据。| 10702 10703**错误码:** 10704 10705以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10706 10707| 错误码ID | 错误信息 | 10708| -------- | ----------------------- | 10709| 19020001 | memory error. | 10710| 19020002 | runtime error. | 10711| 19030001 | crypto operation error. | 10712 10713**示例:** 10714 10715```ts 10716import { cert } from '@kit.DeviceCertificateKit'; 10717import { BusinessError } from '@kit.BasicServicesKit'; 10718 10719// string转Uint8Array。 10720function stringToUint8Array(str: string): Uint8Array { 10721 let arr: Array<number> = []; 10722 for (let i = 0, j = str.length; i < j; i++) { 10723 arr.push(str.charCodeAt(i)); 10724 } 10725 return new Uint8Array(arr); 10726} 10727 10728let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10729 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10730 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10731 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10732 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10733 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10734 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10735 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10736 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10737 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10738 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10739 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10740 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10741 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10742 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10743 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10744 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10745 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10746 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10747 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10748 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10749 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10750 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10751 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10752 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10753 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10754 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10755 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10756 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10757 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10758 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10759 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10760 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10761 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10762 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10763 '-----END CERTIFICATE-----\n' + 10764 '-----BEGIN CERTIFICATE-----\n' + 10765 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10766 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10767 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10768 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10769 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10770 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10771 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10772 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10773 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10774 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10775 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10776 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10777 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10778 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10779 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10780 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10781 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10782 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10783 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10784 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10785 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10786 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10787 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10788 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10789 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10790 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10791 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10792 'tPO+\n' + 10793 '-----END CERTIFICATE-----\n'; 10794 10795// 证书链二进制数据,需业务自行赋值。 10796let encodingBlob: cert.EncodingBlob = { 10797 data: stringToUint8Array(certChainData), 10798 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10799 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10800}; 10801 10802async function certChainToString() { 10803 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10804 try { 10805 x509CertChain = await cert.createX509CertChain(encodingBlob); 10806 console.log('createX509CertChain success'); 10807 console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); 10808 } catch (error) { 10809 let e: BusinessError = error as BusinessError; 10810 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10811 } 10812} 10813``` 10814### hashCode<sup>12+</sup> 10815 10816hashCode(): Uint8Array 10817 10818获取DER格式数据的哈希值。 10819 10820**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10821 10822**系统能力:** SystemCapability.Security.Cert 10823 10824**返回值**: 10825 10826| 类型 | 说明 | 10827| ------- | ---------------------------------------------------- | 10828| Uint8Array | DER格式数据的哈希值。| 10829 10830**错误码:** 10831 10832以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10833 10834| 错误码ID | 错误信息 | 10835| -------- | ----------------------- | 10836| 19020001 | memory error. | 10837| 19020002 | runtime error. | 10838| 19030001 | crypto operation error. | 10839 10840**示例:** 10841 10842```ts 10843import { cert } from '@kit.DeviceCertificateKit'; 10844import { BusinessError } from '@kit.BasicServicesKit'; 10845 10846// string转Uint8Array。 10847function stringToUint8Array(str: string): Uint8Array { 10848 let arr: Array<number> = []; 10849 for (let i = 0, j = str.length; i < j; i++) { 10850 arr.push(str.charCodeAt(i)); 10851 } 10852 return new Uint8Array(arr); 10853} 10854 10855let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10856 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10857 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10858 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10859 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10860 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10861 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10862 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10863 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10864 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10865 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10866 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10867 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10868 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10869 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10870 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10871 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10872 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10873 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10874 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10875 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10876 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10877 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10878 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10879 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10880 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10881 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10882 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10883 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10884 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10885 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10886 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10887 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10888 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10889 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10890 '-----END CERTIFICATE-----\n' + 10891 '-----BEGIN CERTIFICATE-----\n' + 10892 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10893 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10894 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10895 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10896 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10897 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10898 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10899 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10900 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10901 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10902 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10903 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10904 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10905 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10906 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10907 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10908 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10909 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10910 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10911 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10912 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10913 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10914 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10915 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10916 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10917 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10918 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10919 'tPO+\n' + 10920 '-----END CERTIFICATE-----\n'; 10921 10922// 证书链二进制数据,需业务自行赋值。 10923let encodingBlob: cert.EncodingBlob = { 10924 data: stringToUint8Array(certChainData), 10925 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10926 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10927}; 10928 10929async function certChainHashCode() { 10930 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10931 try { 10932 x509CertChain = await cert.createX509CertChain(encodingBlob); 10933 console.log('createX509CertChain success'); 10934 console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); 10935 } catch (error) { 10936 let e: BusinessError = error as BusinessError; 10937 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10938 } 10939} 10940``` 10941 10942## cert.generateCsr<sup>18+</sup> 10943 10944generateCsr(keyInfo: PrivateKeyInfo, config: CsrGenerationConfig): string | Uint8Array 10945 10946表示使用指定的RSA私钥,传入主体、拓展、摘要算法、输出格式等配置参数去生成CSR。 10947 10948**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 10949 10950**系统能力:** SystemCapability.Security.Cert 10951 10952**参数:** 10953 10954| 参数名 | 类型 | 必填 | 说明 | 10955| -------- | ----------------------------- | ---- | -------------------- | 10956| keyInfo | [PrivateKeyInfo](#privatekeyinfo18) | 是 | 包含私钥跟口令的配置参数。 | 10957| config | [CsrGenerationConfig](#csrgenerationconfig18) | 是 | 包含生成CSR的配置参数。 | 10958 10959**返回值:** 10960 10961| 类型 | 说明 | 10962| ------------------------------- | ---------------- | 10963| string \| Uint8Array | 表示生成的CSR数据。| 10964 10965**错误码:** 10966 10967以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10968 10969| 错误码ID | 错误信息 | 10970| -------- | ------------- | 10971| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10972| 19020001 | memory error. | 10973| 19020002 | runtime error. | 10974| 19030001 | crypto operation error. | 10975| 19030008 | maybe wrong password. | 10976 10977**示例:** 10978 10979```ts 10980import { cert } from '@kit.DeviceCertificateKit'; 10981 10982async function createCsrTest() { 10983 let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 10984 let prikeyEnstr: string = 10985 '-----BEGIN RSA PRIVATE KEY-----\n' + 10986 'Proc-Type: 4,ENCRYPTED\n' + 10987 'DEK-Info: AES-128-CBC,B5FFA3AEEE7176106FDDB0988B532F07\n\n' + 10988 't3zNRGKp5X4BNkcsYATad/Le+94yMIX9CoNAGsBIDzQw+773UMGIoeGEYVlXWc8x\n' + 10989 'N1XWDinn4ytWw9x9OfUYgmNnrdkWRSaIuw+SpQfBgJip+MsNERYOHZ5TYWTR8n3k\n' + 10990 '7/jHY8eCgTsP3hbNtyaePIrtbTLZGZAHG1YWY5UmLaYoI1O6/Vvobx72lx3b43Tx\n' + 10991 '4j5lkknpLl85fcs1s4TYMOd8vEwhdpouR4VY8kfRSm44WQLtGXrce0An3MG3pXyZ\n' + 10992 'GhpmJyTcg0epTEYVzglENlBJrBVDL+bJ8uvHGH4tmeQb77e6ILXoxZntM7zQMMFo\n' + 10993 'A7dilqO6FBxu20n2TidVGCa0Yn+DZLpry2OdwVUC2nXyCHCehr3jAZz6k20FWg5B\n' + 10994 'EsU16yOIB+bp9BUKdTpJVtc/pmZJtnlA9pSCUVmWdltOsjjxkE94wfAUOYhO3Mvz\n' + 10995 'gF9KR1/bdAbLw4t7bGeuyV4N2iYr83FodLLXpupM6Qfb51+HVgHvm2aaHv2Q4sf3\n' + 10996 'poCVTNlegoVV9x3+7HqXY6MjlG8aU6LcWqH34ySqRBQrKL1PuDzQSY5/RmP7PUhG\n' + 10997 'ym4l6KbEaRC2H/XS2qKa4VCMgBCgA0hoiw4s48Xd4h2GUTuxLM9wGyW89OEaHky7\n' + 10998 'VE7t3O9a2zhkRTYDDYQ8QCycKhNrsKySyItRUWn/w2lXvuKM7PpAzYH7Ey3W1eZG\n' + 10999 'PyyeGG9exjpdIvD3tx5Hl/OWwBkW1DAzO40gT6sdD5FXzRv4fCHuCrIow5QMLF4T\n' + 11000 'd5Y4a6q13V4O5b73T5INmKl8rEbPGIw7WLR7BNj05QuzNcn5kA1aBFIJqsxQv46l\n' + 11001 '-----END RSA PRIVATE KEY-----\n'; 11002 let priKeyInfo: cert.PrivateKeyInfo = { 11003 key: prikeyEnstr, 11004 password : "123abc" 11005 } 11006 let keyUsage: cert.CsrAttribute = { 11007 type: "keyUsage", 11008 value: "digitalSignature, keyEncipherment" 11009 }; 11010 11011 let challengePassword: cert.CsrAttribute = { 11012 type:"challengePassword", 11013 value: "123456" 11014 }; 11015 let attribute: cert.CsrAttribute[] = [ 11016 keyUsage,challengePassword 11017 ]; 11018 try { 11019 let data = await cert.createX500DistinguishedName(nameStr); 11020 console.info('createX500DistinguishedName success' + data.getName("CN").toString()); 11021 let conf: cert.CsrGenerationConfig = { 11022 subject: data, 11023 mdName: "SHA256", 11024 outFormat: cert.EncodingBaseFormat.PEM, 11025 attributes: attribute 11026 } 11027 try { 11028 let csrStr = cert.generateCsr(priKeyInfo, conf) 11029 console.log('generateCsr success return str is' + csrStr.toString()) 11030 } catch (error) { 11031 let e: BusinessError = error as BusinessError; 11032 console.error('generateCsr failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11033 } 11034 } catch (error) { 11035 let e: BusinessError = error as BusinessError; 11036 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11037 } 11038} 11039``` 11040 11041## cert.createX500DistinguishedName<sup>12+</sup> 11042 11043createX500DistinguishedName(nameStr: string): Promise\<X500DistinguishedName> 11044 11045表示使用字符串格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 11046 11047**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 11048 11049**系统能力:** SystemCapability.Security.Cert 11050 11051**参数:** 11052 11053| 参数名 | 类型 | 必填 | 说明 | 11054| -------- | ----------------------------- | ---- | -------------------- | 11055| nameStr | string | 是 |X509定义的string类型的Name字符串格式数据。| 11056 11057**返回值:** 11058 11059| 类型 | 说明 | 11060| ------------------------------- | ---------------- | 11061| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 11062 11063**错误码:** 11064 11065以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11066 11067| 错误码ID | 错误信息 | 11068| -------- | ------------- | 11069| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11070| 19020001 | memory error. | 11071| 19020002 | runtime error. | 11072| 19030001 | crypto operation error. | 11073| 19030002 | the certificate signature verification failed. | 11074| 19030003 | the certificate has not taken effect. | 11075| 19030004 | the certificate has expired. | 11076| 19030005 | failed to obtain the certificate issuer. | 11077| 19030006 | the key cannot be used for signing a certificate. | 11078| 19030007 | the key cannot be used for digital signature. | 11079 11080**示例:** 11081 11082```ts 11083import { cert } from '@kit.DeviceCertificateKit'; 11084import { BusinessError } from '@kit.BasicServicesKit'; 11085 11086// string转Uint8Array。 11087function stringToUint8Array(str: string): Uint8Array { 11088 let arr: Array<number> = []; 11089 for (let i = 0, j = str.length; i < j; i++) { 11090 arr.push(str.charCodeAt(i)); 11091 } 11092 return new Uint8Array(arr); 11093} 11094 11095let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 11096async function createX500DistinguishedName() { 11097 try { 11098 cert.createX500DistinguishedName(nameStr) 11099 .then((data) => { 11100 console.log('createX500DistinguishedName success'); 11101 }) 11102 .catch((err: BusinessError) => { 11103 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11104 }) 11105 } catch (error) { 11106 let e: BusinessError = error as BusinessError; 11107 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11108 } 11109} 11110``` 11111 11112## cert.createX500DistinguishedName<sup>12+</sup> 11113 11114createX500DistinguishedName(nameDer: Uint8Array): Promise\<X500DistinguishedName> 11115 11116表示使用DER格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 11117 11118**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 11119 11120**系统能力:** SystemCapability.Security.Cert 11121 11122**参数:** 11123 11124| 参数名 | 类型 | 必填 | 说明 | 11125| -------- | ----------------------------- | ---- | -------------------- | 11126| nameDer | Uint8Array | 是 |X509定义的Uint8Array类型的DER格式数据。| 11127 11128**返回值:** 11129 11130| 类型 | 说明 | 11131| ------------------------------- | ---------------- | 11132| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 11133 11134**错误码:** 11135 11136以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11137 11138| 错误码ID | 错误信息 | 11139| -------- | ------------- | 11140| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11141| 19020001 | memory error. | 11142| 19020002 | runtime error. | 11143| 19030001 | crypto operation error. | 11144| 19030002 | the certificate signature verification failed. | 11145| 19030003 | the certificate has not taken effect. | 11146| 19030004 | the certificate has expired. | 11147| 19030005 | failed to obtain the certificate issuer. | 11148| 19030006 | the key cannot be used for signing a certificate. | 11149| 19030007 | the key cannot be used for digital signature. | 11150 11151**示例:** 11152 11153```ts 11154import { cert } from '@kit.DeviceCertificateKit'; 11155import { BusinessError } from '@kit.BasicServicesKit'; 11156 11157let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11158async function createX500DistinguishedName() { 11159 try { 11160 cert.createX500DistinguishedName(nameDer) 11161 .then((data) => { 11162 console.log('createX500DistinguishedName success'); 11163 }) 11164 .catch((err: BusinessError) => { 11165 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11166 }) 11167 } catch (error) { 11168 let e: BusinessError = error as BusinessError; 11169 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11170 } 11171} 11172``` 11173## X500DistinguishedName<sup>12+</sup> 11174 11175X509定义的Name类型的对象。 11176 11177### getName<sup>12+</sup> 11178 11179getName(): string 11180 11181获取可分辨名的字符串。 11182 11183**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 11184 11185**系统能力:** SystemCapability.Security.Cert 11186 11187**返回值**: 11188 11189| 类型 | 说明 | 11190| ------- | ------------------------------------------------- | 11191| string | 可分辨名的字符串。| 11192 11193**错误码:** 11194 11195以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11196 11197| 错误码ID | 错误信息 | 11198| -------- | ------------- | 11199| 19020001 | memory error. | 11200| 19020002 | runtime error. | 11201| 19030001 | crypto operation error. | 11202 11203**示例:** 11204 11205```ts 11206import { cert } from '@kit.DeviceCertificateKit'; 11207import { BusinessError } from '@kit.BasicServicesKit'; 11208 11209let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11210async function getName() { 11211 try { 11212 cert.createX500DistinguishedName(nameDer) 11213 .then((data) => { 11214 console.log('createX500DistinguishedName success'); 11215 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) 11216 }) 11217 .catch((err: BusinessError) => { 11218 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11219 }) 11220 } catch (error) { 11221 let e: BusinessError = error as BusinessError; 11222 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11223 } 11224} 11225``` 11226 11227### getName<sup>12+</sup> 11228 11229getName(type: string): Array\<string> 11230 11231按类型获取可分辨名的字符串。 11232 11233**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 11234 11235**系统能力:** SystemCapability.Security.Cert 11236 11237**参数**: 11238 11239| 参数名 | 类型 | 必填 | 说明 | 11240| ------------ | ------ | ---- | -------------- | 11241| type | string | 是 | 指定类型的名称。| 11242 11243**返回值**: 11244 11245| 类型 | 说明 | 11246| ------- | ------------------------------------------------- | 11247| Array\<string> | 可分辨名的字符串数组。| 11248 11249**错误码:** 11250 11251以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11252 11253| 错误码ID | 错误信息 | 11254| -------- | ------------- | 11255| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11256| 19020001 | memory error. | 11257| 19020002 | runtime error. | 11258| 19030001 | crypto operation error. | 11259 11260**示例:** 11261 11262```ts 11263import { cert } from '@kit.DeviceCertificateKit'; 11264import { BusinessError } from '@kit.BasicServicesKit'; 11265 11266let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11267async function getName() { 11268 try { 11269 cert.createX500DistinguishedName(nameStr) 11270 .then((data) => { 11271 console.log('createX500DistinguishedName success'); 11272 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) 11273 }) 11274 .catch((err: BusinessError) => { 11275 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11276 }) 11277 } catch (error) { 11278 let e: BusinessError = error as BusinessError; 11279 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11280 } 11281} 11282``` 11283 11284### getEncoded<sup>12+</sup> 11285 11286getEncoded(): EncodingBlob 11287 11288获取X509证书扩展域的数据。 11289 11290**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 11291 11292**系统能力:** SystemCapability.Security.Cert 11293 11294**返回值**: 11295 11296| 类型 | 说明 | 11297| ------- | ------------------------------------------------- | 11298| [EncodingBlob](#encodingblob) | X509证书序列化数据。| 11299 11300**错误码:** 11301 11302以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11303 11304| 错误码ID | 错误信息 | 11305| -------- | ------------- | 11306| 19020001 | memory error. | 11307| 19020002 | runtime error. | 11308| 19030001 | crypto operation error. | 11309 11310**示例:** 11311 11312```ts 11313import { cert } from '@kit.DeviceCertificateKit'; 11314import { BusinessError } from '@kit.BasicServicesKit'; 11315 11316let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11317async function getEncoded() { 11318 try { 11319 cert.createX500DistinguishedName(nameStr) 11320 .then((data) => { 11321 console.log('createX500DistinguishedName success'); 11322 let encodingBlobData = data.getEncoded(); 11323 }) 11324 .catch((err: BusinessError) => { 11325 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11326 }) 11327 } catch (error) { 11328 let e: BusinessError = error as BusinessError; 11329 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11330 } 11331} 11332``` 11333 11334## cert.createCmsGenerator<sup>18+</sup> 11335 11336createCmsGenerator(contentType: CmsContentType): CmsGenerator 11337 11338表示创建CmsGenerator对象。 11339 11340**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 11341 11342**系统能力:** SystemCapability.Security.Cert 11343 11344**参数:** 11345 11346| 参数名 | 类型 | 必填 | 说明 | 11347| -------- | ----------------------------- | ---- | -------------------- | 11348| contentType | [CmsContentType](#cmscontenttype18) | 是 | 指定CMS内容类型。| 11349 11350**返回值:** 11351 11352| 类型 | 说明 | 11353| ------------------------------- | ---------------- | 11354| [CmsGenerator](#cmsgenerator18) | CmsGenerator对象。 | 11355 11356**错误码:** 11357 11358以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11359 11360| 错误码ID | 错误信息 | 11361| -------- | ------------- | 11362| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11363| 19020001 | memory error. | 11364| 19020002 | runtime error. | 11365| 19030001 | crypto operation error. | 11366 11367**示例:** 11368 11369```ts 11370import { cert } from '@kit.DeviceCertificateKit'; 11371import { BusinessError } from '@kit.BasicServicesKit'; 11372 11373let certData = '-----BEGIN CERTIFICATE-----\n' + 11374 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11375 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11376 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11377 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11378 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11379 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11380 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11381 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11382 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11383 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11384 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11385 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11386 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11387 '-----END CERTIFICATE-----\n'; 11388 11389// string转Uint8Array 11390function stringToUint8Array(str: string): Uint8Array { 11391 let arr: Array<number> = []; 11392 for (let i = 0, j = str.length; i < j; i++) { 11393 arr.push(str.charCodeAt(i)); 11394 } 11395 return new Uint8Array(arr); 11396} 11397 11398function testcreateCmsGenerator() { 11399 let certEncodingBlob: cert.EncodingBlob = { 11400 data: stringToUint8Array(certData), 11401 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 11402 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11403 }; 11404 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11405 if (error) { 11406 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11407 } else { 11408 try { 11409 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11410 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11411 console.info('testcreateCmsGenerator createCmsGenerator success.'); 11412 } catch (err) { 11413 let e: BusinessError = err as BusinessError; 11414 console.error('createCmsGenerator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11415 } 11416 } 11417 }); 11418} 11419``` 11420 11421## CmsGenerator<sup>18+</sup> 11422 11423CmsGenerator对象用于生成CMS(Cryptographic Message Syntax)格式的消息。 11424 11425> **说明:** 11426> 11427> PKCS#7是用于存储签名或加密数据的标准语法。注意CMS是PKCS#7的扩展,PKCS#7支持的数据类型包括数据、签名数据、信封数据、 11428> 签名和信封数据、摘要数据、加密数据。常用于保护数据的完整性和机密性。 11429 11430### addSigner<sup>18+</sup> 11431 11432addSigner(cert: X509Cert, keyInfo: PrivateKeyInfo, config: CmsSignerConfig): void; 11433 11434用于添加签名者信息。 11435 11436**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 11437 11438**系统能力:** SystemCapability.Security.Cert 11439 11440**参数:** 11441 11442| 参数名 | 类型 | 必填 | 说明 | 11443| ------------ | ------ | ---- | -------------- | 11444| cert | [X509Cert](#x509cert) | 是 | 指定X509证书。| 11445| keyInfo | [PrivateKeyInfo](#privatekeyinfo18) | 是 | 指定私钥信息。| 11446| config | [CmsSignerConfig](#cmssignerconfig18) | 是 | 指定签名者选项。| 11447 11448**错误码:** 11449 11450以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11451 11452| 错误码ID | 错误信息 | 11453| -------- | ------------- | 11454| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11455| 19020001 | memory error. | 11456| 19020002 | runtime error. | 11457| 19030001 | crypto operation error. | 11458| 19030008 | maybe wrong password. | 11459 11460**示例:** 11461 11462```ts 11463import { cert } from '@kit.DeviceCertificateKit'; 11464import { BusinessError } from '@kit.BasicServicesKit'; 11465 11466let certData = '-----BEGIN CERTIFICATE-----\n' + 11467 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11468 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11469 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11470 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11471 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11472 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11473 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11474 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11475 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11476 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11477 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11478 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11479 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11480 '-----END CERTIFICATE-----\n'; 11481 11482let rsaStr1024: string = 11483 '-----BEGIN RSA PRIVATE KEY-----\n' + 11484 'Proc-Type: 4,ENCRYPTED\n' + 11485 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11486 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11487 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11488 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11489 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11490 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11491 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11492 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11493 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11494 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11495 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11496 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11497 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11498 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11499 '-----END RSA PRIVATE KEY-----\n'; 11500 11501// string转Uint8Array。 11502function stringToUint8Array(str: string): Uint8Array { 11503 let arr: Array<number> = []; 11504 for (let i = 0, j = str.length; i < j; i++) { 11505 arr.push(str.charCodeAt(i)); 11506 } 11507 return new Uint8Array(arr); 11508} 11509 11510function testAddSigner() { 11511 let certEncodingBlob: cert.EncodingBlob = { 11512 data: stringToUint8Array(certData), 11513 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 11514 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11515 }; 11516 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11517 if (error) { 11518 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11519 } else { 11520 try { 11521 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11522 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11523 console.info('testAddSigner createCmsGenerator success.'); 11524 let privateKeyInfo: cert.PrivateKeyInfo = { 11525 key: rsaStr1024, 11526 password: '123456' 11527 }; 11528 // addCert设置为true时,第二次addSigner增加相同的证书,会报错。 11529 let config: cert.CmsSignerConfig = { 11530 mdName:'SHA256', 11531 addCert:false, 11532 addAttr:false, 11533 addSmimeCapAttr:false 11534 } 11535 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11536 console.info('testAddSigner addSigner success.'); 11537 } catch (err) { 11538 let e: BusinessError = err as BusinessError; 11539 console.error('testAddSigner failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11540 } 11541 } 11542 }); 11543} 11544``` 11545 11546### addCert<sup>18+</sup> 11547 11548addCert(cert: X509Cert): void 11549 11550用于添加证书,例如签名证书的颁发者证书。 11551 11552**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 11553 11554**系统能力:** SystemCapability.Security.Cert 11555 11556**参数:** 11557 11558| 参数名 | 类型 | 必填 | 说明 | 11559| ------ | --------- | ---- | ------------------------ | 11560| cert | [X509Cert](#x509cert) | 是 | 要添加的X509证书。 | 11561 11562**错误码:** 11563 11564以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11565 11566| 错误码ID | 错误信息 | 11567| -------- | ------------- | 11568| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11569| 19020001 | memory error. | 11570| 19020002 | runtime error. | 11571| 19030001 | crypto operation error. | 11572 11573**示例:** 11574 11575```ts 11576import { cert } from '@kit.DeviceCertificateKit'; 11577import { BusinessError } from '@kit.BasicServicesKit'; 11578 11579let certData = '-----BEGIN CERTIFICATE-----\n' + 11580 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11581 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11582 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11583 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11584 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11585 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11586 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11587 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11588 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11589 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11590 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11591 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11592 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11593 '-----END CERTIFICATE-----\n'; 11594 11595// string转Uint8Array。 11596function stringToUint8Array(str: string): Uint8Array { 11597 let arr: Array<number> = []; 11598 for (let i = 0, j = str.length; i < j; i++) { 11599 arr.push(str.charCodeAt(i)); 11600 } 11601 return new Uint8Array(arr); 11602} 11603 11604function testAddCert() { 11605 let certEncodingBlob: cert.EncodingBlob = { 11606 data: stringToUint8Array(certData), 11607 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 11608 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11609 }; 11610 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11611 if (error) { 11612 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11613 } else { 11614 try { 11615 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11616 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11617 console.info('testAddCert createCmsGenerator success.'); 11618 // 第二次addCert增加相同的证书,会报错。 11619 cmsGenerator.addCert(x509Cert); 11620 console.info('testAddCert addCert success.'); 11621 } catch (err) { 11622 let e: BusinessError = err as BusinessError; 11623 console.error('testAddCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11624 } 11625 } 11626 }); 11627} 11628``` 11629 11630### doFinal<sup>18+</sup> 11631 11632doFinal(data: Uint8Array, options?: CmsGeneratorOptions): Promise<Uint8Array | string> 11633 11634用于获取Cms最终数据,例如Cms签名数据。 11635 11636**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 11637 11638**系统能力:** SystemCapability.Security.Cert 11639 11640**参数:** 11641 11642| 参数名 | 类型 | 必填 | 说明 | 11643| ----------- | ------------------- | ---- | ------------------------------------------ | 11644| data | Uint8Array | 是 | Cms操作的内容。 | 11645| options | [CmsGeneratorOptions](#cmsgeneratoroptions18) | 否 | Cms操作的配置选项。 | 11646 11647**返回值:** 11648 11649| 类型 | 说明 | 11650| ------------------------------- | ---------------- | 11651| Promise<Uint8Array \| string> | 返回Cms最终数据的Promise。 | 11652 11653**错误码:** 11654 11655以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11656 11657| 错误码ID | 错误信息 | 11658| -------- | ------------- | 11659| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11660| 19020001 | memory error. | 11661| 19020002 | runtime error. | 11662| 19030001 | crypto operation error. | 11663 11664**示例:** 11665 11666```ts 11667import { cert } from '@kit.DeviceCertificateKit'; 11668import { BusinessError } from '@kit.BasicServicesKit'; 11669 11670let certData = '-----BEGIN CERTIFICATE-----\n' + 11671 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11672 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11673 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11674 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11675 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11676 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11677 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11678 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11679 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11680 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11681 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11682 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11683 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11684 '-----END CERTIFICATE-----\n'; 11685 11686let rsaStr1024: string = 11687 '-----BEGIN RSA PRIVATE KEY-----\n' + 11688 'Proc-Type: 4,ENCRYPTED\n' + 11689 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11690 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11691 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11692 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11693 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11694 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11695 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11696 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11697 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11698 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11699 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11700 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11701 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11702 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11703 '-----END RSA PRIVATE KEY-----\n'; 11704 11705// string转Uint8Array。 11706function stringToUint8Array(str: string): Uint8Array { 11707 let arr: Array<number> = []; 11708 for (let i = 0, j = str.length; i < j; i++) { 11709 arr.push(str.charCodeAt(i)); 11710 } 11711 return new Uint8Array(arr); 11712} 11713 11714async function testDoFinalByPromise() { 11715 let certEncodingBlob: cert.EncodingBlob = { 11716 data: stringToUint8Array(certData), 11717 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 11718 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11719 }; 11720 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11721 if (error) { 11722 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11723 } else { 11724 try { 11725 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11726 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11727 console.info('testDoFinalByPromise createCmsGenerator success.'); 11728 let privateKeyInfo: cert.PrivateKeyInfo = { 11729 key: rsaStr1024, 11730 password: '123456' 11731 }; 11732 // addCert设置为true时,第二次addSigner或者addCert增加相同的证书,会报错。 11733 let config: cert.CmsSignerConfig = { 11734 mdName:'SHA256', 11735 addCert:false, 11736 addAttr:true, 11737 addSmimeCapAttr:true 11738 } 11739 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11740 console.info('testDoFinalByPromise addSigner success.'); 11741 cmsGenerator.addCert(x509Cert); 11742 console.info('testDoFinalByPromise addCert success.'); 11743 let content = new Uint8Array([1,2,3,4]); 11744 let optionsFinal: cert.CmsGeneratorOptions = { 11745 contentDataFormat : cert.CmsContentDataFormat.BINARY, 11746 outFormat : cert.CmsFormat.PEM, 11747 isDetached : true 11748 }; 11749 cmsGenerator.doFinal(content, optionsFinal).then(result => { 11750 console.log('testDoFinalByPromise doFinal success, resullt = %s', result); 11751 }).catch((error: BusinessError) => { 11752 console.error('testDoFinalByPromise failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11753 }); 11754 } catch (err) { 11755 let e: BusinessError = err as BusinessError; 11756 console.error('testDoFinalByPromise failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11757 } 11758 } 11759 }); 11760} 11761``` 11762 11763### doFinalSync<sup>18+</sup> 11764 11765doFinalSync(data: Uint8Array, options?: CmsGeneratorOptions): Uint8Array | string 11766 11767用于获取Cms最终数据,例如Cms签名数据(同步方法)。 11768 11769**原子化服务API:** 从API version 18开始,该接口支持在原子化服务中使用。 11770 11771**系统能力:** SystemCapability.Security.Cert 11772 11773**参数:** 11774 11775| 参数名 | 类型 | 必填 | 说明 | 11776| ----------- | ------------------- | ---- | ------------------------------------------ | 11777| data | Uint8Array | 是 | Cms操作的内容。 | 11778| options | [CmsGeneratorOptions](#cmsgeneratoroptions18) | 否 | Cms操作的配置选项。 | 11779 11780**返回值:** 11781 11782| 类型 | 说明 | 11783| ------------------------------- | ---------------- | 11784| Uint8Array \| string | 返回Cms最终数据。 | 11785 11786**错误码:** 11787 11788以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 11789 11790| 错误码ID | 错误信息 | 11791| -------- | ------------- | 11792| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11793| 19020001 | memory error. | 11794| 19020002 | runtime error. | 11795| 19030001 | crypto operation error. | 11796 11797**示例:** 11798 11799```ts 11800import { cert } from '@kit.DeviceCertificateKit'; 11801import { BusinessError } from '@kit.BasicServicesKit'; 11802 11803let certData = '-----BEGIN CERTIFICATE-----\n' + 11804 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11805 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11806 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11807 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11808 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11809 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11810 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11811 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11812 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11813 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11814 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11815 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11816 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11817 '-----END CERTIFICATE-----\n'; 11818 11819let rsaStr1024: string = 11820 '-----BEGIN RSA PRIVATE KEY-----\n' + 11821 'Proc-Type: 4,ENCRYPTED\n' + 11822 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11823 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11824 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11825 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11826 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11827 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11828 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11829 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11830 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11831 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11832 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11833 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11834 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11835 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11836 '-----END RSA PRIVATE KEY-----\n'; 11837 11838// string转Uint8Array。 11839function stringToUint8Array(str: string): Uint8Array { 11840 let arr: Array<number> = []; 11841 for (let i = 0, j = str.length; i < j; i++) { 11842 arr.push(str.charCodeAt(i)); 11843 } 11844 return new Uint8Array(arr); 11845} 11846 11847function testDoFinalSync() { 11848 let certEncodingBlob: cert.EncodingBlob = { 11849 data: stringToUint8Array(certData), 11850 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 11851 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11852 }; 11853 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11854 if (error) { 11855 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11856 } else { 11857 try { 11858 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11859 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11860 console.info('testDoFinalSync createCmsGenerator success.'); 11861 let privateKeyInfo: cert.PrivateKeyInfo = { 11862 key: rsaStr1024, 11863 password: '123456' 11864 }; 11865 // addCert设置为true时,第二次addSigner或者addCert增加相同的证书,会报错。 11866 let config: cert.CmsSignerConfig = { 11867 mdName:'SHA256', 11868 addCert:false, 11869 addAttr:false, 11870 addSmimeCapAttr:false 11871 } 11872 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 11873 console.info('testDoFinalSync addSigner success.'); 11874 cmsGenerator.addCert(x509Cert); 11875 console.info('testDoFinalSync addCert success.'); 11876 let content = new Uint8Array([1,2,3,4]); 11877 let optionsFinal: cert.CmsGeneratorOptions = { 11878 contentDataFormat : cert.CmsContentDataFormat.BINARY, 11879 outFormat : cert.CmsFormat.DER, 11880 isDetached : false 11881 }; 11882 let output = cmsGenerator.doFinalSync(content, optionsFinal); 11883 console.info('testDoFinalSync doFinalSync success, output = %s.',output); 11884 } catch (err) { 11885 let e: BusinessError = err as BusinessError; 11886 console.error('testDoFinalSync failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11887 } 11888 } 11889 }); 11890} 11891``` 11892