1/* 2 * Copyright (c) 2023-2024 Huawei Device Co., Ltd. 3 * Licensed under the Apache License, Version 2.0 (the "License"); 4 * you may not use this file except in compliance with the License. 5 * You may obtain a copy of the License at 6 * 7 * http://www.apache.org/licenses/LICENSE-2.0 8 * 9 * Unless required by applicable law or agreed to in writing, software 10 * distributed under the License is distributed on an "AS IS" BASIS, 11 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 * See the License for the specific language governing permissions and 13 * limitations under the License. 14 */ 15 16/** 17 * @file 18 * @kit DeviceCertificateKit 19 */ 20 21import type { AsyncCallback } from './@ohos.base'; 22 23/** 24 * OpenHarmony Universal CertificateManager 25 * 26 * @namespace certificateManager 27 * @syscap SystemCapability.Security.CertificateManager 28 * @since 11 29 */ 30declare namespace certificateManager { 31 /** 32 * Enum for result code 33 * 34 * @enum { number } 35 * @syscap SystemCapability.Security.CertificateManager 36 * @since 11 37 */ 38 export enum CMErrorCode { 39 /** 40 * Indicates that the application has no permission to call the API. 41 * 42 * @syscap SystemCapability.Security.CertificateManager 43 * @since 11 44 */ 45 CM_ERROR_NO_PERMISSION = 201, 46 47 /** 48 * Indicates that the application is not a system application. 49 * 50 * @syscap SystemCapability.Security.CertificateManager 51 * @systemapi 52 * @since 11 53 */ 54 CM_ERROR_NOT_SYSTEM_APP = 202, 55 56 /** 57 * Indicates that the input parameters are invalid. 58 * 59 * @syscap SystemCapability.Security.CertificateManager 60 * @since 11 61 */ 62 CM_ERROR_INVALID_PARAMS = 401, 63 64 /** 65 * Indicates that internal error. 66 * 67 * @syscap SystemCapability.Security.CertificateManager 68 * @since 11 69 */ 70 CM_ERROR_GENERIC = 17500001, 71 72 /** 73 * Indicates that the certificate does not exist. 74 * 75 * @syscap SystemCapability.Security.CertificateManager 76 * @since 11 77 */ 78 CM_ERROR_NO_FOUND = 17500002, 79 80 /** 81 * Indicates that the keystore is in an invalid format or the keystore password is incorrect. 82 * 83 * @syscap SystemCapability.Security.CertificateManager 84 * @since 11 85 */ 86 CM_ERROR_INCORRECT_FORMAT = 17500003, 87 88 /** 89 * Indicates that the number of certificates or credentials reaches the maximum allowed. 90 * 91 * @syscap SystemCapability.Security.CertificateManager 92 * @since 12 93 */ 94 CM_ERROR_MAX_CERT_COUNT_REACHED = 17500004, 95 96 /** 97 * Indicates that the application is not authorized by the user. 98 * 99 * @syscap SystemCapability.Security.CertificateManager 100 * @since 12 101 */ 102 CM_ERROR_NO_AUTHORIZATION = 17500005, 103 104 /** 105 * Indicates that the device enters advanced security mode. 106 * 107 * @syscap SystemCapability.Security.CertificateManager 108 * @since 18 109 */ 110 CM_ERROR_DEVICE_ENTER_ADVSECMODE = 17500007 111 } 112 113 /** 114 * Provides the CertInfo type. 115 * 116 * @typedef CertInfo 117 * @syscap SystemCapability.Security.CertificateManager 118 * @since 11 119 */ 120 export interface CertInfo { 121 /** 122 * Indicates the uri of certificate. 123 * 124 * @type { string } 125 * @syscap SystemCapability.Security.CertificateManager 126 * @since 11 127 */ 128 uri: string; 129 130 /** 131 * Indicates the alias of certificate. 132 * 133 * @type { string } 134 * @syscap SystemCapability.Security.CertificateManager 135 * @since 11 136 */ 137 certAlias: string; 138 139 /** 140 * Indicates the state of certificate. 141 * 142 * @type { boolean } 143 * @syscap SystemCapability.Security.CertificateManager 144 * @since 11 145 */ 146 state: boolean; 147 148 /** 149 * Indicates the issuer name of certificate. 150 * 151 * @type { string } 152 * @syscap SystemCapability.Security.CertificateManager 153 * @since 11 154 */ 155 issuerName: string; 156 157 /** 158 * Indicates the subject name of certificate. 159 * 160 * @type { string } 161 * @syscap SystemCapability.Security.CertificateManager 162 * @since 11 163 */ 164 subjectName: string; 165 166 /** 167 * Indicates the serial number of certificate. 168 * 169 * @type { string } 170 * @syscap SystemCapability.Security.CertificateManager 171 * @since 11 172 */ 173 serial: string; 174 175 /** 176 * Indicates the not before time of certificate. 177 * 178 * @type { string } 179 * @syscap SystemCapability.Security.CertificateManager 180 * @since 11 181 */ 182 notBefore: string; 183 184 /** 185 * Indicates the not after time of certificate. 186 * 187 * @type { string } 188 * @syscap SystemCapability.Security.CertificateManager 189 * @since 11 190 */ 191 notAfter: string; 192 193 /** 194 * Indicates the fingerprint of certificate. 195 * 196 * @type { string } 197 * @syscap SystemCapability.Security.CertificateManager 198 * @since 11 199 */ 200 fingerprintSha256: string; 201 202 /** 203 * Indicates the certificate binary data. 204 * 205 * @type { Uint8Array } 206 * @syscap SystemCapability.Security.CertificateManager 207 * @since 11 208 */ 209 cert: Uint8Array; 210 } 211 212 /** 213 * Provides the abstract Cert type. 214 * 215 * @typedef CertAbstract 216 * @syscap SystemCapability.Security.CertificateManager 217 * @since 11 218 */ 219 export interface CertAbstract { 220 /** 221 * Indicates the uri of certificate. 222 * 223 * @type { string } 224 * @syscap SystemCapability.Security.CertificateManager 225 * @since 11 226 */ 227 uri: string; 228 229 /** 230 * Indicates the alias of certificate. 231 * 232 * @type { string } 233 * @syscap SystemCapability.Security.CertificateManager 234 * @since 11 235 */ 236 certAlias: string; 237 238 /** 239 * Indicates the state of certificate. 240 * 241 * @type { boolean } 242 * @syscap SystemCapability.Security.CertificateManager 243 * @since 11 244 */ 245 state: boolean; 246 247 /** 248 * Indicates the subject name of certificate. 249 * 250 * @type { string } 251 * @syscap SystemCapability.Security.CertificateManager 252 * @since 11 253 */ 254 subjectName: string; 255 } 256 257 /** 258 * Provides the Credential type. 259 * 260 * @typedef Credential 261 * @syscap SystemCapability.Security.CertificateManager 262 * @since 11 263 */ 264 export interface Credential { 265 /** 266 * Indicates the type of Credential. 267 * 268 * @type { string } 269 * @syscap SystemCapability.Security.CertificateManager 270 * @since 11 271 */ 272 type: string; 273 274 /** 275 * Indicates the alias of Credential. 276 * 277 * @type { string } 278 * @syscap SystemCapability.Security.CertificateManager 279 * @since 11 280 */ 281 alias: string; 282 283 /** 284 * Indicates the uri of Credential. 285 * 286 * @type { string } 287 * @syscap SystemCapability.Security.CertificateManager 288 * @since 11 289 */ 290 keyUri: string; 291 292 /** 293 * Indicates the number of certificates included in the credential. 294 * 295 * @type { number } 296 * @syscap SystemCapability.Security.CertificateManager 297 * @since 11 298 */ 299 certNum: number; 300 301 /** 302 * Indicates the number of key included in the credential. 303 * 304 * @type { number } 305 * @syscap SystemCapability.Security.CertificateManager 306 * @since 11 307 */ 308 keyNum: number; 309 310 /** 311 * Indicates the credential binary data. 312 * 313 * @type { Uint8Array } 314 * @syscap SystemCapability.Security.CertificateManager 315 * @since 11 316 */ 317 credentialData: Uint8Array; 318 } 319 320 /** 321 * Provides the abstract Credential type. 322 * 323 * @typedef CredentialAbstract 324 * @syscap SystemCapability.Security.CertificateManager 325 * @since 11 326 */ 327 export interface CredentialAbstract { 328 /** 329 * Indicates the type of Credential. 330 * 331 * @type { string } 332 * @syscap SystemCapability.Security.CertificateManager 333 * @since 11 334 */ 335 type: string; 336 337 /** 338 * Indicates the alias of Credential. 339 * 340 * @type { string } 341 * @syscap SystemCapability.Security.CertificateManager 342 * @since 11 343 */ 344 alias: string; 345 346 /** 347 * Indicates the uri of Credential. 348 * 349 * @type { string } 350 * @syscap SystemCapability.Security.CertificateManager 351 * @since 11 352 */ 353 keyUri: string; 354 } 355 356 /** 357 * Provides the CMResult type. 358 * 359 * @typedef CMResult 360 * @syscap SystemCapability.Security.CertificateManager 361 * @since 11 362 */ 363 export interface CMResult { 364 /** 365 * Indicates the certificate list of CMResult. 366 * 367 * @type { ?Array<CertAbstract> } 368 * @syscap SystemCapability.Security.CertificateManager 369 * @since 11 370 */ 371 certList?: Array<CertAbstract>; 372 373 /** 374 * Indicates the certificate info of CMResult. 375 * 376 * @type { ?CertInfo } 377 * @syscap SystemCapability.Security.CertificateManager 378 * @since 11 379 */ 380 certInfo?: CertInfo; 381 382 /** 383 * Indicates the credential list of CMResult. 384 * 385 * @type { ?Array<CredentialAbstract> } 386 * @syscap SystemCapability.Security.CertificateManager 387 * @since 11 388 */ 389 credentialList?: Array<CredentialAbstract>; 390 391 /** 392 * Indicates the credential of CMResult. 393 * 394 * @type { ?Credential } 395 * @syscap SystemCapability.Security.CertificateManager 396 * @since 11 397 */ 398 credential?: Credential; 399 400 /** 401 * Indicates the app uid list of CMResult. 402 * 403 * @type { ?Array<string> } 404 * @syscap SystemCapability.Security.CertificateManager 405 * @since 11 406 */ 407 appUidList?: Array<string>; 408 409 /** 410 * Indicates the certificate uri of CMResult. 411 * 412 * @type { ?string } 413 * @syscap SystemCapability.Security.CertificateManager 414 * @since 11 415 */ 416 uri?: string; 417 418 /** 419 * Indicates the outData of CMResult. 420 * 421 * @type { ?Uint8Array } 422 * @syscap SystemCapability.Security.CertificateManager 423 * @since 11 424 */ 425 outData?: Uint8Array; 426 } 427 428 /** 429 * Enum for Key Purpose 430 * 431 * @enum { number } 432 * @syscap SystemCapability.Security.CertificateManager 433 * @since 11 434 */ 435 export enum CmKeyPurpose { 436 /** 437 * Indicates that key for signature. 438 * 439 * @syscap SystemCapability.Security.CertificateManager 440 * @since 11 441 */ 442 CM_KEY_PURPOSE_SIGN = 4, 443 444 /** 445 * Indicates that key for verify. 446 * 447 * @syscap SystemCapability.Security.CertificateManager 448 * @since 11 449 */ 450 CM_KEY_PURPOSE_VERIFY = 8 451 } 452 453 /** 454 * Enum for Key Digest 455 * 456 * @enum { number } 457 * @syscap SystemCapability.Security.CertificateManager 458 * @since 11 459 */ 460 export enum CmKeyDigest { 461 /** 462 * Indicates that key digest is none. 463 * 464 * @syscap SystemCapability.Security.CertificateManager 465 * @since 11 466 */ 467 CM_DIGEST_NONE = 0, 468 469 /** 470 * Indicates that key digest is md5. 471 * 472 * @syscap SystemCapability.Security.CertificateManager 473 * @since 11 474 */ 475 CM_DIGEST_MD5 = 1, 476 477 /** 478 * Indicates that key digest is sha1. 479 * 480 * @syscap SystemCapability.Security.CertificateManager 481 * @since 11 482 */ 483 CM_DIGEST_SHA1 = 2, 484 485 /** 486 * Indicates that key digest is sha224. 487 * 488 * @syscap SystemCapability.Security.CertificateManager 489 * @since 11 490 */ 491 CM_DIGEST_SHA224 = 3, 492 493 /** 494 * Indicates that key digest is sha256. 495 * 496 * @syscap SystemCapability.Security.CertificateManager 497 * @since 11 498 */ 499 CM_DIGEST_SHA256 = 4, 500 501 /** 502 * Indicates that key digest is sha384. 503 * 504 * @syscap SystemCapability.Security.CertificateManager 505 * @since 11 506 */ 507 CM_DIGEST_SHA384 = 5, 508 509 /** 510 * Indicates that key digest is sha512. 511 * 512 * @syscap SystemCapability.Security.CertificateManager 513 * @since 11 514 */ 515 CM_DIGEST_SHA512 = 6, 516 517 /** 518 * Indicates that key digest is SM3. 519 * 520 * @syscap SystemCapability.Security.CertificateManager 521 * @since 18 522 */ 523 CM_DIGEST_SM3 = 7 524 } 525 526 /** 527 * Enum for Key Padding 528 * 529 * @enum { number } 530 * @syscap SystemCapability.Security.CertificateManager 531 * @since 11 532 */ 533 export enum CmKeyPadding { 534 /** 535 * Indicates that key padding is none. 536 * 537 * @syscap SystemCapability.Security.CertificateManager 538 * @since 11 539 */ 540 CM_PADDING_NONE = 0, 541 542 /** 543 * Indicates that key padding is PSS. 544 * 545 * @syscap SystemCapability.Security.CertificateManager 546 * @since 11 547 */ 548 CM_PADDING_PSS = 1, 549 550 /** 551 * Indicates that key padding is PKCS1_V1_5. 552 * 553 * @syscap SystemCapability.Security.CertificateManager 554 * @since 11 555 */ 556 CM_PADDING_PKCS1_V1_5 = 2 557 } 558 559 /** 560 * Provides the CMSignatureSpec type. 561 * 562 * @typedef CMSignatureSpec 563 * @syscap SystemCapability.Security.CertificateManager 564 * @since 11 565 */ 566 export interface CMSignatureSpec { 567 /** 568 * Indicates the key purpose of CMSignatureSpec. 569 * 570 * @type { CmKeyPurpose } 571 * @syscap SystemCapability.Security.CertificateManager 572 * @since 11 573 */ 574 purpose: CmKeyPurpose; 575 576 /** 577 * Indicates the key padding of CMSignatureSpec. 578 * 579 * @type { ?CmKeyPadding } 580 * @syscap SystemCapability.Security.CertificateManager 581 * @since 11 582 */ 583 padding?: CmKeyPadding; 584 585 /** 586 * Indicates the key digest of CMSignatureSpec. 587 * 588 * @type { ?CmKeyDigest } 589 * @syscap SystemCapability.Security.CertificateManager 590 * @since 11 591 */ 592 digest?: CmKeyDigest; 593 } 594 595 /** 596 * Provides the CMHandle type. 597 * 598 * @typedef CMHandle 599 * @syscap SystemCapability.Security.CertificateManager 600 * @since 11 601 */ 602 export interface CMHandle { 603 /** 604 * Indicates the handle . 605 * 606 * @type { Uint8Array } 607 * @syscap SystemCapability.Security.CertificateManager 608 * @since 11 609 */ 610 handle: Uint8Array; 611 } 612 613 /** 614 * Install private application certificate. 615 * 616 * @permission ohos.permission.ACCESS_CERT_MANAGER 617 * @param { Uint8Array } keystore - Indicates the keystore file with key pair and certificate. 618 * @param { string } keystorePwd - Indicates the password of keystore file. 619 * @param { string } certAlias - Indicates the certificate name inputted by the user. 620 * @param { AsyncCallback<CMResult> } callback - The callback of installPrivateCertificate. 621 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 622 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 623 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 624 * @throws { BusinessError } 17500001 - Internal error. 625 * @throws { BusinessError } 17500003 - The keystore is in an invalid format or the keystore password is incorrect. 626 * @syscap SystemCapability.Security.CertificateManager 627 * @since 11 628 */ 629 /** 630 * Install private application certificate. 631 * 632 * @permission ohos.permission.ACCESS_CERT_MANAGER 633 * @param { Uint8Array } keystore - Indicates the keystore file with key pair and certificate. 634 * @param { string } keystorePwd - Indicates the password of keystore file. 635 * @param { string } certAlias - Indicates the certificate name inputted by the user. 636 * @param { AsyncCallback<CMResult> } callback - The callback of installPrivateCertificate. 637 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 638 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 639 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 640 * @throws { BusinessError } 17500001 - Internal error. 641 * @throws { BusinessError } 17500003 - The keystore is in an invalid format or the keystore password is incorrect. 642 * @throws { BusinessError } 17500004 - The number of certificates or credentials reaches the maximum allowed. 643 * @syscap SystemCapability.Security.CertificateManager 644 * @since 12 645 */ 646 function installPrivateCertificate( 647 keystore: Uint8Array, 648 keystorePwd: string, 649 certAlias: string, 650 callback: AsyncCallback<CMResult> 651 ): void; 652 653 /** 654 * Install private application certificate. 655 * 656 * @permission ohos.permission.ACCESS_CERT_MANAGER 657 * @param { Uint8Array } keystore - Indicates the keystore file with key pair and certificate. 658 * @param { string } keystorePwd - Indicates the password of keystore file. 659 * @param { string } certAlias - Indicates the certificate name inputted by the user. 660 * @returns { Promise<CMResult> } The promise returned by the function. 661 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 662 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 663 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 664 * @throws { BusinessError } 17500001 - Internal error. 665 * @throws { BusinessError } 17500003 - The keystore is in an invalid format or the keystore password is incorrect. 666 * @syscap SystemCapability.Security.CertificateManager 667 * @since 11 668 */ 669 /** 670 * Install private application certificate. 671 * 672 * @permission ohos.permission.ACCESS_CERT_MANAGER 673 * @param { Uint8Array } keystore - Indicates the keystore file with key pair and certificate. 674 * @param { string } keystorePwd - Indicates the password of keystore file. 675 * @param { string } certAlias - Indicates the certificate name inputted by the user. 676 * @returns { Promise<CMResult> } The promise returned by the function. 677 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 678 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 679 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 680 * @throws { BusinessError } 17500001 - Internal error. 681 * @throws { BusinessError } 17500003 - The keystore is in an invalid format or the keystore password is incorrect. 682 * @throws { BusinessError } 17500004 - The number of certificates or credentials reaches the maximum allowed. 683 * @syscap SystemCapability.Security.CertificateManager 684 * @since 12 685 */ 686 function installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string): Promise<CMResult>; 687 688 /** 689 * Uninstall the specified normal application certificate. 690 * 691 * @permission ohos.permission.ACCESS_CERT_MANAGER 692 * @param { string } keyUri - Indicates key's name. 693 * @param { AsyncCallback<void> } callback - The callback of uninstallPrivateCertificate. 694 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 695 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 696 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 697 * @throws { BusinessError } 17500001 - Internal error. 698 * @throws { BusinessError } 17500002 - The certificate does not exist. 699 * @syscap SystemCapability.Security.CertificateManager 700 * @since 11 701 */ 702 function uninstallPrivateCertificate(keyUri: string, callback: AsyncCallback<void>): void; 703 704 /** 705 * Uninstall the specified normal application certificate. 706 * 707 * @permission ohos.permission.ACCESS_CERT_MANAGER 708 * @param { string } keyUri - Indicates key's name. 709 * @returns { Promise<void> } The promise returned by the function. 710 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 711 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 712 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 713 * @throws { BusinessError } 17500001 - Internal error. 714 * @throws { BusinessError } 17500002 - The certificate does not exist. 715 * @syscap SystemCapability.Security.CertificateManager 716 * @since 11 717 */ 718 function uninstallPrivateCertificate(keyUri: string): Promise<void>; 719 720 /** 721 * Get a list of all applications private certificates. 722 * 723 * @permission ohos.permission.ACCESS_CERT_MANAGER and ohos.permission.ACCESS_CERT_MANAGER_INTERNAL 724 * @param { AsyncCallback<CMResult> } callback - The callback of getAllAppPrivateCertificates. 725 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 726 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 727 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 728 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 729 * @throws { BusinessError } 17500001 - Internal error. 730 * @syscap SystemCapability.Security.CertificateManager 731 * @systemapi 732 * @since 11 733 */ 734 function getAllAppPrivateCertificates(callback: AsyncCallback<CMResult>): void; 735 736 /** 737 * Get a list of all applications private certificates. 738 * 739 * @permission ohos.permission.ACCESS_CERT_MANAGER and ohos.permission.ACCESS_CERT_MANAGER_INTERNAL 740 * @returns { Promise<CMResult> } The promise returned by the function. 741 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 742 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 743 * @throws { BusinessError } 17500001 - Internal error. 744 * @syscap SystemCapability.Security.CertificateManager 745 * @systemapi 746 * @since 11 747 */ 748 function getAllAppPrivateCertificates(): Promise<CMResult>; 749 750 /** 751 * Get the detail of private application certificate. 752 * 753 * @permission ohos.permission.ACCESS_CERT_MANAGER 754 * @param { string } keyUri - Indicates key's name. 755 * @param { AsyncCallback<CMResult> } callback - The callback of getPrivateCertificate. 756 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 757 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 758 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 759 * @throws { BusinessError } 17500001 - Internal error. 760 * @throws { BusinessError } 17500002 - The certificate does not exist. 761 * @syscap SystemCapability.Security.CertificateManager 762 * @since 11 763 */ 764 function getPrivateCertificate(keyUri: string, callback: AsyncCallback<CMResult>): void; 765 766 /** 767 * Get the detail of private application certificate. 768 * 769 * @permission ohos.permission.ACCESS_CERT_MANAGER 770 * @param { string } keyUri - Indicates key's name. 771 * @returns { Promise<CMResult> } The promise returned by the function. 772 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 773 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 774 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 775 * @throws { BusinessError } 17500001 - Internal error. 776 * @throws { BusinessError } 17500002 - The certificate does not exist. 777 * @syscap SystemCapability.Security.CertificateManager 778 * @since 11 779 */ 780 function getPrivateCertificate(keyUri: string): Promise<CMResult>; 781 782 /** 783 * Init operation for signing and verifying etc. 784 * 785 * @permission ohos.permission.ACCESS_CERT_MANAGER 786 * @param { string } authUri - Indicates the authorization relationship between application and application certificate. 787 * @param { CMSignatureSpec } spec - Indicates the properties of the signature and verification. 788 * @param { AsyncCallback<CMHandle> } callback - The callback of init. 789 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 790 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 791 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 792 * @throws { BusinessError } 17500001 - Internal error. 793 * @throws { BusinessError } 17500002 - The certificate does not exist. 794 * @syscap SystemCapability.Security.CertificateManager 795 * @since 11 796 */ 797 /** 798 * Init operation for signing and verifying etc. 799 * 800 * @permission ohos.permission.ACCESS_CERT_MANAGER 801 * @param { string } authUri - Indicates the authorization relationship between application and application certificate. 802 * @param { CMSignatureSpec } spec - Indicates the properties of the signature and verification. 803 * @param { AsyncCallback<CMHandle> } callback - The callback of init. 804 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 805 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 806 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 807 * @throws { BusinessError } 17500001 - Internal error. 808 * @throws { BusinessError } 17500002 - The certificate does not exist. 809 * @throws { BusinessError } 17500005 - The application is not authorized by the user. 810 * @syscap SystemCapability.Security.CertificateManager 811 * @since 12 812 */ 813 function init(authUri: string, spec: CMSignatureSpec, callback: AsyncCallback<CMHandle>): void; 814 815 /** 816 * Init operation for signing and verifying etc. 817 * 818 * @permission ohos.permission.ACCESS_CERT_MANAGER 819 * @param { string } authUri - Indicates the authorization relationship between application and application certificate. 820 * @param { CMSignatureSpec } spec - Indicates the properties of the signature and verification. 821 * @returns { Promise<CMHandle> } The promise returned by the function. 822 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 823 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 824 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 825 * @throws { BusinessError } 17500001 - Internal error. 826 * @throws { BusinessError } 17500002 - The certificate does not exist. 827 * @syscap SystemCapability.Security.CertificateManager 828 * @since 11 829 */ 830 /** 831 * Init operation for signing and verifying etc. 832 * 833 * @permission ohos.permission.ACCESS_CERT_MANAGER 834 * @param { string } authUri - Indicates the authorization relationship between application and application certificate. 835 * @param { CMSignatureSpec } spec - Indicates the properties of the signature and verification. 836 * @returns { Promise<CMHandle> } The promise returned by the function. 837 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 838 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 839 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 840 * @throws { BusinessError } 17500001 - Internal error. 841 * @throws { BusinessError } 17500002 - The certificate does not exist. 842 * @throws { BusinessError } 17500005 - The application is not authorized by the user. 843 * @syscap SystemCapability.Security.CertificateManager 844 * @since 12 845 */ 846 function init(authUri: string, spec: CMSignatureSpec): Promise<CMHandle>; 847 848 /** 849 * Update operation for signing and verifying etc. 850 * 851 * @permission ohos.permission.ACCESS_CERT_MANAGER 852 * @param { Uint8Array } handle - Indicates the handle of the init operation. 853 * @param { Uint8Array } data - Indicates the input value. 854 * @param { AsyncCallback<void> } callback - The callback of update. 855 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 856 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 857 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 858 * @throws { BusinessError } 17500001 - Internal error. 859 * @syscap SystemCapability.Security.CertificateManager 860 * @since 11 861 */ 862 function update(handle: Uint8Array, data: Uint8Array, callback: AsyncCallback<void>): void; 863 864 /** 865 * Update operation for signing and verifying etc. 866 * 867 * @permission ohos.permission.ACCESS_CERT_MANAGER 868 * @param { Uint8Array } handle - Indicates the handle of the init operation. 869 * @param { Uint8Array } data - Indicates the input value. 870 * @returns { Promise<void> } The promise returned by the function. 871 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 872 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 873 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 874 * @throws { BusinessError } 17500001 - Internal error. 875 * @syscap SystemCapability.Security.CertificateManager 876 * @since 11 877 */ 878 function update(handle: Uint8Array, data: Uint8Array): Promise<void>; 879 880 /** 881 * Finish operation for signing and verifying etc. 882 * 883 * @permission ohos.permission.ACCESS_CERT_MANAGER 884 * @param { Uint8Array } handle - Indicates the handle of the init operation. 885 * @param { AsyncCallback<CMResult> } callback - The callback of finish. 886 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 887 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 888 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 889 * @throws { BusinessError } 17500001 - Internal error. 890 * @syscap SystemCapability.Security.CertificateManager 891 * @since 11 892 */ 893 function finish(handle: Uint8Array, callback: AsyncCallback<CMResult>): void; 894 895 /** 896 * Finish operation for signing and verifying etc. 897 * 898 * @permission ohos.permission.ACCESS_CERT_MANAGER 899 * @param { Uint8Array } handle - Indicates the handle of the init operation. 900 * @param { Uint8Array } signature - Indicates the sign data. 901 * @param { AsyncCallback<CMResult> } callback - The callback of finish. 902 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 903 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 904 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 905 * @throws { BusinessError } 17500001 - Internal error. 906 * @syscap SystemCapability.Security.CertificateManager 907 * @since 11 908 */ 909 function finish(handle: Uint8Array, signature: Uint8Array, callback: AsyncCallback<CMResult>): void; 910 911 /** 912 * Finish operation for signing and verifying etc. 913 * 914 * @permission ohos.permission.ACCESS_CERT_MANAGER 915 * @param { Uint8Array } handle - Indicates the handle of the init operation. 916 * @param { Uint8Array } [options] signature - Indicates the sign data. 917 * @returns { Promise<CMResult> } The promise returned by the function. 918 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 919 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 920 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 921 * @throws { BusinessError } 17500001 - Internal error. 922 * @syscap SystemCapability.Security.CertificateManager 923 * @since 11 924 */ 925 function finish(handle: Uint8Array, signature?: Uint8Array): Promise<CMResult>; 926 927 /** 928 * Abort operation for signing and verifying etc. 929 * 930 * @permission ohos.permission.ACCESS_CERT_MANAGER 931 * @param { Uint8Array } handle - Indicates the handle of the init operation. 932 * @param { AsyncCallback<void> } callback - The callback of abort. 933 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 934 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 935 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 936 * @throws { BusinessError } 17500001 - Internal error. 937 * @syscap SystemCapability.Security.CertificateManager 938 * @since 11 939 */ 940 function abort(handle: Uint8Array, callback: AsyncCallback<void>): void; 941 942 /** 943 * Abort operation for signing and verifying etc. 944 * 945 * @permission ohos.permission.ACCESS_CERT_MANAGER 946 * @param { Uint8Array } handle - Indicates the handle of the init operation. 947 * @returns { Promise<void> } The promise returned by the function. 948 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 949 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 950 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 951 * @throws { BusinessError } 17500001 - Internal error. 952 * @syscap SystemCapability.Security.CertificateManager 953 * @since 11 954 */ 955 function abort(handle: Uint8Array): Promise<void>; 956 957 /** 958 * Get the detail of public application certificate. 959 * 960 * @permission ohos.permission.ACCESS_CERT_MANAGER 961 * @param { string } keyUri - Indicates the key's name. 962 * @returns { Promise<CMResult> } The promise returned by the function. 963 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 964 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 965 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 966 * @throws { BusinessError } 17500001 - Internal error. 967 * @throws { BusinessError } 17500002 - The certificate does not exist. 968 * @throws { BusinessError } 17500005 - The application is not authorized by the user. 969 * @syscap SystemCapability.Security.CertificateManager 970 * @since 12 971 */ 972 function getPublicCertificate(keyUri: string): Promise<CMResult>; 973 974 /**: 975 * Whether the current application is authorized by the specified public application certificate. 976 * 977 * @permission ohos.permission.ACCESS_CERT_MANAGER 978 * @param { string } keyUri - Indicates the key's name. 979 * @returns { Promise<boolean> } The promise returned by the function. 980 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 981 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 982 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 983 * @throws { BusinessError } 17500001 - Internal error. 984 * @syscap SystemCapability.Security.CertificateManager 985 * @since 12 986 */ 987 function isAuthorizedApp(keyUri: string): Promise<boolean>; 988 989 /** 990 * Get a list of all user trusted CA certificates. 991 * 992 * @permission ohos.permission.ACCESS_CERT_MANAGER 993 * @returns { Promise<CMResult> } The promise returned by the function. 994 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 995 * @throws { BusinessError } 17500001 - Internal error. 996 * @syscap SystemCapability.Security.CertificateManager 997 * @since 12 998 */ 999 function getAllUserTrustedCertificates(): Promise<CMResult>; 1000 1001 /** 1002 * Get a list of all user trusted CA certificates. 1003 * 1004 * @permission ohos.permission.ACCESS_CERT_MANAGER 1005 * @param { CertScope } scope - Indicates the scope of user ca certificate. 1006 * @returns { Promise<CMResult> } The user ca certificates. 1007 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1008 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1009 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1010 * @throws { BusinessError } 17500001 - Internal error. 1011 * @syscap SystemCapability.Security.CertificateManager 1012 * @since 18 1013 */ 1014 function getAllUserTrustedCertificates(scope: CertScope): Promise<CMResult>; 1015 1016 /** 1017 * Get the detail of user trusted CA certificate. 1018 * 1019 * @permission ohos.permission.ACCESS_CERT_MANAGER 1020 * @param { string } certUri - Indicates the certificate's name. 1021 * @returns { Promise<CMResult> } The promise returned by the function. 1022 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1023 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1024 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1025 * @throws { BusinessError } 17500001 - Internal error. 1026 * @throws { BusinessError } 17500002 - The certificate does not exist. 1027 * @syscap SystemCapability.Security.CertificateManager 1028 * @since 12 1029 */ 1030 function getUserTrustedCertificate(certUri: string): Promise<CMResult>; 1031 1032 /** 1033 * Get a list of all system application certificates, such as WLAN, VPN certificate. 1034 * 1035 * @permission ohos.permission.ACCESS_CERT_MANAGER 1036 * @returns { Promise<CMResult> } The promise returned by the function. 1037 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1038 * @throws { BusinessError } 202 - Permission verification failed. A non-system application calls a system API. 1039 * @throws { BusinessError } 17500001 - Internal error. 1040 * @syscap SystemCapability.Security.CertificateManager 1041 * @systemapi 1042 * @since 12 1043 */ 1044 function getAllSystemAppCertificates(): Promise<CMResult>; 1045 1046 /** 1047 * Get all private certificates installed by the application. 1048 * 1049 * @permission ohos.permission.ACCESS_CERT_MANAGER 1050 * @returns { Promise<CMResult> } The private certificates installed by the application. 1051 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1052 * @throws { BusinessError } 17500001 - Internal error. 1053 * @syscap SystemCapability.Security.CertificateManager 1054 * @since 13 1055 */ 1056 function getPrivateCertificates(): Promise<CMResult>; 1057 1058 /** 1059 * Enum for certificate type managed by Certificate Manager. 1060 * 1061 * @enum { number } 1062 * @syscap SystemCapability.Security.CertificateManager 1063 * @since 18 1064 */ 1065 export enum CertType { 1066 /** 1067 * Indicates that ca certificate that installed by HarmonyOS system. 1068 * 1069 * @syscap SystemCapability.Security.CertificateManager 1070 * @since 18 1071 */ 1072 CA_CERT_SYSTEM = 0, 1073 1074 /** 1075 * Indicates that ca certificate that installed by user. 1076 * 1077 * @syscap SystemCapability.Security.CertificateManager 1078 * @since 18 1079 */ 1080 CA_CERT_USER = 1 1081 } 1082 1083 /** 1084 * Enum for the scope of user ca certificate. 1085 * 1086 * @enum { number } 1087 * @syscap SystemCapability.Security.CertificateManager 1088 * @since 18 1089 */ 1090 export enum CertScope { 1091 1092 /** 1093 * Indicates that the user ca certificate for a current user. 1094 * 1095 * @syscap SystemCapability.Security.CertificateManager 1096 * @since 18 1097 */ 1098 CURRENT_USER = 1, 1099 1100 /** 1101 * Indicates that the user ca certificate for all users. 1102 * 1103 * @syscap SystemCapability.Security.CertificateManager 1104 * @since 18 1105 */ 1106 GLOBAL_USER = 2 1107 } 1108 1109 /** 1110 * Provides the certificate file store property type. 1111 * 1112 * @typedef CertStoreProperty 1113 * @syscap SystemCapability.Security.CertificateManager 1114 * @since 18 1115 */ 1116 export interface CertStoreProperty { 1117 /** 1118 * Indicates the certificate type managed by Certificate Manager. 1119 * 1120 * @type { CertType } 1121 * @syscap SystemCapability.Security.CertificateManager 1122 * @since 18 1123 */ 1124 certType: CertType; 1125 1126 /** 1127 * Indicates the scope of user ca certificate. This parameter is valid only when certType is set to CA_CERT_USER. 1128 * 1129 * @type { ?CertScope } 1130 * @syscap SystemCapability.Security.CertificateManager 1131 * @since 18 1132 */ 1133 certScope?: CertScope; 1134 } 1135 1136 /** 1137 * Get the certificate file store path. 1138 * 1139 * @param { CertStoreProperty } property - Indicates the certificate file store path property. 1140 * @returns { string } the certificate file store path. 1141 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1142 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1143 * @throws { BusinessError } 17500001 - Internal error. 1144 * @syscap SystemCapability.Security.CertificateManager 1145 * @since 18 1146 */ 1147 function getCertificateStorePath(property: CertStoreProperty): string; 1148 1149 /** 1150 * Install the user trusted CA certificate. 1151 * 1152 * @permission ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT or ohos.permission.ACCESS_USER_TRUSTED_CERT 1153 * @param { Uint8Array } cert - Indicates the certificate file content to be installed. 1154 * @param { CertScope } certScope - Indicates the scope of user ca certificate. 1155 * @returns { CMResult } The certificate uri that identifies the installed certificate. 1156 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1157 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1158 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1159 * @throws { BusinessError } 17500001 - Internal error. 1160 * @throws { BusinessError } 17500003 - Indicates that the certificate is in an invalid format. 1161 * @throws { BusinessError } 17500004 - Indicates that the number of certificates reaches the maximum allowed. 1162 * @throws { BusinessError } 17500007 - Indicates that the device enters advanced security mode. In this mode, the user CA certificate cannot be installed. 1163 * @syscap SystemCapability.Security.CertificateManager 1164 * @since 18 1165 */ 1166 function installUserTrustedCertificateSync(cert: Uint8Array, certScope: CertScope) : CMResult; 1167 1168 /** 1169 * Uninstall the user trusted CA certificate. 1170 * 1171 * @permission ohos.permission.ACCESS_ENTERPRISE_USER_TRUSTED_CERT or ohos.permission.ACCESS_USER_TRUSTED_CERT 1172 * @param { string } certUri - Indicates the certificate uri to be uninstalled. 1173 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1174 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1175 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1176 * @throws { BusinessError } 17500001 - Internal error. 1177 * @throws { BusinessError } 17500002 - Indicates that the certificate does not exist. 1178 * @syscap SystemCapability.Security.CertificateManager 1179 * @since 18 1180 */ 1181 function uninstallUserTrustedCertificateSync(certUri: string) : void; 1182 1183 /** 1184 * Install private application certificate. 1185 * 1186 * @permission ohos.permission.ACCESS_CERT_MANAGER 1187 * @param { Uint8Array } keystore - Indicates the keystore file with key pair and certificate. 1188 * @param { string } keystorePwd - Indicates the password of keystore file. 1189 * @param { string } certAlias - Indicates the certificate name inputted by the user. 1190 * @param { AuthStorageLevel } level - Indicates the storage authentication level of key file. 1191 * @returns { Promise<CMResult> } The promise returned by the function. 1192 * @throws { BusinessError } 201 - Permission verification failed. The application does not have the permission required to call the API. 1193 * @throws { BusinessError } 401 - Parameter error. Possible causes: 1. Mandatory parameters are left unspecified; 1194 * <br>2. Incorrect parameter types; 3. Parameter verification failed. 1195 * @throws { BusinessError } 17500001 - Internal error. 1196 * @throws { BusinessError } 17500003 - The keystore is in an invalid format or the keystore password is incorrect. 1197 * @throws { BusinessError } 17500004 - The number of certificates or credentials reaches the maximum allowed. 1198 * @syscap SystemCapability.Security.CertificateManager 1199 * @since 18 1200 */ 1201 function installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string, level: AuthStorageLevel): Promise<CMResult>; 1202 1203 /** 1204 * Enum for storage authentication level 1205 * 1206 * @enum { number } 1207 * @syscap SystemCapability.Security.CertificateManager 1208 * @since 18 1209 */ 1210 export enum AuthStorageLevel { 1211 /** 1212 * Indicates that the file can be accessed after the device is started. 1213 * 1214 * @syscap SystemCapability.Security.CertificateManager 1215 * @since 18 1216 */ 1217 EL1 = 1, 1218 1219 /** 1220 * Indicates that the file can be accessed after the device is unlocked for the first time. 1221 * 1222 * @syscap SystemCapability.Security.CertificateManager 1223 * @since 18 1224 */ 1225 EL2 = 2, 1226 1227 /** 1228 * Indicates that the file can be accessed when the device is unlocked. 1229 * 1230 * @syscap SystemCapability.Security.CertificateManager 1231 * @since 18 1232 */ 1233 EL4 = 4, 1234 } 1235} 1236 1237export default certificateManager; 1238