1# @ohos.security.cert (Certificate) 2 3<!--Kit: Device Certificate Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10The certificate algorithm library framework provides certificate-related APIs. The **certFramework** module depends on the basic algorithm capabilities of the Crypto framework. For details, see [Crypto Framework](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md). 11 12> **NOTE** 13> 14> The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 15 16## Modules to Import 17 18```ts 19import { cert } from '@kit.DeviceCertificateKit'; 20import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 21``` 22 23## CertResult 24 25 Enumerates the error codes. 26 27 **System capability**: SystemCapability.Security.Cert 28 29| Name | Value | Description | 30| --------------------------------------| -------- | -----------------------------| 31| INVALID_PARAMS | 401 | Invalid parameters.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 32| NOT_SUPPORT | 801 | This operation is not supported.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 33| ERR_OUT_OF_MEMORY | 19020001 | Memory error.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 34| ERR_RUNTIME_ERROR | 19020002 | Runtime error.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 35| ERR_PARAMETER_CHECK_FAILED<sup>20+</sup> | 19020003 | Parameter check failed.<br> **Atomic service API**: This API can be used in atomic services since API version 20. | 36| ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 37| ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 38| ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 39| ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 40| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 41| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 42| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 43| ERR_MAYBE_WRONG_PASSWORD<sup>18+</sup> | 19030008 | The password for the private key is incorrect.<br> **Atomic service API**: This API can be used in atomic services since API version 18. | 44 45## DataBlob 46Defines a binary data array. 47 48 **Atomic service API**: This API can be used in atomic services since API version 12. 49 50 **System capability**: SystemCapability.Security.Cert 51| Name | Type | Read-Only| Optional| Description | 52| -------------- | -------------- | ---- | ---- | ----------------| 53| data | Uint8Array | No | No | Data. | 54 55## DataArray 56 57Defines a list of data arrays. 58 59 **Atomic service API**: This API can be used in atomic services since API version 12. 60 61 **System capability**: SystemCapability.Security.Cert 62| Name | Type | Read-Only| Optional| Description | 63| -------------- | -------------- | ---- | ---- | ----------------| 64| data | Array\<Uint8Array> | No | No | Data list. | 65 66## EncodingFormat 67 68 Enumerates the certificate encoding formats. 69 70**Atomic service API**: This API can be used in atomic services since API version 12. 71 72 **System capability**: SystemCapability.Security.Cert 73 74| Name | Value| Description | 75| ---------- | ------ | --------- | 76| FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| 77| FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| 78| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS #7 format.| 79 80## EncodingBaseFormat<sup>18+</sup> 81 82 Enumerates the CSR encoding formats. 83 84**Atomic service API**: This API can be used in atomic services since API version 18. 85 86 **System capability**: SystemCapability.Security.Cert 87 88| Name | Value| Description | 89| ---------- | ------ | --------- | 90| PEM | 0 | Privacy-Enhanced Mail (PEM) format.| 91| DER | 1 | Distinguished Encoding Rules (DER) format.| 92 93## CsrAttribute<sup>18+</sup> 94 Defines the extension attributes for the CSR encoding format configuration. 95 96OpenSSL defines extension types, such as challengePassword and keyUsage. 97 98**Atomic service API**: This API can be used in atomic services since API version 18. 99 100 **System capability**: SystemCapability.Security.Cert 101 102| Name | Type | Read-Only| Optional| Description | 103| ------- | ------ | ---- | ---- | ------------------------------------------------------------ | 104| type | string | No | No | Extension type defined by OpenSSL.| 105| value | string | No | No | Extended value.| 106 107## CsrGenerationConfig<sup>18+</sup> 108Represents the configuration for generating a CSR using an RSA private key, including the subject, extension, message digest algorithm, and output format. 109 110**Atomic service API**: This API can be used in atomic services since API version 18. 111 112**System capability**: SystemCapability.Security.Cert 113 114| Name | Type | Read-Only| Optional| Description | 115| ------- | ------ | ---- | ---- | ------------------------------------------------------------ | 116| subject | [X500DistinguishedName](#x500distinguishedname12) | No | No | Provides APIs for managing the **X500DistinguishedName** instance.| 117| mdName | string | No | No | MD algorithm to use.| 118| attributes | Array\<[CsrAttribute](#csrattribute18)> | No | Yes | Extension.| 119| outFormat | [EncodingBaseFormat](#encodingbaseformat18) | No | Yes | Output format.| 120 121> **NOTE** 122> 123> - **subject** is an object of the Name type defined by X509. 124> 125> - **mdName** specifies the message digest algorithm. Currently, SHA-1, SHA-256, SHA-384, and SHA-512 are supported. 126> 127> - **attributes** is optional. You can specify the extension types and values defined in OpenSSL to generate a CSR, for example, **challengePassword** and **keyUsage**. 128> 129> - **outFormat** specifies the format of the CSR generated. If it is not specified, the PEM format is used by default. 130 131## CertItemType<sup>10+</sup> 132 133 Enumerates the certificate fields that can be obtained. 134 135**Atomic service API**: This API can be used in atomic services since API version 12. 136 137 **System capability**: SystemCapability.Security.Cert 138 139| Name | Value | Description | 140| -------------------------------- | ---- | ------------------------------ | 141| CERT_ITEM_TYPE_TBS | 0 | Information to be signed. | 142| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | Public key of the certificate. | 143| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | Unique ID of the certificate issuer.| 144| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | Unique ID of the certificate subject. | 145| CERT_ITEM_TYPE_EXTENSIONS | 4 | Certificate extensions, each of which is identified by a unique object identifier (OID). | 146 147## ExtensionOidType<sup>10+</sup> 148 149 Enumerates the OID types of the certificate extensions that can be obtained. 150 151 **Atomic service API**: This API can be used in atomic services since API version 12. 152 153 **System capability**: SystemCapability.Security.Cert 154 155| Name | Value | Description | 156| ----------------------------- | ---- | --------------------------------------------- | 157| EXTENSION_OID_TYPE_ALL | 0 | All object identifiers. | 158| EXTENSION_OID_TYPE_CRITICAL | 1 | Object identifier whose **critical** is **true**. | 159| EXTENSION_OID_TYPE_UNCRITICAL | 2 | Object identifier whose **critical** is **false**.| 160 161## ExtensionEntryType<sup>10+</sup> 162 163 Enumerates the object types in certificate extensions that can be obtained. 164 165 **Atomic service API**: This API can be used in atomic services since API version 12. 166 167 **System capability**: SystemCapability.Security.Cert 168 169| Name | Value | Description | 170| ----------------------------------- | ---- | ---------------------------- | 171| EXTENSION_ENTRY_TYPE_ENTRY | 0 | Entire object. | 172| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | Critical attribute of the object.| 173| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | Data of the object. | 174 175## EncodingType<sup>12+</sup> 176 177 Enumerates the obtained encoding formats. 178 179**Atomic service API**: This API can be used in atomic services since API version 12. 180 181 **System capability**: SystemCapability.Security.Cert 182 183| Name | Value| Description | 184| ---------- | ------ | --------- | 185| ENCODING_UTF8 | 0 | UTF-8.| 186 187## EncodingBlob 188 189Defines a certificate binary array in encoding format. 190 191### Properties 192 193**Atomic service API**: This API can be used in atomic services since API version 12. 194 195**System capability**: SystemCapability.Security.Cert 196 197| Name | Type | Read-Only| Optional| Description | 198| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 199| data | Uint8Array | No | No | Certificate data.| 200| encodingFormat | [EncodingFormat](#encodingformat) | No | No | Certificate encoding format. | 201 202 203## CertChainData 204 205Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. 206 207### Properties 208 209**Atomic service API**: This API can be used in atomic services since API version 12. 210 211**System capability**: SystemCapability.Security.Cert 212 213| Name | Type | Read-Only| Optional| Description | 214| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 215| data | Uint8Array | No | No | Certificate data, which is a combination of the certificate length (2 bytes) and data. For example, **08ABCDEFGH07ABCDEFG** indicates that the first certificate is an 8-byte certificate, followed by 8-byte certificate data. The second certificate is a 7-byte certificate, followed by 7-byte certificate data.| 216| count | number | No | No | Number of certificates contained in the input data. | 217| encodingFormat | [EncodingFormat](#encodingformat) | No | No | Certificate encoding format. | 218 219## GeneralNameType<sup>12+</sup> 220 221Enumerates the types of the common name (CN), which uniquely identifies the subject of the certificate. 222 223**Atomic service API**: This API can be used in atomic services since API version 12. 224 225**System capability**: SystemCapability.Security.Cert 226 227| Name | Value | Description | 228| -------------- | --------------------------------- | ------------------ | 229| GENERAL_NAME_TYPE_OTHER_NAME | 0 | Indicates others. | 230| GENERAL_NAME_TYPE_RFC822_NAME | 1 | Indicates an email address. | 231| GENERAL_NAME_TYPE_DNS_NAME | 2 | Indicates a DNS name. | 232| GENERAL_NAME_TYPE_X400_ADDRESS | 3 | Indicates an X.400 address. | 233| GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | Indicates a directory name. | 234| GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | Indicates an Electronic Data Interchange (EDI) entity. | 235| GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | Indicates a uniform resource identifier. | 236| GENERAL_NAME_TYPE_IP_ADDRESS | 7 | Indicates an IP address. | 237| GENERAL_NAME_TYPE_REGISTERED_ID | 8 | Indicates a registered object identifier. | 238 239## GeneralName<sup>12+</sup> 240 241Represents the CN information of a certificate. 242 243**Atomic service API**: This API can be used in atomic services since API version 12. 244 245**System capability**: SystemCapability.Security.Cert 246 247| Name | Type | Read-Only| Optional|Description | 248| -------------- | --------------------------------- | ---- | ---- |------------------ | 249| type | [GeneralNameType](#generalname12) | No| No| Type of the certificate subject. | 250| name | Uint8Array | No | Yes|DER format of the certificate subject. | 251 252## X509CertMatchParameters<sup>11+</sup> 253 254Defines the parameters used to match a certificate. If no parameter is specified, all certificates are matched. 255 256**Atomic service API**: This API can be used in atomic services since API version 12. 257 258**System capability**: SystemCapability.Security.Cert 259 260| Name | Type | Read-Only| Optional| Description | 261| -------------- | --------------------------------- | ---- | ---- |------------------ | 262| x509Cert | [X509Cert](#x509cert) | No| Yes| Certificate object. | 263| validDate | string | No | Yes|Certificate validity period. | 264| issuer | Uint8Array | No | Yes|Certificate issuer, in DER format.| 265| keyUsage | Array\<boolean> | No | Yes|Whether to match the key usage. **true**: yes; **false**: no.| 266| serialNumber | bigint | No | Yes|Serial number of the certificate. | 267| subject | Uint8Array | No | Yes|Certificate subject, in DER format.| 268| publicKey | [DataBlob](#datablob) | No | Yes|Public key of the certificate, in DER format.| 269| publicKeyAlgID | string | No | Yes|Algorithm of the certificate public key.| 270| subjectAlternativeNames<sup>12+</sup> | Array\<[GeneralName](#generalname12)> | No | Yes|Subject Alternative Names (SANs) of the certificate.| 271| matchAllSubjectAltNames<sup>12+</sup> | boolean | No | Yes|Whether to match all SANs of the certificate. **true**: yes; **false**: no.| 272| authorityKeyIdentifier<sup>12+</sup> | Uint8Array | No | Yes|Key of the certificate authority (CA).| 273| minPathLenConstraint<sup>12+</sup> | number | No | Yes|Minimum length of the certification path (chain of trust) that can be built from the certificate to a trusted root CA.| 274| extendedKeyUsage<sup>12+</sup> | Array\<string> | No | Yes|Usage of the certificate.| 275| nameConstraints<sup>12+</sup> | Uint8Array | No | Yes|Constraints on the subject names that can be included in certificates.| 276| certPolicy<sup>12+</sup> | Array\<string> | No | Yes|Certificate policy.| 277| privateKeyValid<sup>12+</sup> | string | No | Yes|Validity period of the certificate private key.| 278| subjectKeyIdentifier<sup>12+</sup> | Uint8Array | No | Yes|Identifier of the public key of the certificate's subject.| 279 280## X509CRLMatchParameters<sup>11+</sup> 281 282Represents the parameters used to match a certificate revocation list (CRL). If no parameter is specified, all CRLs are matched. 283 284**Atomic service API**: This API can be used in atomic services since API version 12. 285 286**System capability**: SystemCapability.Security.Cert 287 288| Name | Type | Read-Only| Optional|Description | 289| -------------- | --------------------------------- | ---- | ---- | ------------------ | 290| issuer | Array\<Uint8Array> | No | Yes |Issuers of the certificates. At least one issuer must be matched.| 291| x509Cert | [X509Cert](#x509cert) | No | Yes |Certificate object used to determine whether the certificate is in the CRL.| 292| updateDateTime<sup>12+</sup> | string | No | Yes |Certificate update time.| 293| maxCRL<sup>12+</sup> | bigint | No | Yes |Maximum number of CRLs.| 294| minCRL<sup>12+</sup> | bigint | No | Yes |Minimum number of CRLs.| 295 296## CertChainBuildParameters<sup>12+</sup> 297 298Represents the parameters for building a certificate chain. 299 300**Atomic service API**: This API can be used in atomic services since API version 12. 301 302**System capability**: SystemCapability.Security.Cert 303 304| Name | Type | Read-Only| Optional|Description | 305| -------------- | --------------------------------- | ---- | ---- | ------------------ | 306| certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | No | No |Filter criteria.| 307| maxLength | number | No | Yes |Maximum length of the CA certificate in the certificate chain.| 308| validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | No| No|Parameters for certificate chain validation.| 309 310## CertChainBuildResult<sup>12+</sup> 311 312Represents the certificate chain build result. 313 314**Atomic service API**: This API can be used in atomic services since API version 12. 315 316**System capability**: SystemCapability.Security.Cert 317 318| Name | Type | Read-Only| Optional|Description | 319| -------------- | --------------------------------- | ---- | ---- |------------------ | 320| certChain | [X509CertChain](#x509certchain11) | Yes | No |Certificate chain object created.| 321| validationResult | [CertChainValidationResult](#certchainvalidationresult11) | Yes | No |Result of the certificate chain validation.| 322 323## X509TrustAnchor<sup>11+</sup> 324 325Represents an X.509 trust anchor, which is used to verify the certificate chain. The certificate or public key in the trust anchor is used as the trusted root to verify the certificate chain. 326 327**Atomic service API**: This API can be used in atomic services since API version 12. 328 329**System capability**: SystemCapability.Security.Cert 330 331| Name | Type | Read-Only| Optional| Description | 332| --------- | --------------------- | ---- | ---- | --------------------------- | 333| CACert | [X509Cert](#x509cert) | No | Yes | Trusted CA certificate. | 334| CAPubKey | Uint8Array | No | Yes | Public key of the trusted CA certificate, in DER format.| 335| CASubject | Uint8Array | No | Yes | Subject of the trusted CA certificate, in DER format.| 336| nameConstraints<sup>12+</sup> | Uint8Array | No | Yes | Name constraints, in DER format.| 337 338## RevocationCheckOptions<sup>12+</sup> 339 340 Enumerates the options for checking the certificate revocation status. 341 342 **Atomic service API**: This API can be used in atomic services since API version 12. 343 344 **System capability**: SystemCapability.Security.Cert 345 346| Name | Value | Description | 347| --------------------------------------| -------- | -----------------------------| 348| REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | Use OCSP over CRL (default).| 349| REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | Obtain the CRL/OCSP response over the network. By default, it is disabled. You must declare the ohos.permission.INTERNET permission.| 350| REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the alternative solution to be used to obtain the certificate revocation status if the preferred solution cannot be used due to network problems.| 351| REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the locally configured CRL/OCSP response to be used to check the certificate revocation status if the online CRL/OCSP response cannot be used due to network problems.| 352 353## ValidationPolicyType<sup>12+</sup> 354 355 Enumerates the types of the online certificate chain validation policy. 356 357 **Atomic service API**: This API can be used in atomic services since API version 12. 358 359 **System capability**: SystemCapability.Security.Cert 360 361| Name | Value | Description | 362| --------------------------------------| -------- | -----------------------------| 363| VALIDATION_POLICY_TYPE_X509 | 0 | Do not verify **sslHostname** or **dNSName** in the certificate. It is the default value.| 364| VALIDATION_POLICY_TYPE_SSL | 1 | Verify **sslHostname** or **dNSName** in the certificate.| 365 366## KeyUsageType<sup>12+</sup> 367 368 Enumerates the purposes, for which the key in the certificate is used. 369 370 **Atomic service API**: This API can be used in atomic services since API version 12. 371 372 **System capability**: SystemCapability.Security.Cert 373 374| Name | Value | Description | 375| --------------------------------------| -------- | -----------------------------| 376| KEYUSAGE_DIGITAL_SIGNATURE | 0 | The certificate holder can use the private key contained in the certificate to generate a digital signature.| 377| KEYUSAGE_NON_REPUDIATION | 1 | The certificate holder can use the key to verify a digital signature as part of a nonrepudiation service.| 378| KEYUSAGE_KEY_ENCIPHERMENT | 2 | The certificate holder can use the public key contained in the certificate for key encryption.| 379| KEYUSAGE_DATA_ENCIPHERMENT | 3 | The certificate holder can use the public key contained in the certificate for data encryption.| 380| KEYUSAGE_KEY_AGREEMENT | 4 | The certificate holder can use the private key contained in the certificate to perform key agreement operations.| 381| KEYUSAGE_KEY_CERT_SIGN | 5 | The certificate holder can use the private key contained in the certificate to sign other certificates.| 382| KEYUSAGE_CRL_SIGN | 6 | The certificate holder can use the private key contained in the certificate to sign CRLs.| 383| KEYUSAGE_ENCIPHER_ONLY | 7 | The certificate holder can use the key to perform encryption operations only.| 384| KEYUSAGE_DECIPHER_ONLY | 8 | The certificate holder can use the key to perform decryption operations only.| 385 386## RevocationCheckParameter<sup>12+</sup> 387 388Represents the parameters for checking the certificate revocation status for a certificate chain. 389 390**Atomic service API**: This API can be used in atomic services since API version 12. 391 392**System capability**: SystemCapability.Security.Cert 393 394| Name | Type | Read-Only| Optional|Description | 395| ------------ | ------------------------------------------------- | ---- | ---- |-------------------------------------- | 396| ocspRequestExtension | Array\<Uint8Array> | No | Yes |OCSP request extensions.| 397| ocspResponderURI | string | No | Yes |URL of the alternative server used to send OCSP requests. HTTP and HTTPS are supported. The specific configuration is determined via the negotiation with the server.| 398| ocspResponderCert | [X509Cert](#x509cert) | No | Yes |Signing certificate used for verifying the signature of the OCSP response.| 399| ocspResponses | Uint8Array | No | Yes |Alternative OCSP responses.| 400| crlDownloadURI | string | No | Yes |Address used to download the CRLs.| 401| options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | No | Yes |A set of rules for obtaining the certificate revocation status.| 402| ocspDigest | string | No | Yes |Hash algorithm used to create a certificate ID during OCSP communication. The options **MD5**, **SHA1**, **SHA224**, **SHA256**, **SHA384**, and **SHA512** are supported. The default value is **SHA256**.| 403 404## CertChainValidationParameters<sup>11+</sup> 405 406Represents the parameters for certificate chain validation. 407 408**System capability**: SystemCapability.Security.Cert 409 410| Name | Type | Read-Only| Optional|Description | 411| ------------ | ------------------------------------------------- | ---- | ---- |-------------------------------------- | 412| date | string | No | Yes |Validity period of the certificate to validate.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 413| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | No | No |List of trusted anchors.<br> **Atomic service API**: This API can be used in atomic services since API version 12. | 414| trustSystemCa<sup>20+</sup>| boolean | No | Yes |Whether to use the prebuilt CA certificate to verify the certificate chain.<br> **Atomic service API**: This API can be used in atomic services since API version 20.| 415| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | No | Yes |Check whether the certificate is in a CRL.<br> **Atomic service API**: This API can be used in atomic services since API version 12.| 416| revocationCheckParam<sup>12+</sup> | [RevocationCheckParameter](#revocationcheckparameter12) | No | Yes |Parameters for checking the certificate revocation status online.<br> **Atomic service API**: This API can be used in atomic services since API version 12.| 417| policy<sup>12+</sup> | [ValidationPolicyType](#validationpolicytype12) | No | Yes |Type of the policy for certificate validation.<br> **Atomic service API**: This API can be used in atomic services since API version 12.| 418| sslHostname<sup>12+</sup> | string | No | Yes |Host name in the certificate to be verified. This parameter must be used with **policy** together.<br> **Atomic service API**: This API can be used in atomic services since API version 12.| 419| keyUsage<sup>12+</sup> | Array\<[KeyUsageType](#keyusagetype12)> | No | Yes |Usage of the key in the certificate to be validated.<br> **Atomic service API**: This API can be used in atomic services since API version 12.| 420 421 422## CertChainValidationResult<sup>11+</sup> 423 424Represents the return value of certificate chain validation. 425 426**Atomic service API**: This API can be used in atomic services since API version 12. 427 428**System capability**: SystemCapability.Security.Cert 429 430| Name | Type | Read-Only| Optional| Description | 431| ----------- | ------------------------------------- | ---- | ---- | -------------- | 432| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | Yes | No | Trust anchor. | 433| entityCert | [X509Cert](#x509cert) | Yes | No | Entity certificate.| 434 435## EncodingBaseFormat<sup>18+</sup> 436 437Enumerates the basic encoding formats. 438 439**Atomic service API**: This API can be used in atomic services since API version 18. 440 441**System capability**: SystemCapability.Security.Cert 442 443| Name| Value| Description | 444| ---- | --- | ------------------ | 445| PEM | 0 | PEM. | 446| DER | 1 | DER. | 447 448## Pkcs12Data<sup>18+</sup> 449 450Represents data of the parsed PKCS #12 (.p12) file. 451 452**Atomic service API**: This API can be used in atomic services since API version 18. 453 454**System capability**: SystemCapability.Security.Cert 455 456| Name | Type | Read-Only| Optional|Description | 457| ------------ | ------------------------------------------------- | ---- | ---- |-------------------------------------- | 458| privateKey | string \| Uint8Array | No | Yes |Private key obtained after the .p12 file is parsed. | 459| cert | [X509Cert](#x509cert) | No | Yes |X.509 certificate obtained after the .p12 file is parsed. | 460| otherCerts | Array\<[X509Cert](#x509cert)> | No | Yes |Other certificates obtained after the .p12 file is parsed.| 461 462## Pkcs12ParsingConfig<sup>18+</sup> 463 464Represents the configuration for parsing .p12 files. 465 466**Atomic service API**: This API can be used in atomic services since API version 18. 467 468**System capability**: SystemCapability.Security.Cert 469 470| Name | Type | Read-Only | Optional| Description | 471| ------------ | ------------------------------------------------- | ---- | ---- |-------------------------------------- | 472| password | string | No | No |Password of the .p12 file. | 473| needsPrivateKey | boolean | No | Yes |Whether to obtain the private key. The default value is **true**. **true**: yes; **false**: no. | 474| privateKeyFormat | [EncodingBaseFormat](#encodingbaseformat18) | No | Yes |Format of the private key obtained. The default value is **PEM**.| 475| needsCert | boolean | No | Yes |Whether to obtain the certificate. The default value is **true**. **true**: yes; **false**: no.| 476| needsOtherCerts | boolean | No | Yes |Whether to obtain other certificates. The default value is **false**. **true**: yes; **false**: no.| 477 478## CmsContentType<sup>18+</sup> 479 480Enumerates the Cryptographic Message Syntax (CMS) message types. 481 482**Atomic service API**: This API can be used in atomic services since API version 18. 483 484**System capability**: SystemCapability.Security.Cert 485 486| Name | Value | Description | 487| --------------------------------------| -------- | -----------------------------| 488| SIGNED_DATA | 0 | Signature data.| 489 490## CmsContentDataFormat<sup>18+</sup> 491 492Enumerates the CMS message formats. 493 494**Atomic service API**: This API can be used in atomic services since API version 18. 495 496**System capability**: SystemCapability.Security.Cert 497 498| Name | Value| Description | 499| ------ | --- | ------------------------ | 500| BINARY | 0 | Binary. | 501| TEXT | 1 | Text. | 502 503## CmsFormat<sup>18+</sup> 504 505Enumerates the CMS signature formats. 506 507**Atomic service API**: This API can be used in atomic services since API version 18. 508 509**System capability**: SystemCapability.Security.Cert 510 511| Name| Value| Description | 512| ---- | --- | ------------------ | 513| PEM | 0 | PEM. | 514| DER | 1 | DER. | 515 516## PrivateKeyInfo<sup>18+</sup> 517 518Represents the private key information. 519 520**Atomic service API**: This API can be used in atomic services since API version 18. 521 522**System capability**: SystemCapability.Security.Cert 523 524| Name | Type | Read-Only| Optional|Description | 525| ------------ | ------------------------------------------------- | ---- | ---- | -------------------------------------- | 526| key | string \| Uint8Array | No | No |Encrypted or unencrypted private key in PEM or DER format.| 527| password | string | No | Yes |Password of the private key, if the private key is encrypted. | 528 529## CmsSignerConfig<sup>18+</sup> 530 531Represents the configuration of the CMS signer. 532 533**Atomic service API**: This API can be used in atomic services since API version 18. 534 535**System capability**: SystemCapability.Security.Cert 536 537| Name | Type | Read-Only | Optional |Description | 538| ------------ | ------------------------------------------------- | ---- | ---- |-------------------------------------- | 539| mdName | string | No | No |Message digest algorithm, for example, **SHA384**. Currently, **SHA1**, **SHA256**, **SHA384**, and **SHA512** are supported. | 540| addCert | boolean | No | Yes |Whether to add a certificate. The default value is **true**. **true**: yes; **false**: no. | 541| addAttr | boolean | No | Yes|Whether to add the signature attribute. The default value is **true**. **true**: yes; **false**: no. | 542| addSmimeCapAttr | boolean | No | Yes |Whether to add the SMIME capability to the CMS object. The default value is **true**. **true**: yes; **false**: no. | 543 544## CmsGeneratorOptions<sup>18+</sup> 545 546Represents the configuration for generating the CMS signing result. 547 548**Atomic service API**: This API can be used in atomic services since API version 18. 549 550**System capability**: SystemCapability.Security.Cert 551 552| Name | Type | Read-Only| Optional|Description | 553| --------------------- | ----------------------------- | ---- | ---- |------------------------------------------------------ | 554| contentDataFormat | [CmsContentDataFormat](#cmscontentdataformat18) | No | Yes |Format of the content. The default value is **CmsContentDataFormat.BINARY**. | 555| outFormat | [CmsFormat](#cmsformat18) | No |Yes | Format of the CMS data generated. The default value is **DER**. | 556| isDetached | boolean | No |Yes | Whether the final CMS data does not contain the raw data. The default value is **false**. **true**: raw data is contained; **false**: raw data is not contained. | 557 558## cert.createX509Cert 559 560createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 561 562Creates an X.509 certificate instance. This API uses an asynchronous callback to return the result. 563 564**Atomic service API**: This API can be used in atomic services since API version 12. 565 566**System capability**: SystemCapability.Security.Cert 567 568**Parameters** 569 570| Name | Type | Mandatory| Description | 571| -------- | ------------------------------------- | ---- | -------------------------- | 572| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 573| callback | AsyncCallback\<[X509Cert](#x509cert)> | Yes | Callback invoked to return the **X509Cert** instance created.| 574 575**Error codes** 576 577For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 578 579| ID| Error Message | 580| -------- | ------------- | 581| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 582| 801 | this operation is not supported. | 583| 19020001 | memory malloc failed. | 584| 19030001 | crypto operation error. | 585 586**Example** 587 588```ts 589import { cert } from '@kit.DeviceCertificateKit'; 590 591// Convert the string into a Uint8Array. 592function stringToUint8Array(str: string): Uint8Array { 593 let arr: Array<number> = []; 594 for (let i = 0, j = str.length; i < j; i++) { 595 arr.push(str.charCodeAt(i)); 596 } 597 return new Uint8Array(arr); 598} 599 600// Certificate binary data, which needs to match your case. 601let certData = '-----BEGIN CERTIFICATE-----\n' + 602 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 603 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 604 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 605 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 606 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 607 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 608 'Qw==\n' + 609 '-----END CERTIFICATE-----\n'; 610 611let encodingBlob: cert.EncodingBlob = { 612 data: stringToUint8Array(certData), 613 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 614 encodingFormat: cert.EncodingFormat.FORMAT_PEM 615}; 616 617cert.createX509Cert(encodingBlob, (error, x509Cert) => { 618 if (error) { 619 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 620 } else { 621 console.log('createX509Cert success'); 622 } 623}); 624``` 625 626## cert.createX509Cert 627 628createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 629 630Creates an X.509 certificate instance. This API uses a promise to return the result. 631 632**Atomic service API**: This API can be used in atomic services since API version 12. 633 634**System capability**: SystemCapability.Security.Cert 635 636**Parameters** 637 638| Name | Type | Mandatory| Description | 639| -------- | ----------------------------- | ---- | ------------------ | 640| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 641 642**Return value** 643 644| Type | Description | 645| ------- | ---------------- | 646| Promise\<[X509Cert](#x509cert)> | return the **X509Cert** instance created.| 647 648**Error codes** 649 650For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 651 652| ID| Error Message | 653| -------- | ------------- | 654| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 655| 801 | this operation is not supported. | 656| 19020001 | memory malloc failed. | 657| 19030001 | crypto operation error. | 658 659**Example** 660 661```ts 662import { cert } from '@kit.DeviceCertificateKit'; 663import { BusinessError } from '@kit.BasicServicesKit'; 664 665// Convert the string into a Uint8Array. 666function stringToUint8Array(str: string): Uint8Array { 667 let arr: Array<number> = []; 668 for (let i = 0, j = str.length; i < j; i++) { 669 arr.push(str.charCodeAt(i)); 670 } 671 return new Uint8Array(arr); 672} 673 674// Certificate binary data, which needs to match your case. 675let certData = '-----BEGIN CERTIFICATE-----\n' + 676 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 677 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 678 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 679 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 680 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 681 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 682 'Qw==\n' + 683 '-----END CERTIFICATE-----\n'; 684 685let encodingBlob: cert.EncodingBlob = { 686 data: stringToUint8Array(certData), 687 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 688 encodingFormat: cert.EncodingFormat.FORMAT_PEM 689}; 690 691cert.createX509Cert(encodingBlob).then(x509Cert => { 692 console.log('createX509Cert success'); 693}).catch((error: BusinessError) => { 694 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 695}); 696``` 697 698## X509Cert 699 700Provides APIs for X.509 certificate operations. 701 702### verify 703 704verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 705 706Verifies the signature of an X.509 certificate. This API uses an asynchronous callback to return the result. 707 708**Atomic service API**: This API can be used in atomic services since API version 12. 709 710**System capability**: SystemCapability.Security.Cert 711 712**Parameters** 713 714| Name | Type | Mandatory| Description | 715| -------- | --------------------- | ---- | ------------------------------------------------------------ | 716| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 717| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 718 719**Error codes** 720 721For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 722 723| ID| Error Message | 724| -------- | ------------------ | 725| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 726| 19030001 | crypto operation error. | 727 728**Example** 729 730```ts 731import { cert } from '@kit.DeviceCertificateKit'; 732import { BusinessError } from '@kit.BasicServicesKit'; 733 734// Convert the string into a Uint8Array. 735function stringToUint8Array(str: string): Uint8Array { 736 let arr: Array<number> = []; 737 for (let i = 0, j = str.length; i < j; i++) { 738 arr.push(str.charCodeAt(i)); 739 } 740 return new Uint8Array(arr); 741} 742 743// Certificate binary data, which needs to match your case. 744let certData = '-----BEGIN CERTIFICATE-----\n' + 745 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 746 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 747 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 748 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 749 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 750 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 751 'Qw==\n' + 752 '-----END CERTIFICATE-----\n'; 753 754let encodingBlob: cert.EncodingBlob = { 755 data: stringToUint8Array(certData), 756 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 757 encodingFormat: cert.EncodingFormat.FORMAT_PEM 758}; 759 760cert.createX509Cert(encodingBlob, (error, x509Cert) => { 761 if (error) { 762 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 763 } else { 764 console.log('createX509Cert success'); 765 766 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 767 try { 768 let pubKey = x509Cert.getPublicKey(); 769 770 // Verify the certificate signature. 771 x509Cert.verify(pubKey, (err, data) => { 772 if (err) { 773 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 774 } else { 775 console.log('verify success'); 776 } 777 }); 778 } catch (error) { 779 let e: BusinessError = error as BusinessError; 780 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 781 } 782 } 783}); 784``` 785 786### verify 787 788verify(key : cryptoFramework.PubKey) : Promise\<void> 789 790Verifies the signature of an X.509 certificate. This API uses a promise to return the result. 791 792**Atomic service API**: This API can be used in atomic services since API version 12. 793 794**System capability**: SystemCapability.Security.Cert 795 796**Parameters** 797 798| Name| Type | Mandatory| Description | 799| ------ | ------ | ---- | ------------------ | 800| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 801 802**Return value** 803 804| Type | Description | 805| -------------- | ----------- | 806| Promise\<void> | Promise used to return| 807 808**Error codes** 809 810For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 811 812| ID| Error Message | 813| -------- | ------------------ | 814| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 815| 19030001 | crypto operation error. | 816 817**Example** 818 819```ts 820import { cert } from '@kit.DeviceCertificateKit'; 821import { BusinessError } from '@kit.BasicServicesKit'; 822 823// Convert the string into a Uint8Array. 824function stringToUint8Array(str: string): Uint8Array { 825 let arr: Array<number> = []; 826 for (let i = 0, j = str.length; i < j; i++) { 827 arr.push(str.charCodeAt(i)); 828 } 829 return new Uint8Array(arr); 830} 831 832// Certificate binary data, which needs to match your case. 833let certData = '-----BEGIN CERTIFICATE-----\n' + 834 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 835 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 836 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 837 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 838 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 839 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 840 'Qw==\n' + 841 '-----END CERTIFICATE-----\n'; 842 843let encodingBlob: cert.EncodingBlob = { 844 data: stringToUint8Array(certData), 845 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 846 encodingFormat: cert.EncodingFormat.FORMAT_PEM 847}; 848 849cert.createX509Cert(encodingBlob).then(x509Cert => { 850 console.log('createX509Cert success'); 851 852 try { 853 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 854 let pubKey = x509Cert.getPublicKey(); 855 x509Cert.verify(pubKey).then(result => { 856 console.log('verify success'); 857 }).catch((error: BusinessError) => { 858 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 859 }); 860 } catch (err) { 861 console.error('get public key failed'); 862 } 863}).catch((error: BusinessError) => { 864 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 865}); 866``` 867 868### getEncoded 869 870getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 871 872Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. 873 874**Atomic service API**: This API can be used in atomic services since API version 12. 875 876**System capability**: SystemCapability.Security.Cert 877 878**Parameters** 879 880| Name | Type | Mandatory| Description | 881| -------- | --------------------------------------------- | ---- | -------------------------------- | 882| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized X.509 certificate data obtained.| 883 884**Error codes** 885 886For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 887 888| ID| Error Message | 889| -------- | ------------------------------------------------- | 890| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 891| 19020001 | memory malloc failed. | 892| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 893| 19030001 | crypto operation error.| 894 895**Example** 896 897```ts 898import { cert } from '@kit.DeviceCertificateKit'; 899 900// Convert the string into a Uint8Array. 901function stringToUint8Array(str: string): Uint8Array { 902 let arr: Array<number> = []; 903 for (let i = 0, j = str.length; i < j; i++) { 904 arr.push(str.charCodeAt(i)); 905 } 906 return new Uint8Array(arr); 907} 908 909// Certificate binary data, which needs to match your case. 910let certData = '-----BEGIN CERTIFICATE-----\n' + 911 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 912 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 913 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 914 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 915 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 916 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 917 'Qw==\n' + 918 '-----END CERTIFICATE-----\n'; 919 920let encodingBlob: cert.EncodingBlob = { 921 data: stringToUint8Array(certData), 922 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 923 encodingFormat: cert.EncodingFormat.FORMAT_PEM 924}; 925 926cert.createX509Cert(encodingBlob, (error, x509Cert) => { 927 if (error) { 928 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 929 } else { 930 console.log('createX509Cert success'); 931 x509Cert.getEncoded((error, data) => { 932 if (error) { 933 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 934 } else { 935 console.log('getEncoded success'); 936 } 937 }); 938 } 939}); 940``` 941 942### getEncoded 943 944getEncoded() : Promise\<EncodingBlob> 945 946Obtains the serialized X.509 certificate data. This API uses a promise to return the result. 947 948**Atomic service API**: This API can be used in atomic services since API version 12. 949 950**System capability**: SystemCapability.Security.Cert 951 952**Return value** 953 954| Type | Description | 955| --------------------------------------- | ---------------------- | 956| Promise\<[EncodingBlob](#encodingblob)> | Serialized X.509 certificate data obtained.| 957 958**Error codes** 959 960For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 961 962| ID| Error Message | 963| -------- | ------------------------------------------------- | 964| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 965| 19020001 | memory malloc failed. | 966| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 967| 19030001 | crypto operation error.| 968 969**Example** 970 971```ts 972import { cert } from '@kit.DeviceCertificateKit'; 973import { BusinessError } from '@kit.BasicServicesKit'; 974 975// Convert the string into a Uint8Array. 976function stringToUint8Array(str: string): Uint8Array { 977 let arr: Array<number> = []; 978 for (let i = 0, j = str.length; i < j; i++) { 979 arr.push(str.charCodeAt(i)); 980 } 981 return new Uint8Array(arr); 982} 983 984// Certificate binary data, which needs to match your case. 985let certData = '-----BEGIN CERTIFICATE-----\n' + 986 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 987 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 988 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 989 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 990 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 991 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 992 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 993 '-----END CERTIFICATE-----\n'; 994 995// Certificate binary data, which needs to match your case. 996let encodingBlob: cert.EncodingBlob = { 997 data: stringToUint8Array(certData), 998 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 999 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1000}; 1001cert.createX509Cert(encodingBlob).then(x509Cert => { 1002 console.log('createX509Cert success'); 1003 x509Cert.getEncoded().then(result => { 1004 console.log('getEncoded success'); 1005 }).catch((error: BusinessError) => { 1006 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1007 }); 1008}).catch((error: BusinessError) => { 1009 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1010}); 1011``` 1012 1013### getPublicKey 1014 1015getPublicKey() : cryptoFramework.PubKey 1016 1017Obtains the public key of this X.509 certificate. 1018 1019**Atomic service API**: This API can be used in atomic services since API version 12. 1020 1021**System capability**: SystemCapability.Security.Cert 1022 1023**Return value** 1024 1025| Type | Description | 1026| ------ | ---------------- | 1027| [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Public key of the X.509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| 1028 1029**Error codes** 1030 1031For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1032 1033| ID| Error Message | 1034| -------- | ------------------------------------------------- | 1035| 19020001 | memory malloc failed. | 1036| 19030001 | crypto operation error.| 1037 1038**Example** 1039 1040```ts 1041import { cert } from '@kit.DeviceCertificateKit'; 1042import { BusinessError } from '@kit.BasicServicesKit'; 1043 1044// Convert the string into a Uint8Array. 1045function stringToUint8Array(str: string): Uint8Array { 1046 let arr: Array<number> = []; 1047 for (let i = 0, j = str.length; i < j; i++) { 1048 arr.push(str.charCodeAt(i)); 1049 } 1050 return new Uint8Array(arr); 1051} 1052 1053// Certificate binary data, which needs to match your case. 1054let certData = '-----BEGIN CERTIFICATE-----\n' + 1055 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1056 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1057 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1058 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1059 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1060 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1061 'Qw==\n' + 1062 '-----END CERTIFICATE-----\n'; 1063 1064let encodingBlob: cert.EncodingBlob = { 1065 data: stringToUint8Array(certData), 1066 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1067 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1068}; 1069 1070cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1071 if (error) { 1072 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1073 } else { 1074 console.log('createX509Cert success'); 1075 try { 1076 let pubKey = x509Cert.getPublicKey(); 1077 } catch (error) { 1078 let e: BusinessError = error as BusinessError; 1079 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1080 } 1081 } 1082}); 1083``` 1084 1085### checkValidityWithDate 1086 1087checkValidityWithDate(date: string) : void 1088 1089Checks the validity period of this X.509 certificate. 1090 1091**Atomic service API**: This API can be used in atomic services since API version 12. 1092 1093**System capability**: SystemCapability.Security.Cert 1094 1095**Parameters** 1096 1097| Name | Type | Mandatory| Description | 1098| -------- | -------------- | ---- | ---------- | 1099| date | string | Yes | Date in the ASN.1 format.| 1100 1101**Error codes** 1102 1103For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1104 1105| ID| Error Message | 1106| -------- | ------------------------------------------------- | 1107| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 1108| 19020001 | memory malloc failed. | 1109| 19030001 | crypto operation error.| 1110| 19030003 | the certificate has not taken effect. | 1111| 19030004 | the certificate has expired.| 1112 1113**Example** 1114 1115```ts 1116import { cert } from '@kit.DeviceCertificateKit'; 1117import { BusinessError } from '@kit.BasicServicesKit'; 1118 1119// Convert the string into a Uint8Array. 1120function stringToUint8Array(str: string): Uint8Array { 1121 let arr: Array<number> = []; 1122 for (let i = 0, j = str.length; i < j; i++) { 1123 arr.push(str.charCodeAt(i)); 1124 } 1125 return new Uint8Array(arr); 1126} 1127 1128// Certificate binary data, which needs to match your case. 1129let certData = '-----BEGIN CERTIFICATE-----\n' + 1130 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1131 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1132 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1133 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1134 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1135 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1136 'Qw==\n' + 1137 '-----END CERTIFICATE-----\n'; 1138 1139let encodingBlob: cert.EncodingBlob = { 1140 data: stringToUint8Array(certData), 1141 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1142 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1143}; 1144 1145cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1146 if (error) { 1147 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1148 } else { 1149 console.log('createX509Cert success'); 1150 1151 let date = '231001000001Z'; 1152 // Verify the certificate validity period. 1153 try { 1154 x509Cert.checkValidityWithDate(date); 1155 } catch (error) { 1156 let e: BusinessError = error as BusinessError; 1157 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1158 } 1159 } 1160}); 1161``` 1162 1163### getVersion 1164 1165getVersion() : number 1166 1167Obtains the X.509 certificate version. 1168 1169**Atomic service API**: This API can be used in atomic services since API version 12. 1170 1171**System capability**: SystemCapability.Security.Cert 1172 1173**Return value** 1174 1175| Type | Description | 1176| ------ | ---------------- | 1177| number | X.509 certificate version obtained.| 1178 1179**Example** 1180 1181```ts 1182import { cert } from '@kit.DeviceCertificateKit'; 1183 1184// Convert the string into a Uint8Array. 1185function stringToUint8Array(str: string): Uint8Array { 1186 let arr: Array<number> = []; 1187 for (let i = 0, j = str.length; i < j; i++) { 1188 arr.push(str.charCodeAt(i)); 1189 } 1190 return new Uint8Array(arr); 1191} 1192 1193// Certificate binary data, which needs to match your case. 1194let certData = '-----BEGIN CERTIFICATE-----\n' + 1195 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1196 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1197 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1198 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1199 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1200 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1201 'Qw==\n' + 1202 '-----END CERTIFICATE-----\n'; 1203 1204let encodingBlob: cert.EncodingBlob = { 1205 data: stringToUint8Array(certData), 1206 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1207 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1208}; 1209cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1210 if (error) { 1211 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1212 } else { 1213 console.log('createX509Cert success'); 1214 let version = x509Cert.getVersion(); 1215 } 1216}); 1217``` 1218 1219### getSerialNumber<sup>(deprecated)</sup> 1220 1221getSerialNumber() : number 1222 1223Obtains the X.509 certificate serial number. 1224 1225> **NOTE** 1226> 1227> This API is supported since API version 9 and deprecated since API version 10. Use [getCertSerialNumber](#getcertserialnumber10) instead. 1228 1229**System capability**: SystemCapability.Security.Cert 1230 1231**Return value** 1232 1233| Type | Description | 1234| ------ | ------------------ | 1235| number | X.509 certificate serial number obtained.| 1236 1237**Example** 1238 1239```ts 1240import { cert } from '@kit.DeviceCertificateKit'; 1241 1242// Convert the string into a Uint8Array. 1243function stringToUint8Array(str: string): Uint8Array { 1244 let arr: Array<number> = []; 1245 for (let i = 0, j = str.length; i < j; i++) { 1246 arr.push(str.charCodeAt(i)); 1247 } 1248 return new Uint8Array(arr); 1249} 1250 1251// Certificate binary data, which needs to match your case. 1252let certData = '-----BEGIN CERTIFICATE-----\n' + 1253 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1254 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1255 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1256 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1257 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1258 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1259 'Qw==\n' + 1260 '-----END CERTIFICATE-----\n'; 1261 1262let encodingBlob: cert.EncodingBlob = { 1263 data: stringToUint8Array(certData), 1264 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1265 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1266}; 1267 1268cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1269 if (error) { 1270 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1271 } else { 1272 console.log('createX509Cert success'); 1273 let serialNumber = x509Cert.getSerialNumber(); 1274 } 1275}); 1276``` 1277 1278### getCertSerialNumber<sup>10+</sup> 1279 1280getCertSerialNumber() : bigint 1281 1282Obtains the X.509 certificate serial number. 1283 1284**Atomic service API**: This API can be used in atomic services since API version 12. 1285 1286**System capability**: SystemCapability.Security.Cert 1287 1288**Return value** 1289 1290| Type | Description | 1291| ------ | ------------------ | 1292| bigint | X.509 certificate serial number obtained.| 1293 1294**Error codes** 1295 1296For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1297 1298| ID| Error Message | 1299| -------- | ------------------------------------------------- | 1300| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1301 1302**Example** 1303 1304```ts 1305import { cert } from '@kit.DeviceCertificateKit'; 1306import { BusinessError } from '@kit.BasicServicesKit'; 1307 1308// Convert the string into a Uint8Array. 1309function stringToUint8Array(str: string): Uint8Array { 1310 let arr: Array<number> = []; 1311 for (let i = 0, j = str.length; i < j; i++) { 1312 arr.push(str.charCodeAt(i)); 1313 } 1314 return new Uint8Array(arr); 1315} 1316 1317// Certificate binary data, which needs to match your case. 1318let certData = '-----BEGIN CERTIFICATE-----\n' + 1319 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1320 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1321 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1322 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1323 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1324 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1325 'Qw==\n' + 1326 '-----END CERTIFICATE-----\n'; 1327 1328let encodingBlob: cert.EncodingBlob = { 1329 data: stringToUint8Array(certData), 1330 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1331 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1332}; 1333 1334cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1335 if (error) { 1336 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1337 } else { 1338 console.log('createX509Cert success'); 1339 try { 1340 let serialNumber = x509Cert.getCertSerialNumber(); 1341 } catch (err) { 1342 let e: BusinessError = err as BusinessError; 1343 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1344 } 1345 } 1346}); 1347``` 1348 1349### getIssuerName 1350 1351getIssuerName() : DataBlob 1352 1353Obtains the X.509 certificate issuer. 1354 1355> **NOTE** 1356> 1357> The obtained X.509 certificate issuer name contains a string terminator. 1358 1359**Atomic service API**: This API can be used in atomic services since API version 12. 1360 1361**System capability**: SystemCapability.Security.Cert 1362 1363**Return value** 1364 1365| Type | Description | 1366| --------------------- | ---------------------- | 1367| [DataBlob](#datablob) | X.509 certificate issuer obtained.| 1368 1369**Error codes** 1370 1371For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1372 1373| ID| Error Message | 1374| -------- | ------------------------------------------------- | 1375| 19020001 | memory malloc failed. | 1376| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1377| 19030001 | crypto operation error.| 1378 1379**Example** 1380 1381```ts 1382import { cert } from '@kit.DeviceCertificateKit'; 1383import { BusinessError } from '@kit.BasicServicesKit'; 1384 1385// Convert the string into a Uint8Array. 1386function stringToUint8Array(str: string): Uint8Array { 1387 let arr: Array<number> = []; 1388 for (let i = 0, j = str.length; i < j; i++) { 1389 arr.push(str.charCodeAt(i)); 1390 } 1391 return new Uint8Array(arr); 1392} 1393 1394// Certificate binary data, which needs to match your case. 1395let certData = '-----BEGIN CERTIFICATE-----\n' + 1396 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1397 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1398 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1399 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1400 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1401 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1402 'Qw==\n' + 1403 '-----END CERTIFICATE-----\n'; 1404 1405let encodingBlob: cert.EncodingBlob = { 1406 data: stringToUint8Array(certData), 1407 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1408 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1409}; 1410 1411cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1412 if (error) { 1413 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1414 } else { 1415 console.log('createX509Cert success'); 1416 try { 1417 let issuerName = x509Cert.getIssuerName(); 1418 } catch (err) { 1419 let e: BusinessError = err as BusinessError; 1420 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1421 } 1422 } 1423}); 1424``` 1425 1426### getIssuerName<sup>20+</sup> 1427 1428getIssuerName(encodingType: EncodingType): string 1429 1430Obtains the issuer name of an X.509 certificate based on the encoding type. 1431 1432**Atomic service API**: This API can be used in atomic services since API version 20. 1433 1434**System capability**: SystemCapability.Security.Cert 1435 1436**Parameters** 1437 1438| Name | Type | Mandatory| Description | 1439| -------- | ------------------------------------- | ---- | ------------------------------ | 1440| encodingType | [EncodingType](#encodingtype12) | Yes | Encoding type. | 1441 1442**Return value** 1443 1444| Type | Description | 1445| --------------------- | ---------------------- | 1446| string | Issuer name of an X.509 certificate, separated by commas (,).| 1447 1448**Error codes** 1449 1450For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1451 1452| ID| Error Message | 1453| -------- | ------------------------------------------------- | 1454| 19020001 | memory malloc failed. | 1455| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1456| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 1457| 19030001 | crypto operation error.| 1458 1459**Example** 1460 1461```ts 1462import { cert } from '@kit.DeviceCertificateKit'; 1463import { BusinessError } from '@kit.BasicServicesKit'; 1464 1465// Convert the string into a Uint8Array. 1466function stringToUint8Array(str: string): Uint8Array { 1467 let arr: Array<number> = []; 1468 for (let i = 0, j = str.length; i < j; i++) { 1469 arr.push(str.charCodeAt(i)); 1470 } 1471 return new Uint8Array(arr); 1472} 1473 1474// Certificate binary data, which needs to match your case. 1475let certData = '-----BEGIN CERTIFICATE-----\n' + 1476 'MIIDgTCCAmmgAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYT\n' + 1477 'AkNOMQ8wDQYDVQQIDAbpmZXopb8xDzANBgNVBAcMBuilv+WuiTEPMA0GA1UECgwG\n' + 1478 '5rWL6K+VMRUwEwYDVQQDDAzkuK3mlofmtYvor5UwHhcNMjUwMzA1MDk1MTIzWhcN\n' + 1479 'MzUwMzAzMDk1MTIzWjBXMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG6ZmV6KW/MQ8w\n' + 1480 'DQYDVQQHDAbopb/lrokxDzANBgNVBAoMBua1i+ivlTEVMBMGA1UEAwwM5Lit5paH\n' + 1481 '5rWL6K+VMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkonJ4UIuxRzX\n' + 1482 'gr8fLU1PjadDWJp/GrxkYGe30TXqQHDh7O14Rc0xxacj3aLMNffzj+rhxUzl3C9p\n' + 1483 'wLzIVO2e3iC3Fx2csRzOSIdbimR8879/3uaW8CPkgqlKQw8FDwrGk0S26sdDV8of\n' + 1484 '8AAHlrnUO2yyL53rAunn4ZKo4EyxHrvHmZKuv006onj0SByu8RNHx97v+4KaaY7p\n' + 1485 'HngTC55F0KVALiNGygJHeKP7GGxS7kpYV/CvBuABpA00WMqc7nmo2vCa4yC/mIk2\n' + 1486 '5CF7l860rQ50HLjrmlDYJHpc8p88NJ2BEyHQWiN4YkSKDAKNr+SssD3Tf2wHSYxA\n' + 1487 'UwdgsatGlwIDAQABo1MwUTAdBgNVHQ4EFgQUMFEfTXLVm7D6fsC7LYtTMhIgVQUw\n' + 1488 'HwYDVR0jBBgwFoAUMFEfTXLVm7D6fsC7LYtTMhIgVQUwDwYDVR0TAQH/BAUwAwEB\n' + 1489 '/zANBgkqhkiG9w0BAQsFAAOCAQEABCr9+iK30OSp67ksK1qhkKCzwKYDH2E5KEF4\n' + 1490 '1E1/o4haXIR14V+5DGcX/1OH3Znd863TecQdNnCFMGArWygq8j7O0uStbWMb3Rhu\n' + 1491 '+7RJ9GOCbBSeR3v2fC6+T3LI0Sm1G77xIYADmHGt33IW0DRKr44iOalwi6IbcqzD\n' + 1492 's9XlNO8e6ht2apeL656fjv1gCo/PA7e+A0QHn6zapggzEccEwKdFixCsw5ZMZaHm\n' + 1493 'adGz3lBCK+0QKYXYL1CtX/6wcDgQ9PuZSgdQgrudLKRN+843m3LJSUJ7AIyL1kQW\n' + 1494 'kY1ah7eSx4wwaKrLOM06ZkzORMnY5GAy8Aup+UCh6mWU3dPv3w==\n' + 1495 '-----END CERTIFICATE-----\n'; 1496 1497let encodingBlob: cert.EncodingBlob = { 1498 data: stringToUint8Array(certData), 1499 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1500 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1501}; 1502 1503cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1504 if (error) { 1505 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1506 } else { 1507 console.log('createX509Cert success'); 1508 try { 1509 let issuerName = x509Cert.getIssuerName(cert.EncodingType.ENCODING_UTF8); 1510 console.info('issuerName output is ' + issuerName); 1511 } catch (err) { 1512 let e: BusinessError = err as BusinessError; 1513 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1514 } 1515 } 1516}); 1517``` 1518 1519### getSubjectName 1520 1521getSubjectName(encodingType?: EncodingType) : DataBlob 1522 1523Obtains the subject of this X.509 certificate. 1524 1525> **NOTE** 1526> 1527> The obtained X.509 certificate subject name contains a string terminator. 1528 1529**Atomic service API**: This API can be used in atomic services since API version 12. 1530 1531**System capability**: SystemCapability.Security.Cert 1532 1533**Parameters** 1534 1535| Name | Type | Mandatory| Description | 1536| -------- | ------------------------------------- | ---- | ------------------------------ | 1537| encodingType | [EncodingType](#encodingtype12) | No | Encoding type. If this parameter is set, the subject name in UTF-8 format is to be obtained. If this parameter is not set, the subject name in ASCII encoding format is obtained by default.<br>This parameter is available since API version 12. | 1538 1539**Return value** 1540 1541| Type | Description | 1542| --------------------- | -------------------- | 1543| [DataBlob](#datablob) | Subject name of an X.509 certificate, separated by commas (,) after being converted into a string.| 1544 1545**Error codes** 1546 1547For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1548 1549| ID| Error Message | 1550| -------- | ------------------------------------------------- | 1551| 401 | invalid parameters. Possible causes: <br>1. Incorrect parameter types;<br>2. Parameter verification failed. | 1552| 19020001 | memory malloc failed. | 1553| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1554| 19030001 | crypto operation error.| 1555 1556**Example** 1557 1558```ts 1559import { cert } from '@kit.DeviceCertificateKit'; 1560import { BusinessError } from '@kit.BasicServicesKit'; 1561 1562// Convert the string into a Uint8Array. 1563function stringToUint8Array(str: string): Uint8Array { 1564 let arr: Array<number> = []; 1565 for (let i = 0, j = str.length; i < j; i++) { 1566 arr.push(str.charCodeAt(i)); 1567 } 1568 return new Uint8Array(arr); 1569} 1570 1571// Certificate binary data, which needs to match your case. 1572let certData = '-----BEGIN CERTIFICATE-----\n' + 1573 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1574 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1575 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1576 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1577 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1578 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1579 'Qw==\n' + 1580 '-----END CERTIFICATE-----\n'; 1581 1582let encodingBlob: cert.EncodingBlob = { 1583 data: stringToUint8Array(certData), 1584 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1585 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1586}; 1587 1588cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1589 if (error) { 1590 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1591 } else { 1592 console.log('createX509Cert success'); 1593 try { 1594 let subjectName = x509Cert.getSubjectName(); 1595 } catch (err) { 1596 let e: BusinessError = err as BusinessError; 1597 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1598 } 1599 try { 1600 let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); 1601 } catch (err) { 1602 let e: BusinessError = err as BusinessError; 1603 console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1604 } 1605 } 1606}); 1607``` 1608 1609### getNotBeforeTime 1610 1611getNotBeforeTime() : string 1612 1613Obtains the start time of this X.509 certificate. 1614 1615**Atomic service API**: This API can be used in atomic services since API version 12. 1616 1617**System capability**: SystemCapability.Security.Cert 1618 1619**Return value** 1620 1621| Type | Description | 1622| ------ | ------------------------------------------------------------ | 1623| string | Certificate start time obtained, in ASN.1 format.| 1624 1625**Error codes** 1626 1627For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1628 1629| ID| Error Message | 1630| -------- | ------------------------------------------------- | 1631| 19020001 | memory malloc failed. | 1632| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1633| 19030001 | crypto operation error.| 1634 1635**Example** 1636 1637```ts 1638import { cert } from '@kit.DeviceCertificateKit'; 1639import { BusinessError } from '@kit.BasicServicesKit'; 1640 1641// Convert the string into a Uint8Array. 1642function stringToUint8Array(str: string): Uint8Array { 1643 let arr: Array<number> = []; 1644 for (let i = 0, j = str.length; i < j; i++) { 1645 arr.push(str.charCodeAt(i)); 1646 } 1647 return new Uint8Array(arr); 1648} 1649 1650// Certificate binary data, which needs to match your case. 1651let certData = '-----BEGIN CERTIFICATE-----\n' + 1652 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1653 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1654 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1655 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1656 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1657 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1658 'Qw==\n' + 1659 '-----END CERTIFICATE-----\n'; 1660 1661let encodingBlob: cert.EncodingBlob = { 1662 data: stringToUint8Array(certData), 1663 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1664 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1665}; 1666 1667cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1668 if (error) { 1669 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1670 } else { 1671 console.log('createX509Cert success'); 1672 try { 1673 let notBefore = x509Cert.getNotBeforeTime(); 1674 } catch (err) { 1675 let e: BusinessError = err as BusinessError; 1676 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1677 } 1678 } 1679}); 1680``` 1681 1682### getNotAfterTime 1683 1684getNotAfterTime() : string 1685 1686Obtains the expiration time of this X.509 certificate. 1687 1688**Atomic service API**: This API can be used in atomic services since API version 12. 1689 1690**System capability**: SystemCapability.Security.Cert 1691 1692**Return value** 1693 1694| Type | Description | 1695| ------ | ------------------------------------------------------------ | 1696| string | Certificate expiration time obtained, in ASN.1 format.| 1697 1698**Error codes** 1699 1700For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1701 1702| ID| Error Message | 1703| -------- | ------------------------------------------------- | 1704| 19020001 | memory malloc failed. | 1705| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1706| 19030001 | crypto operation error.| 1707 1708**Example** 1709 1710```ts 1711import { cert } from '@kit.DeviceCertificateKit'; 1712 1713import { BusinessError } from '@kit.BasicServicesKit'; 1714 1715// Convert the string into a Uint8Array. 1716function stringToUint8Array(str: string): Uint8Array { 1717 let arr: Array<number> = []; 1718 for (let i = 0, j = str.length; i < j; i++) { 1719 arr.push(str.charCodeAt(i)); 1720 } 1721 return new Uint8Array(arr); 1722} 1723 1724// Certificate binary data, which needs to match your case. 1725let certData = '-----BEGIN CERTIFICATE-----\n' + 1726 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1727 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1728 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1729 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1730 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1731 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1732 'Qw==\n' + 1733 '-----END CERTIFICATE-----\n'; 1734 1735let encodingBlob: cert.EncodingBlob = { 1736 data: stringToUint8Array(certData), 1737 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1738 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1739}; 1740 1741cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1742 if (error) { 1743 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1744 } else { 1745 console.log('createX509Cert success'); 1746 try { 1747 let notAfter = x509Cert.getNotAfterTime(); 1748 } catch (err) { 1749 let e: BusinessError = err as BusinessError; 1750 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1751 } 1752 } 1753}); 1754``` 1755 1756### getSignature 1757 1758getSignature() : DataBlob 1759 1760Obtains the signature data of this X.509 certificate. 1761 1762**Atomic service API**: This API can be used in atomic services since API version 12. 1763 1764**System capability**: SystemCapability.Security.Cert 1765 1766**Return value** 1767 1768| Type | Description | 1769| --------------------- | -------------------- | 1770| [DataBlob](#datablob) | Signature data obtained.| 1771 1772**Error codes** 1773 1774For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1775 1776| ID| Error Message | 1777| -------- | ------------------------------------------------- | 1778| 19020001 | memory malloc failed. | 1779| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1780| 19030001 | crypto operation error.| 1781 1782**Example** 1783 1784```ts 1785import { cert } from '@kit.DeviceCertificateKit'; 1786 1787import { BusinessError } from '@kit.BasicServicesKit'; 1788 1789// Convert the string into a Uint8Array. 1790function stringToUint8Array(str: string): Uint8Array { 1791 let arr: Array<number> = []; 1792 for (let i = 0, j = str.length; i < j; i++) { 1793 arr.push(str.charCodeAt(i)); 1794 } 1795 return new Uint8Array(arr); 1796} 1797 1798// Certificate binary data, which needs to match your case. 1799let certData = '-----BEGIN CERTIFICATE-----\n' + 1800 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1801 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1802 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1803 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1804 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1805 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1806 'Qw==\n' + 1807 '-----END CERTIFICATE-----\n'; 1808 1809let encodingBlob: cert.EncodingBlob = { 1810 data: stringToUint8Array(certData), 1811 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1812 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1813}; 1814 1815cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1816 if (error) { 1817 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1818 } else { 1819 console.log('createX509Cert success'); 1820 try { 1821 let signature = x509Cert.getSignature(); 1822 } catch (err) { 1823 let e: BusinessError = err as BusinessError; 1824 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1825 } 1826 } 1827}); 1828``` 1829 1830### getSignatureAlgName 1831 1832getSignatureAlgName() : string 1833 1834Obtains the signing algorithm of this X.509 certificate. 1835 1836**Atomic service API**: This API can be used in atomic services since API version 12. 1837 1838**System capability**: SystemCapability.Security.Cert 1839 1840**Return value** 1841 1842| Type | Description | 1843| ------ | ------------------------ | 1844| string | X.509 certificate signing algorithm obtained.| 1845 1846**Error codes** 1847 1848For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1849 1850| ID| Error Message | 1851| -------- | ------------------------------------------------- | 1852| 19020001 | memory malloc failed. | 1853| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1854| 19030001 | crypto operation error.| 1855 1856**Example** 1857 1858```ts 1859import { cert } from '@kit.DeviceCertificateKit'; 1860 1861import { BusinessError } from '@kit.BasicServicesKit'; 1862 1863// Convert the string into a Uint8Array. 1864function stringToUint8Array(str: string): Uint8Array { 1865 let arr: Array<number> = []; 1866 for (let i = 0, j = str.length; i < j; i++) { 1867 arr.push(str.charCodeAt(i)); 1868 } 1869 return new Uint8Array(arr); 1870} 1871 1872// Certificate binary data, which needs to match your case. 1873let certData = '-----BEGIN CERTIFICATE-----\n' + 1874 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1875 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1876 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1877 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1878 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1879 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1880 'Qw==\n' + 1881 '-----END CERTIFICATE-----\n'; 1882 1883let encodingBlob: cert.EncodingBlob = { 1884 data: stringToUint8Array(certData), 1885 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1886 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1887}; 1888 1889cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1890 if (error) { 1891 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1892 } else { 1893 console.log('createX509Cert success'); 1894 try { 1895 let sigAlgName = x509Cert.getSignatureAlgName(); 1896 } catch (err) { 1897 let e: BusinessError = err as BusinessError; 1898 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1899 } 1900 } 1901}); 1902``` 1903 1904### getSignatureAlgOid 1905 1906getSignatureAlgOid() : string 1907 1908Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 1909 1910**Atomic service API**: This API can be used in atomic services since API version 12. 1911 1912**System capability**: SystemCapability.Security.Cert 1913 1914**Return value** 1915 1916| Type | Description | 1917| ------ | --------------------------------- | 1918| string | OID obtained. It will be truncated if the length exceeds 128 bytes.| 1919 1920**Error codes** 1921 1922For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1923 1924| ID| Error Message | 1925| -------- | ------------------------------------------------- | 1926| 19020001 | memory malloc failed. | 1927| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 1928| 19030001 | crypto operation error.| 1929 1930**Example** 1931 1932```ts 1933import { cert } from '@kit.DeviceCertificateKit'; 1934import { BusinessError } from '@kit.BasicServicesKit'; 1935 1936// Convert the string into a Uint8Array. 1937function stringToUint8Array(str: string): Uint8Array { 1938 let arr: Array<number> = []; 1939 for (let i = 0, j = str.length; i < j; i++) { 1940 arr.push(str.charCodeAt(i)); 1941 } 1942 return new Uint8Array(arr); 1943} 1944 1945// Certificate binary data, which needs to match your case. 1946let certData = '-----BEGIN CERTIFICATE-----\n' + 1947 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1948 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1949 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1950 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1951 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1952 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1953 'Qw==\n' + 1954 '-----END CERTIFICATE-----\n'; 1955 1956let encodingBlob: cert.EncodingBlob = { 1957 data: stringToUint8Array(certData), 1958 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 1959 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1960}; 1961 1962cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1963 if (error) { 1964 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1965 } else { 1966 console.log('createX509Cert success'); 1967 try { 1968 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1969 } catch (err) { 1970 let e: BusinessError = err as BusinessError; 1971 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1972 } 1973 } 1974}); 1975``` 1976 1977### getSignatureAlgParams 1978 1979getSignatureAlgParams() : DataBlob 1980 1981Obtains the signing algorithm parameters of this X.509 certificate. 1982 1983**Atomic service API**: This API can be used in atomic services since API version 12. 1984 1985**System capability**: SystemCapability.Security.Cert 1986 1987**Return value** 1988 1989| Type | Description | 1990| --------------------- | ------------------------ | 1991| [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| 1992 1993**Error codes** 1994 1995For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 1996 1997| ID| Error Message | 1998| -------- | ------------------------------------------------- | 1999| 801 | this operation is not supported. | 2000| 19020001 | memory malloc failed. | 2001| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2002| 19030001 | crypto operation error.| 2003 2004**Example** 2005 2006```ts 2007import { cert } from '@kit.DeviceCertificateKit'; 2008import { BusinessError } from '@kit.BasicServicesKit'; 2009 2010// Convert the string into a Uint8Array. 2011function stringToUint8Array(str: string): Uint8Array { 2012 let arr: Array<number> = []; 2013 for (let i = 0, j = str.length; i < j; i++) { 2014 arr.push(str.charCodeAt(i)); 2015 } 2016 return new Uint8Array(arr); 2017} 2018 2019// Certificate binary data, which needs to match your case. 2020let certData = '-----BEGIN CERTIFICATE-----\n' + 2021 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2022 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2023 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2024 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2025 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2026 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2027 'Qw==\n' + 2028 '-----END CERTIFICATE-----\n'; 2029 2030let encodingBlob: cert.EncodingBlob = { 2031 data: stringToUint8Array(certData), 2032 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2033 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2034}; 2035 2036cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2037 if (error) { 2038 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2039 } else { 2040 console.log('createX509Cert success'); 2041 try { 2042 let sigAlgParams = x509Cert.getSignatureAlgParams(); 2043 } catch (err) { 2044 let e: BusinessError = err as BusinessError; 2045 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2046 } 2047 } 2048}); 2049``` 2050 2051### getKeyUsage 2052 2053getKeyUsage() : DataBlob 2054 2055Obtains the key usage of this X.509 certificate. 2056 2057**Atomic service API**: This API can be used in atomic services since API version 12. 2058 2059**System capability**: SystemCapability.Security.Cert 2060 2061**Return value** 2062 2063| Type | Description | 2064| --------------------- | -------------------- | 2065| [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| 2066 2067**Error codes** 2068 2069For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2070 2071| ID| Error Message | 2072| -------- | ------------------------------------------------- | 2073| 19020001 | memory malloc failed. | 2074| 19030001 | crypto operation error.| 2075 2076**Example** 2077 2078```ts 2079import { cert } from '@kit.DeviceCertificateKit'; 2080import { BusinessError } from '@kit.BasicServicesKit'; 2081 2082// Convert the string into a Uint8Array. 2083function stringToUint8Array(str: string): Uint8Array { 2084 let arr: Array<number> = []; 2085 for (let i = 0, j = str.length; i < j; i++) { 2086 arr.push(str.charCodeAt(i)); 2087 } 2088 return new Uint8Array(arr); 2089} 2090 2091// Certificate binary data, which needs to match your case. 2092let certData = '-----BEGIN CERTIFICATE-----\n' + 2093 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2094 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2095 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2096 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2097 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2098 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2099 'Qw==\n' + 2100 '-----END CERTIFICATE-----\n'; 2101 2102let encodingBlob: cert.EncodingBlob = { 2103 data: stringToUint8Array(certData), 2104 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2105 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2106}; 2107 2108cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2109 if (error) { 2110 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2111 } else { 2112 console.log('createX509Cert success'); 2113 try { 2114 let keyUsage = x509Cert.getKeyUsage(); 2115 } catch (err) { 2116 let e: BusinessError = err as BusinessError; 2117 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2118 } 2119 } 2120}); 2121``` 2122 2123### getExtKeyUsage 2124 2125getExtKeyUsage() : DataArray 2126 2127Obtains the usage of the extended key of this X.509 certificate. 2128 2129**Atomic service API**: This API can be used in atomic services since API version 12. 2130 2131**System capability**: SystemCapability.Security.Cert 2132 2133**Return value** 2134 2135| Type | Description | 2136| ----------------------- | ------------------------ | 2137| [DataArray](#dataarray) | Usage of the extended key obtained.| 2138 2139**Error codes** 2140 2141For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2142 2143| ID| Error Message | 2144| -------- | ------------------------------------------------- | 2145| 19020001 | memory malloc failed. | 2146| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2147| 19030001 | crypto operation error.| 2148 2149**Example** 2150 2151```ts 2152import { cert } from '@kit.DeviceCertificateKit'; 2153import { BusinessError } from '@kit.BasicServicesKit'; 2154 2155// Convert the string into a Uint8Array. 2156function stringToUint8Array(str: string): Uint8Array { 2157 let arr: Array<number> = []; 2158 for (let i = 0, j = str.length; i < j; i++) { 2159 arr.push(str.charCodeAt(i)); 2160 } 2161 return new Uint8Array(arr); 2162} 2163 2164// Certificate binary data, which needs to match your case. 2165let certData = '-----BEGIN CERTIFICATE-----\n' + 2166 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2167 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2168 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2169 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2170 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2171 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2172 'Qw==\n' + 2173 '-----END CERTIFICATE-----\n'; 2174 2175let encodingBlob: cert.EncodingBlob = { 2176 data: stringToUint8Array(certData), 2177 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2178 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2179}; 2180 2181cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2182 if (error) { 2183 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2184 } else { 2185 console.log('createX509Cert success'); 2186 try { 2187 let extKeyUsage = x509Cert.getExtKeyUsage(); 2188 } catch (err) { 2189 let e: BusinessError = err as BusinessError; 2190 console.error('getExtKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2191 } 2192 } 2193}); 2194``` 2195 2196### getBasicConstraints 2197 2198getBasicConstraints() : number 2199 2200Obtains the basic constraints for obtaining this X.509 certificate. 2201 2202**Atomic service API**: This API can be used in atomic services since API version 12. 2203 2204**System capability**: SystemCapability.Security.Cert 2205 2206**Return value** 2207 2208| Type | Description | 2209| ------ | -------------------- | 2210| number | Basic constraints obtained.| 2211 2212**Example** 2213 2214```ts 2215import { cert } from '@kit.DeviceCertificateKit'; 2216 2217// Convert the string into a Uint8Array. 2218function stringToUint8Array(str: string): Uint8Array { 2219 let arr: Array<number> = []; 2220 for (let i = 0, j = str.length; i < j; i++) { 2221 arr.push(str.charCodeAt(i)); 2222 } 2223 return new Uint8Array(arr); 2224} 2225 2226// Certificate binary data, which needs to match your case. 2227let certData = '-----BEGIN CERTIFICATE-----\n' + 2228 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2229 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2230 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2231 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2232 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2233 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2234 'Qw==\n' + 2235 '-----END CERTIFICATE-----\n'; 2236 2237let encodingBlob: cert.EncodingBlob = { 2238 data: stringToUint8Array(certData), 2239 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2240 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2241}; 2242 2243cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2244 if (error) { 2245 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2246 } else { 2247 console.log('createX509Cert success'); 2248 let basicConstraints = x509Cert.getBasicConstraints(); 2249 } 2250}); 2251``` 2252 2253### getSubjectAltNames 2254 2255getSubjectAltNames() : DataArray 2256 2257Obtains the Subject Alternative Names (SANs) of this X.509 certificate. 2258 2259> **NOTE** 2260> 2261> The obtained SANs contain a string terminator. 2262 2263**Atomic service API**: This API can be used in atomic services since API version 12. 2264 2265**System capability**: SystemCapability.Security.Cert 2266 2267**Return value** 2268 2269| Type | Description | 2270| ----------------------- | ------------------------ | 2271| [DataArray](#dataarray) | SANs obtained.| 2272 2273**Error codes** 2274 2275For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2276 2277| ID| Error Message | 2278| -------- | ------------------------------------------------- | 2279| 19020001 | memory malloc failed. | 2280| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2281| 19030001 | crypto operation error.| 2282 2283**Example** 2284 2285```ts 2286import { cert } from '@kit.DeviceCertificateKit'; 2287import { BusinessError } from '@kit.BasicServicesKit'; 2288 2289// Convert the string into a Uint8Array. 2290function stringToUint8Array(str: string): Uint8Array { 2291 let arr: Array<number> = []; 2292 for (let i = 0, j = str.length; i < j; i++) { 2293 arr.push(str.charCodeAt(i)); 2294 } 2295 return new Uint8Array(arr); 2296} 2297 2298// Certificate binary data, which needs to match your case. 2299let certData = '-----BEGIN CERTIFICATE-----\n' + 2300 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2301 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2302 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2303 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2304 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2305 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2306 'Qw==\n' + 2307 '-----END CERTIFICATE-----\n'; 2308 2309let encodingBlob: cert.EncodingBlob = { 2310 data: stringToUint8Array(certData), 2311 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2312 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2313}; 2314 2315cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2316 if (error) { 2317 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2318 } else { 2319 console.log('createX509Cert success'); 2320 try { 2321 let subjectAltNames = x509Cert.getSubjectAltNames(); 2322 } catch (err) { 2323 let e: BusinessError = err as BusinessError; 2324 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2325 } 2326 } 2327}); 2328``` 2329 2330### getIssuerAltNames 2331 2332getIssuerAltNames() : DataArray 2333 2334Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. 2335 2336> **NOTE** 2337> 2338> The obtained IANs contain a string terminator. 2339 2340**Atomic service API**: This API can be used in atomic services since API version 12. 2341 2342**System capability**: SystemCapability.Security.Cert 2343 2344**Return value** 2345 2346| Type | Description | 2347| ----------------------- | -------------------------- | 2348| [DataArray](#dataarray) | IANs obtained.| 2349 2350**Error codes** 2351 2352For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2353 2354| ID| Error Message | 2355| -------- | ------------------------------------------------- | 2356| 19020001 | memory malloc failed. | 2357| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2358| 19030001 | crypto operation error.| 2359 2360**Example** 2361 2362```ts 2363import { cert } from '@kit.DeviceCertificateKit'; 2364import { BusinessError } from '@kit.BasicServicesKit'; 2365 2366// Convert the string into a Uint8Array. 2367function stringToUint8Array(str: string): Uint8Array { 2368 let arr: Array<number> = []; 2369 for (let i = 0, j = str.length; i < j; i++) { 2370 arr.push(str.charCodeAt(i)); 2371 } 2372 return new Uint8Array(arr); 2373} 2374 2375// Certificate binary data, which needs to match your case. 2376let certData = '-----BEGIN CERTIFICATE-----\n' + 2377 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2378 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2379 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2380 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2381 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2382 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2383 'Qw==\n' + 2384 '-----END CERTIFICATE-----\n'; 2385 2386let encodingBlob: cert.EncodingBlob = { 2387 data: stringToUint8Array(certData), 2388 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2389 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2390}; 2391 2392cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2393 if (error) { 2394 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2395 } else { 2396 console.log('createX509Cert success'); 2397 try { 2398 let issuerAltNames = x509Cert.getIssuerAltNames(); 2399 } catch (err) { 2400 let e: BusinessError = err as BusinessError; 2401 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2402 } 2403 } 2404}); 2405``` 2406 2407### getItem<sup>10+</sup> 2408 2409getItem(itemType: CertItemType) : DataBlob 2410 2411Obtains the fields in the X.509 certificate. 2412 2413**Atomic service API**: This API can be used in atomic services since API version 12. 2414 2415**System capability**: SystemCapability.Security.Cert 2416 2417**Parameters** 2418 2419| Name | Type | Mandatory| Description | 2420| --------- | ------ | ---- | ------------------------------------------ | 2421| itemType | [CertItemType](#certitemtype10) | Yes | Certificate field to obtain.| 2422 2423**Return value** 2424 2425| Type | Description | 2426| --------------------- | ----------------------------------------- | 2427| [DataBlob](#datablob) | Fields in DER format.| 2428 2429**Error codes** 2430 2431For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2432 2433| ID| Error Message | 2434| -------- | ----------------------- | 2435| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2436| 19020001 | memory malloc failed. | 2437| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2438| 19030001 | crypto operation error. | 2439 2440**Example** 2441 2442```ts 2443import { cert } from '@kit.DeviceCertificateKit'; 2444import { BusinessError } from '@kit.BasicServicesKit'; 2445 2446// Convert the string into a Uint8Array. 2447function stringToUint8Array(str: string): Uint8Array { 2448 let arr: Array<number> = []; 2449 for (let i = 0, j = str.length; i < j; i++) { 2450 arr.push(str.charCodeAt(i)); 2451 } 2452 return new Uint8Array(arr); 2453} 2454 2455// Certificate binary data, which needs to match your case. 2456let certData = '-----BEGIN CERTIFICATE-----\n' + 2457 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2458 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2459 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2460 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2461 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2462 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2463 'Qw==\n' + 2464 '-----END CERTIFICATE-----\n'; 2465 2466let encodingBlob: cert.EncodingBlob = { 2467 data: stringToUint8Array(certData), 2468 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2469 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2470}; 2471 2472cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2473 if (error) { 2474 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2475 } else { 2476 console.log('createX509Cert success'); 2477 try { 2478 let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); 2479 let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 2480 } catch (err) { 2481 let e: BusinessError = err as BusinessError; 2482 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2483 } 2484 } 2485}); 2486``` 2487### match<sup>11+</sup> 2488 2489match(param: X509CertMatchParameters): boolean 2490 2491Checks whether this certificate matches the specified parameters. 2492 2493**Atomic service API**: This API can be used in atomic services since API version 12. 2494 2495**System capability**: SystemCapability.Security.Cert 2496 2497**Parameters** 2498 2499| Name | Type | Mandatory| Description | 2500| --------- | ------ | ---- | ------------------------------------------ | 2501| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters specified for matching the certificate.| 2502 2503**Return value** 2504 2505| Type | Description | 2506| --------------------- | ----------------------------------------- | 2507| boolean | Returns **true** if the certificate matches the parameters specified; returns **false** otherwise.| 2508 2509**Error codes** 2510 2511For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2512 2513| ID| Error Message | 2514| -------- | ------------- | 2515| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2516| 19020001 | memory malloc failed. | 2517| 19030001 | crypto operation error. | 2518 2519**Example** 2520 2521```ts 2522import { cert } from '@kit.DeviceCertificateKit'; 2523import { BusinessError } from '@kit.BasicServicesKit'; 2524 2525// Convert the string into a Uint8Array. 2526function stringToUint8Array(str: string): Uint8Array { 2527 let arr: Array<number> = []; 2528 for (let i = 0, j = str.length; i < j; i++) { 2529 arr.push(str.charCodeAt(i)); 2530 } 2531 return new Uint8Array(arr); 2532} 2533 2534async function createX509Cert(): Promise<cert.X509Cert> { 2535 let certData = '-----BEGIN CERTIFICATE-----\n' + 2536 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 2537 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 2538 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 2539 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + 2540 '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 2541 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 2542 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 2543 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 2544 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 2545 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 2546 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 2547 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 2548 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 2549 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 2550 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 2551 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 2552 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 2553 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + 2554 '-----END CERTIFICATE-----\n'; 2555 2556 let encodingBlob: cert.EncodingBlob = { 2557 data: stringToUint8Array(certData), 2558 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2559 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2560 }; 2561 2562 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2563 try { 2564 x509Cert = await cert.createX509Cert(encodingBlob); 2565 } catch (err) { 2566 let e: BusinessError = err as BusinessError; 2567 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2568 } 2569 return x509Cert; 2570} 2571 2572async function matchX509Cert() { 2573 const x509Cert = await createX509Cert(); 2574 try { 2575 // Set the value to match your case. 2576 const param: cert.X509CertMatchParameters = { 2577 x509Cert, 2578 validDate: '20241121074700Z', 2579 keyUsage: [true, false, false, false, false, false, false, false, false], 2580 publicKeyAlgID: '1.2.840.113549.1.1.1' 2581 }; 2582 const result = x509Cert.match(param); 2583 console.log('call x509Cert match success'); 2584 } catch (err) { 2585 console.error('call x509Cert match failed'); 2586 } 2587} 2588``` 2589 2590### getCRLDistributionPoint<sup>12+</sup> 2591 2592getCRLDistributionPoint(): DataArray 2593 2594Obtains the CRL distribution points of this X.509 certificate. 2595 2596**Atomic service API**: This API can be used in atomic services since API version 12. 2597 2598**System capability**: SystemCapability.Security.Cert 2599 2600**Return value** 2601 2602| Type | Description | 2603| ----------------------- | -------------------------- | 2604| [DataArray](#dataarray) | URIs of the distribution points for this X.509 CRL obtained.| 2605 2606**Error codes** 2607 2608For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2609 2610| ID| Error Message | 2611| -------- | ------------- | 2612| 19020001 | memory malloc failed. | 2613| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2614| 19030001 | crypto operation error. | 2615 2616**Example** 2617 2618```ts 2619import { cert } from '@kit.DeviceCertificateKit'; 2620import { BusinessError } from '@kit.BasicServicesKit'; 2621 2622// Convert the string into a Uint8Array. 2623function stringToUint8Array(str: string): Uint8Array { 2624 let arr: Array<number> = []; 2625 for (let i = 0, j = str.length; i < j; i++) { 2626 arr.push(str.charCodeAt(i)); 2627 } 2628 return new Uint8Array(arr); 2629} 2630 2631let certData = "-----BEGIN CERTIFICATE-----\n" + 2632 "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + 2633 "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + 2634 "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + 2635 "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + 2636 "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + 2637 "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + 2638 "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + 2639 "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + 2640 "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + 2641 "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + 2642 "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + 2643 "-----END CERTIFICATE-----\n"; 2644 2645 // Certificate binary data, which needs to match your case. 2646let encodingBlob: cert.EncodingBlob = { 2647 data: stringToUint8Array(certData), 2648 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2649 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2650}; 2651 2652async function certGetCRLDistributionPoint() { 2653 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2654 try { 2655 x509Cert = await cert.createX509Cert(encodingBlob); 2656 console.log('createX509Cert success'); 2657 let point = x509Cert.getCRLDistributionPoint(); 2658 } catch (err) { 2659 let e: BusinessError = err as BusinessError; 2660 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2661 } 2662} 2663``` 2664 2665### getIssuerX500DistinguishedName<sup>12+</sup> 2666 2667getIssuerX500DistinguishedName(): X500DistinguishedName 2668 2669Obtains the distinguished name (DN) of the X.509 certificate issuer. 2670 2671**Atomic service API**: This API can be used in atomic services since API version 12. 2672 2673**System capability**: SystemCapability.Security.Cert 2674 2675**Return value** 2676 2677| Type | Description | 2678| --------------------- | ----------------------------------------- | 2679| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 2680 2681**Error codes** 2682 2683For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2684 2685| ID| Error Message | 2686| -------- | ------------- | 2687| 19020001 | memory malloc failed. | 2688| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2689| 19030001 | crypto operation error. | 2690 2691**Example** 2692 2693```ts 2694import { cert } from '@kit.DeviceCertificateKit'; 2695import { BusinessError } from '@kit.BasicServicesKit'; 2696 2697// Convert the string into a Uint8Array. 2698function stringToUint8Array(str: string): Uint8Array { 2699 let arr: Array<number> = []; 2700 for (let i = 0, j = str.length; i < j; i++) { 2701 arr.push(str.charCodeAt(i)); 2702 } 2703 return new Uint8Array(arr); 2704} 2705 2706let certData = "-----BEGIN CERTIFICATE-----\n" + 2707 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2708 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2709 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2710 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2711 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2712 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2713 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2714 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2715 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2716 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2717 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2718 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2719 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2720 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2721 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2722 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2723 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2724 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2725 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2726 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2727 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2728 "-----END CERTIFICATE-----\n" 2729 2730 // Certificate binary data, which needs to match your case. 2731 let encodingBlob: cert.EncodingBlob = { 2732 data: stringToUint8Array(certData), 2733 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2734 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2735 }; 2736 2737async function certGetIssuerX500DistinguishedName() { 2738 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2739 try { 2740 x509Cert = await cert.createX509Cert(encodingBlob); 2741 console.log('createX509Cert success'); 2742 let name = x509Cert.getIssuerX500DistinguishedName(); 2743 } catch (err) { 2744 let e: BusinessError = err as BusinessError; 2745 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2746 } 2747} 2748``` 2749 2750### getSubjectX500DistinguishedName<sup>12+</sup> 2751 2752getSubjectX500DistinguishedName(): X500DistinguishedName 2753 2754Obtains the DN of the X.509 certificate subject (holder). 2755 2756**Atomic service API**: This API can be used in atomic services since API version 12. 2757 2758**System capability**: SystemCapability.Security.Cert 2759 2760**Return value** 2761 2762| Type | Description | 2763| --------------------- | ----------------------------------------- | 2764| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 2765 2766**Error codes** 2767 2768For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2769 2770| ID| Error Message | 2771| -------- | ------------- | 2772| 19020001 | memory malloc failed. | 2773| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2774| 19030001 | crypto operation error. | 2775 2776**Example** 2777 2778```ts 2779import { cert } from '@kit.DeviceCertificateKit'; 2780import { BusinessError } from '@kit.BasicServicesKit'; 2781 2782// Convert the string into a Uint8Array. 2783function stringToUint8Array(str: string): Uint8Array { 2784 let arr: Array<number> = []; 2785 for (let i = 0, j = str.length; i < j; i++) { 2786 arr.push(str.charCodeAt(i)); 2787 } 2788 return new Uint8Array(arr); 2789} 2790 2791let certData = "-----BEGIN CERTIFICATE-----\n" + 2792 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2793 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2794 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2795 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2796 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2797 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2798 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2799 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2800 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2801 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2802 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2803 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2804 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2805 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2806 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2807 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2808 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2809 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2810 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2811 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2812 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2813 "-----END CERTIFICATE-----\n" 2814 2815 // Certificate binary data, which needs to match your case. 2816 let encodingBlob: cert.EncodingBlob = { 2817 data: stringToUint8Array(certData), 2818 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2819 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2820 }; 2821 2822async function certGetSubjectX500DistinguishedName() { 2823 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2824 try { 2825 x509Cert = await cert.createX509Cert(encodingBlob); 2826 console.log('createX509Cert success'); 2827 let name = x509Cert.getSubjectX500DistinguishedName(); 2828 } catch (err) { 2829 let e: BusinessError = err as BusinessError; 2830 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2831 } 2832} 2833``` 2834 2835### toString<sup>12+</sup> 2836 2837toString(): string 2838 2839Converts the object data into a string. 2840 2841**Atomic service API**: This API can be used in atomic services since API version 12. 2842 2843**System capability**: SystemCapability.Security.Cert 2844 2845**Return value** 2846 2847| Type | Description | 2848| --------------------- | ----------------------------------------- | 2849| string | String obtained.| 2850 2851**Error codes** 2852 2853For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2854 2855| ID| Error Message | 2856| -------- | ------------- | 2857| 19020001 | memory malloc failed. | 2858| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2859| 19030001 | crypto operation error. | 2860 2861**Example** 2862 2863```ts 2864import { cert } from '@kit.DeviceCertificateKit'; 2865import { BusinessError } from '@kit.BasicServicesKit'; 2866 2867// Convert the string into a Uint8Array. 2868function stringToUint8Array(str: string): Uint8Array { 2869 let arr: Array<number> = []; 2870 for (let i = 0, j = str.length; i < j; i++) { 2871 arr.push(str.charCodeAt(i)); 2872 } 2873 return new Uint8Array(arr); 2874} 2875 2876let certData = "-----BEGIN CERTIFICATE-----\n" + 2877 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2878 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2879 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2880 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2881 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2882 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2883 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2884 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2885 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2886 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2887 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2888 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2889 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2890 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2891 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2892 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2893 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2894 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2895 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2896 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2897 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2898 "-----END CERTIFICATE-----\n" 2899 2900 // Certificate binary data, which needs to match your case. 2901 let encodingBlob: cert.EncodingBlob = { 2902 data: stringToUint8Array(certData), 2903 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2904 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2905 }; 2906 2907async function certToString() { 2908 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2909 try { 2910 x509Cert = await cert.createX509Cert(encodingBlob); 2911 console.log('createX509Cert success'); 2912 console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); 2913 } catch (err) { 2914 let e: BusinessError = err as BusinessError; 2915 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2916 } 2917} 2918``` 2919 2920### toString<sup>20+</sup> 2921 2922toString(encodingType: EncodingType): string 2923 2924Converts this object into a string in the specified encoding format. 2925 2926**Atomic service API**: This API can be used in atomic services since API version 20. 2927 2928**System capability**: SystemCapability.Security.Cert 2929 2930**Parameters** 2931 2932| Name | Type | Mandatory| Description | 2933| -------- | ------------------------------------- | ---- | ------------------------------ | 2934| encodingType | [EncodingType](#encodingtype12) | Yes | Encoding type. | 2935 2936**Return value** 2937 2938| Type | Description | 2939| --------------------- | ----------------------------------------- | 2940| string | String obtained.| 2941 2942**Error codes** 2943 2944For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 2945 2946| ID| Error Message | 2947| -------- | ------------- | 2948| 19020001 | memory malloc failed. | 2949| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 2950| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 2951| 19030001 | crypto operation error. | 2952 2953**Example** 2954 2955```ts 2956import { cert } from '@kit.DeviceCertificateKit'; 2957import { BusinessError } from '@kit.BasicServicesKit'; 2958 2959// Convert the string into a Uint8Array. 2960function stringToUint8Array(str: string): Uint8Array { 2961 let arr: Array<number> = []; 2962 for (let i = 0, j = str.length; i < j; i++) { 2963 arr.push(str.charCodeAt(i)); 2964 } 2965 return new Uint8Array(arr); 2966} 2967 2968let certData = '-----BEGIN CERTIFICATE-----\n' + 2969 'MIIDgTCCAmmgAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYT\n' + 2970 'AkNOMQ8wDQYDVQQIDAbpmZXopb8xDzANBgNVBAcMBuilv+WuiTEPMA0GA1UECgwG\n' + 2971 '5rWL6K+VMRUwEwYDVQQDDAzkuK3mlofmtYvor5UwHhcNMjUwMzA1MDk1MTIzWhcN\n' + 2972 'MzUwMzAzMDk1MTIzWjBXMQswCQYDVQQGEwJDTjEPMA0GA1UECAwG6ZmV6KW/MQ8w\n' + 2973 'DQYDVQQHDAbopb/lrokxDzANBgNVBAoMBua1i+ivlTEVMBMGA1UEAwwM5Lit5paH\n' + 2974 '5rWL6K+VMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkonJ4UIuxRzX\n' + 2975 'gr8fLU1PjadDWJp/GrxkYGe30TXqQHDh7O14Rc0xxacj3aLMNffzj+rhxUzl3C9p\n' + 2976 'wLzIVO2e3iC3Fx2csRzOSIdbimR8879/3uaW8CPkgqlKQw8FDwrGk0S26sdDV8of\n' + 2977 '8AAHlrnUO2yyL53rAunn4ZKo4EyxHrvHmZKuv006onj0SByu8RNHx97v+4KaaY7p\n' + 2978 'HngTC55F0KVALiNGygJHeKP7GGxS7kpYV/CvBuABpA00WMqc7nmo2vCa4yC/mIk2\n' + 2979 '5CF7l860rQ50HLjrmlDYJHpc8p88NJ2BEyHQWiN4YkSKDAKNr+SssD3Tf2wHSYxA\n' + 2980 'UwdgsatGlwIDAQABo1MwUTAdBgNVHQ4EFgQUMFEfTXLVm7D6fsC7LYtTMhIgVQUw\n' + 2981 'HwYDVR0jBBgwFoAUMFEfTXLVm7D6fsC7LYtTMhIgVQUwDwYDVR0TAQH/BAUwAwEB\n' + 2982 '/zANBgkqhkiG9w0BAQsFAAOCAQEABCr9+iK30OSp67ksK1qhkKCzwKYDH2E5KEF4\n' + 2983 '1E1/o4haXIR14V+5DGcX/1OH3Znd863TecQdNnCFMGArWygq8j7O0uStbWMb3Rhu\n' + 2984 '+7RJ9GOCbBSeR3v2fC6+T3LI0Sm1G77xIYADmHGt33IW0DRKr44iOalwi6IbcqzD\n' + 2985 's9XlNO8e6ht2apeL656fjv1gCo/PA7e+A0QHn6zapggzEccEwKdFixCsw5ZMZaHm\n' + 2986 'adGz3lBCK+0QKYXYL1CtX/6wcDgQ9PuZSgdQgrudLKRN+843m3LJSUJ7AIyL1kQW\n' + 2987 'kY1ah7eSx4wwaKrLOM06ZkzORMnY5GAy8Aup+UCh6mWU3dPv3w==\n' + 2988 '-----END CERTIFICATE-----\n'; 2989 2990 // Certificate binary data, which needs to match your case. 2991 let encodingBlob: cert.EncodingBlob = { 2992 data: stringToUint8Array(certData), 2993 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 2994 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2995 }; 2996 2997async function certToString() { 2998 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2999 try { 3000 x509Cert = await cert.createX509Cert(encodingBlob); 3001 console.log('createX509Cert success'); 3002 console.info('certToString success: ' + JSON.stringify(x509Cert.toString(cert.EncodingType.ENCODING_UTF8))); 3003 } catch (err) { 3004 let e: BusinessError = err as BusinessError; 3005 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3006 } 3007} 3008``` 3009 3010### hashCode<sup>12+</sup> 3011 3012hashCode(): Uint8Array 3013 3014Obtains the hash value of the data in DER format. 3015 3016**Atomic service API**: This API can be used in atomic services since API version 12. 3017 3018**System capability**: SystemCapability.Security.Cert 3019 3020**Return value** 3021 3022| Type | Description | 3023| --------------------- | ----------------------------------------- | 3024| Uint8Array | Hash value obtained.| 3025 3026**Error codes** 3027 3028For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3029 3030| ID| Error Message | 3031| -------- | ------------- | 3032| 19020001 | memory malloc failed. | 3033| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3034| 19030001 | crypto operation error. | 3035 3036**Example** 3037 3038```ts 3039import { cert } from '@kit.DeviceCertificateKit'; 3040import { BusinessError } from '@kit.BasicServicesKit'; 3041 3042// Convert the string into a Uint8Array. 3043function stringToUint8Array(str: string): Uint8Array { 3044 let arr: Array<number> = []; 3045 for (let i = 0, j = str.length; i < j; i++) { 3046 arr.push(str.charCodeAt(i)); 3047 } 3048 return new Uint8Array(arr); 3049} 3050 3051let certData = "-----BEGIN CERTIFICATE-----\n" + 3052 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 3053 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 3054 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 3055 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 3056 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 3057 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 3058 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 3059 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 3060 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 3061 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 3062 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 3063 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 3064 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 3065 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 3066 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 3067 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 3068 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 3069 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 3070 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 3071 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 3072 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 3073 "-----END CERTIFICATE-----\n" 3074 3075 // Certificate binary data, which needs to match your case. 3076 let encodingBlob: cert.EncodingBlob = { 3077 data: stringToUint8Array(certData), 3078 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3079 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3080 }; 3081 3082async function certHashCode() { 3083 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 3084 try { 3085 x509Cert = await cert.createX509Cert(encodingBlob); 3086 console.log('createX509Cert success'); 3087 console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); 3088 } catch (err) { 3089 let e: BusinessError = err as BusinessError; 3090 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3091 } 3092} 3093``` 3094 3095### getExtensionsObject<sup>12+</sup> 3096 3097getExtensionsObject(): CertExtension 3098 3099Obtains the certification extensions in DER format. 3100 3101**Atomic service API**: This API can be used in atomic services since API version 12. 3102 3103**System capability**: SystemCapability.Security.Cert 3104 3105**Return value** 3106 3107| Type | Description | 3108| --------------------- | ----------------------------------------- | 3109| [CertExtension](#certextension10) | Certificate extensions object obtained.| 3110 3111**Error codes** 3112 3113For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3114 3115| ID| Error Message | 3116| -------- | ------------- | 3117| 19020001 | memory malloc failed. | 3118| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3119| 19030001 | crypto operation error. | 3120 3121**Example** 3122 3123```ts 3124import { cert } from '@kit.DeviceCertificateKit'; 3125import { BusinessError } from '@kit.BasicServicesKit'; 3126 3127// Convert the string into a Uint8Array. 3128function stringToUint8Array(str: string): Uint8Array { 3129 let arr: Array<number> = []; 3130 for (let i = 0, j = str.length; i < j; i++) { 3131 arr.push(str.charCodeAt(i)); 3132 } 3133 return new Uint8Array(arr); 3134} 3135 3136let certData = "-----BEGIN CERTIFICATE-----\n" + 3137 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 3138 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 3139 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 3140 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 3141 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 3142 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 3143 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 3144 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 3145 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 3146 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 3147 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 3148 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 3149 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 3150 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 3151 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 3152 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 3153 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 3154 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 3155 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 3156 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 3157 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 3158 "-----END CERTIFICATE-----\n" 3159 3160 // Certificate binary data, which needs to match your case. 3161 let encodingBlob: cert.EncodingBlob = { 3162 data: stringToUint8Array(certData), 3163 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3164 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3165 }; 3166 3167async function certGetExtensionsObject() { 3168 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 3169 try { 3170 x509Cert = await cert.createX509Cert(encodingBlob); 3171 console.log('createX509Cert success'); 3172 let object = x509Cert.getExtensionsObject(); 3173 } catch (err) { 3174 let e: BusinessError = err as BusinessError; 3175 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3176 } 3177} 3178``` 3179 3180## cert.createCertExtension<sup>10+</sup> 3181 3182createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 3183 3184Creates a **CertExtension** instance. This API uses an asynchronous callback to return the result. 3185 3186**Atomic service API**: This API can be used in atomic services since API version 12. 3187 3188**System capability**: SystemCapability.Security.Cert 3189 3190**Parameters** 3191 3192| Name | Type | Mandatory| Description | 3193| -------- | ------------------------------------------------- | ---- | -------------------------- | 3194| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data obtained.| 3195| callback | AsyncCallback\<[CertExtension](#certextension10)> | Yes | Callback for the **CertExtension** instance.| 3196 3197**Error codes** 3198 3199For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3200 3201| ID| Error Message | 3202| -------- | ------------- | 3203| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3204| 801 | this operation is not supported. | 3205| 19020001 | memory malloc failed. | 3206| 19030001 | crypto operation error. | 3207 3208**Example** 3209 3210```ts 3211import { cert } from '@kit.DeviceCertificateKit'; 3212 3213// Binary data of the certificate extension, which needs to be set to match your case. 3214let extData = new Uint8Array([ 3215 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3216 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3217 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3218 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3219 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3220 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3221 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3222 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3223 0xD9, 0xE4 3224]); 3225 3226let encodingBlob: cert.EncodingBlob = { 3227 data: extData, 3228 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3229 encodingFormat: cert.EncodingFormat.FORMAT_DER 3230}; 3231 3232cert.createCertExtension(encodingBlob, (error, certExt) => { 3233 if (error) { 3234 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3235 } else { 3236 console.log('createCertExtension success'); 3237 } 3238}); 3239``` 3240 3241## cert.createCertExtension<sup>10+</sup> 3242 3243createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 3244 3245Creates a **CertExtension** instance. This API uses a promise to return the result. 3246 3247**Atomic service API**: This API can be used in atomic services since API version 12. 3248 3249**System capability**: SystemCapability.Security.Cert 3250 3251**Parameters** 3252 3253| Name | Type | Mandatory| Description | 3254| -------- | ----------------------------- | ---- | -------------------------- | 3255| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data obtained.| 3256 3257**Return value** 3258 3259| Type | Description | 3260| ------------------------------------------- | -------------------- | 3261| Promise\<[CertExtension](#certextension10)> | Promise used to return the **CertExtension** instance created.| 3262 3263**Error codes** 3264 3265For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3266 3267| ID| Error Message | 3268| -------- | ------------- | 3269| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3270| 801 | this operation is not supported. | 3271| 19020001 | memory malloc failed. | 3272| 19030001 | crypto operation error. | 3273 3274**Example** 3275 3276```ts 3277import { cert } from '@kit.DeviceCertificateKit'; 3278import { BusinessError } from '@kit.BasicServicesKit'; 3279 3280// Binary data of the certificate extension, which needs to be set to match your case. 3281let extData = new Uint8Array([ 3282 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3283 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3284 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3285 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3286 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3287 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3288 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3289 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3290 0xD9, 0xE4 3291]); 3292 3293let encodingBlob: cert.EncodingBlob = { 3294 data: extData, 3295 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3296 encodingFormat: cert.EncodingFormat.FORMAT_DER 3297}; 3298 3299cert.createCertExtension(encodingBlob).then(certExt => { 3300 console.log('createCertExtension success'); 3301}).catch((error: BusinessError) => { 3302 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3303}); 3304``` 3305 3306## CertExtension<sup>10+</sup> 3307 3308Provides APIs for operating the certificate extensions. 3309 3310### getEncoded<sup>10+</sup> 3311 3312getEncoded() : EncodingBlob 3313 3314Obtains the serialized data of the certificate extensions. 3315 3316**Atomic service API**: This API can be used in atomic services since API version 12. 3317 3318**System capability**: SystemCapability.Security.Cert 3319 3320**Return value** 3321 3322| Type | Description | 3323| ----------------------------- | ---------------------------- | 3324| [EncodingBlob](#encodingblob) | Serialized data obtained.| 3325 3326**Error codes** 3327 3328For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3329 3330| ID| Error Message | 3331| -------- | ----------------------- | 3332| 19020001 | memory malloc failed. | 3333| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3334| 19030001 | crypto operation error. | 3335 3336**Example** 3337 3338```ts 3339import { cert } from '@kit.DeviceCertificateKit'; 3340import { BusinessError } from '@kit.BasicServicesKit'; 3341 3342// Binary data of the certificate extension, which needs to be set to match your case. 3343let extData = new Uint8Array([ 3344 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3345 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3346 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3347 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3348 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3349 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3350 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3351 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3352 0xD9, 0xE4 3353]); 3354 3355let encodingBlob: cert.EncodingBlob = { 3356 data: extData, 3357 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3358 encodingFormat: cert.EncodingFormat.FORMAT_DER 3359}; 3360 3361cert.createCertExtension(encodingBlob, (error, certExt) => { 3362 if (error) { 3363 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3364 } else { 3365 console.log('createCertExtension success'); 3366 try { 3367 let extEncodedBlob = certExt.getEncoded(); 3368 } catch (err) { 3369 let e: BusinessError = err as BusinessError; 3370 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3371 } 3372 } 3373}); 3374``` 3375 3376### getOidList<sup>10+</sup> 3377 3378getOidList(valueType : ExtensionOidType) : DataArray 3379 3380Obtains the OIDs of the certificate extensions. 3381 3382**Atomic service API**: This API can be used in atomic services since API version 12. 3383 3384**System capability**: SystemCapability.Security.Cert 3385 3386**Parameters** 3387 3388| Name | Type | Mandatory| Description | 3389| --------- | ------------------------------------- | ---- | ------------------------------ | 3390| valueType | [ExtensionOidType](#extensionoidtype10) | Yes | Type of the OIDs to obtain.| 3391 3392**Return value** 3393 3394| Type | Description | 3395| ----------------------- | -------------------------------- | 3396| [DataArray](#dataarray) | OIDs obtained.| 3397 3398**Error codes** 3399 3400For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3401 3402| ID| Error Message | 3403| -------- | ----------------------- | 3404| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3405| 19020001 | memory malloc failed. | 3406| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3407| 19030001 | crypto operation error. | 3408 3409**Example** 3410 3411```ts 3412import { cert } from '@kit.DeviceCertificateKit'; 3413import { BusinessError } from '@kit.BasicServicesKit'; 3414 3415// Binary data of the certificate extension, which needs to be set to match your case. 3416let extData = new Uint8Array([ 3417 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3418 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3419 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3420 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3421 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3422 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3423 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3424 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3425 0xD9, 0xE4 3426]); 3427 3428let encodingBlob: cert.EncodingBlob = { 3429 data: extData, 3430 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3431 encodingFormat: cert.EncodingFormat.FORMAT_DER 3432}; 3433 3434cert.createCertExtension(encodingBlob, (error, certExt) => { 3435 if (error) { 3436 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3437 } else { 3438 console.log('createCertExtension success'); 3439 try { 3440 let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 3441 } catch (err) { 3442 let e: BusinessError = err as BusinessError; 3443 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3444 } 3445 } 3446}); 3447``` 3448 3449### getEntry<sup>10+</sup> 3450 3451getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 3452 3453Obtains the certificate extension object information. 3454 3455**Atomic service API**: This API can be used in atomic services since API version 12. 3456 3457**System capability**: SystemCapability.Security.Cert 3458 3459**Parameters** 3460 3461| Name | Type | Mandatory| Description | 3462| --------- | ----------------------------------------- | ---- | -------------------------------- | 3463| valueType | [ExtensionEntryType](#extensionentrytype10) | Yes | Type of the information to obtain. | 3464| oid | [DataBlob](#datablob) | Yes | OID of the certificate extension to obtain.| 3465 3466**Return value** 3467 3468| Type | Description | 3469| --------------------- | ---------------------------- | 3470| [DataBlob](#datablob) | Certificate extension object information obtained.| 3471 3472**Error codes** 3473 3474For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3475 3476| ID| Error Message | 3477| -------- | ----------------------- | 3478| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3479| 19020001 | memory malloc failed. | 3480| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3481| 19030001 | crypto operation error. | 3482 3483**Example** 3484 3485```ts 3486import { cert } from '@kit.DeviceCertificateKit'; 3487import { BusinessError } from '@kit.BasicServicesKit'; 3488 3489// Binary data of the certificate extension, which needs to be set to match your case. 3490let extData = new Uint8Array([ 3491 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3492 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3493 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3494 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3495 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3496 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3497 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3498 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3499 0xD9, 0xE4 3500]); 3501 3502let encodingBlob: cert.EncodingBlob = { 3503 data: extData, 3504 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3505 encodingFormat: cert.EncodingFormat.FORMAT_DER 3506}; 3507 3508cert.createCertExtension(encodingBlob, (error, certExt) => { 3509 if (error) { 3510 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3511 } else { 3512 console.log('createCertExtension success'); 3513 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 3514 let oidBlob: cert.DataBlob = { 3515 data: oid 3516 } 3517 try { 3518 let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 3519 } catch (err) { 3520 let e: BusinessError = err as BusinessError; 3521 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3522 } 3523 } 3524}); 3525``` 3526 3527 3528### checkCA<sup>10+</sup> 3529 3530checkCA() : number 3531 3532Checks whether the certificate is a CA certificate. 3533 3534**Atomic service API**: This API can be used in atomic services since API version 12. 3535 3536**System capability**: SystemCapability.Security.Cert 3537 3538**Return value** 3539 3540| Type | Description | 3541| ------ | ------------------------------------------------------------ | 3542| number | If the key purpose in the certificate extension contains signing and the CA field in the basic constraints is **true**, the certificate is a CA certificate. Returns **-1** if the certificate is not a CA certificate; returns the path length in the basic constraints otherwise. Returns **-2** if the certificate is a CA certificate but the path length is not specified in the basic constraints, which means the path length is not limited.| 3543 3544**Error codes** 3545 3546For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3547 3548| ID| Error Message | 3549| -------- | ----------------------- | 3550| 19020001 | memory malloc failed. | 3551| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3552| 19030001 | crypto operation error. | 3553 3554**Example** 3555 3556```ts 3557import { cert } from '@kit.DeviceCertificateKit'; 3558import { BusinessError } from '@kit.BasicServicesKit'; 3559 3560// Binary data of the certificate extension, which needs to be set to match your case. 3561let extData = new Uint8Array([ 3562 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3563 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3564 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3565 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3566 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3567 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3568 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3569 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3570 0xD9, 0xE4 3571]); 3572 3573let encodingBlob: cert.EncodingBlob = { 3574 data: extData, 3575 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 3576 encodingFormat: cert.EncodingFormat.FORMAT_DER 3577}; 3578cert.createCertExtension(encodingBlob, (error, certExt) => { 3579 if (error) { 3580 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3581 } else { 3582 console.log('createCertExtension success'); 3583 try { 3584 let res = certExt.checkCA(); 3585 } catch (err) { 3586 let e: BusinessError = err as BusinessError; 3587 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3588 } 3589 } 3590}); 3591``` 3592 3593### hasUnsupportedCriticalExtension<sup>11+</sup> 3594 3595hasUnsupportedCriticalExtension(): boolean 3596 3597Checks whether there is critical extension that is not supported. 3598 3599**Atomic service API**: This API can be used in atomic services since API version 12. 3600 3601**System capability**: SystemCapability.Security.Cert 3602 3603**Return value** 3604 3605| Type | Description | 3606| ------- | ------------------------------------------------------- | 3607| boolean | Returns **true** if unsupported critical extension is found; returns **false** otherwise.| 3608 3609**Error codes** 3610 3611For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3612 3613| ID| Error Message | 3614| -------- | ----------------------- | 3615| 19020001 | memory malloc failed. | 3616| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 3617| 19030001 | crypto operation error. | 3618 3619**Example** 3620 3621```ts 3622import { cert } from '@kit.DeviceCertificateKit'; 3623import { BusinessError } from '@kit.BasicServicesKit'; 3624 3625let encodingData = new Uint8Array([ 3626 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3627 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3628 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3629 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3630 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3631 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3632 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3633 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3634 0xD9, 0xE4 3635]); 3636let encodingBlob: cert.EncodingBlob = { 3637 data: new Uint8Array(encodingData), 3638 encodingFormat: cert.EncodingFormat.FORMAT_DER 3639}; 3640 3641cert.createCertExtension(encodingBlob).then((extensionObj) => { 3642 console.log('createCertExtension success!'); 3643 const result = extensionObj.hasUnsupportedCriticalExtension() 3644 console.log('has unsupported critical extension result is:' + result); 3645}).catch((err: BusinessError) => { 3646 console.error('createCertExtension failed'); 3647}); 3648``` 3649 3650## cert.createX509Crl<sup>(deprecated)</sup> 3651 3652createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 3653 3654Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 3655 3656> **NOTE** 3657> 3658> This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11) instead. 3659 3660**System capability**: SystemCapability.Security.Cert 3661 3662**Parameters** 3663 3664| Name | Type | Mandatory| Description | 3665| -------- | ----------------------------------- | ---- | ------------------------------ | 3666| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. | 3667| callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | Yes | Callback invoked to return the **X509Crl** instance created.| 3668 3669**Error codes** 3670 3671For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3672 3673| ID| Error Message | 3674| -------- | ------------- | 3675| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3676| 801 | this operation is not supported. | 3677| 19020001 | memory malloc failed. | 3678 3679**Example** 3680 3681```ts 3682import { cert } from '@kit.DeviceCertificateKit'; 3683 3684// Convert the string into a Uint8Array. 3685function stringToUint8Array(str: string): Uint8Array { 3686 let arr: Array<number> = []; 3687 for (let i = 0, j = str.length; i < j; i++) { 3688 arr.push(str.charCodeAt(i)); 3689 } 3690 return new Uint8Array(arr); 3691} 3692 3693let crlData = '-----BEGIN X509 CRL-----\n' + 3694 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3695 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3696 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3697 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3698 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3699 'eavsH0Q3\n' + 3700 '-----END X509 CRL-----\n'; 3701 3702// Binary data of the CRL, which needs to match your case. 3703let encodingBlob: cert.EncodingBlob = { 3704 data: stringToUint8Array(crlData), 3705 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3706 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3707}; 3708 3709cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3710 if (error) { 3711 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3712 } else { 3713 console.log('createX509Crl success'); 3714 } 3715}); 3716``` 3717 3718## cert.createX509Crl<sup>(deprecated)</sup> 3719 3720createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 3721 3722Creates an **X509Crl** instance. This API uses a promise to return the result. 3723 3724> **NOTE** 3725> 3726> This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11-1) instead. 3727 3728**System capability**: SystemCapability.Security.Cert 3729 3730**Parameters** 3731 3732| Name | Type | Mandatory| Description | 3733| -------- | ----------------------------- | ---- | -------------------------- | 3734| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 3735 3736**Return value** 3737 3738| Type | Description | 3739| ----------------------------- | -------------------- | 3740| Promise\<[X509Crl](#x509crldeprecated)> | **X509Crl** instance created.| 3741 3742**Error codes** 3743 3744For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3745 3746| ID| Error Message | 3747| -------- | ------------- | 3748| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3749| 801 | this operation is not supported. | 3750| 19020001 | memory malloc failed. | 3751 3752**Example** 3753 3754```ts 3755import { cert } from '@kit.DeviceCertificateKit'; 3756import { BusinessError } from '@kit.BasicServicesKit'; 3757 3758// Convert the string into a Uint8Array. 3759function stringToUint8Array(str: string): Uint8Array { 3760 let arr: Array<number> = []; 3761 for (let i = 0, j = str.length; i < j; i++) { 3762 arr.push(str.charCodeAt(i)); 3763 } 3764 return new Uint8Array(arr); 3765} 3766 3767let crlData = '-----BEGIN X509 CRL-----\n' + 3768 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3769 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3770 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3771 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3772 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3773 'eavsH0Q3\n' + 3774 '-----END X509 CRL-----\n'; 3775 3776// Binary data of the CRL, which needs to match your case. 3777let encodingBlob: cert.EncodingBlob = { 3778 data: stringToUint8Array(crlData), 3779 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3780 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3781}; 3782 3783cert.createX509Crl(encodingBlob).then(x509Crl => { 3784 console.log('createX509Crl success'); 3785}).catch((error: BusinessError) => { 3786 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3787}); 3788``` 3789 3790## cert.createX509CRL<sup>11+</sup> 3791 3792createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 3793 3794Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 3795 3796**Atomic service API**: This API can be used in atomic services since API version 12. 3797 3798**System capability**: SystemCapability.Security.Cert 3799 3800**Parameters** 3801 3802| Name | Type | Mandatory| Description | 3803| -------- | ------------------------------------- | ---- | ------------------------------ | 3804| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. The data length cannot exceed 8192 bytes. | 3805| callback | AsyncCallback\<[X509CRL](#x509crl11)> | Yes | Callback invoked to return the **X509Crl** instance created.| 3806 3807**Error codes** 3808 3809For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3810 3811| ID| Error Message | 3812| -------- | ------------- | 3813| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3814| 801 | this operation is not supported. | 3815| 19020001 | memory malloc failed. | 3816 3817**Example** 3818 3819```ts 3820import { cert } from '@kit.DeviceCertificateKit'; 3821 3822// Convert the string into a Uint8Array. 3823function stringToUint8Array(str: string): Uint8Array { 3824 let arr: Array<number> = []; 3825 for (let i = 0, j = str.length; i < j; i++) { 3826 arr.push(str.charCodeAt(i)); 3827 } 3828 return new Uint8Array(arr); 3829} 3830 3831let crlData = '-----BEGIN X509 CRL-----\n' + 3832 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3833 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3834 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3835 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3836 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3837 'eavsH0Q3\n' + 3838 '-----END X509 CRL-----\n'; 3839 3840// Binary data of the CRL, which needs to match your case. 3841let encodingBlob: cert.EncodingBlob = { 3842 data: stringToUint8Array(crlData), 3843 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3844 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3845}; 3846 3847cert.createX509CRL(encodingBlob, (error, X509CRL) => { 3848 if (error) { 3849 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3850 } else { 3851 console.log('createX509CRL success'); 3852 } 3853}); 3854``` 3855 3856## cert.createX509CRL<sup>11+</sup> 3857 3858createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 3859 3860Creates an **X509Crl** instance. This API uses a promise to return the result. 3861 3862**Atomic service API**: This API can be used in atomic services since API version 12. 3863 3864**System capability**: SystemCapability.Security.Cert 3865 3866**Parameters** 3867 3868| Name | Type | Mandatory| Description | 3869| -------- | ----------------------------- | ---- | -------------------------- | 3870| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. The data length cannot exceed 8192 bytes.| 3871 3872**Return value** 3873 3874| Type | Description | 3875| ------------------------------- | -------------------- | 3876| Promise\<[X509CRL](#x509crl11)> | **X509Crl** instance created.| 3877 3878**Error codes** 3879 3880For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3881 3882| ID| Error Message | 3883| -------- | ------------- | 3884| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3885| 801 | this operation is not supported. | 3886| 19020001 | memory malloc failed. | 3887 3888**Example** 3889 3890```ts 3891import { cert } from '@kit.DeviceCertificateKit'; 3892import { BusinessError } from '@kit.BasicServicesKit'; 3893 3894// Convert the string into a Uint8Array. 3895function stringToUint8Array(str: string): Uint8Array { 3896 let arr: Array<number> = []; 3897 for (let i = 0, j = str.length; i < j; i++) { 3898 arr.push(str.charCodeAt(i)); 3899 } 3900 return new Uint8Array(arr); 3901} 3902 3903let crlData = '-----BEGIN X509 CRL-----\n' + 3904 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3905 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3906 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3907 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3908 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3909 'eavsH0Q3\n' + 3910 '-----END X509 CRL-----\n'; 3911 3912// Binary data of the CRL, which needs to match your case. 3913let encodingBlob: cert.EncodingBlob = { 3914 data: stringToUint8Array(crlData), 3915 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 3916 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3917}; 3918 3919cert.createX509CRL(encodingBlob).then(X509CRL => { 3920 console.log('createX509CRL success'); 3921}).catch((error: BusinessError) => { 3922 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3923}); 3924``` 3925 3926## X509Crl<sup>(deprecated)</sup> 3927 3928Provides APIs for X.509 certificate CRL operations. 3929 3930> **NOTE** 3931> 3932> This API is deprecated since API version 11. Use [X509CRL](#x509crl11) instead. 3933 3934### isRevoked<sup>(deprecated)</sup> 3935 3936isRevoked(cert : X509Cert) : boolean 3937 3938Checks whether an X.509 certificate is revoked. 3939 3940> **NOTE** 3941> 3942> This API is deprecated since API version 11. Use [X509CRL.isRevoked](#isrevoked11) instead. 3943 3944**System capability**: SystemCapability.Security.Cert 3945 3946**Parameters** 3947 3948| Name| Type | Mandatory| Description | 3949| ------ | -------- | ---- | -------------------- | 3950| cert | X509Cert | Yes | X.509 certificate to check.| 3951 3952**Return value** 3953 3954| Type | Description | 3955| --------- | --------------------------------------------- | 3956| boolean | Whether the certificate is revoked. The value **true** indicates that the certificate is revoked, and **false** indicates the opposite.| 3957 3958**Error codes** 3959 3960For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 3961 3962| ID| Error Message | 3963| -------- | ------------- | 3964| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3965 3966**Example** 3967 3968```ts 3969import { cert } from '@kit.DeviceCertificateKit'; 3970import { BusinessError } from '@kit.BasicServicesKit'; 3971 3972// Convert the string into a Uint8Array. 3973function stringToUint8Array(str: string): Uint8Array { 3974 let arr: Array<number> = []; 3975 for (let i = 0, j = str.length; i < j; i++) { 3976 arr.push(str.charCodeAt(i)); 3977 } 3978 return new Uint8Array(arr); 3979} 3980 3981let crlData = '-----BEGIN X509 CRL-----\n' + 3982 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3983 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3984 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3985 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3986 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3987 'eavsH0Q3\n' + 3988 '-----END X509 CRL-----\n'; 3989 3990let certData = '-----BEGIN CERTIFICATE-----\n' + 3991 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 3992 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 3993 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 3994 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 3995 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 3996 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 3997 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 3998 '-----END CERTIFICATE-----\n'; 3999 4000// Binary data of the CRL, which needs to match your case. 4001let encodingBlob: cert.EncodingBlob = { 4002 data: stringToUint8Array(crlData), 4003 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4004 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4005}; 4006 4007let certEncodingBlob: cert.EncodingBlob = { 4008 data: stringToUint8Array(certData), 4009 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4010 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4011}; 4012 4013cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4014 if (error) { 4015 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4016 } else { 4017 console.log('createX509Crl success'); 4018 // Create an X509Cert instance. 4019 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 4020 if (error) { 4021 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4022 } else { 4023 try { 4024 let revokedFlag = x509Crl.isRevoked(x509Cert); 4025 } catch (error) { 4026 let e: BusinessError = error as BusinessError; 4027 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4028 } 4029 } 4030 }); 4031 } 4032}); 4033``` 4034 4035### getType<sup>(deprecated)</sup> 4036 4037getType() : string 4038 4039Obtains the CRL type. 4040 4041> **NOTE** 4042> 4043> This API is deprecated since API version 11. Use [X509CRL.getType](#gettype11) instead. 4044 4045**System capability**: SystemCapability.Security.Cert 4046 4047**Return value** 4048 4049| Type | Description | 4050| ------ | -------------------- | 4051| string | CRL type obtained.| 4052 4053**Example** 4054 4055```ts 4056import { cert } from '@kit.DeviceCertificateKit'; 4057 4058// Convert the string into a Uint8Array. 4059function stringToUint8Array(str: string): Uint8Array { 4060 let arr: Array<number> = []; 4061 for (let i = 0, j = str.length; i < j; i++) { 4062 arr.push(str.charCodeAt(i)); 4063 } 4064 return new Uint8Array(arr); 4065} 4066 4067let crlData = '-----BEGIN X509 CRL-----\n' + 4068 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4069 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4070 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4071 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4072 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4073 'eavsH0Q3\n' + 4074 '-----END X509 CRL-----\n'; 4075 4076// Binary data of the CRL, which needs to match your case. 4077let encodingBlob: cert.EncodingBlob = { 4078 data: stringToUint8Array(crlData), 4079 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4080 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4081}; 4082 4083cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4084 if (error) { 4085 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4086 } else { 4087 console.log('createX509Crl success'); 4088 let type = x509Crl.getType(); 4089 } 4090}); 4091``` 4092 4093### getEncoded<sup>(deprecated)</sup> 4094 4095getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 4096 4097Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 4098 4099> **NOTE** 4100> 4101> This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11) instead. 4102 4103**System capability**: SystemCapability.Security.Cert 4104 4105**Parameters** 4106 4107| Name | Type | Mandatory| Description | 4108| -------- | ---------------------------- | ---- | ------------------------------------------ | 4109| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 4110 4111**Error codes** 4112 4113For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4114 4115| ID| Error Message | 4116| -------- | ----------------------- | 4117| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4118| 19020001 | memory malloc failed. | 4119| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 4120| 19030001 | crypto operation error. | 4121 4122**Example** 4123 4124```ts 4125import { cert } from '@kit.DeviceCertificateKit'; 4126 4127// Convert the string into a Uint8Array. 4128function stringToUint8Array(str: string): Uint8Array { 4129 let arr: Array<number> = []; 4130 for (let i = 0, j = str.length; i < j; i++) { 4131 arr.push(str.charCodeAt(i)); 4132 } 4133 return new Uint8Array(arr); 4134} 4135 4136let crlData = '-----BEGIN X509 CRL-----\n' + 4137 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4138 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4139 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4140 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4141 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4142 'eavsH0Q3\n' + 4143 '-----END X509 CRL-----\n'; 4144 4145// Binary data of the CRL, which needs to match your case. 4146let encodingBlob: cert.EncodingBlob = { 4147 data: stringToUint8Array(crlData), 4148 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4149 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4150}; 4151 4152cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4153 if (error) { 4154 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4155 } else { 4156 console.log('createX509Crl success'); 4157 x509Crl.getEncoded((error, data) => { 4158 if (error) { 4159 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4160 } else { 4161 console.log('getEncoded success'); 4162 } 4163 }); 4164 } 4165}); 4166``` 4167 4168### getEncoded<sup>(deprecated)</sup> 4169 4170getEncoded() : Promise\<EncodingBlob> 4171 4172Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 4173 4174> **NOTE** 4175> 4176> This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11-1) instead. 4177 4178**System capability**: SystemCapability.Security.Cert 4179 4180**Return value** 4181 4182| Type | Description | 4183| ---------------------- | -------------------------------- | 4184| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 CRL data obtained.| 4185 4186**Error codes** 4187 4188For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4189 4190| ID| Error Message | 4191| -------- | ----------------------- | 4192| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4193| 19020001 | memory malloc failed. | 4194| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 4195| 19030001 | crypto operation error. | 4196 4197**Example** 4198 4199```ts 4200import { cert } from '@kit.DeviceCertificateKit'; 4201import { BusinessError } from '@kit.BasicServicesKit'; 4202 4203// Convert the string into a Uint8Array. 4204function stringToUint8Array(str: string): Uint8Array { 4205 let arr: Array<number> = []; 4206 for (let i = 0, j = str.length; i < j; i++) { 4207 arr.push(str.charCodeAt(i)); 4208 } 4209 return new Uint8Array(arr); 4210} 4211 4212let crlData = '-----BEGIN X509 CRL-----\n' + 4213 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4214 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4215 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4216 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4217 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4218 'eavsH0Q3\n' + 4219 '-----END X509 CRL-----\n'; 4220 4221// Binary data of the CRL, which needs to match your case. 4222let encodingBlob: cert.EncodingBlob = { 4223 data: stringToUint8Array(crlData), 4224 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4226}; 4227 4228cert.createX509Crl(encodingBlob).then(x509Crl => { 4229 console.log('createX509Crl success'); 4230 x509Crl.getEncoded().then(result => { 4231 console.log('getEncoded success'); 4232 }).catch((error: BusinessError) => { 4233 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4234 }); 4235}).catch((error: BusinessError) => { 4236 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4237}); 4238``` 4239 4240### verify<sup>(deprecated)</sup> 4241 4242verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 4243 4244Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 4245 4246> **NOTE** 4247> 4248> This API is deprecated since API version 11. Use [X509CRL.verify](#verify11) instead. 4249 4250**System capability**: SystemCapability.Security.Cert 4251 4252**Parameters** 4253 4254| Name | Type | Mandatory| Description | 4255| -------- | -------------------- | ---- | ------------------------------------------------------------ | 4256| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 4257| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 4258 4259**Error codes** 4260 4261For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4262 4263| ID| Error Message | 4264| -------- | ----------------------- | 4265| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4266| 19030001 | crypto operation error. | 4267 4268**Example** 4269 4270```ts 4271import { cert } from '@kit.DeviceCertificateKit'; 4272import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 4273import { BusinessError } from '@kit.BasicServicesKit'; 4274 4275// Convert the string into a Uint8Array. 4276function stringToUint8Array(str: string): Uint8Array { 4277 let arr: Array<number> = []; 4278 for (let i = 0, j = str.length; i < j; i++) { 4279 arr.push(str.charCodeAt(i)); 4280 } 4281 return new Uint8Array(arr); 4282} 4283 4284let crlData = '-----BEGIN X509 CRL-----\n' + 4285 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4286 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4287 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4288 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4289 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4290 'eavsH0Q3\n' + 4291 '-----END X509 CRL-----\n'; 4292 4293let pubKeyData = new Uint8Array([ 4294 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4295 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4296 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4297 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4298 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4299 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4300 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4301 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4302 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4303 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4304 0x00, 0x01 4305]); 4306 4307let priKeyData = new Uint8Array([ 4308 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4309 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4310 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4311 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4312 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4313 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4314 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4315 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4316 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4317 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4318 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4319 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4320 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4321 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4322 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4323 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4324 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4325 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4326 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4327 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4328 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4329 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4330 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4331 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4332 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4333 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4334 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4335 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4336 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4337 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4338 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4339 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4340 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4341 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4342 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4343 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4344 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4345 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4346 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4347 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4348]); 4349 4350// Binary data of the CRL, which needs to match your case. 4351let encodingBlob: cert.EncodingBlob = { 4352 data: stringToUint8Array(crlData), 4353 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4354 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4355}; 4356 4357cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4358 if (error) { 4359 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4360 } else { 4361 console.log('createX509Crl success'); 4362 try { 4363 // Generate the public key by AsyKeyGenerator. 4364 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4365 console.log('createAsyKeyGenerator success'); 4366 let priEncodingBlob: cryptoFramework.DataBlob = { 4367 data: priKeyData, 4368 }; 4369 let pubEncodingBlob: cryptoFramework.DataBlob = { 4370 data: pubKeyData, 4371 }; 4372 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 4373 if (e) { 4374 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 4375 } else { 4376 console.log('convert key success'); 4377 x509Crl.verify(keyPair.pubKey, (err, data) => { 4378 if (err) { 4379 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4380 } else { 4381 console.log('verify success'); 4382 } 4383 }); 4384 } 4385 }) 4386 } catch (error) { 4387 let e: BusinessError = error as BusinessError; 4388 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4389 } 4390 } 4391}); 4392``` 4393 4394### verify<sup>(deprecated)</sup> 4395 4396verify(key : cryptoFramework.PubKey) : Promise\<void> 4397 4398Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 4399 4400> **NOTE** 4401> 4402> This API is deprecated since API version 11. Use [X509CRL.verify](#verify11-1) instead. 4403 4404**System capability**: SystemCapability.Security.Cert 4405 4406**Parameters** 4407 4408| Name| Type | Mandatory| Description | 4409| ------ | ------ | ---- | ---------------------- | 4410| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 4411 4412**Return value** 4413 4414| Type| Description | 4415| ---- | ------------------------------------------------------------ | 4416| Promise\<void> | Promise used to return| 4417 4418**Error codes** 4419 4420For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4421 4422| ID| Error Message | 4423| -------- | ----------------------- | 4424| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4425| 19030001 | crypto operation error. | 4426 4427**Example** 4428 4429```ts 4430import { cert } from '@kit.DeviceCertificateKit'; 4431import { cryptoFramework } from '@kit.CryptoArchitectureKit' 4432import { BusinessError } from '@kit.BasicServicesKit'; 4433 4434// Convert the string into a Uint8Array. 4435function stringToUint8Array(str: string): Uint8Array { 4436 let arr: Array<number> = []; 4437 for (let i = 0, j = str.length; i < j; i++) { 4438 arr.push(str.charCodeAt(i)); 4439 } 4440 return new Uint8Array(arr); 4441} 4442 4443let crlData = '-----BEGIN X509 CRL-----\n' + 4444 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4445 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4446 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4447 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4448 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4449 'eavsH0Q3\n' + 4450 '-----END X509 CRL-----\n'; 4451 4452let pubKeyData = new Uint8Array([ 4453 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4454 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4455 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4456 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4457 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4458 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4459 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4460 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4461 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4462 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4463 0x00, 0x01 4464]); 4465 4466let priKeyData = new Uint8Array([ 4467 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4468 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4469 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4470 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4471 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4472 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4473 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4474 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4475 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4476 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4477 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4478 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4479 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4480 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4481 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4482 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4483 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4484 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4485 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4486 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4487 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4488 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4489 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4490 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4491 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4492 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4493 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4494 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4495 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4496 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4497 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4498 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4499 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4500 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4501 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4502 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4503 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4504 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4505 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4506 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4507]); 4508 4509// Binary data of the CRL, which needs to match your case. 4510let encodingBlob: cert.EncodingBlob = { 4511 data: stringToUint8Array(crlData), 4512 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4513 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4514}; 4515 4516cert.createX509Crl(encodingBlob).then(x509Crl => { 4517 console.log('createX509Crl success'); 4518 4519 try { 4520 // Generate a public key object. 4521 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4522 console.log('createAsyKeyGenerator success'); 4523 let priEncodingBlob: cryptoFramework.DataBlob = { 4524 data: priKeyData, 4525 }; 4526 let pubEncodingBlob: cryptoFramework.DataBlob = { 4527 data: pubKeyData, 4528 }; 4529 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4530 console.log('convert key success'); 4531 x509Crl.verify(keyPair.pubKey).then(result => { 4532 console.log('verify success'); 4533 }).catch((error: BusinessError) => { 4534 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4535 }); 4536 }).catch((error: BusinessError) => { 4537 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4538 }); 4539 } catch (error) { 4540 let e: BusinessError = error as BusinessError; 4541 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4542 } 4543}).catch((error: BusinessError) => { 4544 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4545}); 4546``` 4547 4548### getVersion<sup>(deprecated)</sup> 4549 4550getVersion() : number 4551 4552Obtains the version of the X.509 CRL. 4553 4554> **NOTE** 4555> 4556> This API is deprecated since API version 11. Use [X509CRL.getVersion](#getversion11) instead. 4557 4558**System capability**: SystemCapability.Security.Cert 4559 4560**Return value** 4561 4562| Type | Description | 4563| ------ | -------------------------------- | 4564| number | Obtains the version of the X.509 CRL.| 4565 4566**Example** 4567 4568```ts 4569import { cert } from '@kit.DeviceCertificateKit'; 4570 4571// Convert the string into a Uint8Array. 4572function stringToUint8Array(str: string): Uint8Array { 4573 let arr: Array<number> = []; 4574 for (let i = 0, j = str.length; i < j; i++) { 4575 arr.push(str.charCodeAt(i)); 4576 } 4577 return new Uint8Array(arr); 4578} 4579 4580let crlData = '-----BEGIN X509 CRL-----\n' + 4581 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4582 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4583 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4584 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4585 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4586 'eavsH0Q3\n' + 4587 '-----END X509 CRL-----\n'; 4588 4589// Binary data of the CRL, which needs to match your case. 4590let encodingBlob: cert.EncodingBlob = { 4591 data: stringToUint8Array(crlData), 4592 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4593 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4594}; 4595 4596cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4597 if (error) { 4598 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4599 } else { 4600 console.log('createX509Crl success'); 4601 let version = x509Crl.getVersion(); 4602 } 4603}); 4604``` 4605 4606### getIssuerName<sup>(deprecated)</sup> 4607 4608getIssuerName() : DataBlob 4609 4610Obtains the issuer of the X.509 CRL. 4611 4612> **NOTE** 4613> 4614> This API is deprecated since API version 11. Use [X509CRL.getIssuerName](#getissuername11) instead. 4615 4616**System capability**: SystemCapability.Security.Cert 4617 4618**Return value** 4619 4620| Type | Description | 4621| --------------------- | ------------------------------ | 4622| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 4623 4624**Error codes** 4625 4626For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4627 4628| ID| Error Message | 4629| -------- | ----------------------- | 4630| 19020001 | memory malloc failed. | 4631| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 4632| 19030001 | crypto operation error. | 4633 4634**Example** 4635 4636```ts 4637import { cert } from '@kit.DeviceCertificateKit'; 4638import { BusinessError } from '@kit.BasicServicesKit'; 4639 4640// Convert the string into a Uint8Array. 4641function stringToUint8Array(str: string): Uint8Array { 4642 let arr: Array<number> = []; 4643 for (let i = 0, j = str.length; i < j; i++) { 4644 arr.push(str.charCodeAt(i)); 4645 } 4646 return new Uint8Array(arr); 4647} 4648 4649let crlData = '-----BEGIN X509 CRL-----\n' + 4650 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4651 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4652 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4653 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4654 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4655 'eavsH0Q3\n' + 4656 '-----END X509 CRL-----\n'; 4657 4658// Binary data of the CRL, which needs to match your case. 4659let encodingBlob: cert.EncodingBlob = { 4660 data: stringToUint8Array(crlData), 4661 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4662 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4663}; 4664 4665cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4666 if (error) { 4667 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4668 } else { 4669 console.log('createX509Crl success'); 4670 try { 4671 let issuerName = x509Crl.getIssuerName(); 4672 } catch (err) { 4673 let e: BusinessError = err as BusinessError; 4674 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4675 } 4676 } 4677}); 4678``` 4679 4680### getLastUpdate<sup>(deprecated)</sup> 4681 4682getLastUpdate() : string 4683 4684Obtains the last update date of this X.509 CRL. 4685 4686> **NOTE** 4687> 4688> This API is deprecated since API version 11. Use [X509CRL.getLastUpdate](#getlastupdate11) instead. 4689 4690**System capability**: SystemCapability.Security.Cert 4691 4692**Return value** 4693 4694| Type | Description | 4695| ------ | ------------------------------------ | 4696| string | Last update date of the X.509 CRL, in ASN.1 format.| 4697 4698**Error codes** 4699 4700For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4701 4702| ID| Error Message | 4703| -------- | ----------------------- | 4704| 19020001 | memory malloc failed. | 4705| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 4706| 19030001 | crypto operation error. | 4707 4708**Example** 4709 4710```ts 4711import { cert } from '@kit.DeviceCertificateKit'; 4712import { BusinessError } from '@kit.BasicServicesKit'; 4713 4714// Convert the string into a Uint8Array. 4715function stringToUint8Array(str: string): Uint8Array { 4716 let arr: Array<number> = []; 4717 for (let i = 0, j = str.length; i < j; i++) { 4718 arr.push(str.charCodeAt(i)); 4719 } 4720 return new Uint8Array(arr); 4721} 4722 4723let crlData = '-----BEGIN X509 CRL-----\n' + 4724 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4725 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4726 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4727 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4728 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4729 'eavsH0Q3\n' + 4730 '-----END X509 CRL-----\n'; 4731 4732// Binary data of the CRL, which needs to match your case. 4733let encodingBlob: cert.EncodingBlob = { 4734 data: stringToUint8Array(crlData), 4735 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4736 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4737}; 4738 4739cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4740 if (error) { 4741 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4742 } else { 4743 console.log('createX509Crl success'); 4744 try { 4745 let lastUpdate = x509Crl.getLastUpdate(); 4746 } catch (err) { 4747 let e: BusinessError = err as BusinessError; 4748 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4749 } 4750 } 4751}); 4752``` 4753 4754### getNextUpdate<sup>(deprecated)</sup> 4755 4756getNextUpdate() : string 4757 4758Obtains the next update date of this CRL. 4759 4760> **NOTE** 4761> 4762> This API is deprecated since API version 11. Use [X509CRL.getNextUpdate](#getnextupdate11) instead. 4763 4764**System capability**: SystemCapability.Security.Cert 4765 4766**Return value** 4767 4768| Type | Description | 4769| ------ | ------------------------------------ | 4770| string | Next update date of the CRL, in ASN.1 format.| 4771 4772**Error codes** 4773 4774For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4775 4776| ID| Error Message | 4777| -------- | ----------------------- | 4778| 19020001 | memory malloc failed. | 4779| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 4780| 19030001 | crypto operation error. | 4781 4782**Example** 4783 4784```ts 4785import { cert } from '@kit.DeviceCertificateKit'; 4786import { BusinessError } from '@kit.BasicServicesKit'; 4787 4788// Convert the string into a Uint8Array. 4789function stringToUint8Array(str: string): Uint8Array { 4790 let arr: Array<number> = []; 4791 for (let i = 0, j = str.length; i < j; i++) { 4792 arr.push(str.charCodeAt(i)); 4793 } 4794 return new Uint8Array(arr); 4795} 4796 4797let crlData = '-----BEGIN X509 CRL-----\n' + 4798 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4799 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4800 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4801 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4802 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4803 'eavsH0Q3\n' + 4804 '-----END X509 CRL-----\n'; 4805 4806// Binary data of the CRL, which needs to match your case. 4807let encodingBlob: cert.EncodingBlob = { 4808 data: stringToUint8Array(crlData), 4809 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4810 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4811}; 4812 4813cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4814 if (error) { 4815 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4816 } else { 4817 console.log('createX509Crl success'); 4818 try { 4819 let nextUpdate = x509Crl.getNextUpdate(); 4820 } catch (err) { 4821 let e: BusinessError = err as BusinessError; 4822 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4823 } 4824 } 4825}); 4826``` 4827 4828### getRevokedCert<sup>(deprecated)</sup> 4829 4830getRevokedCert(serialNumber : number) : X509CrlEntry 4831 4832Obtains the revoked X.509 certificate based on the specified serial number of the certificate. 4833 4834> **NOTE** 4835> 4836> This API is deprecated since API version 11. Use [X509CRL.getRevokedCert](#getrevokedcert11) instead. 4837 4838**System capability**: SystemCapability.Security.Cert 4839 4840**Parameters** 4841 4842| Name | Type | Mandatory| Description | 4843| ------------ | ------ | ---- | -------------- | 4844| serialNumber | number | Yes | Serial number of the certificate.| 4845 4846**Return value** 4847 4848| Type | Description | 4849| ---------------------- | --------------------- | 4850| [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| 4851 4852**Error codes** 4853 4854For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4855 4856| ID| Error Message | 4857| -------- | ----------------------- | 4858| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4859| 19020001 | memory malloc failed. | 4860| 19030001 | crypto operation error. | 4861 4862**Example** 4863 4864```ts 4865import { cert } from '@kit.DeviceCertificateKit'; 4866import { BusinessError } from '@kit.BasicServicesKit'; 4867 4868// Convert the string into a Uint8Array. 4869function stringToUint8Array(str: string): Uint8Array { 4870 let arr: Array<number> = []; 4871 for (let i = 0, j = str.length; i < j; i++) { 4872 arr.push(str.charCodeAt(i)); 4873 } 4874 return new Uint8Array(arr); 4875} 4876 4877let crlData = '-----BEGIN X509 CRL-----\n' + 4878 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4879 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4880 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4881 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4882 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4883 'eavsH0Q3\n' + 4884 '-----END X509 CRL-----\n'; 4885 4886// Binary data of the CRL, which needs to match your case. 4887let encodingBlob: cert.EncodingBlob = { 4888 data: stringToUint8Array(crlData), 4889 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4890 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4891}; 4892 4893cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4894 if (error) { 4895 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4896 } else { 4897 console.log('createX509Crl success'); 4898 let serialNumber = 1000; 4899 try { 4900 let entry = x509Crl.getRevokedCert(serialNumber); 4901 } catch (error) { 4902 let e: BusinessError = error as BusinessError; 4903 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4904 } 4905 } 4906}); 4907``` 4908 4909### getRevokedCertWithCert<sup>(deprecated)</sup> 4910 4911getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 4912 4913Obtains the revoked X.509 certificate based on the specified certificate. 4914 4915> **NOTE** 4916> 4917> This API is deprecated since API version 11. Use [X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11) instead. 4918 4919**System capability**: SystemCapability.Security.Cert 4920 4921**Parameters** 4922 4923| Name| Type | Mandatory| Description | 4924| ------ | --------------------- | ---- | ------------ | 4925| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 4926 4927**Return value** 4928 4929| Type | Description | 4930| ------------ | -------------------- | 4931| [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| 4932 4933**Error codes** 4934 4935For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 4936 4937| ID| Error Message | 4938| -------- | ----------------------- | 4939| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4940| 19020001 | memory malloc failed. | 4941| 19030001 | crypto operation error. | 4942 4943**Example** 4944 4945```ts 4946import { cert } from '@kit.DeviceCertificateKit'; 4947import { BusinessError } from '@kit.BasicServicesKit'; 4948 4949// Convert the string into a Uint8Array. 4950function stringToUint8Array(str: string): Uint8Array { 4951 let arr: Array<number> = []; 4952 for (let i = 0, j = str.length; i < j; i++) { 4953 arr.push(str.charCodeAt(i)); 4954 } 4955 return new Uint8Array(arr); 4956} 4957 4958let crlData = '-----BEGIN X509 CRL-----\n' + 4959 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 4960 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 4961 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 4962 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 4963 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 4964 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 4965 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 4966 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 4967 '+i2osvdPWRia0dJCL1PCA14k\n' + 4968 '-----END X509 CRL-----\n'; 4969 4970// Certificate binary data, which needs to match your case. 4971let certData = '-----BEGIN CERTIFICATE-----\n' + 4972 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 4973 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 4974 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 4975 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 4976 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 4977 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 4978 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 4979 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 4980 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 4981 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 4982 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 4983 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 4984 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 4985 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 4986 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 4987 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 4988 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 4989 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 4990 '-----END CERTIFICATE-----\n'; 4991 4992let certEncodingBlob: cert.EncodingBlob = { 4993 data: stringToUint8Array(certData), 4994 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 4995 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4996}; 4997 4998// Binary data of the CRL, which needs to match your case. 4999let encodingBlob: cert.EncodingBlob = { 5000 data: stringToUint8Array(crlData), 5001 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5002 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5003}; 5004 5005cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5006 if (error) { 5007 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5008 } else { 5009 console.log('createX509Crl success'); 5010 // Create an X.509 certificate object. 5011 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 5012 try { 5013 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 5014 console.log('getRevokedCertWithCert success'); 5015 } catch (error) { 5016 let e: BusinessError = error as BusinessError; 5017 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5018 } 5019 }).catch((error: BusinessError) => { 5020 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5021 }) 5022 } 5023}); 5024``` 5025 5026### getRevokedCerts<sup>(deprecated)</sup> 5027 5028getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 5029 5030Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 5031 5032> **NOTE** 5033> 5034> This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11) instead. 5035 5036**System capability**: SystemCapability.Security.Cert 5037 5038**Parameters** 5039 5040| Name | Type | Mandatory| Description | 5041| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 5042| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | Yes | Callback invoked to return the revoked X.509 certificates obtained.| 5043 5044**Error codes** 5045 5046For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5047 5048| ID| Error Message | 5049| -------- | ----------------------- | 5050| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5051| 19020001 | memory malloc failed. | 5052| 19030001 | crypto operation error. | 5053 5054**Example** 5055 5056```ts 5057import { cert } from '@kit.DeviceCertificateKit'; 5058import { BusinessError } from '@kit.BasicServicesKit'; 5059 5060// Convert the string into a Uint8Array. 5061function stringToUint8Array(str: string): Uint8Array { 5062 let arr: Array<number> = []; 5063 for (let i = 0, j = str.length; i < j; i++) { 5064 arr.push(str.charCodeAt(i)); 5065 } 5066 return new Uint8Array(arr); 5067} 5068 5069let crlData = '-----BEGIN X509 CRL-----\n' + 5070 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5071 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5072 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5073 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5074 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5075 'eavsH0Q3\n' + 5076 '-----END X509 CRL-----\n'; 5077 5078// Binary data of the CRL, which needs to match your case. 5079let encodingBlob: cert.EncodingBlob = { 5080 data: stringToUint8Array(crlData), 5081 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5082 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5083}; 5084 5085cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5086 if (error) { 5087 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5088 } else { 5089 console.log('createX509Crl success'); 5090 x509Crl.getRevokedCerts((error, array) => { 5091 if (error) { 5092 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5093 } else { 5094 console.log('getRevokedCerts success'); 5095 } 5096 }); 5097 } 5098}); 5099``` 5100 5101### getRevokedCerts<sup>(deprecated)</sup> 5102 5103getRevokedCerts() : Promise<Array\<X509CrlEntry>> 5104 5105Obtains the revoked X.509 certificates. This API uses a promise to return the result. 5106 5107> **NOTE** 5108> 5109> This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11-1) instead. 5110 5111**System capability**: SystemCapability.Security.Cert 5112 5113**Return value** 5114 5115| Type | Description | 5116| ---------------------------------------------- | ---------------------- | 5117| Promise<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | A list of revoked X.509 certificates.| 5118 5119**Error codes** 5120 5121For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5122 5123| ID| Error Message | 5124| -------- | ----------------------- | 5125| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5126| 19020001 | memory malloc failed. | 5127| 19030001 | crypto operation error. | 5128 5129**Example** 5130 5131```ts 5132import { cert } from '@kit.DeviceCertificateKit'; 5133import { BusinessError } from '@kit.BasicServicesKit'; 5134 5135// Convert the string into a Uint8Array. 5136function stringToUint8Array(str: string): Uint8Array { 5137 let arr: Array<number> = []; 5138 for (let i = 0, j = str.length; i < j; i++) { 5139 arr.push(str.charCodeAt(i)); 5140 } 5141 return new Uint8Array(arr); 5142} 5143 5144let crlData = '-----BEGIN X509 CRL-----\n' + 5145 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5146 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5147 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5148 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5149 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5150 'eavsH0Q3\n' + 5151 '-----END X509 CRL-----\n'; 5152 5153// Binary data of the CRL, which needs to match your case. 5154let encodingBlob: cert.EncodingBlob = { 5155 data: stringToUint8Array(crlData), 5156 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5157 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5158}; 5159 5160cert.createX509Crl(encodingBlob).then(x509Crl => { 5161 console.log('createX509Crl success'); 5162 x509Crl.getRevokedCerts().then(array => { 5163 console.log('getRevokedCerts success'); 5164 }).catch((error: BusinessError) => { 5165 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5166 }); 5167}).catch((error: BusinessError) => { 5168 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5169}); 5170``` 5171 5172### getTbsInfo<sup>(deprecated)</sup> 5173 5174getTbsInfo() : DataBlob 5175 5176Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. 5177 5178> **NOTE** 5179> 5180> This API is deprecated since API version 11. Use [X509CRL.getTBSInfo](#gettbsinfo11) instead. 5181 5182**System capability**: SystemCapability.Security.Cert 5183 5184**Return value** 5185 5186| Type | Description | 5187| --------------------- | ------------------------------- | 5188| [DataBlob](#datablob) | **tbsCertList** information obtained.| 5189 5190**Error codes** 5191 5192For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5193 5194| ID| Error Message | 5195| -------- | ----------------------- | 5196| 19020001 | memory malloc failed. | 5197| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5198| 19030001 | crypto operation error. | 5199 5200**Example** 5201 5202```ts 5203import { cert } from '@kit.DeviceCertificateKit'; 5204import { BusinessError } from '@kit.BasicServicesKit'; 5205 5206// Convert the string into a Uint8Array. 5207function stringToUint8Array(str: string): Uint8Array { 5208 let arr: Array<number> = []; 5209 for (let i = 0, j = str.length; i < j; i++) { 5210 arr.push(str.charCodeAt(i)); 5211 } 5212 return new Uint8Array(arr); 5213} 5214 5215let crlData = '-----BEGIN X509 CRL-----\n' + 5216 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5217 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5218 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5219 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5220 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5221 'eavsH0Q3\n' + 5222 '-----END X509 CRL-----\n'; 5223 5224// Binary data of the CRL, which needs to match your case. 5225let encodingBlob: cert.EncodingBlob = { 5226 data: stringToUint8Array(crlData), 5227 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5228 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5229}; 5230 5231cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5232 if (error) { 5233 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5234 } else { 5235 console.log('createX509Crl success'); 5236 try { 5237 let tbsInfo = x509Crl.getTbsInfo(); 5238 } catch (error) { 5239 let e: BusinessError = error as BusinessError; 5240 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5241 } 5242 } 5243}); 5244``` 5245 5246### getSignature<sup>(deprecated)</sup> 5247 5248getSignature() : DataBlob 5249 5250Obtains the signature data of the X.509 CRL. 5251 5252> **NOTE** 5253> 5254> This API is deprecated since API version 11. Use [X509CRL.getSignature](#getsignature11) instead. 5255 5256**System capability**: SystemCapability.Security.Cert 5257 5258**Return value** 5259 5260| Type | Description | 5261| --------------------- | ------------------------------ | 5262| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 5263 5264**Error codes** 5265 5266For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5267 5268| ID| Error Message | 5269| -------- | ----------------------- | 5270| 19020001 | memory malloc failed. | 5271| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5272| 19030001 | crypto operation error. | 5273 5274**Example** 5275 5276```ts 5277import { cert } from '@kit.DeviceCertificateKit'; 5278import { BusinessError } from '@kit.BasicServicesKit'; 5279 5280// Convert the string into a Uint8Array. 5281function stringToUint8Array(str: string): Uint8Array { 5282 let arr: Array<number> = []; 5283 for (let i = 0, j = str.length; i < j; i++) { 5284 arr.push(str.charCodeAt(i)); 5285 } 5286 return new Uint8Array(arr); 5287} 5288 5289let crlData = '-----BEGIN X509 CRL-----\n' + 5290 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5291 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5292 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5293 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5294 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5295 'eavsH0Q3\n' + 5296 '-----END X509 CRL-----\n'; 5297 5298// Binary data of the CRL, which needs to match your case. 5299let encodingBlob: cert.EncodingBlob = { 5300 data: stringToUint8Array(crlData), 5301 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5302 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5303}; 5304 5305cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5306 if (error) { 5307 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5308 } else { 5309 console.log('createX509Crl success'); 5310 try { 5311 let signature = x509Crl.getSignature(); 5312 } catch (err) { 5313 let e: BusinessError = err as BusinessError; 5314 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5315 } 5316 } 5317}); 5318``` 5319 5320### getSignatureAlgName<sup>(deprecated)</sup> 5321 5322getSignatureAlgName() : string 5323 5324Obtains the signing algorithm of the X.509 CRL. 5325 5326> **NOTE** 5327> 5328> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgName](#getsignaturealgname11) instead. 5329 5330**System capability**: SystemCapability.Security.Cert 5331 5332**Return value** 5333 5334| Type | Description | 5335| ------ | -------------------------------- | 5336| string | Signing algorithm obtained.| 5337 5338**Error codes** 5339 5340For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5341 5342| ID| Error Message | 5343| -------- | ----------------------- | 5344| 19020001 | memory malloc failed. | 5345| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5346| 19030001 | crypto operation error. | 5347 5348**Example** 5349 5350```ts 5351import { cert } from '@kit.DeviceCertificateKit'; 5352import { BusinessError } from '@kit.BasicServicesKit'; 5353 5354// Convert the string into a Uint8Array. 5355function stringToUint8Array(str: string): Uint8Array { 5356 let arr: Array<number> = []; 5357 for (let i = 0, j = str.length; i < j; i++) { 5358 arr.push(str.charCodeAt(i)); 5359 } 5360 return new Uint8Array(arr); 5361} 5362 5363let crlData = '-----BEGIN X509 CRL-----\n' + 5364 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5365 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5366 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5367 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5368 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5369 'eavsH0Q3\n' + 5370 '-----END X509 CRL-----\n'; 5371 5372// Binary data of the CRL, which needs to match your case. 5373let encodingBlob: cert.EncodingBlob = { 5374 data: stringToUint8Array(crlData), 5375 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5376 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5377}; 5378 5379cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5380 if (error) { 5381 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5382 } else { 5383 console.log('createX509Crl success'); 5384 try { 5385 let sigAlgName = x509Crl.getSignatureAlgName(); 5386 } catch (err) { 5387 let e: BusinessError = err as BusinessError; 5388 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5389 } 5390 } 5391}); 5392``` 5393 5394### getSignatureAlgOid<sup>(deprecated)</sup> 5395 5396getSignatureAlgOid() : string 5397 5398Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 5399 5400> **NOTE** 5401> 5402> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgOid](#getsignaturealgoid11) instead. 5403 5404**System capability**: SystemCapability.Security.Cert 5405 5406**Return value** 5407 5408| Type | Description | 5409| ------ | --------------------------------------------- | 5410| string | OID of the X.509 CRL signing algorithm obtained.| 5411 5412**Error codes** 5413 5414For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5415 5416| ID| Error Message | 5417| -------- | ----------------------- | 5418| 19020001 | memory malloc failed. | 5419| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5420| 19030001 | crypto operation error. | 5421 5422**Example** 5423 5424```ts 5425import { cert } from '@kit.DeviceCertificateKit'; 5426import { BusinessError } from '@kit.BasicServicesKit'; 5427 5428// Convert the string into a Uint8Array. 5429function stringToUint8Array(str: string): Uint8Array { 5430 let arr: Array<number> = []; 5431 for (let i = 0, j = str.length; i < j; i++) { 5432 arr.push(str.charCodeAt(i)); 5433 } 5434 return new Uint8Array(arr); 5435} 5436 5437let crlData = '-----BEGIN X509 CRL-----\n' + 5438 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5439 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5440 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5441 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5442 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5443 'eavsH0Q3\n' + 5444 '-----END X509 CRL-----\n'; 5445 5446// Binary data of the CRL, which needs to match your case. 5447let encodingBlob: cert.EncodingBlob = { 5448 data: stringToUint8Array(crlData), 5449 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5450 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5451}; 5452 5453cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5454 if (error) { 5455 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5456 } else { 5457 console.log('createX509Crl success'); 5458 try { 5459 let sigAlgOid = x509Crl.getSignatureAlgOid(); 5460 } catch (err) { 5461 let e: BusinessError = err as BusinessError; 5462 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5463 } 5464 } 5465}); 5466``` 5467 5468### getSignatureAlgParams<sup>(deprecated)</sup> 5469 5470getSignatureAlgParams() : DataBlob 5471 5472Obtains the parameters of the X.509 CRL signing algorithm. 5473 5474> **NOTE** 5475> 5476> This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgParams](#getsignaturealgparams11) instead. 5477 5478**System capability**: SystemCapability.Security.Cert 5479 5480**Return value** 5481 5482| Type | Description | 5483| --------------------- | ---------------------------------- | 5484| [DataBlob](#datablob) | Algorithm parameters obtained.| 5485 5486**Error codes** 5487 5488For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5489 5490| ID| Error Message | 5491| -------- | ----------------------- | 5492| 801 | this operation is not supported. | 5493| 19020001 | memory malloc failed. | 5494| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5495| 19030001 | crypto operation error. | 5496 5497**Example** 5498 5499```ts 5500import { cert } from '@kit.DeviceCertificateKit'; 5501import { BusinessError } from '@kit.BasicServicesKit'; 5502 5503// Convert the string into a Uint8Array. 5504function stringToUint8Array(str: string): Uint8Array { 5505 let arr: Array<number> = []; 5506 for (let i = 0, j = str.length; i < j; i++) { 5507 arr.push(str.charCodeAt(i)); 5508 } 5509 return new Uint8Array(arr); 5510} 5511 5512let crlData = '-----BEGIN X509 CRL-----\n' + 5513 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5514 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5515 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5516 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5517 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5518 'eavsH0Q3\n' + 5519 '-----END X509 CRL-----\n'; 5520 5521// Binary data of the CRL, which needs to match your case. 5522let encodingBlob: cert.EncodingBlob = { 5523 data: stringToUint8Array(crlData), 5524 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5525 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5526}; 5527 5528cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5529 if (error) { 5530 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5531 } else { 5532 console.log('createX509Crl success'); 5533 try { 5534 let sigAlgParams = x509Crl.getSignatureAlgParams(); 5535 } catch (err) { 5536 let e: BusinessError = err as BusinessError; 5537 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5538 } 5539 } 5540}); 5541``` 5542## X509CRL<sup>11+</sup> 5543 5544Provides APIs for managing a CRL object. 5545 5546### isRevoked<sup>11+</sup> 5547 5548isRevoked(cert : X509Cert) : boolean 5549 5550Checks whether an X.509 certificate is revoked. 5551 5552**Atomic service API**: This API can be used in atomic services since API version 12. 5553 5554**System capability**: SystemCapability.Security.Cert 5555 5556**Parameters** 5557 5558| Name| Type | Mandatory| Description | 5559| ------ | -------- | ---- | -------------------- | 5560| cert | [X509Cert](#x509cert) | Yes | X.509 certificate to check.| 5561 5562**Return value** 5563 5564| Type | Description | 5565| ------- | ------------------------------------------------- | 5566| boolean | Whether the certificate is revoked. The value **true** indicates that the certificate is revoked, and **false** indicates the opposite.| 5567 5568**Error codes** 5569 5570For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5571 5572| ID| Error Message | 5573| -------- | ----------------------- | 5574| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5575 5576**Example** 5577 5578```ts 5579import { cert } from '@kit.DeviceCertificateKit'; 5580import { BusinessError } from '@kit.BasicServicesKit'; 5581 5582// Convert the string into a Uint8Array. 5583function stringToUint8Array(str: string): Uint8Array { 5584 let arr: Array<number> = []; 5585 for (let i = 0, j = str.length; i < j; i++) { 5586 arr.push(str.charCodeAt(i)); 5587 } 5588 return new Uint8Array(arr); 5589} 5590 5591let crlData = '-----BEGIN X509 CRL-----\n' + 5592 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5593 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5594 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5595 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5596 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5597 'eavsH0Q3\n' + 5598 '-----END X509 CRL-----\n'; 5599 5600let certData = '-----BEGIN CERTIFICATE-----\n' + 5601 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 5602 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 5603 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 5604 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 5605 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 5606 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 5607 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 5608 '-----END CERTIFICATE-----\n'; 5609 5610// Binary data of the CRL, which needs to match your case. 5611let encodingBlob: cert.EncodingBlob = { 5612 data: stringToUint8Array(crlData), 5613 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5614 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5615}; 5616 5617let certEncodingBlob: cert.EncodingBlob = { 5618 data: stringToUint8Array(certData), 5619 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5620 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5621}; 5622 5623cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5624 if (error) { 5625 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5626 } else { 5627 console.log('createX509CRL success'); 5628 // Create an X509Cert instance. 5629 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 5630 if (error) { 5631 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5632 } else { 5633 try { 5634 let revokedFlag = x509CRL.isRevoked(x509Cert); 5635 } catch (error) { 5636 let e: BusinessError = error as BusinessError; 5637 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5638 } 5639 } 5640 }); 5641 } 5642}); 5643``` 5644 5645### getType<sup>11+</sup> 5646 5647getType() : string 5648 5649Obtains the CRL type. 5650 5651**Atomic service API**: This API can be used in atomic services since API version 12. 5652 5653**System capability**: SystemCapability.Security.Cert 5654 5655**Return value** 5656 5657| Type | Description | 5658| ------ | -------------------- | 5659| string | CRL type obtained.| 5660 5661**Example** 5662 5663```ts 5664import { cert } from '@kit.DeviceCertificateKit'; 5665 5666// Convert the string into a Uint8Array. 5667function stringToUint8Array(str: string): Uint8Array { 5668 let arr: Array<number> = []; 5669 for (let i = 0, j = str.length; i < j; i++) { 5670 arr.push(str.charCodeAt(i)); 5671 } 5672 return new Uint8Array(arr); 5673} 5674 5675let crlData = '-----BEGIN X509 CRL-----\n' + 5676 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5677 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5678 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5679 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5680 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5681 'eavsH0Q3\n' + 5682 '-----END X509 CRL-----\n'; 5683 5684// Binary data of the CRL, which needs to match your case. 5685let encodingBlob: cert.EncodingBlob = { 5686 data: stringToUint8Array(crlData), 5687 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5688 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5689}; 5690 5691cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5692 if (error) { 5693 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5694 } else { 5695 console.log('createX509CRL success'); 5696 let type = x509CRL.getType(); 5697 } 5698}); 5699``` 5700 5701### getEncoded<sup>11+</sup> 5702 5703getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 5704 5705Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 5706 5707**Atomic service API**: This API can be used in atomic services since API version 12. 5708 5709**System capability**: SystemCapability.Security.Cert 5710 5711**Parameters** 5712 5713| Name | Type | Mandatory| Description | 5714| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 5715| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 5716 5717**Error codes** 5718 5719For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5720 5721| ID| Error Message | 5722| -------- | ----------------------- | 5723| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5724| 19020001 | memory malloc failed. | 5725| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5726| 19030001 | crypto operation error. | 5727 5728**Example** 5729 5730```ts 5731import { cert } from '@kit.DeviceCertificateKit'; 5732 5733// Convert the string into a Uint8Array. 5734function stringToUint8Array(str: string): Uint8Array { 5735 let arr: Array<number> = []; 5736 for (let i = 0, j = str.length; i < j; i++) { 5737 arr.push(str.charCodeAt(i)); 5738 } 5739 return new Uint8Array(arr); 5740} 5741 5742let crlData = '-----BEGIN X509 CRL-----\n' + 5743 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5744 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5745 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5746 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5747 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5748 'eavsH0Q3\n' + 5749 '-----END X509 CRL-----\n'; 5750 5751// Binary data of the CRL, which needs to match your case. 5752let encodingBlob: cert.EncodingBlob = { 5753 data: stringToUint8Array(crlData), 5754 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5755 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5756}; 5757 5758cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5759 if (error) { 5760 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5761 } else { 5762 console.log('createX509CRL success'); 5763 x509CRL.getEncoded((error, data) => { 5764 if (error) { 5765 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5766 } else { 5767 console.log('getEncoded success'); 5768 } 5769 }); 5770 } 5771}); 5772``` 5773 5774### getEncoded<sup>11+</sup> 5775 5776getEncoded() : Promise\<EncodingBlob> 5777 5778Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 5779 5780**Atomic service API**: This API can be used in atomic services since API version 12. 5781 5782**System capability**: SystemCapability.Security.Cert 5783 5784**Return value** 5785 5786| Type | Description | 5787| --------------------------------------- | -------------------------------- | 5788| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 CRL data obtained.| 5789 5790**Error codes** 5791 5792For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5793 5794| ID| Error Message | 5795| -------- | ----------------------- | 5796| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5797| 19020001 | memory malloc failed. | 5798| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 5799| 19030001 | crypto operation error. | 5800 5801**Example** 5802 5803```ts 5804import { cert } from '@kit.DeviceCertificateKit'; 5805import { BusinessError } from '@kit.BasicServicesKit'; 5806 5807// Convert the string into a Uint8Array. 5808function stringToUint8Array(str: string): Uint8Array { 5809 let arr: Array<number> = []; 5810 for (let i = 0, j = str.length; i < j; i++) { 5811 arr.push(str.charCodeAt(i)); 5812 } 5813 return new Uint8Array(arr); 5814} 5815 5816let crlData = '-----BEGIN X509 CRL-----\n' + 5817 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5818 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5819 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5820 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5821 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5822 'eavsH0Q3\n' + 5823 '-----END X509 CRL-----\n'; 5824 5825// Binary data of the CRL, which needs to match your case. 5826let encodingBlob: cert.EncodingBlob = { 5827 data: stringToUint8Array(crlData), 5828 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5829 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5830}; 5831 5832cert.createX509CRL(encodingBlob).then(x509CRL => { 5833 console.log('createX509CRL success'); 5834 x509CRL.getEncoded().then(result => { 5835 console.log('getEncoded success'); 5836 }).catch((error: BusinessError) => { 5837 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5838 }); 5839}).catch((error: BusinessError) => { 5840 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5841}); 5842``` 5843 5844### verify<sup>11+</sup> 5845 5846verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 5847 5848Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 5849 5850**Atomic service API**: This API can be used in atomic services since API version 12. 5851 5852**System capability**: SystemCapability.Security.Cert 5853 5854**Parameters** 5855 5856| Name | Type | Mandatory| Description | 5857| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 5858| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | 5859| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 5860 5861**Error codes** 5862 5863For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 5864 5865| ID| Error Message | 5866| -------- | ----------------------- | 5867| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5868| 19030001 | crypto operation error. | 5869 5870**Example** 5871 5872```ts 5873import { cert } from '@kit.DeviceCertificateKit'; 5874import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 5875import { BusinessError } from '@kit.BasicServicesKit'; 5876 5877// Convert the string into a Uint8Array. 5878function stringToUint8Array(str: string): Uint8Array { 5879 let arr: Array<number> = []; 5880 for (let i = 0, j = str.length; i < j; i++) { 5881 arr.push(str.charCodeAt(i)); 5882 } 5883 return new Uint8Array(arr); 5884} 5885 5886let crlData = '-----BEGIN X509 CRL-----\n' + 5887 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5888 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5889 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5890 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5891 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5892 'eavsH0Q3\n' + 5893 '-----END X509 CRL-----\n'; 5894 5895let pubKeyData = new Uint8Array([ 5896 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5897 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5898 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5899 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5900 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5901 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5902 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5903 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5904 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5905 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5906 0x00, 0x01 5907]); 5908 5909let priKeyData = new Uint8Array([ 5910 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5911 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5912 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5913 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5914 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5915 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5916 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5917 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5918 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5919 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5920 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5921 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5922 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5923 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5924 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5925 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5926 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5927 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5928 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5929 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5930 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5931 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5932 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5933 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5934 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5935 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5936 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5937 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5938 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5939 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5940 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5941 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5942 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5943 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5944 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5945 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5946 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5947 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5948 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5949 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5950]); 5951 5952// Binary data of the CRL, which needs to match your case. 5953let encodingBlob: cert.EncodingBlob = { 5954 data: stringToUint8Array(crlData), 5955 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 5956 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5957}; 5958 5959cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5960 if (error) { 5961 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5962 } else { 5963 console.log('createX509Crl success'); 5964 try { 5965 // Generate the public key by AsyKeyGenerator. 5966 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5967 console.log('createAsyKeyGenerator success'); 5968 let priEncodingBlob: cryptoFramework.DataBlob = { 5969 data: priKeyData, 5970 }; 5971 let pubEncodingBlob: cryptoFramework.DataBlob = { 5972 data: pubKeyData, 5973 }; 5974 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 5975 if (e) { 5976 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 5977 } else { 5978 console.log('convert key success'); 5979 x509CRL.verify(keyPair.pubKey, (err, data) => { 5980 if (err) { 5981 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 5982 } else { 5983 console.log('verify success'); 5984 } 5985 }); 5986 } 5987 }) 5988 } catch (error) { 5989 let e: BusinessError = error as BusinessError; 5990 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5991 } 5992 } 5993}); 5994``` 5995 5996### verify<sup>11+</sup> 5997 5998verify(key : cryptoFramework.PubKey) : Promise\<void> 5999 6000Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 6001 6002**Atomic service API**: This API can be used in atomic services since API version 12. 6003 6004**System capability**: SystemCapability.Security.Cert 6005 6006**Parameters** 6007 6008| Name| Type | Mandatory| Description | 6009| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 6010| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| 6011 6012**Return value** 6013 6014| Type | Description | 6015| -------------- | ----------- | 6016| Promise\<void> | Promise used to return| 6017 6018**Error codes** 6019 6020For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6021 6022| ID| Error Message | 6023| -------- | ----------------------- | 6024| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6025| 19030001 | crypto operation error. | 6026 6027**Example** 6028 6029```ts 6030import { cert } from '@kit.DeviceCertificateKit'; 6031import { cryptoFramework } from '@kit.CryptoArchitectureKit' 6032import { BusinessError } from '@kit.BasicServicesKit'; 6033 6034// Convert the string into a Uint8Array. 6035function stringToUint8Array(str: string): Uint8Array { 6036 let arr: Array<number> = []; 6037 for (let i = 0, j = str.length; i < j; i++) { 6038 arr.push(str.charCodeAt(i)); 6039 } 6040 return new Uint8Array(arr); 6041} 6042 6043let crlData = '-----BEGIN X509 CRL-----\n' + 6044 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6045 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6046 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6047 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6048 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6049 'eavsH0Q3\n' + 6050 '-----END X509 CRL-----\n'; 6051 6052let pubKeyData = new Uint8Array([ 6053 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 6054 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 6055 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 6056 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 6057 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 6058 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 6059 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 6060 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 6061 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 6062 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 6063 0x00, 0x01 6064]); 6065 6066let priKeyData = new Uint8Array([ 6067 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 6068 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 6069 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 6070 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 6071 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 6072 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 6073 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 6074 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 6075 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 6076 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 6077 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 6078 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 6079 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 6080 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 6081 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 6082 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 6083 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 6084 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 6085 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 6086 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 6087 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 6088 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 6089 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 6090 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 6091 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 6092 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 6093 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 6094 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 6095 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 6096 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 6097 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 6098 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 6099 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 6100 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 6101 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 6102 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 6103 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 6104 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 6105 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 6106 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 6107]); 6108 6109// Binary data of the CRL, which needs to match your case. 6110let encodingBlob: cert.EncodingBlob = { 6111 data: stringToUint8Array(crlData), 6112 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6113 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6114}; 6115 6116cert.createX509CRL(encodingBlob).then(x509CRL => { 6117 console.log('createX509Crl success'); 6118 6119 try { 6120 // Generate a public key object. 6121 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 6122 console.log('createAsyKeyGenerator success'); 6123 let priEncodingBlob: cryptoFramework.DataBlob = { 6124 data: priKeyData, 6125 }; 6126 let pubEncodingBlob: cryptoFramework.DataBlob = { 6127 data: pubKeyData, 6128 }; 6129 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 6130 console.log('convert key success'); 6131 x509CRL.verify(keyPair.pubKey).then(result => { 6132 console.log('verify success'); 6133 }).catch((error: BusinessError) => { 6134 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6135 }); 6136 }).catch((error: BusinessError) => { 6137 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 6138 }); 6139 } catch (error) { 6140 let e: BusinessError = error as BusinessError; 6141 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6142 } 6143}).catch((error: BusinessError) => { 6144 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6145}); 6146``` 6147 6148### getVersion<sup>11+</sup> 6149 6150getVersion() : number 6151 6152Obtains the version of the X.509 CRL. 6153 6154**Atomic service API**: This API can be used in atomic services since API version 12. 6155 6156**System capability**: SystemCapability.Security.Cert 6157 6158**Return value** 6159 6160| Type | Description | 6161| ------ | -------------------------------- | 6162| number | Obtains the version of the X.509 CRL.| 6163 6164**Example** 6165 6166```ts 6167import { cert } from '@kit.DeviceCertificateKit'; 6168 6169// Convert the string into a Uint8Array. 6170function stringToUint8Array(str: string): Uint8Array { 6171 let arr: Array<number> = []; 6172 for (let i = 0, j = str.length; i < j; i++) { 6173 arr.push(str.charCodeAt(i)); 6174 } 6175 return new Uint8Array(arr); 6176} 6177 6178let crlData = '-----BEGIN X509 CRL-----\n' + 6179 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6180 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6181 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6182 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6183 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6184 'eavsH0Q3\n' + 6185 '-----END X509 CRL-----\n'; 6186 6187// Binary data of the CRL, which needs to match your case. 6188let encodingBlob: cert.EncodingBlob = { 6189 data: stringToUint8Array(crlData), 6190 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6191 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6192}; 6193 6194cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6195 if (error) { 6196 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6197 } else { 6198 console.log('createX509CRL success'); 6199 let version = x509CRL.getVersion(); 6200 } 6201}); 6202``` 6203 6204### getIssuerName<sup>11+</sup> 6205 6206getIssuerName() : DataBlob 6207 6208Obtains the issuer of the X.509 CRL. 6209 6210> **NOTE** 6211> 6212> The obtained X.509 CRL issuer name contains a string terminator. 6213 6214**Atomic service API**: This API can be used in atomic services since API version 12. 6215 6216**System capability**: SystemCapability.Security.Cert 6217 6218**Return value** 6219 6220| Type | Description | 6221| --------------------- | ------------------------------ | 6222| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 6223 6224**Error codes** 6225 6226For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6227 6228| ID| Error Message | 6229| -------- | ----------------------- | 6230| 19020001 | memory malloc failed. | 6231| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6232| 19030001 | crypto operation error. | 6233 6234**Example** 6235 6236```ts 6237import { cert } from '@kit.DeviceCertificateKit'; 6238import { BusinessError } from '@kit.BasicServicesKit'; 6239 6240// Convert the string into a Uint8Array. 6241function stringToUint8Array(str: string): Uint8Array { 6242 let arr: Array<number> = []; 6243 for (let i = 0, j = str.length; i < j; i++) { 6244 arr.push(str.charCodeAt(i)); 6245 } 6246 return new Uint8Array(arr); 6247} 6248 6249let crlData = '-----BEGIN X509 CRL-----\n' + 6250 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6251 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6252 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6253 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6254 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6255 'eavsH0Q3\n' + 6256 '-----END X509 CRL-----\n'; 6257 6258// Binary data of the CRL, which needs to match your case. 6259let encodingBlob: cert.EncodingBlob = { 6260 data: stringToUint8Array(crlData), 6261 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6262 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6263}; 6264 6265cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6266 if (error) { 6267 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6268 } else { 6269 console.log('createX509CRL success'); 6270 try { 6271 let issuerName = x509CRL.getIssuerName(); 6272 } catch (err) { 6273 let e: BusinessError = err as BusinessError; 6274 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6275 } 6276 } 6277}); 6278``` 6279 6280### getIssuerName<sup>20+</sup> 6281 6282getIssuerName(encodingType: EncodingType): string 6283 6284Obtains the issuer name of an X.509 CRL based on the encoding type. 6285 6286**Atomic service API**: This API can be used in atomic services since API version 20. 6287 6288**System capability**: SystemCapability.Security.Cert 6289 6290**Parameters** 6291 6292| Name | Type | Mandatory| Description | 6293| -------- | ------------------------------------- | ---- | ------------------------------ | 6294| encodingType | [EncodingType](#encodingtype12) | Yes | Encoding type. | 6295 6296**Return value** 6297 6298| Type | Description | 6299| ------ | -------------------- | 6300| string | Issuer name of an X.509 CRL, separated by commas (,).| 6301 6302**Error codes** 6303 6304For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6305 6306| ID| Error Message | 6307| -------- | ------------------------------------------------- | 6308| 19020001 | memory malloc failed. | 6309| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6310| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 6311| 19030001 | crypto operation error. | 6312 6313**Example** 6314 6315```ts 6316import { cert } from '@kit.DeviceCertificateKit'; 6317import { BusinessError } from '@kit.BasicServicesKit'; 6318 6319// Convert the string into a Uint8Array. 6320function stringToUint8Array(str: string): Uint8Array { 6321 let arr: Array<number> = []; 6322 for (let i = 0, j = str.length; i < j; i++) { 6323 arr.push(str.charCodeAt(i)); 6324 } 6325 return new Uint8Array(arr); 6326} 6327 6328let crlData = '-----BEGIN X509 CRL-----\n' + 6329 'MIIByzCBtAIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJDTjEPMA0GA1UE\n' + 6330 'CAwG6ZmV6KW/MQ8wDQYDVQQHDAbopb/lrokxDzANBgNVBAoMBua1i+ivlTEVMBMG\n' + 6331 'A1UEAwwM5Lit5paH5rWL6K+VFw0yNDEwMTYwODUwMDlaFw0yNDExMTUwODUwMDla\n' + 6332 'MBkwFwIGAXKnJjrAFw0yNDEwMTYwODQ5NDBaoA4wDDAKBgNVHRQEAwIBADANBgkq\n' + 6333 'hkiG9w0BAQsFAAOCAQEAU0JPK/DnGmjCi5lKyun506JE+FVDuQsEWuF5CZPqE2um\n' + 6334 'hA04Qffi+8AfwLpG2KPBaAYTteU4fx30y8Wm0kLutalk32FgrbQX0VQ7EaCOmkMU\n' + 6335 '2dnQMmFmaFiVcOTaRzgqDOYKuzSAptCo6hqtk9kgjbda5HnsNiVC7dNMRp1Jlzwr\n' + 6336 'k/42mqZ3fFIy3wYLaxRlq368BX3u94J9Cx754V2V/XEApiRI/FsiSRzRX+jfUBa4\n' + 6337 '+wwu3WhWxisQj6z3bBkQD4RTg3S+ic8hhP44wt/1MmSLG946Dc9uVYJKUVZqTco9\n' + 6338 'QDoDwYfBJBzcXjManSkPsGCb7RfTAr5HqcEtIHsK+w==\n' + 6339 '-----END X509 CRL-----\n'; 6340// Binary data of the CRL, which needs to match your case. 6341let encodingBlob: cert.EncodingBlob = { 6342 data: stringToUint8Array(crlData), 6343 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6344 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6345}; 6346 6347cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6348 if (error) { 6349 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6350 } else { 6351 console.log('createX509CRL success'); 6352 try { 6353 let issuerName = x509CRL.getIssuerName(cert.EncodingType.ENCODING_UTF8); 6354 console.info('issuerName output is ' + issuerName); 6355 } catch (err) { 6356 let e: BusinessError = err as BusinessError; 6357 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6358 } 6359 } 6360}); 6361``` 6362 6363### getLastUpdate<sup>11+</sup> 6364 6365getLastUpdate() : string 6366 6367Obtains the last update date of this X.509 CRL. 6368 6369**Atomic service API**: This API can be used in atomic services since API version 12. 6370 6371**System capability**: SystemCapability.Security.Cert 6372 6373**Return value** 6374 6375| Type | Description | 6376| ------ | ------------------------------------ | 6377| string | Last update date of the X.509 CRL, in ASN.1 format.| 6378 6379**Error codes** 6380 6381For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6382 6383| ID| Error Message | 6384| -------- | ----------------------- | 6385| 19020001 | memory malloc failed. | 6386| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6387| 19030001 | crypto operation error. | 6388 6389**Example** 6390 6391```ts 6392import { cert } from '@kit.DeviceCertificateKit'; 6393import { BusinessError } from '@kit.BasicServicesKit'; 6394 6395// Convert the string into a Uint8Array. 6396function stringToUint8Array(str: string): Uint8Array { 6397 let arr: Array<number> = []; 6398 for (let i = 0, j = str.length; i < j; i++) { 6399 arr.push(str.charCodeAt(i)); 6400 } 6401 return new Uint8Array(arr); 6402} 6403 6404let crlData = '-----BEGIN X509 CRL-----\n' + 6405 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6406 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6407 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6408 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6409 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6410 'eavsH0Q3\n' + 6411 '-----END X509 CRL-----\n'; 6412 6413// Binary data of the CRL, which needs to match your case. 6414let encodingBlob: cert.EncodingBlob = { 6415 data: stringToUint8Array(crlData), 6416 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6417 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6418}; 6419 6420cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6421 if (error) { 6422 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6423 } else { 6424 console.log('createX509CRL success'); 6425 try { 6426 let lastUpdate = x509CRL.getLastUpdate(); 6427 } catch (err) { 6428 let e: BusinessError = err as BusinessError; 6429 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6430 } 6431 } 6432}); 6433``` 6434 6435### getNextUpdate<sup>11+</sup> 6436 6437getNextUpdate() : string 6438 6439Obtains the next update date of this CRL. 6440 6441**Atomic service API**: This API can be used in atomic services since API version 12. 6442 6443**System capability**: SystemCapability.Security.Cert 6444 6445**Return value** 6446 6447| Type | Description | 6448| ------ | ------------------------------------ | 6449| string | Next update date of the CRL, in ASN.1 format.| 6450 6451**Error codes** 6452 6453For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6454 6455| ID| Error Message | 6456| -------- | ----------------------- | 6457| 19020001 | memory malloc failed. | 6458| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6459| 19030001 | crypto operation error. | 6460 6461**Example** 6462 6463```ts 6464import { cert } from '@kit.DeviceCertificateKit'; 6465import { BusinessError } from '@kit.BasicServicesKit'; 6466 6467// Convert the string into a Uint8Array. 6468function stringToUint8Array(str: string): Uint8Array { 6469 let arr: Array<number> = []; 6470 for (let i = 0, j = str.length; i < j; i++) { 6471 arr.push(str.charCodeAt(i)); 6472 } 6473 return new Uint8Array(arr); 6474} 6475 6476let crlData = '-----BEGIN X509 CRL-----\n' + 6477 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6478 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6479 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6480 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6481 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6482 'eavsH0Q3\n' + 6483 '-----END X509 CRL-----\n'; 6484 6485// Binary data of the CRL, which needs to match your case. 6486let encodingBlob: cert.EncodingBlob = { 6487 data: stringToUint8Array(crlData), 6488 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6489 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6490}; 6491 6492cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6493 if (error) { 6494 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6495 } else { 6496 console.log('createX509CRL success'); 6497 try { 6498 let nextUpdate = x509CRL.getNextUpdate(); 6499 } catch (err) { 6500 let e: BusinessError = err as BusinessError; 6501 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6502 } 6503 } 6504}); 6505``` 6506 6507### getRevokedCert<sup>11+</sup> 6508 6509getRevokedCert(serialNumber : bigint) : X509CRLEntry 6510 6511Obtains the revoked X.509 certificate based on the specified serial number of the certificate. 6512 6513**Atomic service API**: This API can be used in atomic services since API version 12. 6514 6515**System capability**: SystemCapability.Security.Cert 6516 6517**Parameters** 6518 6519| Name | Type | Mandatory| Description | 6520| ------------ | ------ | ---- | -------------- | 6521| serialNumber | bigint | Yes | Serial number of the certificate.| 6522 6523**Return value** 6524 6525| Type | Description | 6526| ------------------------------- | ---------------------- | 6527| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| 6528 6529**Error codes** 6530 6531For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6532 6533| ID| Error Message | 6534| -------- | ----------------------- | 6535| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6536| 19020001 | memory malloc failed. | 6537| 19030001 | crypto operation error. | 6538 6539**Example** 6540 6541```ts 6542import { cert } from '@kit.DeviceCertificateKit'; 6543import { BusinessError } from '@kit.BasicServicesKit'; 6544 6545// Convert the string into a Uint8Array. 6546function stringToUint8Array(str: string): Uint8Array { 6547 let arr: Array<number> = []; 6548 for (let i = 0, j = str.length; i < j; i++) { 6549 arr.push(str.charCodeAt(i)); 6550 } 6551 return new Uint8Array(arr); 6552} 6553 6554let crlData = '-----BEGIN X509 CRL-----\n' + 6555 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6556 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6557 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6558 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6559 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6560 'eavsH0Q3\n' + 6561 '-----END X509 CRL-----\n'; 6562 6563// Binary data of the CRL, which needs to match your case. 6564let encodingBlob: cert.EncodingBlob = { 6565 data: stringToUint8Array(crlData), 6566 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6567 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6568}; 6569 6570cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6571 if (error) { 6572 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6573 } else { 6574 console.log('createX509CRL success'); 6575 let serialNumber = BigInt(1000); 6576 try { 6577 let entry = x509CRL.getRevokedCert(serialNumber); 6578 } catch (error) { 6579 let e: BusinessError = error as BusinessError; 6580 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6581 } 6582 } 6583}); 6584``` 6585 6586### getRevokedCertWithCert<sup>11+</sup> 6587 6588getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 6589 6590Obtains the revoked X.509 certificate based on the specified certificate. 6591 6592**Atomic service API**: This API can be used in atomic services since API version 12. 6593 6594**System capability**: SystemCapability.Security.Cert 6595 6596**Parameters** 6597 6598| Name| Type | Mandatory| Description | 6599| ------ | --------------------- | ---- | ------------ | 6600| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 6601 6602**Return value** 6603 6604| Type | Description | 6605| ------------------------------- | ---------------------- | 6606| [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| 6607 6608**Error codes** 6609 6610For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6611 6612| ID| Error Message | 6613| -------- | ----------------------- | 6614| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6615| 19020001 | memory malloc failed. | 6616| 19030001 | crypto operation error. | 6617 6618**Example** 6619 6620```ts 6621import { cert } from '@kit.DeviceCertificateKit'; 6622import { BusinessError } from '@kit.BasicServicesKit'; 6623 6624// Convert the string into a Uint8Array. 6625function stringToUint8Array(str: string): Uint8Array { 6626 let arr: Array<number> = []; 6627 for (let i = 0, j = str.length; i < j; i++) { 6628 arr.push(str.charCodeAt(i)); 6629 } 6630 return new Uint8Array(arr); 6631} 6632 6633let crlData = '-----BEGIN X509 CRL-----\n' + 6634 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6635 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6636 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6637 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6638 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6639 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6640 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6641 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6642 '+i2osvdPWRia0dJCL1PCA14k\n' + 6643 '-----END X509 CRL-----\n'; 6644 6645// Certificate binary data, which needs to match your case. 6646let certData = '-----BEGIN CERTIFICATE-----\n' + 6647 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 6648 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 6649 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 6650 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 6651 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 6652 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 6653 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 6654 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 6655 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 6656 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 6657 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 6658 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 6659 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 6660 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 6661 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 6662 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 6663 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 6664 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 6665 '-----END CERTIFICATE-----\n'; 6666 6667let certEncodingBlob: cert.EncodingBlob = { 6668 data: stringToUint8Array(certData), 6669 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6670 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6671}; 6672 6673// Binary data of the CRL, which needs to match your case. 6674let encodingBlob: cert.EncodingBlob = { 6675 data: stringToUint8Array(crlData), 6676 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6677 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6678}; 6679 6680cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6681 if (error) { 6682 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6683 } else { 6684 console.log('createX509CRL success'); 6685 // Create an X.509 certificate object. 6686 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 6687 try { 6688 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 6689 console.log('getRevokedCertWithCert success'); 6690 } catch (error) { 6691 let e: BusinessError = error as BusinessError; 6692 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6693 } 6694 }).catch((error: BusinessError) => { 6695 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6696 }) 6697 } 6698}); 6699``` 6700 6701### getRevokedCerts<sup>11+</sup> 6702 6703getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 6704 6705Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 6706 6707**Atomic service API**: This API can be used in atomic services since API version 12. 6708 6709**System capability**: SystemCapability.Security.Cert 6710 6711**Parameters** 6712 6713| Name | Type | Mandatory| Description | 6714| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 6715| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | Yes | Callback invoked to return the revoked X.509 certificates obtained.| 6716 6717**Error codes** 6718 6719For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6720 6721| ID| Error Message | 6722| -------- | ----------------------- | 6723| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6724| 19020001 | memory malloc failed. | 6725| 19030001 | crypto operation error. | 6726 6727**Example** 6728 6729```ts 6730import { cert } from '@kit.DeviceCertificateKit'; 6731import { BusinessError } from '@kit.BasicServicesKit'; 6732 6733// Convert the string into a Uint8Array. 6734function stringToUint8Array(str: string): Uint8Array { 6735 let arr: Array<number> = []; 6736 for (let i = 0, j = str.length; i < j; i++) { 6737 arr.push(str.charCodeAt(i)); 6738 } 6739 return new Uint8Array(arr); 6740} 6741 6742let crlData = '-----BEGIN X509 CRL-----\n' + 6743 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6744 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6745 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6746 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6747 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6748 'eavsH0Q3\n' + 6749 '-----END X509 CRL-----\n'; 6750 6751// Binary data of the CRL, which needs to match your case. 6752let encodingBlob: cert.EncodingBlob = { 6753 data: stringToUint8Array(crlData), 6754 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6755 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6756}; 6757 6758cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6759 if (error) { 6760 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6761 } else { 6762 console.log('createX509CRL success'); 6763 x509CRL.getRevokedCerts((error, array) => { 6764 if (error) { 6765 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6766 } else { 6767 console.log('getRevokedCerts success'); 6768 } 6769 }); 6770 } 6771}); 6772``` 6773 6774### getRevokedCerts<sup>11+</sup> 6775 6776getRevokedCerts() : Promise<Array\<X509CRLEntry>> 6777 6778Obtains the revoked X.509 certificates. This API uses a promise to return the result. 6779 6780**Atomic service API**: This API can be used in atomic services since API version 12. 6781 6782**System capability**: SystemCapability.Security.Cert 6783 6784**Return value** 6785 6786| Type | Description | 6787| ------------------------------------------------ | ---------------------- | 6788| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | A list of revoked X.509 certificates.| 6789 6790**Error codes** 6791 6792For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6793 6794| ID| Error Message | 6795| -------- | ----------------------- | 6796| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6797| 19020001 | memory malloc failed. | 6798| 19030001 | crypto operation error. | 6799 6800**Example** 6801 6802```ts 6803import { cert } from '@kit.DeviceCertificateKit'; 6804import { BusinessError } from '@kit.BasicServicesKit'; 6805 6806// Convert the string into a Uint8Array. 6807function stringToUint8Array(str: string): Uint8Array { 6808 let arr: Array<number> = []; 6809 for (let i = 0, j = str.length; i < j; i++) { 6810 arr.push(str.charCodeAt(i)); 6811 } 6812 return new Uint8Array(arr); 6813} 6814 6815let crlData = '-----BEGIN X509 CRL-----\n' + 6816 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6817 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6818 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6819 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6820 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6821 'eavsH0Q3\n' + 6822 '-----END X509 CRL-----\n'; 6823 6824// Binary data of the CRL, which needs to match your case. 6825let encodingBlob: cert.EncodingBlob = { 6826 data: stringToUint8Array(crlData), 6827 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6828 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6829}; 6830 6831cert.createX509CRL(encodingBlob).then(x509CRL => { 6832 console.log('createX509CRL success'); 6833 x509CRL.getRevokedCerts().then(array => { 6834 console.log('getRevokedCerts success'); 6835 }).catch((error: BusinessError) => { 6836 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6837 }); 6838}).catch((error: BusinessError) => { 6839 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6840}); 6841``` 6842 6843### getSignature<sup>11+</sup> 6844 6845getSignature() : DataBlob 6846 6847Obtains the signature data of the X.509 CRL. 6848 6849**Atomic service API**: This API can be used in atomic services since API version 12. 6850 6851**System capability**: SystemCapability.Security.Cert 6852 6853**Return value** 6854 6855| Type | Description | 6856| --------------------- | ------------------------------ | 6857| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 6858 6859**Error codes** 6860 6861For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6862 6863| ID| Error Message | 6864| -------- | ----------------------- | 6865| 19020001 | memory malloc failed. | 6866| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6867| 19030001 | crypto operation error. | 6868 6869**Example** 6870 6871```ts 6872import { cert } from '@kit.DeviceCertificateKit'; 6873import { BusinessError } from '@kit.BasicServicesKit'; 6874 6875// Convert the string into a Uint8Array. 6876function stringToUint8Array(str: string): Uint8Array { 6877 let arr: Array<number> = []; 6878 for (let i = 0, j = str.length; i < j; i++) { 6879 arr.push(str.charCodeAt(i)); 6880 } 6881 return new Uint8Array(arr); 6882} 6883 6884let crlData = '-----BEGIN X509 CRL-----\n' + 6885 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6886 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6887 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6888 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6889 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6890 'eavsH0Q3\n' + 6891 '-----END X509 CRL-----\n'; 6892 6893// Binary data of the CRL, which needs to match your case. 6894let encodingBlob: cert.EncodingBlob = { 6895 data: stringToUint8Array(crlData), 6896 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6897 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6898}; 6899 6900cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6901 if (error) { 6902 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6903 } else { 6904 console.log('createX509CRL success'); 6905 try { 6906 let signature = x509CRL.getSignature(); 6907 } catch (err) { 6908 let e: BusinessError = err as BusinessError; 6909 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6910 } 6911 } 6912}); 6913``` 6914 6915### getSignatureAlgName<sup>11+</sup> 6916 6917getSignatureAlgName() : string 6918 6919Obtains the signing algorithm of the X.509 CRL. 6920 6921**Atomic service API**: This API can be used in atomic services since API version 12. 6922 6923**System capability**: SystemCapability.Security.Cert 6924 6925**Return value** 6926 6927| Type | Description | 6928| ------ | -------------------------------- | 6929| string | Signing algorithm obtained.| 6930 6931**Error codes** 6932 6933For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 6934 6935| ID| Error Message | 6936| -------- | ----------------------- | 6937| 19020001 | memory malloc failed. | 6938| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 6939| 19030001 | crypto operation error. | 6940 6941**Example** 6942 6943```ts 6944import { cert } from '@kit.DeviceCertificateKit'; 6945import { BusinessError } from '@kit.BasicServicesKit'; 6946 6947// Convert the string into a Uint8Array. 6948function stringToUint8Array(str: string): Uint8Array { 6949 let arr: Array<number> = []; 6950 for (let i = 0, j = str.length; i < j; i++) { 6951 arr.push(str.charCodeAt(i)); 6952 } 6953 return new Uint8Array(arr); 6954} 6955 6956let crlData = '-----BEGIN X509 CRL-----\n' + 6957 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6958 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6959 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6960 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6961 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6962 'eavsH0Q3\n' + 6963 '-----END X509 CRL-----\n'; 6964 6965// Binary data of the CRL, which needs to match your case. 6966let encodingBlob: cert.EncodingBlob = { 6967 data: stringToUint8Array(crlData), 6968 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 6969 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6970}; 6971 6972cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6973 if (error) { 6974 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6975 } else { 6976 console.log('createX509CRL success'); 6977 try { 6978 let sigAlgName = x509CRL.getSignatureAlgName(); 6979 } catch (err) { 6980 let e: BusinessError = err as BusinessError; 6981 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6982 } 6983 } 6984}); 6985``` 6986 6987### getSignatureAlgOid<sup>11+</sup> 6988 6989getSignatureAlgOid() : string 6990 6991Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 6992 6993**Atomic service API**: This API can be used in atomic services since API version 12. 6994 6995**System capability**: SystemCapability.Security.Cert 6996 6997**Return value** 6998 6999| Type | Description | 7000| ------ | --------------------------------------------- | 7001| string | OID of the X.509 CRL signing algorithm obtained.| 7002 7003**Error codes** 7004 7005For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7006 7007| ID| Error Message | 7008| -------- | ----------------------- | 7009| 19020001 | memory malloc failed. | 7010| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7011| 19030001 | crypto operation error. | 7012 7013**Example** 7014 7015```ts 7016import { cert } from '@kit.DeviceCertificateKit'; 7017import { BusinessError } from '@kit.BasicServicesKit'; 7018 7019// Convert the string into a Uint8Array. 7020function stringToUint8Array(str: string): Uint8Array { 7021 let arr: Array<number> = []; 7022 for (let i = 0, j = str.length; i < j; i++) { 7023 arr.push(str.charCodeAt(i)); 7024 } 7025 return new Uint8Array(arr); 7026} 7027 7028let crlData = '-----BEGIN X509 CRL-----\n' + 7029 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7030 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7031 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7032 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7033 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7034 'eavsH0Q3\n' + 7035 '-----END X509 CRL-----\n'; 7036 7037// Binary data of the CRL, which needs to match your case. 7038let encodingBlob: cert.EncodingBlob = { 7039 data: stringToUint8Array(crlData), 7040 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7041 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7042}; 7043 7044cert.createX509CRL(encodingBlob, (error, x509CRL) => { 7045 if (error) { 7046 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7047 } else { 7048 console.log('createX509CRL success'); 7049 try { 7050 let sigAlgOid = x509CRL.getSignatureAlgOid(); 7051 } catch (err) { 7052 let e: BusinessError = err as BusinessError; 7053 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7054 } 7055 } 7056}); 7057``` 7058 7059### getSignatureAlgParams<sup>11+</sup> 7060 7061getSignatureAlgParams() : DataBlob 7062 7063Obtains the parameters of the X.509 CRL signing algorithm. 7064 7065**Atomic service API**: This API can be used in atomic services since API version 12. 7066 7067**System capability**: SystemCapability.Security.Cert 7068 7069**Return value** 7070 7071| Type | Description | 7072| --------------------- | ---------------------------------- | 7073| [DataBlob](#datablob) | Algorithm parameters obtained.| 7074 7075**Error codes** 7076 7077For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7078 7079| ID| Error Message | 7080| -------- | ----------------------- | 7081| 801 | this operation is not supported. | 7082| 19020001 | memory malloc failed. | 7083| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7084| 19030001 | crypto operation error. | 7085 7086**Example** 7087 7088```ts 7089import { cert } from '@kit.DeviceCertificateKit'; 7090import { BusinessError } from '@kit.BasicServicesKit'; 7091 7092// Convert the string into a Uint8Array. 7093function stringToUint8Array(str: string): Uint8Array { 7094 let arr: Array<number> = []; 7095 for (let i = 0, j = str.length; i < j; i++) { 7096 arr.push(str.charCodeAt(i)); 7097 } 7098 return new Uint8Array(arr); 7099} 7100 7101let crlData = '-----BEGIN X509 CRL-----\n' + 7102 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7103 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7104 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7105 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7106 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7107 'eavsH0Q3\n' + 7108 '-----END X509 CRL-----\n'; 7109 7110// Binary data of the CRL, which needs to match your case. 7111let encodingBlob: cert.EncodingBlob = { 7112 data: stringToUint8Array(crlData), 7113 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7114 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7115}; 7116 7117cert.createX509CRL(encodingBlob, (error, x509CRL) => { 7118 if (error) { 7119 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7120 } else { 7121 console.log('createX509CRL success'); 7122 try { 7123 let sigAlgParams = x509CRL.getSignatureAlgParams(); 7124 } catch (err) { 7125 let e: BusinessError = err as BusinessError; 7126 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7127 } 7128 } 7129}); 7130``` 7131 7132### getTBSInfo<sup>11+</sup> 7133 7134getTBSInfo() : DataBlob 7135 7136Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. 7137 7138**Atomic service API**: This API can be used in atomic services since API version 12. 7139 7140**System capability**: SystemCapability.Security.Cert 7141 7142**Return value** 7143 7144| Type | Description | 7145| --------------------- | --------------------------------- | 7146| [DataBlob](#datablob) | **tbsCertList** information obtained.| 7147 7148**Error codes** 7149 7150For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7151 7152| ID| Error Message | 7153| -------- | ----------------------- | 7154| 19020001 | memory malloc failed. | 7155| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7156| 19030001 | crypto operation error. | 7157 7158**Example** 7159 7160```ts 7161import { cert } from '@kit.DeviceCertificateKit'; 7162import { BusinessError } from '@kit.BasicServicesKit'; 7163 7164// Convert the string into a Uint8Array. 7165function stringToUint8Array(str: string): Uint8Array { 7166 let arr: Array<number> = []; 7167 for (let i = 0, j = str.length; i < j; i++) { 7168 arr.push(str.charCodeAt(i)); 7169 } 7170 return new Uint8Array(arr); 7171} 7172 7173let crlData = '-----BEGIN X509 CRL-----\n' + 7174 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7175 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7176 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7177 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7178 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7179 'eavsH0Q3\n' + 7180 '-----END X509 CRL-----\n'; 7181 7182// Binary data of the CRL, which needs to match your case. 7183let encodingBlob: cert.EncodingBlob = { 7184 data: stringToUint8Array(crlData), 7185 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7186 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7187}; 7188 7189cert.createX509CRL(encodingBlob, (error, x509CRL) => { 7190 if (error) { 7191 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7192 } else { 7193 console.log('createX509CRL success'); 7194 try { 7195 let tbsInfo = x509CRL.getTBSInfo(); 7196 } catch (error) { 7197 let e: BusinessError = error as BusinessError; 7198 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7199 } 7200 } 7201}); 7202``` 7203 7204### getExtensions<sup>11+</sup> 7205 7206getExtensions(): DataBlob 7207 7208Obtains the CRL extensions. 7209 7210**Atomic service API**: This API can be used in atomic services since API version 12. 7211 7212**System capability**: SystemCapability.Security.Cert 7213 7214**Return value** 7215 7216| Type | Description | 7217| --------------------- | ------------------- | 7218| [DataBlob](#datablob) | X.509 CRL extensions obtained.| 7219 7220**Error codes** 7221 7222For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7223 7224| ID| Error Message | 7225| -------- | ----------------------- | 7226| 19020001 | memory malloc failed. | 7227| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7228| 19030001 | crypto operation error. | 7229 7230**Example** 7231 7232```ts 7233import { cert } from '@kit.DeviceCertificateKit'; 7234import { BusinessError } from '@kit.BasicServicesKit'; 7235 7236// Convert the string into a Uint8Array. 7237function stringToUint8Array(str: string): Uint8Array { 7238 let arr: Array<number> = []; 7239 for (let i = 0, j = str.length; i < j; i++) { 7240 arr.push(str.charCodeAt(i)); 7241 } 7242 return new Uint8Array(arr); 7243} 7244 7245let crlData = '-----BEGIN X509 CRL-----\n' + 7246 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 7247 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 7248 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 7249 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 7250 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 7251 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 7252 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 7253 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 7254 '+i2osvdPWRia0dJCL1PCA14k\n' + 7255 '-----END X509 CRL-----\n'; 7256 7257// Binary data of the CRL, which needs to match your case. 7258let encodingBlob: cert.EncodingBlob = { 7259 data: stringToUint8Array(crlData), 7260 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7261 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7262}; 7263 7264cert.createX509CRL(encodingBlob, (error, x509CRL) => { 7265 if (error) { 7266 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7267 } else { 7268 console.log('createX509CRL success'); 7269 try { 7270 let extensions = x509CRL.getExtensions(); 7271 } catch (error) { 7272 let e: BusinessError = error as BusinessError; 7273 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7274 } 7275 } 7276}); 7277``` 7278 7279### match<sup>11+</sup> 7280 7281match(param: X509CRLMatchParameters): boolean 7282 7283Checks whether this CRL matches the specified parameters. 7284 7285**Atomic service API**: This API can be used in atomic services since API version 12. 7286 7287**System capability**: SystemCapability.Security.Cert 7288 7289**Parameters** 7290 7291| Name | Type | Mandatory| Description | 7292| --------- | ------ | ---- | ------------------------------------------ | 7293| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| Yes | Parameters specified for matching the certificate.| 7294 7295**Return value** 7296 7297| Type | Description | 7298| --------------------- | ----------------------------------------- | 7299| boolean | Returns **true** if the certificate matches the parameters specified; returns **false** otherwise.| 7300 7301**Error codes** 7302 7303For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7304 7305| ID| Error Message | 7306| -------- | -------------- | 7307| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7308| 19020001 | memory malloc failed. | 7309| 19030001 | crypto operation error. | 7310 7311**Example** 7312 7313```ts 7314import { cert } from '@kit.DeviceCertificateKit'; 7315import { BusinessError } from '@kit.BasicServicesKit'; 7316 7317// Convert the string into a Uint8Array. 7318function stringToUint8Array(str: string): Uint8Array { 7319 let arr: Array<number> = []; 7320 for (let i = 0, j = str.length; i < j; i++) { 7321 arr.push(str.charCodeAt(i)); 7322 } 7323 return new Uint8Array(arr); 7324} 7325 7326let crlData = '-----BEGIN X509 CRL-----\n' + 7327 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7328 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7329 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7330 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7331 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7332 'eavsH0Q3\n' + 7333 '-----END X509 CRL-----\n'; 7334 7335// Binary data of the CRL, which needs to match your case. 7336let crlEncodingBlob: cert.EncodingBlob = { 7337 data: stringToUint8Array(crlData), 7338 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7339 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7340}; 7341 7342const certData = "-----BEGIN CERTIFICATE-----\r\n" + 7343 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 7344 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 7345 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 7346 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 7347 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 7348 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 7349 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 7350 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 7351 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 7352 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 7353 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 7354 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 7355 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 7356 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 7357 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 7358 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 7359 "-----END CERTIFICATE-----\r\n"; 7360const certEncodingBlob: cert.EncodingBlob = { 7361 data: stringToUint8Array(certData), 7362 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 7363}; 7364 7365async function crlMatch() { 7366 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 7367 try { 7368 x509Cert = await cert.createX509Cert(certEncodingBlob); 7369 console.log('createX509Cert success'); 7370 } catch (err) { 7371 console.error('createX509Cert failed'); 7372 } 7373 7374 cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 7375 if (error) { 7376 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7377 } else { 7378 console.log('createX509CRL success'); 7379 try { 7380 const param: cert.X509CRLMatchParameters = { 7381 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 7382 x509Cert: x509Cert 7383 } 7384 const result = x509CRL.match(param); 7385 } catch (error) { 7386 let e: BusinessError = error as BusinessError; 7387 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7388 } 7389 } 7390 }); 7391} 7392``` 7393 7394### getIssuerX500DistinguishedName<sup>12+</sup> 7395 7396getIssuerX500DistinguishedName(): X500DistinguishedName 7397 7398Obtains the distinguished name (DN) of the X.509 certificate issuer. 7399 7400**Atomic service API**: This API can be used in atomic services since API version 12. 7401 7402**System capability**: SystemCapability.Security.Cert 7403 7404**Return value** 7405 7406| Type | Description | 7407| --------------------- | ----------------------------------------- | 7408| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 7409 7410**Error codes** 7411 7412For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7413 7414| ID| Error Message | 7415| -------- | -------------- | 7416| 19020001 | memory malloc failed. | 7417| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7418| 19030001 | crypto operation error. | 7419 7420**Example** 7421 7422```ts 7423import { cert } from '@kit.DeviceCertificateKit'; 7424import { BusinessError } from '@kit.BasicServicesKit'; 7425 7426// Convert the string into a Uint8Array. 7427function stringToUint8Array(str: string): Uint8Array { 7428 let arr: Array<number> = []; 7429 for (let i = 0, j = str.length; i < j; i++) { 7430 arr.push(str.charCodeAt(i)); 7431 } 7432 return new Uint8Array(arr); 7433} 7434 7435let crlData = '-----BEGIN X509 CRL-----\n' + 7436 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7437 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7438 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7439 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7440 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7441 'eavsH0Q3\n' + 7442 '-----END X509 CRL-----\n'; 7443 7444// Binary data of the CRL, which needs to match your case. 7445let crlEncodingBlob: cert.EncodingBlob = { 7446 data: stringToUint8Array(crlData), 7447 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7448 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7449}; 7450 7451async function crlGetIssuerX500DistinguishedName() { 7452 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7453 try { 7454 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7455 console.log('createX509CRL success'); 7456 let name = x509Crl.getIssuerX500DistinguishedName(); 7457 } catch (err) { 7458 let e: BusinessError = err as BusinessError; 7459 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7460 } 7461} 7462``` 7463 7464### toString<sup>12+</sup> 7465 7466toString(): string 7467 7468Converts the object data into a string. 7469 7470**Atomic service API**: This API can be used in atomic services since API version 12. 7471 7472**System capability**: SystemCapability.Security.Cert 7473 7474**Return value** 7475 7476| Type | Description | 7477| --------------------- | ----------------------------------------- | 7478| string | String obtained.| 7479 7480**Error codes** 7481 7482For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7483 7484| ID| Error Message | 7485| -------- | -------------- | 7486| 19020001 | memory malloc failed. | 7487| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7488| 19030001 | crypto operation error. | 7489 7490**Example** 7491 7492```ts 7493import { cert } from '@kit.DeviceCertificateKit'; 7494import { BusinessError } from '@kit.BasicServicesKit'; 7495 7496// Convert the string into a Uint8Array. 7497function stringToUint8Array(str: string): Uint8Array { 7498 let arr: Array<number> = []; 7499 for (let i = 0, j = str.length; i < j; i++) { 7500 arr.push(str.charCodeAt(i)); 7501 } 7502 return new Uint8Array(arr); 7503} 7504 7505let crlData = '-----BEGIN X509 CRL-----\n' + 7506 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7507 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7508 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7509 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7510 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7511 'eavsH0Q3\n' + 7512 '-----END X509 CRL-----\n'; 7513 7514// Binary data of the CRL, which needs to match your case. 7515let crlEncodingBlob: cert.EncodingBlob = { 7516 data: stringToUint8Array(crlData), 7517 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7518 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7519}; 7520 7521async function crlToString() { 7522 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7523 try { 7524 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7525 console.log('createX509CRL success'); 7526 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); 7527 } catch (err) { 7528 let e: BusinessError = err as BusinessError; 7529 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7530 } 7531} 7532``` 7533 7534### toString<sup>20+</sup> 7535 7536toString(encodingType: EncodingType): string 7537 7538Converts this object into a string in the specified encoding format. 7539 7540**Atomic service API**: This API can be used in atomic services since API version 20. 7541 7542**System capability**: SystemCapability.Security.Cert 7543 7544**Parameters** 7545 7546| Name | Type | Mandatory| Description | 7547| -------- | ------------------------------------- | ---- | ------------------------------ | 7548| encodingType | [EncodingType](#encodingtype12) | Yes | Encoding type. | 7549 7550**Return value** 7551 7552| Type | Description | 7553| ------ | -------------------- | 7554| string | String obtained.| 7555 7556**Error codes** 7557 7558For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7559 7560| ID| Error Message | 7561| -------- | ------------------------------------------------- | 7562| 19020001 | memory malloc failed. | 7563| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7564| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 7565| 19030001 | crypto operation error. | 7566 7567**Example** 7568 7569```ts 7570import { cert } from '@kit.DeviceCertificateKit'; 7571import { BusinessError } from '@kit.BasicServicesKit'; 7572 7573// Convert the string into a Uint8Array. 7574function stringToUint8Array(str: string): Uint8Array { 7575 let arr: Array<number> = []; 7576 for (let i = 0, j = str.length; i < j; i++) { 7577 arr.push(str.charCodeAt(i)); 7578 } 7579 return new Uint8Array(arr); 7580} 7581 7582let crlData = '-----BEGIN X509 CRL-----\n' + 7583 'MIIByzCBtAIBATANBgkqhkiG9w0BAQsFADBXMQswCQYDVQQGEwJDTjEPMA0GA1UE\n' + 7584 'CAwG6ZmV6KW/MQ8wDQYDVQQHDAbopb/lrokxDzANBgNVBAoMBua1i+ivlTEVMBMG\n' + 7585 'A1UEAwwM5Lit5paH5rWL6K+VFw0yNDEwMTYwODUwMDlaFw0yNDExMTUwODUwMDla\n' + 7586 'MBkwFwIGAXKnJjrAFw0yNDEwMTYwODQ5NDBaoA4wDDAKBgNVHRQEAwIBADANBgkq\n' + 7587 'hkiG9w0BAQsFAAOCAQEAU0JPK/DnGmjCi5lKyun506JE+FVDuQsEWuF5CZPqE2um\n' + 7588 'hA04Qffi+8AfwLpG2KPBaAYTteU4fx30y8Wm0kLutalk32FgrbQX0VQ7EaCOmkMU\n' + 7589 '2dnQMmFmaFiVcOTaRzgqDOYKuzSAptCo6hqtk9kgjbda5HnsNiVC7dNMRp1Jlzwr\n' + 7590 'k/42mqZ3fFIy3wYLaxRlq368BX3u94J9Cx754V2V/XEApiRI/FsiSRzRX+jfUBa4\n' + 7591 '+wwu3WhWxisQj6z3bBkQD4RTg3S+ic8hhP44wt/1MmSLG946Dc9uVYJKUVZqTco9\n' + 7592 'QDoDwYfBJBzcXjManSkPsGCb7RfTAr5HqcEtIHsK+w==\n' + 7593 '-----END X509 CRL-----\n'; 7594// Binary data of the CRL, which needs to match your case. 7595let crlEncodingBlob: cert.EncodingBlob = { 7596 data: stringToUint8Array(crlData), 7597 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7598 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7599}; 7600 7601async function crlToString() { 7602 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7603 try { 7604 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7605 console.log('createX509CRL success'); 7606 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString(cert.EncodingType.ENCODING_UTF8))); 7607 } catch (err) { 7608 let e: BusinessError = err as BusinessError; 7609 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7610 } 7611} 7612``` 7613 7614### hashCode<sup>12+</sup> 7615 7616hashCode(): Uint8Array 7617 7618Obtains the hash value of the data in DER format. 7619 7620**Atomic service API**: This API can be used in atomic services since API version 12. 7621 7622**System capability**: SystemCapability.Security.Cert 7623 7624**Return value** 7625 7626| Type | Description | 7627| --------------------- | ----------------------------------------- | 7628| Uint8Array | Hash value obtained.| 7629 7630**Error codes** 7631 7632For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7633 7634| ID| Error Message | 7635| -------- | -------------- | 7636| 19020001 | memory malloc failed. | 7637| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7638| 19030001 | crypto operation error. | 7639 7640**Example** 7641 7642```ts 7643import { cert } from '@kit.DeviceCertificateKit'; 7644import { BusinessError } from '@kit.BasicServicesKit'; 7645 7646// Convert the string into a Uint8Array. 7647function stringToUint8Array(str: string): Uint8Array { 7648 let arr: Array<number> = []; 7649 for (let i = 0, j = str.length; i < j; i++) { 7650 arr.push(str.charCodeAt(i)); 7651 } 7652 return new Uint8Array(arr); 7653} 7654 7655let crlData = '-----BEGIN X509 CRL-----\n' + 7656 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7657 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7658 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7659 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7660 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7661 'eavsH0Q3\n' + 7662 '-----END X509 CRL-----\n'; 7663 7664// Binary data of the CRL, which needs to match your case. 7665let crlEncodingBlob: cert.EncodingBlob = { 7666 data: stringToUint8Array(crlData), 7667 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7668 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7669}; 7670 7671async function crlHashCode() { 7672 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7673 try { 7674 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7675 console.log('createX509CRL success'); 7676 console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); 7677 } catch (err) { 7678 let e: BusinessError = err as BusinessError; 7679 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7680 } 7681} 7682``` 7683 7684### getExtensionsObject<sup>12+</sup> 7685 7686getExtensionsObject(): CertExtension 7687 7688Obtains the certification extensions in DER format. 7689 7690**Atomic service API**: This API can be used in atomic services since API version 12. 7691 7692**System capability**: SystemCapability.Security.Cert 7693 7694**Return value** 7695 7696| Type | Description | 7697| --------------------- | ----------------------------------------- | 7698| [CertExtension](#certextension10) | Certificate extensions object obtained.| 7699 7700**Error codes** 7701 7702For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7703 7704| ID| Error Message | 7705| -------- | -------------- | 7706| 19020001 | memory malloc failed. | 7707| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7708| 19030001 | crypto operation error. | 7709 7710**Example** 7711 7712```ts 7713import { cert } from '@kit.DeviceCertificateKit'; 7714import { BusinessError } from '@kit.BasicServicesKit'; 7715 7716// Convert the string into a Uint8Array. 7717function stringToUint8Array(str: string): Uint8Array { 7718 let arr: Array<number> = []; 7719 for (let i = 0, j = str.length; i < j; i++) { 7720 arr.push(str.charCodeAt(i)); 7721 } 7722 return new Uint8Array(arr); 7723} 7724 7725let crlData = '-----BEGIN X509 CRL-----\n' + 7726 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 7727 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 7728 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + 7729 '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 7730 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + 7731 '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 7732 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + 7733 '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 7734 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 7735 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + 7736 '+X48g7VE2o2X4cfy\n' + 7737 '-----END X509 CRL-----\n'; 7738 7739// Binary data of the CRL, which needs to match your case. 7740let crlEncodingBlob: cert.EncodingBlob = { 7741 data: stringToUint8Array(crlData), 7742 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7743 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7744}; 7745 7746async function crlHashCode() { 7747 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7748 try { 7749 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7750 console.log('createX509CRL success'); 7751 let object = x509Crl.getExtensionsObject(); 7752 } catch (err) { 7753 let e: BusinessError = err as BusinessError; 7754 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7755 } 7756} 7757``` 7758 7759## cert.createCertChainValidator 7760 7761createCertChainValidator(algorithm :string) : CertChainValidator 7762 7763Creates a **CertChainValidator** object. 7764 7765**Atomic service API**: This API can be used in atomic services since API version 12. 7766 7767**System capability**: SystemCapability.Security.Cert 7768 7769**Parameters** 7770 7771| Name | Type | Mandatory| Description | 7772| --------- | ------ | ---- | ------------------------------------------ | 7773| algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| 7774 7775**Return value** 7776 7777| Type | Description | 7778| ------------------ | -------------------- | 7779| [CertChainValidator](#certchainvalidator) | **CertChainValidator** object created.| 7780 7781**Error codes** 7782 7783For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7784 7785| ID| Error Message | 7786| -------- | ----------------------- | 7787| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7788| 801 | this operation is not supported. | 7789| 19020001 | memory malloc failed. | 7790| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7791| 19030001 | crypto operation error. | 7792 7793**Example** 7794 7795```ts 7796import { cert } from '@kit.DeviceCertificateKit'; 7797import { BusinessError } from '@kit.BasicServicesKit'; 7798 7799try { 7800 let validator = cert.createCertChainValidator('PKIX'); 7801} catch (error) { 7802 let e: BusinessError = error as BusinessError; 7803 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7804} 7805``` 7806 7807## CertChainValidator 7808 7809Provides APIs for certificate chain validator operations. 7810 7811 7812**Atomic service API**: This API can be used in atomic services since API version 12. 7813 7814**System capability**: SystemCapability.Security.Cert 7815 7816| Name | Type | Read-Only| Optional| Description | 7817| ------- | ------ | ---- | ---- | -------------------------- | 7818| algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| 7819 7820 7821### validate 7822 7823validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 7824 7825Validates an X.509 certificate chain. This API uses an asynchronous callback to return the result. 7826The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). 7827 7828**Atomic service API**: This API can be used in atomic services since API version 12. 7829 7830**System capability**: SystemCapability.Security.Cert 7831 7832**Parameters** 7833 7834| Name | Type | Mandatory| Description | 7835| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 7836| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | 7837| callback | AsyncCallback\<void> | Yes | Callback used to return the result. If **error** is **null**, the validation is successful. If **error** is not **null**, the validation fails.| 7838 7839**Error codes** 7840 7841For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7842 7843| ID| Error Message | 7844| -------- | ------------------------------------------------- | 7845| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7846| 19020001 | memory malloc failed. | 7847| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7848| 19030001 | crypto operation error. | 7849| 19030002 | the certificate signature verification failed. | 7850| 19030003 | the certificate has not taken effect. | 7851| 19030004 | the certificate has expired. | 7852| 19030005 | failed to obtain the certificate issuer. | 7853| 19030006 | the key cannot be used for signing a certificate. | 7854| 19030007 | the key cannot be used for digital signature. | 7855 7856**Example** 7857 7858```ts 7859import { cert } from '@kit.DeviceCertificateKit'; 7860import { BusinessError } from '@kit.BasicServicesKit'; 7861 7862// Convert the string into a Uint8Array. 7863function stringToUint8Array(str: string): Uint8Array { 7864 let arr: Array<number> = []; 7865 for (let i = 0, j = str.length; i < j; i++) { 7866 arr.push(str.charCodeAt(i)); 7867 } 7868 return new Uint8Array(arr); 7869} 7870 7871// Binary data of the certificate chain. 7872let certPem = '-----BEGIN CERTIFICATE-----\n' + 7873 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7874 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7875 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7876 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7877 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7878 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7879 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7880 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7881 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7882 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7883 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7884 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7885 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7886 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7887 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7888 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7889 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7890 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7891 '-----END CERTIFICATE-----'; 7892 7893let caPem = '-----BEGIN CERTIFICATE-----\n' + 7894'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7895'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7896'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7897'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7898'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7899'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7900'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7901'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7902'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7903'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7904'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7905'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7906'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7907'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7908'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7909'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7910'sSus\n' + 7911'-----END CERTIFICATE-----'; 7912 7913let certPemData = stringToUint8Array(certPem); 7914let caPemData = stringToUint8Array(caPem); 7915 7916let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7917let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7918 7919let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7920certChainBuff.set(certPemDataLenData) 7921certChainBuff.set(certPemData, certPemDataLenData.length) 7922certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7923certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7924 7925let certChainData: cert.CertChainData = { 7926 data: certChainBuff, 7927 // Number of certificates in the certificate chain. It must be set based on the service. 7928 count: 2, 7929 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 7930 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7931}; 7932 7933try { 7934 let validator = cert.createCertChainValidator('PKIX'); 7935 validator.validate(certChainData, (error, data) => { 7936 if (error) { 7937 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7938 } else { 7939 console.log('validate success'); 7940 } 7941 }); 7942} catch (error) { 7943 let e: BusinessError = error as BusinessError; 7944 console.error('validate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7945} 7946``` 7947 7948### validate 7949 7950validate(certChain : CertChainData) : Promise\<void> 7951 7952Validates an X.509 certificate chain. This API uses a promise to return the result. 7953The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). 7954 7955**Atomic service API**: This API can be used in atomic services since API version 12. 7956 7957**System capability**: SystemCapability.Security.Cert 7958 7959**Parameters** 7960 7961| Name | Type | Mandatory| Description | 7962| --------- | ------------------------------- | ---- | -------------------------- | 7963| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| 7964 7965**Return value** 7966 7967| Type | Description | 7968| -------------- | ----------- | 7969| Promise\<void> | Promise used to return| 7970 7971**Error codes** 7972 7973For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 7974 7975| ID| Error Message | 7976| -------- | ------------------------------------------------- | 7977| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7978| 19020001 | memory malloc failed. | 7979| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 7980| 19030001 | crypto operation error. | 7981| 19030002 | the certificate signature verification failed. | 7982| 19030003 | the certificate has not taken effect. | 7983| 19030004 | the certificate has expired. | 7984| 19030005 | failed to obtain the certificate issuer. | 7985| 19030006 | the key cannot be used for signing a certificate. | 7986| 19030007 | the key cannot be used for digital signature. | 7987 7988**Example** 7989 7990```ts 7991import { cert } from '@kit.DeviceCertificateKit'; 7992import { BusinessError } from '@kit.BasicServicesKit'; 7993 7994// Convert the string into a Uint8Array. 7995function stringToUint8Array(str: string): Uint8Array { 7996 let arr: Array<number> = []; 7997 for (let i = 0, j = str.length; i < j; i++) { 7998 arr.push(str.charCodeAt(i)); 7999 } 8000 return new Uint8Array(arr); 8001} 8002 8003// Certificate chain data. 8004let certPem = '-----BEGIN CERTIFICATE-----\n' + 8005 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 8006 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 8007 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 8008 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 8009 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 8010 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 8011 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 8012 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 8013 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 8014 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 8015 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 8016 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 8017 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 8018 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 8019 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 8020 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 8021 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 8022 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 8023 '-----END CERTIFICATE-----'; 8024 8025let caPem = '-----BEGIN CERTIFICATE-----\n' + 8026'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 8027'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 8028'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 8029'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 8030'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 8031'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 8032'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 8033'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 8034'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 8035'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 8036'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 8037'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 8038'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 8039'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 8040'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 8041'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 8042'sSus\n' + 8043'-----END CERTIFICATE-----'; 8044 8045let certPemData = stringToUint8Array(certPem); 8046let caPemData = stringToUint8Array(caPem); 8047 8048let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 8049let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 8050 8051let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 8052certChainBuff.set(certPemDataLenData) 8053certChainBuff.set(certPemData, certPemDataLenData.length) 8054certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 8055certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 8056 8057let certChainData: cert.CertChainData = { 8058 data: certChainBuff, 8059 // Number of certificates in the certificate chain. It must be set based on the service. 8060 count: 2, 8061 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8062 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8063}; 8064 8065try { 8066 let validator = cert.createCertChainValidator('PKIX'); 8067 validator.validate(certChainData).then(result => { 8068 console.log('validate success'); 8069 }).catch((error: BusinessError) => { 8070 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8071 }); 8072} catch (error) { 8073 let e: BusinessError = error as BusinessError; 8074 console.error('validate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8075} 8076``` 8077 8078## X509CrlEntry<sup>(deprecated)</sup> 8079 8080Provides APIs for operating the revoked certificates. 8081 8082> **NOTE** 8083> 8084> This API is deprecated since API version 11. Use [X509CrlEntry](#x509crlentry11) instead. 8085 8086### getEncoded<sup>(deprecated)</sup> 8087 8088getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 8089 8090Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 8091 8092> **NOTE** 8093> 8094> This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-2) instead. 8095 8096**System capability**: SystemCapability.Security.Cert 8097 8098**Parameters** 8099 8100| Name | Type | Mandatory| Description | 8101| -------- | --------------------------------------------- | ---- | ------------------------------------ | 8102| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized data of the revoked certificate.| 8103 8104**Error codes** 8105 8106For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8107 8108| ID| Error Message | 8109| -------- | ----------------------- | 8110| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8111| 19020001 | memory malloc failed. | 8112| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8113| 19030001 | crypto operation error. | 8114 8115**Example** 8116 8117```ts 8118import { cert } from '@kit.DeviceCertificateKit'; 8119import { BusinessError } from '@kit.BasicServicesKit'; 8120 8121// Convert the string into a Uint8Array. 8122function stringToUint8Array(str: string): Uint8Array { 8123 let arr: Array<number> = []; 8124 for (let i = 0, j = str.length; i < j; i++) { 8125 arr.push(str.charCodeAt(i)); 8126 } 8127 return new Uint8Array(arr); 8128} 8129 8130let crlData = '-----BEGIN X509 CRL-----\n' + 8131 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8132 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8133 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8134 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8135 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8136 'eavsH0Q3\n' + 8137 '-----END X509 CRL-----\n' 8138 8139let encodingBlob: cert.EncodingBlob = { 8140 data: stringToUint8Array(crlData), 8141 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8142 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8143}; 8144 8145cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8146 if (err) { 8147 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8148 } else { 8149 console.log('create x509 crl success'); 8150 8151 try { 8152 let serialNumber = 1000; 8153 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8154 crlEntry.getEncoded((error, data) => { 8155 if (error) { 8156 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8157 } else { 8158 console.log('getEncoded success'); 8159 } 8160 }); 8161 } catch (error) { 8162 let e: BusinessError = error as BusinessError; 8163 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8164 } 8165 } 8166}) 8167``` 8168 8169### getEncoded<sup>(deprecated)</sup> 8170 8171getEncoded() : Promise\<EncodingBlob> 8172 8173Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 8174 8175> **NOTE** 8176> 8177> This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-3) instead. 8178 8179**System capability**: SystemCapability.Security.Cert 8180 8181**Return value** 8182 8183| Type | Description | 8184| --------------------------------------- | -------------------------- | 8185| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 8186 8187**Error codes** 8188 8189For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8190 8191| ID| Error Message | 8192| -------- | ----------------------- | 8193| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8194| 19020001 | memory malloc failed. | 8195| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8196| 19030001 | crypto operation error. | 8197 8198**Example** 8199 8200```ts 8201import { cert } from '@kit.DeviceCertificateKit'; 8202import { BusinessError } from '@kit.BasicServicesKit'; 8203 8204// Convert the string into a Uint8Array. 8205function stringToUint8Array(str: string): Uint8Array { 8206 let arr: Array<number> = []; 8207 for (let i = 0, j = str.length; i < j; i++) { 8208 arr.push(str.charCodeAt(i)); 8209 } 8210 return new Uint8Array(arr); 8211} 8212 8213let crlData = '-----BEGIN X509 CRL-----\n' + 8214 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8215 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8216 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8217 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8218 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8219 'eavsH0Q3\n' + 8220 '-----END X509 CRL-----\n' 8221 8222let encodingBlob: cert.EncodingBlob = { 8223 data: stringToUint8Array(crlData), 8224 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8226}; 8227 8228cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8229 if (err) { 8230 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8231 } else { 8232 console.log('create x509 crl success'); 8233 8234 try { 8235 let serialNumber = 1000; 8236 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8237 crlEntry.getEncoded().then(result => { 8238 console.log('getEncoded success'); 8239 }).catch((error: BusinessError) => { 8240 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8241 }); 8242 } catch (error) { 8243 let e: BusinessError = error as BusinessError; 8244 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8245 } 8246 } 8247}) 8248``` 8249 8250### getSerialNumber<sup>(deprecated)</sup> 8251 8252getSerialNumber() : number 8253 8254Obtains the serial number of this revoked certificate. 8255 8256> **NOTE** 8257> 8258> This API is deprecated since API version 11. Use [X509CRLEntry.getSerialNumber](#getserialnumber11) instead. 8259 8260**System capability**: SystemCapability.Security.Cert 8261 8262**Return value** 8263 8264| Type | Description | 8265| ------ | ---------------------- | 8266| number | Serial number of the revoked certificate obtained.| 8267 8268**Example** 8269 8270```ts 8271import { cert } from '@kit.DeviceCertificateKit'; 8272import { BusinessError } from '@kit.BasicServicesKit'; 8273 8274// Convert the string into a Uint8Array. 8275function stringToUint8Array(str: string): Uint8Array { 8276 let arr: Array<number> = []; 8277 for (let i = 0, j = str.length; i < j; i++) { 8278 arr.push(str.charCodeAt(i)); 8279 } 8280 return new Uint8Array(arr); 8281} 8282 8283let crlData = '-----BEGIN X509 CRL-----\n' + 8284 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8285 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8286 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8287 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8288 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8289 'eavsH0Q3\n' + 8290 '-----END X509 CRL-----\n' 8291 8292let encodingBlob: cert.EncodingBlob = { 8293 data: stringToUint8Array(crlData), 8294 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8295 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8296}; 8297 8298cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8299 if (err) { 8300 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8301 } else { 8302 console.log('create x509 crl success'); 8303 8304 try { 8305 let serialNumber = 1000; 8306 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8307 serialNumber = crlEntry.getSerialNumber(); 8308 } catch (error) { 8309 let e: BusinessError = error as BusinessError; 8310 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8311 } 8312 } 8313}) 8314``` 8315 8316### getCertIssuer<sup>(deprecated)</sup> 8317 8318getCertIssuer() : DataBlob 8319 8320Obtains the issuer of this revoked certificate. 8321 8322> **NOTE** 8323> 8324> This API is deprecated since API version 11. Use [X509CRLEntry.getCertIssuer](#getcertissuer11) instead. 8325 8326**System capability**: SystemCapability.Security.Cert 8327 8328**Return value** 8329 8330| Type | Description | 8331| --------------------- | ----------------------- | 8332| [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| 8333 8334**Error codes** 8335 8336For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8337 8338| ID| Error Message | 8339| -------- | -------------- | 8340| 801 | this operation is not supported. | 8341| 19020001 | memory malloc failed. | 8342| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8343 8344**Example** 8345 8346```ts 8347import { cert } from '@kit.DeviceCertificateKit'; 8348import { BusinessError } from '@kit.BasicServicesKit'; 8349 8350// Convert the string into a Uint8Array. 8351function stringToUint8Array(str: string): Uint8Array { 8352 let arr: Array<number> = []; 8353 for (let i = 0, j = str.length; i < j; i++) { 8354 arr.push(str.charCodeAt(i)); 8355 } 8356 return new Uint8Array(arr); 8357} 8358 8359let crlData = '-----BEGIN X509 CRL-----\n' + 8360 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8361 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8362 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8363 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8364 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8365 'eavsH0Q3\n' + 8366 '-----END X509 CRL-----\n' 8367 8368let encodingBlob: cert.EncodingBlob = { 8369 data: stringToUint8Array(crlData), 8370 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8371 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8372}; 8373 8374cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8375 if (err) { 8376 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8377 } else { 8378 console.log('create x509 crl success'); 8379 8380 try { 8381 let serialNumber = 1000; 8382 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8383 let issuer = crlEntry.getCertIssuer(); 8384 } catch (error) { 8385 let e: BusinessError = error as BusinessError; 8386 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8387 } 8388 } 8389}) 8390``` 8391 8392### getRevocationDate<sup>(deprecated)</sup> 8393 8394getRevocationDate() : string 8395 8396Obtains the date when the certificate is revoked. 8397 8398> **NOTE** 8399> 8400> This API is deprecated since API version 11. Use [X509CRLEntry.getRevocationDate](#getrevocationdate11) instead. 8401 8402**System capability**: SystemCapability.Security.Cert 8403 8404**Return value** 8405 8406| Type | Description | 8407| ------ | ------------------ | 8408| string | Certificate revocation date, in ASN.1 format.| 8409 8410**Error codes** 8411 8412For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8413 8414| ID| Error Message | 8415| -------- | ----------------------- | 8416| 19020001 | memory malloc failed. | 8417| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8418| 19030001 | crypto operation error. | 8419 8420**Example** 8421 8422```ts 8423import { cert } from '@kit.DeviceCertificateKit'; 8424import { BusinessError } from '@kit.BasicServicesKit'; 8425 8426// Convert the string into a Uint8Array. 8427function stringToUint8Array(str: string): Uint8Array { 8428 let arr: Array<number> = []; 8429 for (let i = 0, j = str.length; i < j; i++) { 8430 arr.push(str.charCodeAt(i)); 8431 } 8432 return new Uint8Array(arr); 8433} 8434 8435let crlData = '-----BEGIN X509 CRL-----\n' + 8436 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8437 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8438 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8439 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8440 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8441 'eavsH0Q3\n' + 8442 '-----END X509 CRL-----\n' 8443 8444let encodingBlob: cert.EncodingBlob = { 8445 data: stringToUint8Array(crlData), 8446 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8447 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8448}; 8449 8450cert.createX509Crl(encodingBlob, (err, x509Crl) => { 8451 if (err) { 8452 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8453 } else { 8454 console.log('create x509 crl success'); 8455 8456 try { 8457 let serialNumber = 1000; 8458 let crlEntry = x509Crl.getRevokedCert(serialNumber); 8459 let date = crlEntry.getRevocationDate(); 8460 } catch (error) { 8461 let e: BusinessError = error as BusinessError; 8462 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8463 } 8464 } 8465}) 8466``` 8467 8468## X509CRLEntry<sup>11+</sup> 8469 8470Provides APIs for operating the revoked certificates. 8471 8472### getEncoded<sup>11+</sup> 8473 8474getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 8475 8476Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. 8477 8478**Atomic service API**: This API can be used in atomic services since API version 12. 8479 8480**System capability**: SystemCapability.Security.Cert 8481 8482**Parameters** 8483 8484| Name | Type | Mandatory| Description | 8485| -------- | --------------------------------------------- | ---- | ------------------------------------ | 8486| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the serialized data of the revoked certificate.| 8487 8488**Error codes** 8489 8490For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8491 8492| ID| Error Message | 8493| -------- | ----------------------- | 8494| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8495| 19020001 | memory malloc failed. | 8496| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8497| 19030001 | crypto operation error. | 8498 8499**Example** 8500 8501```ts 8502import { cert } from '@kit.DeviceCertificateKit'; 8503import { BusinessError } from '@kit.BasicServicesKit'; 8504 8505// Convert the string into a Uint8Array. 8506function stringToUint8Array(str: string): Uint8Array { 8507 let arr: Array<number> = []; 8508 for (let i = 0, j = str.length; i < j; i++) { 8509 arr.push(str.charCodeAt(i)); 8510 } 8511 return new Uint8Array(arr); 8512} 8513 8514let crlData = '-----BEGIN X509 CRL-----\n' + 8515 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8516 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8517 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8518 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8519 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8520 'eavsH0Q3\n' + 8521 '-----END X509 CRL-----\n' 8522 8523let encodingBlob: cert.EncodingBlob = { 8524 data: stringToUint8Array(crlData), 8525 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8526 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8527}; 8528 8529cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8530 if (err) { 8531 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8532 } else { 8533 console.log('create x509 CRL success'); 8534 8535 try { 8536 let serialNumber = BigInt(1000); 8537 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8538 crlEntry.getEncoded((error, data) => { 8539 if (error) { 8540 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8541 } else { 8542 console.log('getEncoded success'); 8543 } 8544 }); 8545 } catch (error) { 8546 let e: BusinessError = error as BusinessError; 8547 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8548 } 8549 } 8550}) 8551``` 8552 8553### getEncoded<sup>11+</sup> 8554 8555getEncoded() : Promise\<EncodingBlob> 8556 8557Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. 8558 8559**Atomic service API**: This API can be used in atomic services since API version 12. 8560 8561**System capability**: SystemCapability.Security.Cert 8562 8563**Return value** 8564 8565| Type | Description | 8566| --------------------------------------- | -------------------------- | 8567| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 8568 8569**Error codes** 8570 8571For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8572 8573| ID| Error Message | 8574| -------- | ----------------------- | 8575| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8576| 19020001 | memory malloc failed. | 8577| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8578| 19030001 | crypto operation error. | 8579 8580**Example** 8581 8582```ts 8583import { cert } from '@kit.DeviceCertificateKit'; 8584import { BusinessError } from '@kit.BasicServicesKit'; 8585 8586// Convert the string into a Uint8Array. 8587function stringToUint8Array(str: string): Uint8Array { 8588 let arr: Array<number> = []; 8589 for (let i = 0, j = str.length; i < j; i++) { 8590 arr.push(str.charCodeAt(i)); 8591 } 8592 return new Uint8Array(arr); 8593} 8594 8595let crlData = '-----BEGIN X509 CRL-----\n' + 8596 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8597 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8598 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8599 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8600 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8601 'eavsH0Q3\n' + 8602 '-----END X509 CRL-----\n' 8603 8604let encodingBlob: cert.EncodingBlob = { 8605 data: stringToUint8Array(crlData), 8606 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8607 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8608}; 8609 8610cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8611 if (err) { 8612 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8613 } else { 8614 console.log('create x509 CRL success'); 8615 8616 try { 8617 let serialNumber = BigInt(1000); 8618 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8619 crlEntry.getEncoded().then(result => { 8620 console.log('getEncoded success'); 8621 }).catch((error: BusinessError) => { 8622 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8623 }); 8624 } catch (error) { 8625 let e: BusinessError = error as BusinessError; 8626 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8627 } 8628 } 8629}) 8630``` 8631 8632### getSerialNumber<sup>11+</sup> 8633 8634getSerialNumber() : bigint 8635 8636Obtains the serial number of this revoked certificate. 8637 8638**Atomic service API**: This API can be used in atomic services since API version 12. 8639 8640**System capability**: SystemCapability.Security.Cert 8641 8642**Return value** 8643 8644| Type | Description | 8645| ------ | ---------------------- | 8646| bigint | Serial number of the revoked certificate obtained.| 8647 8648**Error codes** 8649 8650For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8651 8652| ID| Error Message | 8653| -------- | ----------------------- | 8654| 19020001 | memory malloc failed. | 8655| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8656| 19030001 | crypto operation error. | 8657 8658**Example** 8659 8660```ts 8661import { cert } from '@kit.DeviceCertificateKit'; 8662import { BusinessError } from '@kit.BasicServicesKit'; 8663 8664// Convert the string into a Uint8Array. 8665function stringToUint8Array(str: string): Uint8Array { 8666 let arr: Array<number> = []; 8667 for (let i = 0, j = str.length; i < j; i++) { 8668 arr.push(str.charCodeAt(i)); 8669 } 8670 return new Uint8Array(arr); 8671} 8672 8673let crlData = '-----BEGIN X509 CRL-----\n' + 8674 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8675 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8676 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8677 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8678 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8679 'eavsH0Q3\n' + 8680 '-----END X509 CRL-----\n' 8681 8682let encodingBlob: cert.EncodingBlob = { 8683 data: stringToUint8Array(crlData), 8684 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8685 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8686}; 8687 8688cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8689 if (err) { 8690 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8691 } else { 8692 console.log('create x509 crl success'); 8693 8694 try { 8695 let serialNumber = BigInt(1000); 8696 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8697 serialNumber = crlEntry.getSerialNumber(); 8698 } catch (error) { 8699 let e: BusinessError = error as BusinessError; 8700 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8701 } 8702 } 8703}) 8704``` 8705 8706### getCertIssuer<sup>11+</sup> 8707 8708getCertIssuer() : DataBlob 8709 8710Obtains the issuer of a revoked certificate. 8711 8712> **NOTE** 8713> 8714> The obtained issuer of this revoked certificate contains a string terminator. 8715 8716**Atomic service API**: This API can be used in atomic services since API version 12. 8717 8718**System capability**: SystemCapability.Security.Cert 8719 8720**Return value** 8721 8722| Type | Description | 8723| --------------------- | -------------------------- | 8724| [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| 8725 8726**Error codes** 8727 8728For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8729 8730| ID| Error Message | 8731| -------- | ----------------------- | 8732| 801 | this operation is not supported. | 8733| 19020001 | memory malloc failed. | 8734| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8735| 19030001 | crypto operation error. | 8736 8737**Example** 8738 8739```ts 8740import { cert } from '@kit.DeviceCertificateKit'; 8741import { BusinessError } from '@kit.BasicServicesKit'; 8742 8743// Convert the string into a Uint8Array. 8744function stringToUint8Array(str: string): Uint8Array { 8745 let arr: Array<number> = []; 8746 for (let i = 0, j = str.length; i < j; i++) { 8747 arr.push(str.charCodeAt(i)); 8748 } 8749 return new Uint8Array(arr); 8750} 8751 8752let crlData = '-----BEGIN X509 CRL-----\n' + 8753 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8754 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8755 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8756 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8757 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8758 'eavsH0Q3\n' + 8759 '-----END X509 CRL-----\n' 8760 8761let encodingBlob: cert.EncodingBlob = { 8762 data: stringToUint8Array(crlData), 8763 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8764 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8765}; 8766 8767cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8768 if (err) { 8769 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8770 } else { 8771 console.log('create x509 CRL success'); 8772 8773 try { 8774 let serialNumber = BigInt(1000); 8775 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8776 let issuer = crlEntry.getCertIssuer(); 8777 } catch (error) { 8778 let e: BusinessError = error as BusinessError; 8779 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8780 } 8781 } 8782}) 8783``` 8784 8785### getCertIssuer<sup>20+</sup> 8786 8787getCertIssuer(encodingType: EncodingType): string 8788 8789Obtains the issuer information of a revoked certificate based on the encoding type. 8790 8791**Atomic service API**: This API can be used in atomic services since API version 20. 8792 8793**System capability**: SystemCapability.Security.Cert 8794 8795**Parameters** 8796 8797| Name | Type | Mandatory| Description | 8798| -------- | ------------------------------------- | ---- | ------------------------------ | 8799| encodingType | [EncodingType](#encodingtype12) | Yes | Encoding type. | 8800 8801**Return value** 8802 8803| Type | Description | 8804| ------ | -------------------- | 8805| string | Issuer information of a revoked certificate, separated by commas (,).| 8806 8807**Error codes** 8808 8809For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8810 8811| ID| Error Message | 8812| -------- | ------------------------------------------------- | 8813| 801 | this operation is not supported. | 8814| 19020001 | memory malloc failed. | 8815| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8816| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 8817| 19030001 | crypto operation error. | 8818 8819**Example** 8820 8821```ts 8822import { cert } from '@kit.DeviceCertificateKit'; 8823import { BusinessError } from '@kit.BasicServicesKit'; 8824 8825// Convert the string into a Uint8Array. 8826function stringToUint8Array(str: string): Uint8Array { 8827 let arr: Array<number> = []; 8828 for (let i = 0, j = str.length; i < j; i++) { 8829 arr.push(str.charCodeAt(i)); 8830 } 8831 return new Uint8Array(arr); 8832} 8833 8834 let crlData = '-----BEGIN X509 CRL-----\n' + 8835 'MIIBTDCBtgIBATANBgkqhkiG9w0BAQsFADBZMQswCQYDVQQGEwJDTjEPMA0GA1UE\n' + 8836 'CAwG6ZmV6KW/MQ8wDQYDVQQHDAbopb/lrokxDzANBgNVBAoMBua1i+ivlTEXMBUG\n' + 8837 'A1UEAwwO5Lit5paH5rWL6K+VIyMXDTI1MDMyNDA5MTExNVoXDTI1MDQyMzA5MTEx\n' + 8838 'NVowGTAXAgYBcqcmOsAXDTI1MDIyMDA2MTMwM1qgDjAMMAoGA1UdFAQDAgECMA0G\n' + 8839 'CSqGSIb3DQEBCwUAA4GBACedFnn4unfYLiRCl1ZAFXx6LFdX6U+IZ/buW44xKAWi\n' + 8840 'fyvcSxKIeGtMVjmQSs4HeNfNujIjaDN1+/J2nLSmHPiQ/c0LAc47zefVt2VnFuR4\n' + 8841 'TMUJEDUlnekYfDMxQqtihAO/Bpw33twK6otDvaAPm9vJoCu8JmGXxt6g+8vbYuNT\n' + 8842 '-----END X509 CRL-----\n'; 8843 8844let encodingBlob: cert.EncodingBlob = { 8845 data: stringToUint8Array(crlData), 8846 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8847 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8848}; 8849 8850cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8851 if (err) { 8852 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8853 } else { 8854 console.log('create x509 CRL success'); 8855 8856 try { 8857 let serialNumber = BigInt(1591942200000); 8858 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8859 let issuer = crlEntry.getCertIssuer(cert.EncodingType.ENCODING_UTF8); 8860 console.info('issuer output is ' + issuer); 8861 } catch (error) { 8862 let e: BusinessError = error as BusinessError; 8863 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8864 } 8865 } 8866}) 8867``` 8868 8869### getRevocationDate<sup>11+</sup> 8870 8871getRevocationDate() : string 8872 8873Obtains the date when the certificate was revoked. 8874 8875**Atomic service API**: This API can be used in atomic services since API version 12. 8876 8877**System capability**: SystemCapability.Security.Cert 8878 8879**Return value** 8880 8881| Type | Description | 8882| ------ | -------------------- | 8883| string | Promise used to return the certificate revocation date obtained.| 8884 8885**Error codes** 8886 8887For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8888 8889| ID| Error Message | 8890| -------- | ----------------------- | 8891| 19020001 | memory malloc failed. | 8892| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8893| 19030001 | crypto operation error. | 8894 8895**Example** 8896 8897```ts 8898import { cert } from '@kit.DeviceCertificateKit'; 8899import { BusinessError } from '@kit.BasicServicesKit'; 8900 8901// Convert the string into a Uint8Array. 8902function stringToUint8Array(str: string): Uint8Array { 8903 let arr: Array<number> = []; 8904 for (let i = 0, j = str.length; i < j; i++) { 8905 arr.push(str.charCodeAt(i)); 8906 } 8907 return new Uint8Array(arr); 8908} 8909 8910let crlData = '-----BEGIN X509 CRL-----\n' + 8911 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8912 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8913 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8914 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8915 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8916 'eavsH0Q3\n' + 8917 '-----END X509 CRL-----\n' 8918 8919let encodingBlob: cert.EncodingBlob = { 8920 data: stringToUint8Array(crlData), 8921 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8922 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8923}; 8924 8925cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8926 if (err) { 8927 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8928 } else { 8929 console.log('create x509 CRL success'); 8930 8931 try { 8932 let serialNumber = BigInt(1000); 8933 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8934 let date = crlEntry.getRevocationDate(); 8935 } catch (error) { 8936 let e: BusinessError = error as BusinessError; 8937 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8938 } 8939 } 8940}) 8941``` 8942 8943### getExtensions<sup>11+</sup> 8944 8945getExtensions(): DataBlob 8946 8947Obtains the CRL extensions. 8948 8949**Atomic service API**: This API can be used in atomic services since API version 12. 8950 8951**System capability**: SystemCapability.Security.Cert 8952 8953**Return value** 8954 8955| Type | Description | 8956| --------------------- | ------------------------ | 8957| [DataBlob](#datablob) | CRl extensions obtained.| 8958 8959**Error codes** 8960 8961For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 8962 8963| ID| Error Message | 8964| -------- | ----------------------- | 8965| 19020001 | memory malloc failed. | 8966| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 8967| 19030001 | crypto operation error. | 8968 8969**Example** 8970 8971```ts 8972import { cert } from '@kit.DeviceCertificateKit'; 8973import { BusinessError } from '@kit.BasicServicesKit'; 8974 8975// Convert the string into a Uint8Array. 8976function stringToUint8Array(str: string): Uint8Array { 8977 let arr: Array<number> = []; 8978 for (let i = 0, j = str.length; i < j; i++) { 8979 arr.push(str.charCodeAt(i)); 8980 } 8981 return new Uint8Array(arr); 8982} 8983 8984let crlData = '-----BEGIN X509 CRL-----\n' + 8985 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 8986 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 8987 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 8988 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 8989 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 8990 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 8991 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 8992 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 8993 '+i2osvdPWRia0dJCL1PCA14k\n' + 8994 '-----END X509 CRL-----\n'; 8995 8996let encodingBlob: cert.EncodingBlob = { 8997 data: stringToUint8Array(crlData), 8998 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 8999 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9000}; 9001 9002cert.createX509CRL(encodingBlob, (err, x509CRL) => { 9003 if (err) { 9004 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9005 } else { 9006 console.log('create x509 CRL success'); 9007 9008 try { 9009 let serialNumber = BigInt(4); 9010 let crlEntry = x509CRL.getRevokedCert(serialNumber); 9011 let extensions = crlEntry.getExtensions(); 9012 } catch (error) { 9013 let e: BusinessError = error as BusinessError; 9014 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9015 } 9016 } 9017}) 9018``` 9019 9020### hasExtensions<sup>11+</sup> 9021 9022hasExtensions(): boolean 9023 9024Checks whether this CRL entry has extensions. 9025 9026**Atomic service API**: This API can be used in atomic services since API version 12. 9027 9028**System capability**: SystemCapability.Security.Cert 9029 9030**Return value** 9031 9032| Type | Description | 9033| ------- | ---------------------------------------------------- | 9034| boolean | Returns **true** if the CRL entry has extension; returns **false** otherwise.| 9035 9036**Error codes** 9037 9038For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9039 9040| ID| Error Message | 9041| -------- | ----------------------- | 9042| 19020001 | memory malloc failed. | 9043| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 9044| 19030001 | crypto operation error. | 9045 9046**Example** 9047 9048```ts 9049import { cert } from '@kit.DeviceCertificateKit'; 9050import { BusinessError } from '@kit.BasicServicesKit'; 9051 9052// Convert the string into a Uint8Array. 9053function stringToUint8Array(str: string): Uint8Array { 9054 let arr: Array<number> = []; 9055 for (let i = 0, j = str.length; i < j; i++) { 9056 arr.push(str.charCodeAt(i)); 9057 } 9058 return new Uint8Array(arr); 9059} 9060 9061let crlData = '-----BEGIN X509 CRL-----\n' + 9062 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9063 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9064 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9065 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9066 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9067 'eavsH0Q3\n' + 9068 '-----END X509 CRL-----\n' 9069 9070let encodingBlob: cert.EncodingBlob = { 9071 data: stringToUint8Array(crlData), 9072 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9073 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9074}; 9075 9076cert.createX509CRL(encodingBlob, (err, x509CRL) => { 9077 if (err) { 9078 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9079 } else { 9080 console.log('create x509 CRL success'); 9081 9082 try { 9083 let serialNumber = BigInt(1000); 9084 let crlEntry = x509CRL.getRevokedCert(serialNumber); 9085 let hasExtensions = crlEntry.hasExtensions(); 9086 } catch (error) { 9087 let e: BusinessError = error as BusinessError; 9088 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9089 } 9090 } 9091}) 9092``` 9093 9094### getCertIssuerX500DistinguishedName<sup>12+</sup> 9095 9096getCertIssuerX500DistinguishedName(): X500DistinguishedName 9097 9098Obtains the DN of the certificate issuer. 9099 9100**Atomic service API**: This API can be used in atomic services since API version 12. 9101 9102**System capability**: SystemCapability.Security.Cert 9103 9104**Return value** 9105 9106| Type | Description | 9107| ------- | ---------------------------------------------------- | 9108| [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| 9109 9110**Error codes** 9111 9112For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9113 9114| ID| Error Message | 9115| -------- | ----------------------- | 9116| 19020001 | memory malloc failed. | 9117| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 9118| 19030001 | crypto operation error. | 9119 9120**Example** 9121 9122```ts 9123import { cert } from '@kit.DeviceCertificateKit'; 9124import { BusinessError } from '@kit.BasicServicesKit'; 9125 9126// Convert the string into a Uint8Array. 9127function stringToUint8Array(str: string): Uint8Array { 9128 let arr: Array<number> = []; 9129 for (let i = 0, j = str.length; i < j; i++) { 9130 arr.push(str.charCodeAt(i)); 9131 } 9132 return new Uint8Array(arr); 9133} 9134 9135let crlData = '-----BEGIN X509 CRL-----\n' + 9136 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9137 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9138 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9139 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9140 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9141 'eavsH0Q3\n' + 9142 '-----END X509 CRL-----\n' 9143 9144let encodingBlob: cert.EncodingBlob = { 9145 data: stringToUint8Array(crlData), 9146 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9147 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9148}; 9149 9150async function certGetCertIssuerX500DistinguishedName() { 9151 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 9152 try { 9153 x509Crl = await cert.createX509CRL(encodingBlob); 9154 console.log('createX509CRL success'); 9155 let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); 9156 } catch (error) { 9157 let e: BusinessError = error as BusinessError; 9158 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9159 } 9160} 9161``` 9162 9163### toString<sup>12+</sup> 9164 9165toString(): string 9166 9167Converts the object data into a string. 9168 9169**Atomic service API**: This API can be used in atomic services since API version 12. 9170 9171**System capability**: SystemCapability.Security.Cert 9172 9173**Return value** 9174 9175| Type | Description | 9176| ------- | ---------------------------------------------------- | 9177| string | String obtained.| 9178 9179**Error codes** 9180 9181For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9182 9183| ID| Error Message | 9184| -------- | ----------------------- | 9185| 19020001 | memory malloc failed. | 9186| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 9187| 19030001 | crypto operation error. | 9188 9189**Example** 9190 9191```ts 9192import { cert } from '@kit.DeviceCertificateKit'; 9193import { BusinessError } from '@kit.BasicServicesKit'; 9194 9195// Convert the string into a Uint8Array. 9196function stringToUint8Array(str: string): Uint8Array { 9197 let arr: Array<number> = []; 9198 for (let i = 0, j = str.length; i < j; i++) { 9199 arr.push(str.charCodeAt(i)); 9200 } 9201 return new Uint8Array(arr); 9202} 9203 9204let crlData = '-----BEGIN X509 CRL-----\n' + 9205 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9206 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9207 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9208 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9209 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9210 'eavsH0Q3\n' + 9211 '-----END X509 CRL-----\n' 9212 9213let encodingBlob: cert.EncodingBlob = { 9214 data: stringToUint8Array(crlData), 9215 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9216 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9217}; 9218 9219async function certToString() { 9220 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 9221 try { 9222 x509Crl = await cert.createX509CRL(encodingBlob); 9223 console.log('createX509CRL success'); 9224 console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); 9225 } catch (error) { 9226 let e: BusinessError = error as BusinessError; 9227 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9228 } 9229} 9230``` 9231 9232### hashCode<sup>12+</sup> 9233 9234hashCode(): Uint8Array 9235 9236Obtains the hash value of the data in DER format. 9237 9238**Atomic service API**: This API can be used in atomic services since API version 12. 9239 9240**System capability**: SystemCapability.Security.Cert 9241 9242**Return value** 9243 9244| Type | Description | 9245| ------- | ---------------------------------------------------- | 9246| Uint8Array | Hash value obtained.| 9247 9248**Error codes** 9249 9250For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9251 9252| ID| Error Message | 9253| -------- | ----------------------- | 9254| 19020001 | memory malloc failed. | 9255| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 9256| 19030001 | crypto operation error. | 9257 9258**Example** 9259 9260```ts 9261import { cert } from '@kit.DeviceCertificateKit'; 9262import { BusinessError } from '@kit.BasicServicesKit'; 9263 9264// Convert the string into a Uint8Array. 9265function stringToUint8Array(str: string): Uint8Array { 9266 let arr: Array<number> = []; 9267 for (let i = 0, j = str.length; i < j; i++) { 9268 arr.push(str.charCodeAt(i)); 9269 } 9270 return new Uint8Array(arr); 9271} 9272 9273let crlData = '-----BEGIN X509 CRL-----\n' + 9274 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9275 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9276 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9277 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9278 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9279 'eavsH0Q3\n' + 9280 '-----END X509 CRL-----\n' 9281 9282let encodingBlob: cert.EncodingBlob = { 9283 data: stringToUint8Array(crlData), 9284 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9285 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9286}; 9287 9288async function certHashCode() { 9289 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 9290 try { 9291 x509Crl = await cert.createX509CRL(encodingBlob); 9292 console.log('createX509CRL success'); 9293 console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); 9294 } catch (error) { 9295 let e: BusinessError = error as BusinessError; 9296 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9297 } 9298} 9299``` 9300 9301### getExtensionsObject<sup>12+</sup> 9302 9303getExtensionsObject(): CertExtension 9304 9305Obtains the certification extensions in DER format. 9306 9307**Atomic service API**: This API can be used in atomic services since API version 12. 9308 9309**System capability**: SystemCapability.Security.Cert 9310 9311**Return value** 9312 9313| Type | Description | 9314| ------- | ---------------------------------------------------- | 9315| [CertExtension](#certextension10) | Certificate extensions object obtained.| 9316 9317**Error codes** 9318 9319For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9320 9321| ID| Error Message | 9322| -------- | ----------------------- | 9323| 19020001 | memory malloc failed. | 9324| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 9325| 19030001 | crypto operation error. | 9326 9327**Example** 9328 9329```ts 9330import { cert } from '@kit.DeviceCertificateKit'; 9331import { BusinessError } from '@kit.BasicServicesKit'; 9332 9333// Convert the string into a Uint8Array. 9334function stringToUint8Array(str: string): Uint8Array { 9335 let arr: Array<number> = []; 9336 for (let i = 0, j = str.length; i < j; i++) { 9337 arr.push(str.charCodeAt(i)); 9338 } 9339 return new Uint8Array(arr); 9340} 9341 9342let crlData = '-----BEGIN X509 CRL-----\n' + 9343 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 9344 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 9345 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 9346 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 9347 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 9348 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 9349 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 9350 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 9351 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + 9352 '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 9353 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 9354 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 9355 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 9356 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 9357 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 9358 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + 9359 '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 9360 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 9361 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 9362 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 9363 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 9364 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 9365 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 9366 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 9367 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 9368 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 9369 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 9370 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 9371 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + 9372 '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 9373 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 9374 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 9375 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 9376 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 9377 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 9378 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 9379 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 9380 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 9381 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 9382 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 9383 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 9384 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 9385 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 9386 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 9387 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 9388 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 9389 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 9390 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 9391 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 9392 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 9393 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 9394 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 9395 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + 9396 '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 9397 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 9398 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 9399 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 9400 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 9401 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 9402 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 9403 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 9404 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + 9405 '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 9406 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 9407 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 9408 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 9409 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 9410 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + 9411 '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 9412 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 9413 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + 9414 '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 9415 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + 9416 '-----END X509 CRL-----\n'; 9417 9418let encodingBlob: cert.EncodingBlob = { 9419 data: stringToUint8Array(crlData), 9420 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9421 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9422}; 9423 9424async function certGetExtensionsObject() { 9425 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 9426 try { 9427 x509Crl = await cert.createX509CRL(encodingBlob); 9428 console.log('createX509CRL success'); 9429 let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); 9430 } catch (error) { 9431 let e: BusinessError = error as BusinessError; 9432 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9433 } 9434} 9435``` 9436 9437## cert.createCertCRLCollection<sup>11+</sup> 9438 9439createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 9440 9441Creates an object for a collection of X.509 certificates and CRLs. 9442 9443**Atomic service API**: This API can be used in atomic services since API version 12. 9444 9445**System capability**: SystemCapability.Security.Cert 9446 9447**Parameters** 9448 9449| Name | Type | Mandatory| Description | 9450| -------- | ------------------------------------- | ---- | ------------------------------ | 9451| certs | Array\<[X509Cert](#x509cert)> | Yes | X.509 certificates. | 9452| crls | Array\<[X509CRL](#x509crl11)> | No | X.509 CRLs. | 9453 9454**Return value** 9455 9456| Type | Description | 9457| ------------------ | -------------------- | 9458| [CertCRLCollection](#certcrlcollection11) | **CertCRLCollection** object created.| 9459 9460**Error codes** 9461 9462For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9463 9464| ID| Error Message | 9465| -------- | ----------------------- | 9466| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9467| 19020001 | memory malloc failed. | 9468 9469**Example** 9470 9471```ts 9472import { cert } from '@kit.DeviceCertificateKit'; 9473import { BusinessError } from '@kit.BasicServicesKit'; 9474 9475// Convert the string into a Uint8Array. 9476function stringToUint8Array(str: string): Uint8Array { 9477 let arr: Array<number> = []; 9478 for (let i = 0, j = str.length; i < j; i++) { 9479 arr.push(str.charCodeAt(i)); 9480 } 9481 return new Uint8Array(arr); 9482} 9483 9484async function createX509CRL(): Promise<cert.X509CRL> { 9485 let crlData = '-----BEGIN X509 CRL-----\n' + 9486 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9487 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9488 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9489 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9490 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9491 'eavsH0Q3\n' + 9492 '-----END X509 CRL-----\n'; 9493 9494 // Binary data of the CRL, which needs to match your case. 9495 let encodingBlob: cert.EncodingBlob = { 9496 data: stringToUint8Array(crlData), 9497 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9498 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9499 }; 9500 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9501 try { 9502 x509CRL = await cert.createX509CRL(encodingBlob); 9503 } catch (err) { 9504 let e: BusinessError = err as BusinessError; 9505 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9506 } 9507 return x509CRL; 9508} 9509 9510async function createX509Cert(): Promise<cert.X509Cert> { 9511 let certData = '-----BEGIN CERTIFICATE-----\n' + 9512 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9513 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9514 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9515 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9516 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9517 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9518 'Qw==\n' + 9519 '-----END CERTIFICATE-----\n'; 9520 9521 let encodingBlob: cert.EncodingBlob = { 9522 data: stringToUint8Array(certData), 9523 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9524 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9525 }; 9526 9527 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9528 try { 9529 x509Cert = await cert.createX509Cert(encodingBlob); 9530 } catch (err) { 9531 let e: BusinessError = err as BusinessError; 9532 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9533 } 9534 return x509Cert; 9535} 9536 9537async function createCollection() { 9538 const x509Cert = await createX509Cert(); 9539 const x509CRL = await createX509CRL(); 9540 try { 9541 const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 9542 console.log('createCertCRLCollection success'); 9543 } catch (err) { 9544 console.error('createCertCRLCollection failed'); 9545 } 9546} 9547``` 9548 9549## CertCRLCollection<sup>11+</sup> 9550 9551Provides APIs for locating certificates or CRLs in a **CertCRLCollection** object. 9552 9553### selectCerts<sup>11+</sup> 9554 9555selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 9556 9557Selects certificates that match the specified parameters. This API uses a promise to return the result. 9558 9559**Atomic service API**: This API can be used in atomic services since API version 12. 9560 9561**System capability**: SystemCapability.Security.Cert 9562 9563**Parameters** 9564 9565| Name | Type | Mandatory| Description | 9566| --------- | ------------------------------- | ---- | ------------ | 9567| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 9568 9569**Return value** 9570 9571| Type | Description | 9572| --------------------------------------- | --------------------------------------- | 9573| Promise\<Array\<[X509Cert](#x509cert)>> | Promise used to return Matched certificates.| 9574 9575**Error codes** 9576 9577For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9578 9579| ID| Error Message | 9580| -------- | ----------------------- | 9581| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9582| 19020001 | memory malloc failed. | 9583| 19030001 | crypto operation error. | 9584 9585**Example** 9586 9587```ts 9588import { cert } from '@kit.DeviceCertificateKit'; 9589import { BusinessError } from '@kit.BasicServicesKit'; 9590 9591// Convert the string into a Uint8Array. 9592function stringToUint8Array(str: string): Uint8Array { 9593 let arr: Array<number> = []; 9594 for (let i = 0, j = str.length; i < j; i++) { 9595 arr.push(str.charCodeAt(i)); 9596 } 9597 return new Uint8Array(arr); 9598} 9599 9600async function createX509Cert(): Promise<cert.X509Cert> { 9601 let certData = '-----BEGIN CERTIFICATE-----\n' + 9602 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9603 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9604 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9605 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9606 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9607 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9608 'Qw==\n' + 9609 '-----END CERTIFICATE-----\n'; 9610 9611 let encodingBlob: cert.EncodingBlob = { 9612 data: stringToUint8Array(certData), 9613 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9614 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9615 }; 9616 9617 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9618 try { 9619 x509Cert = await cert.createX509Cert(encodingBlob); 9620 } catch (err) { 9621 let e: BusinessError = err as BusinessError; 9622 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9623 } 9624 return x509Cert; 9625} 9626 9627async function selectCerts() { 9628 const x509Cert = await createX509Cert(); 9629 const collection = cert.createCertCRLCollection([x509Cert]); 9630 9631 try { 9632 const param: cert.X509CertMatchParameters = { 9633 x509Cert, 9634 validDate: '20231121074700Z', 9635 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9636 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9637 publicKeyAlgID: '1.2.840.10045.2.1' 9638 }; 9639 const certs = await collection.selectCerts(param); 9640 console.log('call selectCerts success'); 9641 } catch (err) { 9642 console.error('call selectCerts failed'); 9643 } 9644} 9645``` 9646 9647### selectCerts<sup>11+</sup> 9648 9649selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 9650 9651Selects certificates that match the specified parameters. This API uses an asynchronous callback to return the result. 9652 9653**Atomic service API**: This API can be used in atomic services since API version 12. 9654 9655**System capability**: SystemCapability.Security.Cert 9656 9657**Parameters** 9658 9659| Name | Type | Mandatory| Description | 9660| --------- | ------------------------------- | ---- | ----------------- | 9661| param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | 9662| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | Yes | Callback invoked to return the matched certificates.| 9663 9664**Error codes** 9665 9666For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9667 9668| ID| Error Message | 9669| -------- | ----------------------- | 9670| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9671| 19020001 | memory malloc failed. | 9672| 19030001 | crypto operation error. | 9673 9674**Example** 9675 9676```ts 9677import { cert } from '@kit.DeviceCertificateKit'; 9678import { BusinessError } from '@kit.BasicServicesKit'; 9679 9680// Convert the string into a Uint8Array. 9681function stringToUint8Array(str: string): Uint8Array { 9682 let arr: Array<number> = []; 9683 for (let i = 0, j = str.length; i < j; i++) { 9684 arr.push(str.charCodeAt(i)); 9685 } 9686 return new Uint8Array(arr); 9687} 9688 9689async function createX509Cert(): Promise<cert.X509Cert> { 9690 let certData = '-----BEGIN CERTIFICATE-----\n' + 9691 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9692 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9693 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9694 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9695 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9696 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9697 'Qw==\n' + 9698 '-----END CERTIFICATE-----\n'; 9699 9700 let encodingBlob: cert.EncodingBlob = { 9701 data: stringToUint8Array(certData), 9702 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9703 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9704 }; 9705 9706 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9707 try { 9708 x509Cert = await cert.createX509Cert(encodingBlob); 9709 } catch (err) { 9710 let e: BusinessError = err as BusinessError; 9711 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9712 } 9713 return x509Cert; 9714} 9715 9716async function selectCerts() { 9717 const x509Cert = await createX509Cert(); 9718 const collection = cert.createCertCRLCollection([x509Cert]); 9719 // Set the value to match your case. 9720 const param: cert.X509CertMatchParameters = { 9721 x509Cert, 9722 validDate: '20231121074700Z', 9723 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9724 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9725 publicKeyAlgID: '1.2.840.10045.2.1' 9726 }; 9727 collection.selectCerts(param, (err, certs) => { 9728 if (err) { 9729 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9730 } else { 9731 console.log('selectCerts success'); 9732 } 9733 }); 9734} 9735``` 9736 9737### selectCRLs<sup>11+</sup> 9738 9739selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 9740 9741Selects CRLs that match the specified parameters. This API uses a promise to return the result. 9742 9743**Atomic service API**: This API can be used in atomic services since API version 12. 9744 9745**System capability**: SystemCapability.Security.Cert 9746 9747**Parameters** 9748 9749| Name | Type | Mandatory| Description | 9750| --------- | ------------------------------- | ---- | ------------ | 9751| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs. | 9752 9753**Return value** 9754 9755| Type | Description | 9756| -------------- | ----------- | 9757| Promise\<Array\<[X509CRL](#x509crl11)>> | Promise used to return the matched CRLs.| 9758 9759**Error codes** 9760 9761For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9762 9763| ID| Error Message | 9764| -------- | ----------------------- | 9765| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9766| 19020001 | memory malloc failed. | 9767| 19030001 | crypto operation error. | 9768 9769**Example** 9770 9771```ts 9772import { cert } from '@kit.DeviceCertificateKit'; 9773import { BusinessError } from '@kit.BasicServicesKit'; 9774 9775// Convert the string into a Uint8Array. 9776function stringToUint8Array(str: string): Uint8Array { 9777 let arr: Array<number> = []; 9778 for (let i = 0, j = str.length; i < j; i++) { 9779 arr.push(str.charCodeAt(i)); 9780 } 9781 return new Uint8Array(arr); 9782} 9783 9784async function createX509CRL(): Promise<cert.X509CRL> { 9785 let crlData = '-----BEGIN X509 CRL-----\n' + 9786 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9787 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9788 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9789 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9790 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9791 'eavsH0Q3\n' + 9792 '-----END X509 CRL-----\n'; 9793 9794 // Binary data of the CRL, which needs to match your case. 9795 let encodingBlob: cert.EncodingBlob = { 9796 data: stringToUint8Array(crlData), 9797 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9798 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9799 }; 9800 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9801 try { 9802 x509CRL = await cert.createX509CRL(encodingBlob); 9803 } catch (err) { 9804 let e: BusinessError = err as BusinessError; 9805 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9806 } 9807 return x509CRL; 9808} 9809 9810async function createX509Cert(): Promise<cert.X509Cert> { 9811 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9812 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9813 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9814 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9815 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9816 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9817 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9818 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9819 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9820 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9821 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9822 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9823 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9824 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9825 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9826 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9827 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9828 "-----END CERTIFICATE-----\r\n"; 9829 const certEncodingBlob: cert.EncodingBlob = { 9830 data: stringToUint8Array(certData), 9831 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9832 }; 9833 9834 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9835 try { 9836 x509Cert = await cert.createX509Cert(certEncodingBlob); 9837 console.log('createX509Cert success'); 9838 } catch (err) { 9839 console.error('createX509Cert failed'); 9840 } 9841 return x509Cert; 9842} 9843 9844async function selectCRLs() { 9845 const x509CRL = await createX509CRL(); 9846 const x509Cert = await createX509Cert(); 9847 const collection = cert.createCertCRLCollection([], [x509CRL]); 9848 9849 const param: cert.X509CRLMatchParameters = { 9850 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9851 x509Cert: x509Cert 9852 } 9853 try { 9854 const crls = await collection.selectCRLs(param); 9855 console.log('selectCRLs success'); 9856 } catch (err) { 9857 console.error('selectCRLs failed'); 9858 } 9859} 9860``` 9861 9862### selectCRLs<sup>11+</sup> 9863 9864selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 9865 9866Selects CRLs that match the specified parameters. This API uses an asynchronous callback to return the result. 9867 9868**Atomic service API**: This API can be used in atomic services since API version 12. 9869 9870**System capability**: SystemCapability.Security.Cert 9871 9872**Parameters** 9873 9874| Name | Type | Mandatory| Description | 9875| --------- | ------------------------------- | ---- | ----------------- | 9876| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs.| 9877| callback | AsyncCallback\<Array\<[X509CRL](#x509crl11)>> | Yes | Callback used to return the matched CRLs.| 9878 9879**Error codes** 9880 9881For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 9882 9883| ID| Error Message | 9884| -------- | ----------------------- | 9885| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9886| 19020001 | memory malloc failed. | 9887| 19030001 | crypto operation error. | 9888 9889**Example** 9890 9891```ts 9892import { cert } from '@kit.DeviceCertificateKit'; 9893import { BusinessError } from '@kit.BasicServicesKit'; 9894 9895// Convert the string into a Uint8Array. 9896function stringToUint8Array(str: string): Uint8Array { 9897 let arr: Array<number> = []; 9898 for (let i = 0, j = str.length; i < j; i++) { 9899 arr.push(str.charCodeAt(i)); 9900 } 9901 return new Uint8Array(arr); 9902} 9903 9904async function createX509CRL(): Promise<cert.X509CRL> { 9905 let crlData = '-----BEGIN X509 CRL-----\n' + 9906 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9907 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9908 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9909 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9910 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9911 'eavsH0Q3\n' + 9912 '-----END X509 CRL-----\n'; 9913 9914 // Binary data of the CRL, which needs to match your case. 9915 let encodingBlob: cert.EncodingBlob = { 9916 data: stringToUint8Array(crlData), 9917 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 9918 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9919 }; 9920 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9921 try { 9922 x509CRL = await cert.createX509CRL(encodingBlob); 9923 } catch (err) { 9924 let e: BusinessError = err as BusinessError; 9925 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9926 } 9927 return x509CRL; 9928} 9929 9930async function createX509Cert(): Promise<cert.X509Cert> { 9931 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9932 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9933 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9934 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9935 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9936 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9937 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9938 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9939 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9940 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9941 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9942 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9943 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9944 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9945 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9946 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9947 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9948 "-----END CERTIFICATE-----\r\n"; 9949 const certEncodingBlob: cert.EncodingBlob = { 9950 data: stringToUint8Array(certData), 9951 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9952 }; 9953 9954 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9955 try { 9956 x509Cert = await cert.createX509Cert(certEncodingBlob); 9957 console.log('createX509Cert success'); 9958 } catch (err) { 9959 console.error('createX509Cert failed'); 9960 } 9961 return x509Cert; 9962} 9963 9964async function selectCRLs() { 9965 const x509CRL = await createX509CRL(); 9966 const x509Cert = await createX509Cert(); 9967 const collection = cert.createCertCRLCollection([], [x509CRL]); 9968 9969 const param: cert.X509CRLMatchParameters = { 9970 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9971 x509Cert: x509Cert 9972 } 9973 collection.selectCRLs(param, (err, crls) => { 9974 if (err) { 9975 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9976 } else { 9977 console.log('selectCRLs success'); 9978 } 9979 }); 9980} 9981``` 9982 9983## cert.createX509CertChain<sup>11+</sup> 9984 9985createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 9986 9987Creates an X.509 certificate chain instance. This API uses a promise to return the result. 9988 9989**Atomic service API**: This API can be used in atomic services since API version 12. 9990 9991**System capability**: SystemCapability.Security.Cert 9992 9993**Parameters** 9994 9995| Name | Type | Mandatory| Description | 9996| -------- | ----------------------------- | ---- | -------------------- | 9997| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 9998 9999**Return value** 10000 10001| Type | Description | 10002| ------------------------------- | ---------------- | 10003| Promise\<[X509CertChain](#x509certchain11)> | **X509CertChain** object created.| 10004 10005**Error codes** 10006 10007For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10008 10009| ID| Error Message | 10010| -------- | ------------- | 10011| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10012| 19020001 | memory malloc failed. | 10013| 19030001 | crypto operation error. | 10014 10015**Example** 10016 10017```ts 10018import { cert } from '@kit.DeviceCertificateKit'; 10019import { BusinessError } from '@kit.BasicServicesKit'; 10020 10021// Convert the string into a Uint8Array. 10022function stringToUint8Array(str: string): Uint8Array { 10023 let arr: Array<number> = []; 10024 for (let i = 0, j = str.length; i < j; i++) { 10025 arr.push(str.charCodeAt(i)); 10026 } 10027 return new Uint8Array(arr); 10028} 10029 10030async function createX509CertChain(): Promise<cert.X509CertChain> { 10031 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10032 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10033 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10034 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10035 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10036 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10037 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10038 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10039 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10040 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10041 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10042 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10043 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10044 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10045 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10046 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10047 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10048 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10049 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10050 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10051 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10052 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10053 "-----END CERTIFICATE-----\n" + 10054 "-----BEGIN CERTIFICATE-----\n" + 10055 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10056 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10057 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10058 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10059 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10060 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10061 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10062 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10063 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10064 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10065 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10066 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10067 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10068 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10069 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10070 "uKPWR9dKBA==\n" + 10071 "-----END CERTIFICATE-----\n" + 10072 "-----BEGIN CERTIFICATE-----\n" + 10073 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10074 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10075 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10076 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10077 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10078 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10079 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10080 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10081 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10082 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10083 "xjoE\n" + 10084 "-----END CERTIFICATE-----\n"; 10085 10086 // Binary data of the certificate chain, which needs to be assigned by the service. 10087 let encodingBlob: cert.EncodingBlob = { 10088 data: stringToUint8Array(certChainData), 10089 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 10090 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10091 }; 10092 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10093 try { 10094 x509CertChain = await cert.createX509CertChain(encodingBlob); 10095 } catch (error) { 10096 let e: BusinessError = error as BusinessError; 10097 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10098 } 10099 return x509CertChain; 10100} 10101 10102createX509CertChain(); 10103``` 10104 10105## cert.createX509CertChain<sup>11+</sup> 10106 10107createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 10108 10109Creates an X.509 certificate chain instance. This API uses an asynchronous callback to return the result. 10110 10111**Atomic service API**: This API can be used in atomic services since API version 12. 10112 10113**System capability**: SystemCapability.Security.Cert 10114 10115**Parameters** 10116 10117| Name | Type | Mandatory| Description | 10118| -------- | ------------------------------------- | ---- | -------------------------- | 10119| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 10120| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | Yes | Callback invoked to return the **X509CertChain** instance created.| 10121 10122**Error codes** 10123 10124For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10125 10126| ID| Error Message | 10127| -------- | ------------- | 10128| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10129| 19020001 | memory malloc failed. | 10130| 19030001 | crypto operation error. | 10131 10132**Example** 10133 10134```ts 10135import { cert } from '@kit.DeviceCertificateKit'; 10136 10137// Convert the string into a Uint8Array. 10138function stringToUint8Array(str: string): Uint8Array { 10139 let arr: Array<number> = []; 10140 for (let i = 0, j = str.length; i < j; i++) { 10141 arr.push(str.charCodeAt(i)); 10142 } 10143 return new Uint8Array(arr); 10144} 10145 10146let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10147 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10148 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10149 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10150 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10151 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10152 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10153 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10154 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10155 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10156 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10157 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10158 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10159 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10160 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10161 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10162 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10163 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10164 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10165 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10166 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10167 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10168 "-----END CERTIFICATE-----\n" + 10169 "-----BEGIN CERTIFICATE-----\n" + 10170 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10171 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10172 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10173 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10174 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10175 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10176 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10177 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10178 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10179 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10180 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10181 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10182 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10183 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10184 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10185 "uKPWR9dKBA==\n" + 10186 "-----END CERTIFICATE-----\n" + 10187 "-----BEGIN CERTIFICATE-----\n" + 10188 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10189 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10190 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10191 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10192 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10193 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10194 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10195 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10196 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10197 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10198 "xjoE\n" + 10199 "-----END CERTIFICATE-----\n"; 10200 10201// Binary data of the certificate chain, which needs to be assigned by the service. 10202let encodingBlob: cert.EncodingBlob = { 10203 data: stringToUint8Array(certChainData), 10204 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 10205 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10206}; 10207 10208cert.createX509CertChain(encodingBlob, (err, certChain) => { 10209 if (err) { 10210 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10211 } else { 10212 console.log('createX509CertChain success'); 10213 } 10214}); 10215``` 10216 10217## cert.createX509CertChain<sup>11+</sup> 10218 10219createX509CertChain(certs: Array\<X509Cert>): X509CertChain 10220 10221Creates an X.509 certificate chain object based on the specified certificates. This API returns the result synchronously. 10222 10223**Atomic service API**: This API can be used in atomic services since API version 12. 10224 10225**System capability**: SystemCapability.Security.Cert 10226 10227**Parameters** 10228 10229| Name | Type | Mandatory| Description | 10230| -------- | -------------------- | ---- | -------------------------- | 10231| certs | Array\<[X509Cert](#x509cert)> | Yes | Array of X.509 certificates.| 10232 10233**Return value** 10234 10235| Type | Description | 10236| --------------------------------- | -------------------- | 10237| [X509CertChain](#x509certchain11) | **X509CertChain** object created.| 10238 10239**Error codes** 10240 10241For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10242 10243| ID| Error Message | 10244| -------- | ------------- | 10245| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10246| 19020001 | memory malloc failed. | 10247| 19030001 | crypto operation error. | 10248 10249**Example** 10250 10251```ts 10252import { cert } from '@kit.DeviceCertificateKit'; 10253import { BusinessError } from '@kit.BasicServicesKit'; 10254 10255// Convert the string into a Uint8Array. 10256function stringToUint8Array(str: string): Uint8Array { 10257 let arr: Array<number> = []; 10258 for (let i = 0, j = str.length; i < j; i++) { 10259 arr.push(str.charCodeAt(i)); 10260 } 10261 return new Uint8Array(arr); 10262} 10263 10264async function createX509Cert(): Promise<cert.X509Cert> { 10265 let certData = '-----BEGIN CERTIFICATE-----\n' + 10266 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 10267 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 10268 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 10269 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 10270 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 10271 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 10272 'Qw==\n' + 10273 '-----END CERTIFICATE-----\n'; 10274 10275 // Certificate binary data, which needs to match your case. 10276 let encodingBlob: cert.EncodingBlob = { 10277 data: stringToUint8Array(certData), 10278 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 10279 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10280 }; 10281 10282 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 10283 try { 10284 x509Cert = await cert.createX509Cert(encodingBlob); 10285 } catch (error) { 10286 let e: BusinessError = error as BusinessError; 10287 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10288 } 10289 return x509Cert; 10290} 10291 10292async function createX509CertChain(): Promise<cert.X509CertChain> { 10293 const x509Cert = await createX509Cert(); 10294 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10295 try { 10296 x509CertChain = cert.createX509CertChain([x509Cert]); 10297 } catch (error) { 10298 let e: BusinessError = error as BusinessError; 10299 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10300 } 10301 return x509CertChain; 10302} 10303 10304createX509CertChain(); 10305``` 10306 10307## cert.buildX509CertChain<sup>12+</sup> 10308 10309buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\<CertChainBuildResult> 10310 10311Builds an X.509 certificate chain with a **CertChainBuildParameters** object. This API uses a promise to return the result. 10312 10313**Atomic service API**: This API can be used in atomic services since API version 12. 10314 10315**System capability**: SystemCapability.Security.Cert 10316 10317**Parameters** 10318 10319| Name | Type | Mandatory| Description | 10320| -------- | -------------------- | ---- | -------------------------- | 10321| param | [CertChainBuildParameters](#certchainbuildparameters12) | Yes | Object used to build the certificate chain.<br> The value of **maxLength** in [CertChainBuildParameters](#certchainbuildparameters12) must be less than the number of certificates in the certificate set.| 10322 10323**Return value** 10324 10325| Type | Description | 10326| --------------------------------- | -------------------- | 10327| Promise\<[CertChainBuildResult](#certchainbuildresult12)> | **X509CertChain** object created.| 10328 10329**Error codes** 10330 10331For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10332 10333| ID| Error Message | 10334| -------- | ------------------------------------------------- | 10335| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10336| 19020001 | memory malloc failed. | 10337| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 10338| 19030001 | crypto operation error. | 10339| 19030002 | the certificate signature verification failed. | 10340| 19030003 | the certificate has not taken effect. | 10341| 19030004 | the certificate has expired. | 10342| 19030005 | failed to obtain the certificate issuer. | 10343| 19030006 | the key cannot be used for signing a certificate. | 10344| 19030007 | the key cannot be used for digital signature. | 10345 10346**Example** 10347 10348```ts 10349import { cert } from '@kit.DeviceCertificateKit'; 10350import { BusinessError } from '@kit.BasicServicesKit'; 10351 10352// Convert the string into a Uint8Array. 10353function stringToUint8Array(str: string): Uint8Array { 10354 let arr: Array<number> = []; 10355 for (let i = 0, j = str.length; i < j; i++) { 10356 arr.push(str.charCodeAt(i)); 10357 } 10358 return new Uint8Array(arr); 10359} 10360 10361// Certificate chain data. 10362let certPem = '-----BEGIN CERTIFICATE-----\n' + 10363 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 10364 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 10365 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 10366 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 10367 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 10368 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 10369 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 10370 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 10371 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 10372 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 10373 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 10374 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 10375 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 10376 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 10377 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 10378 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 10379 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 10380 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 10381 '-----END CERTIFICATE-----'; 10382 10383let caPem = '-----BEGIN CERTIFICATE-----\n' + 10384'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 10385'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 10386'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 10387'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 10388'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 10389'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 10390'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 10391'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 10392'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 10393'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 10394'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 10395'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 10396'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 10397'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 10398'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 10399'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 10400'sSus\n' + 10401'-----END CERTIFICATE-----'; 10402 10403async function createX509Cert(certData: string): Promise<cert.X509Cert> { 10404 // Certificate binary data, which needs to match your case. 10405 let encodingBlob: cert.EncodingBlob = { 10406 data: stringToUint8Array(certData), 10407 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 10408 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10409 }; 10410 10411 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 10412 try { 10413 x509Cert = await cert.createX509Cert(encodingBlob); 10414 } catch (error) { 10415 let e: BusinessError = error as BusinessError; 10416 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10417 } 10418 return x509Cert; 10419} 10420 10421async function buildX509CertChain() { 10422 try { 10423 const caCert = await createX509Cert(caPem); 10424 const x509Cert = await createX509Cert(certPem); 10425 let certCrlCollection = cert.createCertCRLCollection([x509Cert]); 10426 let param: cert.CertChainBuildParameters = { 10427 certMatchParameters: {validDate:'20240812080000Z'}, 10428 maxLength: 3, 10429 validationParameters: { 10430 date: '20240812080000Z', 10431 certCRLs: [certCrlCollection], 10432 trustAnchors: [{CACert:caCert}, {CACert:caCert}], 10433 } 10434 } 10435 let certChainBuildResult = await cert.buildX509CertChain(param); 10436 console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) 10437 console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) 10438 } catch (error) { 10439 let e: BusinessError = error as BusinessError; 10440 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10441 } 10442} 10443 10444buildX509CertChain(); 10445``` 10446 10447## cert.parsePkcs12<sup>18+</sup> 10448 10449parsePkcs12(data: Uint8Array, config: Pkcs12ParsingConfig): Pkcs12Data 10450 10451Parses a .p12 file. 10452 10453**Atomic service API**: This API can be used in atomic services since API version 18. 10454 10455**System capability**: SystemCapability.Security.Cert 10456 10457**Parameters** 10458 10459| Name | Type | Mandatory| Description | 10460| -------- | -------------------- | ---- | -------------------------- | 10461| data | Uint8Array | Yes| .p12 file to parse, in DER format.| 10462| config | [Pkcs12ParsingConfig](#pkcs12parsingconfig18) | Yes| Configuration for parsing the file.| 10463 10464**Return value** 10465 10466| Type | Description | 10467| --------------------------------- | -------------------- | 10468| [Pkcs12Data](#pkcs12data18) | Data parsed from the .p12 file.| 10469 10470**Error codes** 10471 10472For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10473 10474| ID| Error Message | 10475| -------- | ------------------------------------------------- | 10476| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10477| 19020001 | memory malloc failed. | 10478| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 10479| 19030001 | crypto operation error. | 10480| 19030008 | maybe wrong password. | 10481 10482**Example** 10483 10484```ts 10485import { cert } from '@kit.DeviceCertificateKit'; 10486import { BusinessError } from '@kit.BasicServicesKit'; 10487 10488function doTestParsePkcs12() { 10489 try { 10490 let p12_cert = new Uint8Array([0x30, 0x82, 0x09, 0x51, 0x02, 0x01, 0x03, 0x30, 0x82, 0x09, 0x17, 0x06, 0x09, 0x2a, 0x86, 0x48, 10491 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x09, 0x08, 0x04, 0x82, 0x09, 0x04, 0x30, 0x82, 10492 0x09, 0x00, 0x30, 0x82, 0x03, 0xb7, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 10493 0x06, 0xa0, 0x82, 0x03, 0xa8, 0x30, 0x82, 0x03, 0xa4, 0x02, 0x01, 0x00, 0x30, 0x82, 0x03, 0x9d, 10494 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 10495 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x06, 0x30, 0x0e, 0x04, 0x08, 0x7c, 0xd8, 0x60, 10496 0x3a, 0x07, 0xfb, 0x87, 0x8b, 0x02, 0x02, 0x08, 0x00, 0x80, 0x82, 0x03, 0x70, 0x4d, 0x64, 0xbe, 10497 0x82, 0xc2, 0x59, 0x58, 0x65, 0xf0, 0x37, 0x46, 0x4f, 0x6b, 0xfa, 0x43, 0x2e, 0x9d, 0xd9, 0x4f, 10498 0xd3, 0x54, 0x71, 0x69, 0x6e, 0x03, 0xf8, 0xb8, 0xf9, 0x05, 0xa2, 0x70, 0xa8, 0x70, 0xfb, 0xe6, 10499 0xda, 0x73, 0xdb, 0x4e, 0xdf, 0x72, 0xcd, 0xb6, 0x88, 0x81, 0xec, 0x3f, 0x8d, 0x7b, 0xdc, 0xa6, 10500 0x62, 0xd3, 0xd1, 0xdc, 0xef, 0xb9, 0x76, 0xb5, 0xd3, 0xb3, 0xfb, 0x61, 0x50, 0xeb, 0x22, 0x9b, 10501 0x72, 0x20, 0xb4, 0xe9, 0x7c, 0x5e, 0xaf, 0xa9, 0xb6, 0x40, 0x69, 0x70, 0xea, 0x79, 0x02, 0x1d, 10502 0x66, 0x71, 0x62, 0x39, 0x31, 0xd3, 0x31, 0xb1, 0x6f, 0x2a, 0x2d, 0x13, 0x59, 0xe9, 0xb7, 0x98, 10503 0xbe, 0x67, 0xfa, 0x5d, 0x6f, 0x8f, 0x7a, 0x43, 0x10, 0x5a, 0x3f, 0x13, 0xda, 0xb0, 0x94, 0x08, 10504 0x82, 0xf4, 0x39, 0x1d, 0x42, 0x26, 0x4a, 0xbe, 0x13, 0xe9, 0x89, 0x55, 0x52, 0xa4, 0x16, 0x3d, 10505 0x50, 0x83, 0x5c, 0xb9, 0x00, 0x5e, 0x03, 0x35, 0x65, 0x13, 0x1f, 0xd8, 0xf8, 0xeb, 0x28, 0xe5, 10506 0x00, 0x09, 0x9a, 0x62, 0x65, 0xab, 0x28, 0x21, 0x2e, 0x55, 0x11, 0x77, 0x7e, 0x64, 0xae, 0x12, 10507 0xc1, 0x5e, 0x85, 0xf2, 0xe7, 0xf7, 0x2b, 0x51, 0x46, 0xa6, 0xf8, 0x55, 0x2c, 0xc4, 0x0a, 0x80, 10508 0x6a, 0xc2, 0xa8, 0xba, 0x94, 0xf8, 0xee, 0x18, 0xf7, 0x32, 0x50, 0x53, 0xcc, 0x1e, 0x53, 0x85, 10509 0xeb, 0x0d, 0x1e, 0xec, 0xe2, 0xbb, 0xc2, 0xf3, 0xf7, 0x80, 0xfd, 0x81, 0x63, 0x8f, 0x87, 0x98, 10510 0x09, 0x47, 0x72, 0xee, 0x2d, 0x5a, 0x18, 0x89, 0x6b, 0x95, 0xef, 0x52, 0xde, 0x4d, 0xf5, 0x48, 10511 0x2a, 0x38, 0x6f, 0x4b, 0x98, 0x3c, 0x6d, 0x41, 0xdd, 0x1b, 0xfd, 0x65, 0x1b, 0x87, 0x8a, 0xcf, 10512 0xec, 0x47, 0xe3, 0x7a, 0xa0, 0x56, 0xd9, 0x36, 0x36, 0xcb, 0x17, 0xaa, 0x1b, 0x24, 0x79, 0x96, 10513 0xc6, 0x60, 0xd4, 0xe4, 0xa8, 0x59, 0x35, 0x5e, 0x4e, 0x00, 0xbf, 0x9a, 0xf5, 0x5c, 0x2a, 0xd7, 10514 0xd7, 0x92, 0x98, 0x79, 0xad, 0x13, 0xda, 0xea, 0xde, 0xcd, 0x65, 0x81, 0x26, 0xbd, 0x55, 0x0f, 10515 0xa4, 0x73, 0x54, 0x7b, 0x2f, 0x55, 0x2a, 0x2f, 0xb9, 0x2d, 0x6e, 0x04, 0xc8, 0x37, 0x5e, 0x93, 10516 0x09, 0xa7, 0x7f, 0xb1, 0x6b, 0x4a, 0x9f, 0xea, 0x59, 0x19, 0x57, 0xd0, 0xc1, 0xa1, 0x6b, 0xaf, 10517 0x27, 0x2b, 0xac, 0x81, 0xec, 0xcd, 0x2e, 0xa2, 0xa6, 0x08, 0x01, 0xfc, 0xa1, 0xbc, 0xc9, 0xdc, 10518 0x97, 0xb9, 0x48, 0xa8, 0x65, 0x5d, 0x63, 0xdb, 0x5c, 0x7e, 0x55, 0xe7, 0x47, 0xf2, 0x74, 0x17, 10519 0x67, 0xfe, 0x56, 0x20, 0x54, 0x65, 0x11, 0xdf, 0xec, 0x75, 0x70, 0x49, 0x59, 0xd1, 0xea, 0x6b, 10520 0x8f, 0x39, 0xec, 0x5d, 0x81, 0x82, 0x9a, 0xec, 0xce, 0x6c, 0x0c, 0x32, 0x14, 0xbd, 0xef, 0xac, 10521 0xae, 0x04, 0xd0, 0x75, 0x62, 0xf5, 0x82, 0x16, 0xd1, 0xa8, 0xfb, 0x22, 0x2a, 0xc2, 0xe7, 0x7a, 10522 0x75, 0x08, 0x59, 0x99, 0x34, 0x3d, 0xd9, 0xd7, 0x66, 0xb8, 0xcd, 0xaa, 0xf4, 0x48, 0xcc, 0x21, 10523 0x25, 0x83, 0xae, 0xad, 0x55, 0x0e, 0xff, 0x44, 0xf3, 0xcc, 0xd1, 0x89, 0x72, 0x0f, 0x9f, 0xe3, 10524 0xe5, 0xc7, 0xd4, 0x53, 0x94, 0xd6, 0xfb, 0x35, 0xd5, 0xd8, 0x2f, 0xa7, 0x4b, 0xf9, 0x50, 0x15, 10525 0x1e, 0x35, 0xfc, 0x3d, 0xca, 0xad, 0xb6, 0x49, 0x16, 0xee, 0xff, 0xd7, 0x8a, 0xcc, 0xf0, 0x96, 10526 0x11, 0x97, 0x22, 0xf3, 0xf7, 0x7c, 0x7a, 0x50, 0x49, 0x12, 0x68, 0x6e, 0x0e, 0x62, 0x32, 0xc7, 10527 0xe9, 0xc3, 0xa0, 0x1b, 0xfe, 0x29, 0x8c, 0x46, 0xc2, 0x7e, 0xe1, 0xea, 0xc3, 0xcb, 0x30, 0xaf, 10528 0xe4, 0x60, 0xe5, 0xa5, 0xa5, 0xb8, 0xf4, 0x16, 0xfa, 0x19, 0xd0, 0x1c, 0x14, 0xce, 0xf9, 0xa8, 10529 0x0b, 0x3f, 0x87, 0x89, 0xd3, 0xed, 0x9e, 0x16, 0x14, 0xbb, 0xd3, 0x64, 0xeb, 0x00, 0xe7, 0x48, 10530 0x1f, 0xd4, 0x47, 0xbc, 0xa9, 0x6f, 0x03, 0xe0, 0x0e, 0xaf, 0xb9, 0xad, 0x05, 0xa0, 0x1d, 0xee, 10531 0x0a, 0xcd, 0x0f, 0xd0, 0xb8, 0xf1, 0x35, 0x80, 0xa7, 0x72, 0xcd, 0x36, 0x8e, 0xce, 0x72, 0xf9, 10532 0x9f, 0xd5, 0x29, 0xae, 0x02, 0xb7, 0xbe, 0x65, 0xff, 0x38, 0x45, 0xf8, 0x8d, 0x87, 0x2f, 0xf8, 10533 0xdd, 0xc1, 0x72, 0x17, 0x2b, 0xdd, 0x3e, 0xfe, 0x01, 0xa0, 0x59, 0xb3, 0x19, 0x92, 0xf0, 0x59, 10534 0xf5, 0x06, 0x77, 0x8b, 0x1a, 0x41, 0x1d, 0x8b, 0x80, 0x74, 0x95, 0x8b, 0x30, 0x03, 0x18, 0xdd, 10535 0x1e, 0x1b, 0x21, 0x36, 0xdf, 0xde, 0xc3, 0xa2, 0x68, 0xe0, 0x3d, 0x94, 0x37, 0x6b, 0x48, 0xb2, 10536 0xb9, 0x41, 0x53, 0xd6, 0x65, 0xef, 0x7a, 0x3d, 0xdc, 0x09, 0x17, 0x66, 0xb4, 0x05, 0x58, 0x8a, 10537 0x5d, 0x2f, 0x40, 0x4a, 0x91, 0x8a, 0xa5, 0xb7, 0x29, 0xfb, 0x37, 0x81, 0x71, 0x77, 0x50, 0x8d, 10538 0x34, 0x80, 0x7e, 0xab, 0xb9, 0xc8, 0xdc, 0xb7, 0x2c, 0x7e, 0xbc, 0xad, 0x7c, 0x14, 0x5c, 0xf6, 10539 0x90, 0x88, 0x0e, 0x0d, 0x50, 0x7a, 0x4e, 0xa6, 0x85, 0xe4, 0x2a, 0xe7, 0x67, 0x21, 0x53, 0xbb, 10540 0x73, 0xd5, 0x30, 0x78, 0xbd, 0x08, 0x2b, 0x42, 0x44, 0x3e, 0x5d, 0x2b, 0x2f, 0x09, 0x8e, 0x82, 10541 0xc3, 0x5b, 0x9e, 0xd8, 0x20, 0xc6, 0xb7, 0x42, 0xe5, 0xb3, 0x60, 0x0b, 0x9b, 0x01, 0x76, 0x26, 10542 0xf7, 0xc1, 0xf7, 0xe1, 0xd1, 0x46, 0xf7, 0x9c, 0x21, 0xfd, 0x66, 0xb7, 0x14, 0x1d, 0x89, 0xb5, 10543 0xd3, 0xa1, 0x4e, 0x57, 0x97, 0xe7, 0xe4, 0x63, 0x96, 0xe2, 0x6f, 0x10, 0x6a, 0xb7, 0x8e, 0x83, 10544 0x64, 0x22, 0x10, 0x02, 0x27, 0x87, 0x6d, 0xb6, 0x11, 0x51, 0xe9, 0xe6, 0x68, 0x1a, 0xc8, 0xd3, 10545 0x6b, 0x23, 0x33, 0x68, 0x66, 0xab, 0x4d, 0xf9, 0x92, 0x11, 0x67, 0x9d, 0x24, 0xee, 0x18, 0xa8, 10546 0x3c, 0x5a, 0xfe, 0x79, 0x76, 0x99, 0xeb, 0x9f, 0x19, 0x9d, 0x74, 0xee, 0x13, 0xd9, 0xb1, 0x7b, 10547 0x4e, 0xcf, 0x30, 0x05, 0xdb, 0x5a, 0x3e, 0x00, 0x7e, 0x0a, 0xed, 0x6f, 0xaf, 0x0d, 0x1b, 0xf3, 10548 0x61, 0x24, 0x06, 0xe7, 0xf2, 0x57, 0x72, 0xf8, 0x61, 0x4d, 0x5f, 0x00, 0x78, 0x1f, 0x4d, 0xc7, 10549 0x28, 0x5e, 0xc4, 0x9b, 0xed, 0xac, 0x4f, 0x16, 0xaf, 0x81, 0x85, 0x33, 0x16, 0xbd, 0x6a, 0xb9, 10550 0xb2, 0x8e, 0x25, 0xbc, 0xaf, 0xfd, 0xea, 0xb7, 0x20, 0x32, 0x15, 0x62, 0x77, 0x52, 0xa1, 0xf2, 10551 0xd0, 0x9d, 0x12, 0x4c, 0x85, 0x71, 0x08, 0x03, 0xa7, 0x94, 0x34, 0xb4, 0x96, 0x30, 0x82, 0x05, 10552 0x41, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x07, 0x01, 0xa0, 0x82, 0x05, 0x32, 10553 0x04, 0x82, 0x05, 0x2e, 0x30, 0x82, 0x05, 0x2a, 0x30, 0x82, 0x05, 0x26, 0x06, 0x0b, 0x2a, 0x86, 10554 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x0a, 0x01, 0x02, 0xa0, 0x82, 0x04, 0xee, 0x30, 0x82, 0x04, 10555 0xea, 0x30, 0x1c, 0x06, 0x0a, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x0c, 0x01, 0x03, 0x30, 10556 0x0e, 0x04, 0x08, 0x30, 0xee, 0xbd, 0x7c, 0xcb, 0xb5, 0xa5, 0x1b, 0x02, 0x02, 0x08, 0x00, 0x04, 10557 0x82, 0x04, 0xc8, 0x1e, 0xd0, 0x7f, 0x7e, 0x86, 0x1c, 0x6f, 0x0e, 0xac, 0x6c, 0xe3, 0x35, 0xcb, 10558 0xff, 0xe4, 0x84, 0x88, 0x97, 0x45, 0xf3, 0x48, 0xa9, 0x98, 0xeb, 0x74, 0x91, 0x53, 0x07, 0x7a, 10559 0xe4, 0x78, 0x89, 0x13, 0xe7, 0xce, 0xa3, 0xc5, 0xab, 0x2c, 0x16, 0xe5, 0x02, 0x64, 0xc6, 0xb5, 10560 0x11, 0x36, 0x69, 0x0b, 0x5f, 0x7e, 0x95, 0x27, 0x59, 0x9a, 0xac, 0x98, 0x12, 0x76, 0x39, 0x31, 10561 0xaa, 0x4f, 0x22, 0x55, 0x21, 0x71, 0x20, 0xeb, 0x4e, 0x5e, 0x2d, 0xd8, 0xab, 0xd9, 0x64, 0x38, 10562 0x13, 0x9a, 0x14, 0x48, 0x7f, 0x48, 0x05, 0xec, 0x49, 0x55, 0x80, 0x49, 0xaf, 0x4e, 0x29, 0xdf, 10563 0x4a, 0xfb, 0xa1, 0x20, 0x2f, 0x98, 0x35, 0xf7, 0x8f, 0xb9, 0x41, 0x8b, 0x00, 0x14, 0x23, 0x9a, 10564 0x43, 0xfe, 0x55, 0xfc, 0xe5, 0x57, 0x19, 0xa9, 0x74, 0x44, 0x1f, 0xdd, 0xc3, 0xc8, 0x9f, 0xfa, 10565 0x9f, 0x67, 0x93, 0xed, 0x79, 0x11, 0xe1, 0x4e, 0xed, 0xd6, 0x20, 0x82, 0xc8, 0x85, 0xdf, 0x4e, 10566 0xa0, 0xcd, 0xd8, 0x36, 0x37, 0x4f, 0x67, 0x9d, 0x84, 0x44, 0x14, 0xce, 0xc0, 0xc9, 0xa6, 0xbd, 10567 0x73, 0x06, 0x27, 0xb7, 0x16, 0x97, 0x8c, 0x61, 0xd9, 0x63, 0xb2, 0x56, 0x8d, 0x28, 0x9e, 0x2e, 10568 0xcf, 0xa3, 0xfe, 0x8d, 0xaa, 0xef, 0x69, 0x32, 0x7b, 0x32, 0xbe, 0xd5, 0x62, 0x2c, 0x2e, 0x7f, 10569 0x72, 0xdb, 0x3c, 0x4b, 0xe4, 0x76, 0xa3, 0xa9, 0xa1, 0x67, 0x84, 0x86, 0xea, 0x14, 0x15, 0x6c, 10570 0x74, 0xd2, 0xac, 0x0e, 0xe2, 0x54, 0x54, 0xd4, 0x31, 0xa3, 0x88, 0x66, 0x89, 0x31, 0x7b, 0xf7, 10571 0x3c, 0x92, 0xce, 0x3e, 0x86, 0xfb, 0x57, 0xc8, 0x65, 0xae, 0x85, 0x6d, 0x48, 0xf6, 0xe6, 0x37, 10572 0xeb, 0x77, 0xcf, 0x06, 0xd6, 0x9e, 0x54, 0xb4, 0xd8, 0x9a, 0x5f, 0xdd, 0xc5, 0xa5, 0x05, 0xa0, 10573 0x4b, 0xd1, 0x54, 0xab, 0x4f, 0xd0, 0x3e, 0x6b, 0x8f, 0x03, 0x66, 0xd4, 0xe2, 0x90, 0xea, 0x2d, 10574 0x9b, 0x6a, 0x2b, 0xc4, 0x7b, 0x9d, 0xf1, 0xb5, 0x22, 0xdf, 0x86, 0xc2, 0xfd, 0x13, 0x0a, 0x69, 10575 0x29, 0x59, 0xe9, 0x45, 0xcd, 0xdf, 0xcd, 0xa5, 0x71, 0x7e, 0x70, 0xc3, 0x60, 0x9e, 0x47, 0x5d, 10576 0xd4, 0x6c, 0xcc, 0x15, 0x51, 0x23, 0x5b, 0x4e, 0xee, 0x72, 0x80, 0x49, 0xd6, 0xac, 0x89, 0x16, 10577 0x65, 0xf4, 0x95, 0x57, 0x19, 0x13, 0xab, 0x9c, 0x08, 0xe8, 0xdf, 0x0a, 0xe2, 0x39, 0xfc, 0xff, 10578 0x42, 0x02, 0xac, 0xaf, 0xf1, 0xb6, 0x56, 0xef, 0x75, 0x60, 0x2f, 0xc2, 0x5d, 0xef, 0xf5, 0x79, 10579 0xb5, 0x46, 0xa0, 0xb5, 0x03, 0x67, 0xef, 0x78, 0x3d, 0x49, 0xd0, 0xc5, 0x0e, 0xff, 0x42, 0x72, 10580 0x02, 0x86, 0x99, 0x93, 0xaa, 0xa3, 0x9e, 0x2c, 0xc7, 0xec, 0xa2, 0xdf, 0x25, 0x4e, 0x28, 0x81, 10581 0x82, 0x3e, 0x29, 0xd3, 0x37, 0xfd, 0x32, 0xf4, 0x85, 0x46, 0x42, 0xb9, 0x94, 0x44, 0x8a, 0xbf, 10582 0xd9, 0x14, 0xcb, 0xb6, 0xd3, 0xc5, 0xe7, 0x6b, 0x28, 0x70, 0xc3, 0x9c, 0xc2, 0x93, 0x9d, 0x2f, 10583 0xab, 0xd6, 0xb2, 0x19, 0x28, 0x9a, 0xda, 0x0d, 0x90, 0x5b, 0xba, 0x64, 0x6f, 0xcc, 0x11, 0xef, 10584 0x6c, 0x88, 0x18, 0x4f, 0x86, 0x6e, 0xed, 0xcf, 0xde, 0x0d, 0xec, 0xe2, 0x12, 0xc3, 0x89, 0x0a, 10585 0x3f, 0xbb, 0x3d, 0x8c, 0x8f, 0xa9, 0x40, 0xe6, 0xf8, 0xd1, 0x1a, 0x9a, 0x7e, 0x8a, 0xd7, 0x7b, 10586 0x56, 0xf4, 0x5d, 0x80, 0x64, 0xd5, 0x88, 0x86, 0x85, 0x18, 0x30, 0x5d, 0x64, 0x04, 0xb3, 0xc2, 10587 0xc7, 0x80, 0xda, 0x3e, 0xc4, 0xd6, 0xf6, 0xc4, 0x95, 0x56, 0xd5, 0xad, 0x82, 0x86, 0xcc, 0x1a, 10588 0x05, 0x69, 0x06, 0x08, 0x5b, 0x19, 0xea, 0x10, 0xc5, 0xcd, 0x67, 0x93, 0xab, 0x0f, 0xe3, 0xba, 10589 0xb0, 0x0d, 0xac, 0x99, 0x0d, 0x35, 0x6f, 0xe5, 0x41, 0xb2, 0x7c, 0x87, 0x91, 0x6c, 0xe2, 0x75, 10590 0x9b, 0x64, 0x62, 0x06, 0x2a, 0x8b, 0xd9, 0x4d, 0x23, 0xcd, 0x2b, 0xef, 0xf5, 0x61, 0x82, 0x8e, 10591 0x3f, 0xf6, 0x2b, 0xe1, 0x6f, 0xcf, 0xbd, 0xaa, 0x07, 0x97, 0x49, 0x4e, 0x02, 0x9d, 0xa5, 0x9e, 10592 0xc5, 0xd7, 0x8b, 0xd3, 0xe1, 0xd9, 0x35, 0x96, 0x9d, 0x1f, 0xa2, 0xf6, 0x91, 0xee, 0xd1, 0x3b, 10593 0xa8, 0xfe, 0x4d, 0xeb, 0xf9, 0xfc, 0xe4, 0xab, 0x60, 0xb7, 0x86, 0x9d, 0x2a, 0x35, 0xb0, 0x00, 10594 0xd4, 0x3c, 0x2a, 0x7e, 0x6d, 0x65, 0x5f, 0xf3, 0x7c, 0x23, 0x57, 0x52, 0x2a, 0x8c, 0x5b, 0x36, 10595 0x74, 0xb7, 0x61, 0x49, 0xf0, 0xdf, 0xcf, 0x8a, 0x28, 0xc5, 0x8d, 0xbc, 0x20, 0xcc, 0xac, 0x86, 10596 0x20, 0xd8, 0x2d, 0x86, 0x99, 0xf5, 0xf0, 0xdb, 0xed, 0x8d, 0xf9, 0xd7, 0x4e, 0xa8, 0xde, 0x84, 10597 0x35, 0x50, 0xc1, 0x7c, 0xbd, 0xdf, 0xc2, 0x24, 0x1a, 0x49, 0x24, 0x9a, 0x37, 0x93, 0xca, 0x2d, 10598 0x73, 0x47, 0x8f, 0x83, 0xed, 0x4d, 0xca, 0xf8, 0xf0, 0xd3, 0x9b, 0xe0, 0x4b, 0x3b, 0xf1, 0x86, 10599 0xeb, 0x78, 0x7b, 0x42, 0xa1, 0xb9, 0x36, 0x15, 0xde, 0x63, 0xab, 0x8b, 0x8b, 0x5d, 0xa2, 0x92, 10600 0x10, 0x95, 0xdf, 0xda, 0xd7, 0xba, 0xa0, 0x26, 0xb9, 0xdc, 0x83, 0xeb, 0xdc, 0xd2, 0x1f, 0xf1, 10601 0xb1, 0x8d, 0x21, 0x51, 0x71, 0x59, 0x0e, 0xe8, 0x7e, 0xf1, 0x53, 0x08, 0x98, 0x79, 0x05, 0x3b, 10602 0x22, 0xf1, 0xda, 0x07, 0x0d, 0xf7, 0x89, 0x5e, 0xc4, 0x62, 0x8c, 0xf9, 0x19, 0xc8, 0xbc, 0xa4, 10603 0x0c, 0x6f, 0x41, 0x34, 0x56, 0x22, 0x6b, 0xe6, 0xee, 0x7c, 0x4a, 0xd9, 0x26, 0x8c, 0x56, 0x12, 10604 0xf3, 0x03, 0x12, 0x1c, 0x5b, 0x8d, 0x64, 0x5c, 0x1c, 0xb6, 0x0f, 0x93, 0xaf, 0xb1, 0x67, 0x6f, 10605 0x13, 0xdd, 0xe3, 0xcf, 0x0e, 0xe6, 0x06, 0xf3, 0xb2, 0xbc, 0x99, 0xf5, 0xb0, 0xd7, 0xe9, 0x7e, 10606 0xb0, 0x6a, 0xb9, 0xb5, 0xda, 0xcf, 0x88, 0xf1, 0xc5, 0x58, 0x54, 0x05, 0x5c, 0x9d, 0x79, 0xc2, 10607 0xcd, 0xbb, 0xc6, 0xf2, 0x69, 0xa9, 0xe3, 0x4e, 0x05, 0x0d, 0x02, 0xb6, 0x4d, 0x8e, 0x7d, 0x60, 10608 0x8e, 0xda, 0x4d, 0x28, 0xd2, 0xec, 0x8a, 0x11, 0xe3, 0xe7, 0x17, 0x20, 0x07, 0x7b, 0xfc, 0x9b, 10609 0x4e, 0xf7, 0x79, 0xf5, 0x0a, 0x6e, 0xd1, 0x1e, 0x7b, 0x83, 0x66, 0x5e, 0x1b, 0x9d, 0x36, 0x32, 10610 0x89, 0xf6, 0x72, 0xa5, 0x58, 0x54, 0x42, 0xba, 0x90, 0xf3, 0xbb, 0x05, 0x46, 0xa4, 0x91, 0x1c, 10611 0xdb, 0xab, 0xf3, 0x68, 0x56, 0x7a, 0xd3, 0xff, 0x3f, 0x9f, 0xc5, 0x4a, 0x47, 0xbd, 0x89, 0x46, 10612 0xf6, 0x94, 0x3a, 0x94, 0xd4, 0x30, 0xd3, 0xae, 0x0d, 0x99, 0x95, 0xf7, 0x75, 0xfe, 0x14, 0x10, 10613 0x9e, 0xed, 0x21, 0x0f, 0x0d, 0x54, 0x7d, 0x54, 0xc5, 0x80, 0x21, 0x4d, 0xf2, 0xaf, 0x67, 0xaf, 10614 0x8a, 0x76, 0x9e, 0x34, 0x32, 0x74, 0x89, 0x2a, 0x32, 0xf9, 0x48, 0x20, 0x90, 0xe6, 0x4a, 0xa3, 10615 0x7f, 0xf2, 0x2a, 0x51, 0x22, 0x93, 0xe5, 0xdd, 0x59, 0xb3, 0x83, 0xa8, 0x47, 0xf5, 0x6b, 0x38, 10616 0x24, 0xc2, 0xac, 0x2d, 0x03, 0xda, 0xb1, 0x17, 0x19, 0xe0, 0x38, 0x2c, 0xb3, 0xa6, 0x4c, 0x8e, 10617 0xae, 0x63, 0xa7, 0xae, 0x96, 0xb1, 0x07, 0x8c, 0x8f, 0x6a, 0x08, 0x32, 0x15, 0x1f, 0x33, 0x97, 10618 0x21, 0x3b, 0x51, 0x70, 0xc5, 0x1f, 0xa6, 0xa3, 0x8a, 0xd0, 0x8f, 0x0b, 0xda, 0x64, 0xab, 0xbe, 10619 0xee, 0x4b, 0x14, 0xfd, 0x32, 0x87, 0x9e, 0xa7, 0x19, 0x75, 0xc9, 0xaa, 0xd3, 0xed, 0xa7, 0xa0, 10620 0x01, 0xe7, 0xa0, 0xe5, 0x28, 0xdd, 0x3b, 0x7c, 0x49, 0xe4, 0x24, 0x7d, 0x92, 0x86, 0x25, 0x03, 10621 0xb3, 0x66, 0x04, 0xf3, 0xa1, 0x40, 0x11, 0x35, 0x3a, 0x1d, 0xbf, 0x1c, 0x02, 0x83, 0x3d, 0x37, 10622 0x51, 0x88, 0xa3, 0x2b, 0x10, 0x8c, 0x8e, 0x10, 0xdd, 0xdc, 0xef, 0xa4, 0xe9, 0x14, 0x77, 0xb6, 10623 0x8e, 0x75, 0xb6, 0x8e, 0xea, 0xaa, 0x57, 0x16, 0x1f, 0xb0, 0x0c, 0xbc, 0x44, 0xed, 0x92, 0x94, 10624 0x9a, 0xb4, 0xf3, 0x31, 0x64, 0x02, 0x5c, 0xa1, 0x51, 0x63, 0x39, 0x42, 0x74, 0x7a, 0x1d, 0xf2, 10625 0xf5, 0x92, 0x50, 0xf1, 0x5a, 0x8a, 0xde, 0xb3, 0x4e, 0xf1, 0x6e, 0x67, 0xd9, 0x5b, 0x00, 0xa7, 10626 0xd1, 0x90, 0x58, 0x36, 0xc4, 0x15, 0x80, 0xbb, 0xa5, 0xbb, 0x98, 0xc0, 0x8a, 0x9b, 0x17, 0x35, 10627 0x36, 0x3b, 0x62, 0x0f, 0x29, 0xcd, 0xe9, 0x04, 0x0e, 0x9d, 0xca, 0x43, 0x04, 0xdf, 0x17, 0x49, 10628 0xbf, 0xb6, 0x7a, 0x7a, 0x3c, 0xdb, 0x0d, 0x6d, 0xd5, 0x89, 0xb9, 0x69, 0x94, 0xd8, 0xb2, 0xd6, 10629 0x38, 0x8a, 0xcc, 0x78, 0x44, 0x40, 0x63, 0x9f, 0x1e, 0x0e, 0x40, 0x33, 0x51, 0xd3, 0x65, 0xf8, 10630 0xf1, 0x42, 0x06, 0x75, 0x84, 0xe7, 0xb1, 0xe9, 0xd6, 0xa4, 0x5e, 0x7f, 0xb0, 0x48, 0x6f, 0x80, 10631 0x92, 0xf8, 0xfc, 0x2a, 0xdb, 0x18, 0x97, 0xe5, 0xe7, 0xc7, 0x46, 0xb6, 0x59, 0x8c, 0x3a, 0x09, 10632 0x91, 0xc1, 0x49, 0x55, 0xf9, 0xf3, 0x87, 0x19, 0xdc, 0x72, 0x56, 0xd3, 0x20, 0x5e, 0xc5, 0x3d, 10633 0xfb, 0x19, 0xea, 0x6a, 0xdf, 0x09, 0xb2, 0x8f, 0xb6, 0xdd, 0x26, 0x31, 0x25, 0x30, 0x23, 0x06, 10634 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x3b, 0xd2, 10635 0xb3, 0x51, 0x4c, 0x57, 0xd0, 0xca, 0x34, 0xa4, 0xf0, 0x06, 0xdd, 0xe9, 0x76, 0x08, 0xdb, 0x7b, 10636 0x3a, 0xb0, 0x30, 0x31, 0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 10637 0x00, 0x04, 0x14, 0x8e, 0x7f, 0x87, 0x67, 0x78, 0x64, 0x93, 0x36, 0x35, 0xe5, 0x93, 0x9d, 0xac, 10638 0x61, 0x09, 0x4f, 0xdc, 0x95, 0xd7, 0x4f, 0x04, 0x08, 0x23, 0xc2, 0xc0, 0xc6, 0x8d, 0x5f, 0x70, 10639 0x7e, 0x02, 0x02, 0x08, 0x00]); 10640 10641 let conf: cert.Pkcs12ParsingConfig = { 10642 password: "123456", 10643 needsCert: false, 10644 needsPrivateKey: true, 10645 privateKeyFormat: cert.EncodingBaseFormat.DER, 10646 needsOtherCerts: false, 10647 }; 10648 let p12: cert.Pkcs12Data = cert.parsePkcs12(p12_cert, conf); 10649 console.info("parsePKCS12 succeed."); 10650 if (p12.privateKey) { 10651 console.info("privateKey:" + p12.privateKey.toString()) 10652 } 10653 } catch (error) { 10654 console.error('parsePKCS12 failed:' + JSON.stringify(error)); 10655 } 10656} 10657``` 10658 10659## cert.createTrustAnchorsWithKeyStore<sup>12+</sup> 10660 10661createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array\<[X509TrustAnchor](#x509trustanchor11)>> 10662 10663Creates a [TrustAnchor](#x509trustanchor11) object array by using the CA certificate parsed from a .p12 keystore file. This API uses a promise to return the result. 10664 10665**Atomic service API**: This API can be used in atomic services since API version 12. 10666 10667**System capability**: SystemCapability.Security.Cert 10668 10669**Parameters** 10670 10671| Name | Type | Mandatory| Description | 10672| -------- | -------------------- | ---- | -------------------------- | 10673| keystore | Uint8Array | Yes| .p12 file to parse, in DER format.| 10674| pwd | string | Yes| Password of the .p12 file.| 10675 10676**Return value** 10677 10678| Type | Description | 10679| --------------------------------- | -------------------- | 10680| Promise\<Array\<[X509TrustAnchor](#x509trustanchor11)>> | **X509TrustAnchor** object array created.| 10681 10682**Error codes** 10683 10684For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10685 10686| ID| Error Message | 10687| -------- | ------------------------------------------------- | 10688| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10689| 19020001 | memory malloc failed. | 10690| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 10691| 19030001 | crypto operation error. | 10692| 19030002 | the certificate signature verification failed. | 10693| 19030003 | the certificate has not taken effect. | 10694| 19030004 | the certificate has expired. | 10695| 19030005 | failed to obtain the certificate issuer. | 10696| 19030006 | the key cannot be used for signing a certificate. | 10697| 19030007 | the key cannot be used for digital signature. | 10698 10699**Example** 10700 10701```ts 10702import { cert } from '@kit.DeviceCertificateKit'; 10703import { BusinessError } from '@kit.BasicServicesKit'; 10704 10705try { 10706 cert.createTrustAnchorsWithKeyStore( 10707 new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), 10708 '123456').then((data) => { 10709 console.log('createTrustAnchorsWithKeyStore success, number of the result is: ' + JSON.stringify(data.length)); 10710 }).catch((err : BusinessError) => { 10711 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); 10712 }) 10713} catch (error) { 10714 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); 10715} 10716``` 10717 10718## X509CertChain<sup>11+</sup> 10719 10720Provides APIs for managing the X.509 certificate chain. 10721 10722### getCertList<sup>11+</sup> 10723 10724getCertList(): Array\<X509Cert> 10725 10726Obtains the X.509 certificate list. 10727 10728**Atomic service API**: This API can be used in atomic services since API version 12. 10729 10730**System capability**: SystemCapability.Security.Cert 10731 10732**Return value** 10733 10734| Type | Description | 10735| -------------- | ----------- | 10736| Array\<[X509Cert](#x509cert)> | X.509 certificate list obtained.| 10737 10738**Error codes** 10739 10740For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10741 10742| ID| Error Message | 10743| -------- | ----------------------- | 10744| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10745| 19020001 | memory malloc failed. | 10746| 19030001 | crypto operation error. | 10747 10748**Example** 10749 10750```ts 10751import { cert } from '@kit.DeviceCertificateKit'; 10752import { BusinessError } from '@kit.BasicServicesKit'; 10753 10754// Convert the string into a Uint8Array. 10755function stringToUint8Array(str: string): Uint8Array { 10756 let arr: Array<number> = []; 10757 for (let i = 0, j = str.length; i < j; i++) { 10758 arr.push(str.charCodeAt(i)); 10759 } 10760 return new Uint8Array(arr); 10761} 10762 10763let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10764 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10765 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10766 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10767 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10768 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10769 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10770 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10771 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10772 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10773 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10774 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10775 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10776 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10777 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10778 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10779 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10780 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10781 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10782 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10783 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10784 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10785 "-----END CERTIFICATE-----\n" + 10786 "-----BEGIN CERTIFICATE-----\n" + 10787 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10788 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10789 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10790 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10791 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10792 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10793 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10794 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10795 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10796 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10797 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10798 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10799 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10800 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10801 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10802 "uKPWR9dKBA==\n" + 10803 "-----END CERTIFICATE-----\n" + 10804 "-----BEGIN CERTIFICATE-----\n" + 10805 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10806 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10807 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10808 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10809 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10810 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10811 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10812 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10813 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10814 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10815 "xjoE\n" + 10816 "-----END CERTIFICATE-----\n"; 10817 10818// Binary data of the certificate chain, which needs to be assigned by the service. 10819let encodingBlob: cert.EncodingBlob = { 10820 data: stringToUint8Array(certChainData), 10821 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 10822 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10823}; 10824 10825cert.createX509CertChain(encodingBlob, (err, certChain) => { 10826 if (err) { 10827 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10828 } else { 10829 console.log('createX509CertChain success'); 10830 try { 10831 let certList = certChain.getCertList(); 10832 } catch (err) { 10833 let e: BusinessError = err as BusinessError; 10834 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10835 } 10836 } 10837}); 10838``` 10839 10840### validate<sup>11+</sup> 10841 10842validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 10843 10844Validates a certificate chain. This API uses a promise to return the result. 10845 10846**Atomic service API**: This API can be used in atomic services since API version 12. 10847 10848**System capability**: SystemCapability.Security.Cert 10849 10850**Parameters** 10851 10852| Name | Type | Mandatory| Description | 10853| --------- | ------------------------------- | ---- | ----------------- | 10854| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 10855 10856**Return value** 10857 10858| Type | Description | 10859| ------------------------------------------------------------ | --------------------------------- | 10860| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise used to return the result.| 10861 10862**Error codes** 10863 10864For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 10865 10866| ID| Error Message | 10867| -------- | ----------------------- | 10868| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10869| 19020001 | memory malloc failed. | 10870| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 10871| 19030001 | crypto operation error. | 10872| 19030002 | the certificate signature verification failed. | 10873| 19030003 | the certificate has not taken effect. | 10874| 19030004 | the certificate has expired. | 10875| 19030005 | failed to obtain the certificate issuer. | 10876| 19030006 | the key cannot be used for signing a certificate. | 10877| 19030007 | the key cannot be used for digital signature. | 10878 10879**Example** 10880 10881```ts 10882import { cert } from '@kit.DeviceCertificateKit'; 10883import { BusinessError } from '@kit.BasicServicesKit'; 10884 10885// Convert the string into a Uint8Array. 10886function stringToUint8Array(str: string): Uint8Array { 10887 let arr: Array<number> = []; 10888 for (let i = 0, j = str.length; i < j; i++) { 10889 arr.push(str.charCodeAt(i)); 10890 } 10891 return new Uint8Array(arr); 10892} 10893 10894async function createX509CertChain(): Promise<cert.X509CertChain> { 10895 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10896 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10897 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10898 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10899 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10900 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10901 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10902 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10903 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10904 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10905 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10906 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10907 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10908 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10909 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10910 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10911 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10912 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10913 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10914 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10915 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10916 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10917 "-----END CERTIFICATE-----\n" + 10918 "-----BEGIN CERTIFICATE-----\n" + 10919 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10920 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10921 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10922 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10923 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10924 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10925 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10926 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10927 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10928 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10929 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10930 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10931 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10932 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10933 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10934 "uKPWR9dKBA==\n" + 10935 "-----END CERTIFICATE-----\n" + 10936 "-----BEGIN CERTIFICATE-----\n" + 10937 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10938 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10939 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10940 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10941 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10942 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10943 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10944 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10945 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10946 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10947 "xjoE\n" + 10948 "-----END CERTIFICATE-----\n"; 10949 10950 // Binary data of the certificate chain, which needs to be assigned by the service. 10951 let encodingBlob: cert.EncodingBlob = { 10952 data: stringToUint8Array(certChainData), 10953 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 10954 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10955 }; 10956 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10957 try { 10958 x509CertChain = await cert.createX509CertChain(encodingBlob); 10959 } 10960 catch (error) { 10961 let e: BusinessError = error as BusinessError; 10962 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10963 } 10964 return x509CertChain; 10965} 10966 10967async function validate() { 10968 const certChain = await createX509CertChain(); 10969 // Certificate chain verification data, which needs to be assigned by the service. 10970 const param: cert.CertChainValidationParameters = { 10971 date: '20231212080000Z', 10972 trustAnchors: [{ 10973 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10974 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10975 }] 10976 } 10977 try { 10978 const validationRes = await certChain.validate(param); 10979 console.log('X509CertChain validate success'); 10980 } 10981 catch (err) { 10982 console.error('X509CertChain validate failed'); 10983 } 10984} 10985 10986validate(); 10987``` 10988 10989### validate<sup>11+</sup> 10990 10991validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 10992 10993Validates a certificate chain. This API uses an asynchronous callback to return the result. 10994 10995**Atomic service API**: This API can be used in atomic services since API version 12. 10996 10997**System capability**: SystemCapability.Security.Cert 10998 10999**Parameters** 11000 11001| Name | Type | Mandatory| Description | 11002| --------- | ------------------------------- | ---- | ------------ | 11003| param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| 11004| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | Yes | Callback used to return the certificate chain validation result.| 11005 11006**Error codes** 11007 11008For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11009 11010| ID| Error Message | 11011| -------- | ----------------------- | 11012| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11013| 19020001 | memory malloc failed. | 11014| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11015| 19030001 | crypto operation error. | 11016| 19030002 | the certificate signature verification failed. | 11017| 19030003 | the certificate has not taken effect. | 11018| 19030004 | the certificate has expired. | 11019| 19030005 | failed to obtain the certificate issuer. | 11020| 19030006 | the key cannot be used for signing a certificate. | 11021| 19030007 | the key cannot be used for digital signature. | 11022 11023**Example** 11024 11025```ts 11026import { cert } from '@kit.DeviceCertificateKit'; 11027 11028// Convert the string into a Uint8Array. 11029function stringToUint8Array(str: string): Uint8Array { 11030 let arr: Array<number> = []; 11031 for (let i = 0, j = str.length; i < j; i++) { 11032 arr.push(str.charCodeAt(i)); 11033 } 11034 return new Uint8Array(arr); 11035} 11036 11037let certChainData = "-----BEGIN CERTIFICATE-----\n" + 11038 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 11039 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 11040 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 11041 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 11042 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 11043 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 11044 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 11045 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 11046 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 11047 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 11048 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 11049 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 11050 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 11051 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 11052 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 11053 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 11054 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 11055 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 11056 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 11057 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 11058 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 11059 "-----END CERTIFICATE-----\n" + 11060 "-----BEGIN CERTIFICATE-----\n" + 11061 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 11062 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 11063 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 11064 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 11065 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 11066 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 11067 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 11068 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 11069 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 11070 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 11071 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 11072 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 11073 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 11074 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 11075 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 11076 "uKPWR9dKBA==\n" + 11077 "-----END CERTIFICATE-----\n" + 11078 "-----BEGIN CERTIFICATE-----\n" + 11079 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 11080 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 11081 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 11082 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 11083 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 11084 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 11085 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 11086 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 11087 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 11088 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 11089 "xjoE\n" + 11090 "-----END CERTIFICATE-----\n"; 11091 11092// Binary data of the certificate chain, which needs to be assigned by the service. 11093let encodingBlob: cert.EncodingBlob = { 11094 data: stringToUint8Array(certChainData), 11095 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 11096 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11097}; 11098 11099// Certificate chain verification data, which needs to be assigned by the service. 11100let param: cert.CertChainValidationParameters = { 11101 date: '20231212080000Z', 11102 trustAnchors: [{ 11103 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 11104 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 11105 }] 11106}; 11107 11108cert.createX509CertChain(encodingBlob, (err, certChain) => { 11109 if (err) { 11110 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 11111 } else { 11112 console.log('createX509CertChain success'); 11113 certChain.validate(param, (error, validationRes) => { 11114 if (error) { 11115 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11116 } else { 11117 console.log('X509CertChain validate success'); 11118 } 11119 }); 11120 } 11121}); 11122``` 11123 11124### toString<sup>12+</sup> 11125 11126toString(): string 11127 11128Converts the object data into a string. 11129 11130**Atomic service API**: This API can be used in atomic services since API version 12. 11131 11132**System capability**: SystemCapability.Security.Cert 11133 11134**Return value** 11135 11136| Type | Description | 11137| ------- | ---------------------------------------------------- | 11138| string | String obtained.| 11139 11140**Error codes** 11141 11142For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11143 11144| ID| Error Message | 11145| -------- | ----------------------- | 11146| 19020001 | memory malloc failed. | 11147| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11148| 19030001 | crypto operation error. | 11149 11150**Example** 11151 11152```ts 11153import { cert } from '@kit.DeviceCertificateKit'; 11154import { BusinessError } from '@kit.BasicServicesKit'; 11155 11156// Convert the string into a Uint8Array. 11157function stringToUint8Array(str: string): Uint8Array { 11158 let arr: Array<number> = []; 11159 for (let i = 0, j = str.length; i < j; i++) { 11160 arr.push(str.charCodeAt(i)); 11161 } 11162 return new Uint8Array(arr); 11163} 11164 11165let certChainData = '-----BEGIN CERTIFICATE-----\n' + 11166 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 11167 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 11168 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 11169 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 11170 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 11171 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 11172 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 11173 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 11174 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 11175 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 11176 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 11177 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 11178 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 11179 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 11180 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 11181 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 11182 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 11183 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 11184 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 11185 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 11186 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 11187 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 11188 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 11189 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 11190 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 11191 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 11192 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 11193 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 11194 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 11195 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 11196 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 11197 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 11198 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 11199 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 11200 '-----END CERTIFICATE-----\n' + 11201 '-----BEGIN CERTIFICATE-----\n' + 11202 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 11203 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 11204 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 11205 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 11206 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 11207 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 11208 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 11209 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 11210 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 11211 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 11212 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 11213 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 11214 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 11215 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 11216 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 11217 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 11218 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 11219 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 11220 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 11221 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 11222 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 11223 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 11224 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 11225 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 11226 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 11227 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 11228 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 11229 'tPO+\n' + 11230 '-----END CERTIFICATE-----\n'; 11231 11232// Binary data of the certificate chain, which needs to be assigned by the service. 11233let encodingBlob: cert.EncodingBlob = { 11234 data: stringToUint8Array(certChainData), 11235 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 11236 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11237}; 11238 11239async function certChainToString() { 11240 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 11241 try { 11242 x509CertChain = await cert.createX509CertChain(encodingBlob); 11243 console.log('createX509CertChain success'); 11244 console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); 11245 } catch (error) { 11246 let e: BusinessError = error as BusinessError; 11247 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11248 } 11249} 11250``` 11251### hashCode<sup>12+</sup> 11252 11253hashCode(): Uint8Array 11254 11255Obtains the hash value of the data in DER format. 11256 11257**Atomic service API**: This API can be used in atomic services since API version 12. 11258 11259**System capability**: SystemCapability.Security.Cert 11260 11261**Return value** 11262 11263| Type | Description | 11264| ------- | ---------------------------------------------------- | 11265| Uint8Array | Hash value obtained.| 11266 11267**Error codes** 11268 11269For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11270 11271| ID| Error Message | 11272| -------- | ----------------------- | 11273| 19020001 | memory malloc failed. | 11274| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11275| 19030001 | crypto operation error. | 11276 11277**Example** 11278 11279```ts 11280import { cert } from '@kit.DeviceCertificateKit'; 11281import { BusinessError } from '@kit.BasicServicesKit'; 11282 11283// Convert the string into a Uint8Array. 11284function stringToUint8Array(str: string): Uint8Array { 11285 let arr: Array<number> = []; 11286 for (let i = 0, j = str.length; i < j; i++) { 11287 arr.push(str.charCodeAt(i)); 11288 } 11289 return new Uint8Array(arr); 11290} 11291 11292let certChainData = '-----BEGIN CERTIFICATE-----\n' + 11293 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 11294 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 11295 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 11296 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 11297 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 11298 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 11299 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 11300 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 11301 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 11302 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 11303 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 11304 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 11305 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 11306 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 11307 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 11308 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 11309 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 11310 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 11311 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 11312 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 11313 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 11314 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 11315 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 11316 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 11317 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 11318 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 11319 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 11320 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 11321 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 11322 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 11323 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 11324 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 11325 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 11326 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 11327 '-----END CERTIFICATE-----\n' + 11328 '-----BEGIN CERTIFICATE-----\n' + 11329 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 11330 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 11331 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 11332 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 11333 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 11334 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 11335 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 11336 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 11337 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 11338 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 11339 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 11340 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 11341 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 11342 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 11343 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 11344 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 11345 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 11346 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 11347 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 11348 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 11349 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 11350 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 11351 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 11352 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 11353 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 11354 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 11355 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 11356 'tPO+\n' + 11357 '-----END CERTIFICATE-----\n'; 11358 11359// Binary data of the certificate chain, which needs to be assigned by the service. 11360let encodingBlob: cert.EncodingBlob = { 11361 data: stringToUint8Array(certChainData), 11362 // Assign a value based on the encodingData format. FORMAT_PEM, FORMAT_DER, and FORMAT_PKCS7 are supported. 11363 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11364}; 11365 11366async function certChainHashCode() { 11367 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 11368 try { 11369 x509CertChain = await cert.createX509CertChain(encodingBlob); 11370 console.log('createX509CertChain success'); 11371 console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); 11372 } catch (error) { 11373 let e: BusinessError = error as BusinessError; 11374 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11375 } 11376} 11377``` 11378 11379## cert.generateCsr<sup>18+</sup> 11380 11381generateCsr(keyInfo: PrivateKeyInfo, config: CsrGenerationConfig): string | Uint8Array 11382 11383Generates a CSR. 11384 11385**Atomic service API**: This API can be used in atomic services since API version 18. 11386 11387**System capability**: SystemCapability.Security.Cert 11388 11389**Parameters** 11390 11391| Name | Type | Mandatory| Description | 11392| -------- | ----------------------------- | ---- | -------------------- | 11393| keyInfo | [PrivateKeyInfo](#privatekeyinfo18) | Yes| Private key information.| 11394| config | [CsrGenerationConfig](#csrgenerationconfig18) | Yes| Configuration for generating the CSR.| 11395 11396**Return value** 11397 11398| Type | Description | 11399| ------------------------------- | ---------------- | 11400| string \| Uint8Array | CSR generated.| 11401 11402**Error codes** 11403 11404For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11405 11406| ID| Error Message | 11407| -------- | ------------- | 11408| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11409| 19020001 | memory malloc failed. | 11410| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11411| 19030001 | crypto operation error. | 11412| 19030008 | maybe wrong password. | 11413 11414**Example** 11415 11416```ts 11417import { cert } from '@kit.DeviceCertificateKit'; 11418 11419async function createCsrTest() { 11420 let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 11421 let prikeyEnstr: string = 11422 '-----BEGIN RSA PRIVATE KEY-----\n' + 11423 'Proc-Type: 4,ENCRYPTED\n' + 11424 'DEK-Info: AES-128-CBC,B5FFA3AEEE7176106FDDB0988B532F07\n\n' + 11425 't3zNRGKp5X4BNkcsYATad/Le+94yMIX9CoNAGsBIDzQw+773UMGIoeGEYVlXWc8x\n' + 11426 'N1XWDinn4ytWw9x9OfUYgmNnrdkWRSaIuw+SpQfBgJip+MsNERYOHZ5TYWTR8n3k\n' + 11427 '7/jHY8eCgTsP3hbNtyaePIrtbTLZGZAHG1YWY5UmLaYoI1O6/Vvobx72lx3b43Tx\n' + 11428 '4j5lkknpLl85fcs1s4TYMOd8vEwhdpouR4VY8kfRSm44WQLtGXrce0An3MG3pXyZ\n' + 11429 'GhpmJyTcg0epTEYVzglENlBJrBVDL+bJ8uvHGH4tmeQb77e6ILXoxZntM7zQMMFo\n' + 11430 'A7dilqO6FBxu20n2TidVGCa0Yn+DZLpry2OdwVUC2nXyCHCehr3jAZz6k20FWg5B\n' + 11431 'EsU16yOIB+bp9BUKdTpJVtc/pmZJtnlA9pSCUVmWdltOsjjxkE94wfAUOYhO3Mvz\n' + 11432 'gF9KR1/bdAbLw4t7bGeuyV4N2iYr83FodLLXpupM6Qfb51+HVgHvm2aaHv2Q4sf3\n' + 11433 'poCVTNlegoVV9x3+7HqXY6MjlG8aU6LcWqH34ySqRBQrKL1PuDzQSY5/RmP7PUhG\n' + 11434 'ym4l6KbEaRC2H/XS2qKa4VCMgBCgA0hoiw4s48Xd4h2GUTuxLM9wGyW89OEaHky7\n' + 11435 'VE7t3O9a2zhkRTYDDYQ8QCycKhNrsKySyItRUWn/w2lXvuKM7PpAzYH7Ey3W1eZG\n' + 11436 'PyyeGG9exjpdIvD3tx5Hl/OWwBkW1DAzO40gT6sdD5FXzRv4fCHuCrIow5QMLF4T\n' + 11437 'd5Y4a6q13V4O5b73T5INmKl8rEbPGIw7WLR7BNj05QuzNcn5kA1aBFIJqsxQv46l\n' + 11438 '-----END RSA PRIVATE KEY-----\n'; 11439 let priKeyInfo: cert.PrivateKeyInfo = { 11440 key: prikeyEnstr, 11441 password : "123abc" 11442 } 11443 let keyUsage: cert.CsrAttribute = { 11444 type: "keyUsage", 11445 value: "digitalSignature, keyEncipherment" 11446 }; 11447 11448 let challengePassword: cert.CsrAttribute = { 11449 type:"challengePassword", 11450 value: "123456" 11451 }; 11452 let attribute: cert.CsrAttribute[] = [ 11453 keyUsage,challengePassword 11454 ]; 11455 try { 11456 let data = await cert.createX500DistinguishedName(nameStr); 11457 console.info('createX500DistinguishedName success' + data.getName("CN").toString()); 11458 let conf: cert.CsrGenerationConfig = { 11459 subject: data, 11460 mdName: "SHA256", 11461 outFormat: cert.EncodingBaseFormat.PEM, 11462 attributes: attribute 11463 } 11464 try { 11465 let csrStr = cert.generateCsr(priKeyInfo, conf) 11466 console.log('generateCsr success return str is' + csrStr.toString()) 11467 } catch (error) { 11468 let e: BusinessError = error as BusinessError; 11469 console.error('generateCsr failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11470 } 11471 } catch (error) { 11472 let e: BusinessError = error as BusinessError; 11473 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11474 } 11475} 11476``` 11477 11478## cert.createX500DistinguishedName<sup>12+</sup> 11479 11480createX500DistinguishedName(nameStr: string): Promise\<X500DistinguishedName> 11481 11482Creates an **X500DistinguishedName** object in string format. This API uses a promise to return the result. 11483 11484**Atomic service API**: This API can be used in atomic services since API version 12. 11485 11486**System capability**: SystemCapability.Security.Cert 11487 11488**Parameters** 11489 11490| Name | Type | Mandatory| Description | 11491| -------- | ----------------------------- | ---- | -------------------- | 11492| nameStr | string | Yes|DN of the string type defined by X.509.| 11493 11494**Return value** 11495 11496| Type | Description | 11497| ------------------------------- | ---------------- | 11498| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| 11499 11500**Error codes** 11501 11502For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11503 11504| ID| Error Message | 11505| -------- | ------------- | 11506| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11507| 19020001 | memory malloc failed. | 11508| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11509| 19030001 | crypto operation error. | 11510| 19030002 | the certificate signature verification failed. | 11511| 19030003 | the certificate has not taken effect. | 11512| 19030004 | the certificate has expired. | 11513| 19030005 | failed to obtain the certificate issuer. | 11514| 19030006 | the key cannot be used for signing a certificate. | 11515| 19030007 | the key cannot be used for digital signature. | 11516 11517**Example** 11518 11519```ts 11520import { cert } from '@kit.DeviceCertificateKit'; 11521import { BusinessError } from '@kit.BasicServicesKit'; 11522 11523// Convert the string into a Uint8Array. 11524function stringToUint8Array(str: string): Uint8Array { 11525 let arr: Array<number> = []; 11526 for (let i = 0, j = str.length; i < j; i++) { 11527 arr.push(str.charCodeAt(i)); 11528 } 11529 return new Uint8Array(arr); 11530} 11531 11532let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 11533async function createX500DistinguishedName() { 11534 try { 11535 cert.createX500DistinguishedName(nameStr) 11536 .then((data) => { 11537 console.log('createX500DistinguishedName success'); 11538 }) 11539 .catch((err: BusinessError) => { 11540 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11541 }) 11542 } catch (error) { 11543 let e: BusinessError = error as BusinessError; 11544 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11545 } 11546} 11547``` 11548 11549## cert.createX500DistinguishedName<sup>12+</sup> 11550 11551createX500DistinguishedName(nameDer: Uint8Array): Promise\<X500DistinguishedName> 11552 11553Creates an **X500DistinguishedName** object in DER format. This API uses a promise to return the result. 11554 11555**Atomic service API**: This API can be used in atomic services since API version 12. 11556 11557**System capability**: SystemCapability.Security.Cert 11558 11559**Parameters** 11560 11561| Name | Type | Mandatory| Description | 11562| -------- | ----------------------------- | ---- | -------------------- | 11563| nameDer | Uint8Array | Yes|Name of the Uint8Array type in DER format defined by X.509.| 11564 11565**Return value** 11566 11567| Type | Description | 11568| ------------------------------- | ---------------- | 11569| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| 11570 11571**Error codes** 11572 11573For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11574 11575| ID| Error Message | 11576| -------- | ------------- | 11577| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11578| 19020001 | memory malloc failed. | 11579| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11580| 19030001 | crypto operation error. | 11581| 19030002 | the certificate signature verification failed. | 11582| 19030003 | the certificate has not taken effect. | 11583| 19030004 | the certificate has expired. | 11584| 19030005 | failed to obtain the certificate issuer. | 11585| 19030006 | the key cannot be used for signing a certificate. | 11586| 19030007 | the key cannot be used for digital signature. | 11587 11588**Example** 11589 11590```ts 11591import { cert } from '@kit.DeviceCertificateKit'; 11592import { BusinessError } from '@kit.BasicServicesKit'; 11593 11594let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11595async function createX500DistinguishedName() { 11596 try { 11597 cert.createX500DistinguishedName(nameDer) 11598 .then((data) => { 11599 console.log('createX500DistinguishedName success'); 11600 }) 11601 .catch((err: BusinessError) => { 11602 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11603 }) 11604 } catch (error) { 11605 let e: BusinessError = error as BusinessError; 11606 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11607 } 11608} 11609``` 11610## X500DistinguishedName<sup>12+</sup> 11611 11612Provides APIs for managing the **X500DistinguishedName** instance. 11613 11614### getName<sup>12+</sup> 11615 11616getName(): string 11617 11618Obtains the DN in the form of a string. 11619 11620**Atomic service API**: This API can be used in atomic services since API version 12. 11621 11622**System capability**: SystemCapability.Security.Cert 11623 11624**Return value** 11625 11626| Type | Description | 11627| ------- | ------------------------------------------------- | 11628| string | DN in the form of a string obtained.| 11629 11630**Error codes** 11631 11632For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11633 11634| ID| Error Message | 11635| -------- | ------------- | 11636| 19020001 | memory malloc failed. | 11637| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11638| 19030001 | crypto operation error. | 11639 11640**Example** 11641 11642```ts 11643import { cert } from '@kit.DeviceCertificateKit'; 11644import { BusinessError } from '@kit.BasicServicesKit'; 11645 11646let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 11647async function getName() { 11648 try { 11649 cert.createX500DistinguishedName(nameDer) 11650 .then((data) => { 11651 console.log('createX500DistinguishedName success'); 11652 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) 11653 }) 11654 .catch((err: BusinessError) => { 11655 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11656 }) 11657 } catch (error) { 11658 let e: BusinessError = error as BusinessError; 11659 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11660 } 11661} 11662``` 11663 11664### getName<sup>12+</sup> 11665 11666getName(type: string): Array\<string> 11667 11668Obtains DNs of the specified type. 11669 11670**Atomic service API**: This API can be used in atomic services since API version 12. 11671 11672**System capability**: SystemCapability.Security.Cert 11673 11674**Parameters** 11675 11676| Name | Type | Mandatory| Description | 11677| ------------ | ------ | ---- | -------------- | 11678| type | string | Yes| Type of the DNs to obtain.| 11679 11680**Return value** 11681 11682| Type | Description | 11683| ------- | ------------------------------------------------- | 11684| Array\<string> | DNs obtained.| 11685 11686**Error codes** 11687 11688For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11689 11690| ID| Error Message | 11691| -------- | ------------- | 11692| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11693| 19020001 | memory malloc failed. | 11694| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11695| 19030001 | crypto operation error. | 11696 11697**Example** 11698 11699```ts 11700import { cert } from '@kit.DeviceCertificateKit'; 11701import { BusinessError } from '@kit.BasicServicesKit'; 11702 11703let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11704async function getName() { 11705 try { 11706 cert.createX500DistinguishedName(nameStr) 11707 .then((data) => { 11708 console.log('createX500DistinguishedName success'); 11709 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) 11710 }) 11711 .catch((err: BusinessError) => { 11712 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11713 }) 11714 } catch (error) { 11715 let e: BusinessError = error as BusinessError; 11716 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11717 } 11718} 11719``` 11720 11721### getName<sup>20+</sup> 11722 11723getName(encodingType: EncodingType): string 11724 11725Obtains the string of the distinguished names based on the specified encoding type. 11726 11727**Atomic service API**: This API can be used in atomic services since API version 20. 11728 11729**System capability**: SystemCapability.Security.Cert 11730 11731**Parameters** 11732 11733| Name | Type | Mandatory| Description | 11734| ------------ | ------------- | ---- | -------------- | 11735| encodingType | [EncodingType](#encodingtype12) | Yes| Encoding type.| 11736 11737**Return value** 11738 11739| Type | Description | 11740| ------- | ------------------------------------------------- | 11741| string | A string of distinguishable names, separated by commas (,).| 11742 11743**Error codes** 11744 11745For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11746 11747| ID| Error Message | 11748| -------- | ------------- | 11749| 19020001 | memory malloc failed. | 11750| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11751| 19020003 | parameter check failed. Possible causes: <br>1. The value of encodingType is not in the EncodingType enumeration range.| 11752| 19030001 | crypto operation error. | 11753 11754**Example** 11755 11756```ts 11757import { cert } from '@kit.DeviceCertificateKit'; 11758import { BusinessError } from '@kit.BasicServicesKit'; 11759 11760et nameStr = '/CN=Shaanxi@Xi'an/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 11761async function getName() { 11762 try { 11763 cert.createX500DistinguishedName(nameStr) 11764 .then((data) => { 11765 console.log('createX500DistinguishedName success'); 11766 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName(cert.EncodingType.ENCODING_UTF8))) 11767 }) 11768 .catch((err: BusinessError) => { 11769 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11770 }) 11771 } catch (error) { 11772 let e: BusinessError = error as BusinessError; 11773 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11774 } 11775} 11776``` 11777 11778### getEncoded<sup>12+</sup> 11779 11780getEncoded(): EncodingBlob 11781 11782Obtains the data of the X.509 certificate **extensions** field. 11783 11784**Atomic service API**: This API can be used in atomic services since API version 12. 11785 11786**System capability**: SystemCapability.Security.Cert 11787 11788**Return value** 11789 11790| Type | Description | 11791| ------- | ------------------------------------------------- | 11792| [EncodingBlob](#encodingblob) | X.509 certificate serialization data obtained.| 11793 11794**Error codes** 11795 11796For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11797 11798| ID| Error Message | 11799| -------- | ------------- | 11800| 19020001 | memory malloc failed. | 11801| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11802| 19030001 | crypto operation error. | 11803 11804**Example** 11805 11806```ts 11807import { cert } from '@kit.DeviceCertificateKit'; 11808import { BusinessError } from '@kit.BasicServicesKit'; 11809 11810let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 11811async function getEncoded() { 11812 try { 11813 cert.createX500DistinguishedName(nameStr) 11814 .then((data) => { 11815 console.log('createX500DistinguishedName success'); 11816 let encodingBlobData = data.getEncoded(); 11817 }) 11818 .catch((err: BusinessError) => { 11819 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 11820 }) 11821 } catch (error) { 11822 let e: BusinessError = error as BusinessError; 11823 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 11824 } 11825} 11826``` 11827 11828## cert.createCmsGenerator<sup>18+</sup> 11829 11830createCmsGenerator(contentType: CmsContentType): CmsGenerator 11831 11832Creates a **CmsGenerator** object. 11833 11834**Atomic service API**: This API can be used in atomic services since API version 18. 11835 11836**System capability**: SystemCapability.Security.Cert 11837 11838**Parameters** 11839 11840| Name | Type | Mandatory| Description | 11841| -------- | ----------------------------- | ---- | -------------------- | 11842| contentType | [CmsContentType](#cmscontenttype18) | Yes| CMS message type.| 11843 11844**Return value** 11845 11846| Type | Description | 11847| ------------------------------- | ---------------- | 11848| [CmsGenerator](#cmsgenerator18) | **CmsGenerator** object created.| 11849 11850**Error codes** 11851 11852For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11853 11854| ID| Error Message | 11855| -------- | ------------- | 11856| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 11857| 19020001 | memory malloc failed. | 11858| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11859| 19030001 | crypto operation error. | 11860 11861**Example** 11862 11863```ts 11864import { cert } from '@kit.DeviceCertificateKit'; 11865import { BusinessError } from '@kit.BasicServicesKit'; 11866 11867let certData = '-----BEGIN CERTIFICATE-----\n' + 11868 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11869 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11870 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11871 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11872 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11873 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11874 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11875 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11876 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11877 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11878 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11879 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11880 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11881 '-----END CERTIFICATE-----\n'; 11882 11883// Convert the string into a Uint8Array. 11884function stringToUint8Array(str: string): Uint8Array { 11885 let arr: Array<number> = []; 11886 for (let i = 0, j = str.length; i < j; i++) { 11887 arr.push(str.charCodeAt(i)); 11888 } 11889 return new Uint8Array(arr); 11890} 11891 11892function testcreateCmsGenerator() { 11893 let certEncodingBlob: cert.EncodingBlob = { 11894 data: stringToUint8Array(certData), 11895 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 11896 encodingFormat: cert.EncodingFormat.FORMAT_PEM 11897 }; 11898 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 11899 if (error) { 11900 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 11901 } else { 11902 try { 11903 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 11904 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 11905 console.info('testcreateCmsGenerator createCmsGenerator success.'); 11906 } catch (err) { 11907 let e: BusinessError = err as BusinessError; 11908 console.error('createCmsGenerator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 11909 } 11910 } 11911 }); 11912} 11913``` 11914 11915## CmsGenerator<sup>18+</sup> 11916 11917Provides APIs for generating the messages in CMS format. 11918 11919> **NOTE** 11920> 11921> PKCS #7 is a standard syntax for storing signed or encrypted data. CMS is an extension of PKCS #7. PKCS#7 supports data types including data, signature data, envelope data, 11922> signature and envelope data, message digest data, and encrypted data. It is often used to protect data integrity and confidentiality. 11923 11924### addSigner<sup>18+</sup> 11925 11926addSigner(cert: X509Cert, keyInfo: PrivateKeyInfo, config: CmsSignerConfig): void; 11927 11928Adds signer information. 11929 11930**Atomic service API**: This API can be used in atomic services since API version 18. 11931 11932**System capability**: SystemCapability.Security.Cert 11933 11934**Parameters** 11935 11936| Name | Type | Mandatory| Description | 11937| ------------ | ------ | ---- | -------------- | 11938| cert | [X509Cert](#x509cert) | Yes| X.509 certificate.| 11939| keyInfo | [PrivateKeyInfo](#privatekeyinfo18) | Yes| Private key information.| 11940| config | [CmsSignerConfig](#cmssignerconfig18) | Yes| Signer configuration.| 11941 11942**Error codes** 11943 11944For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 11945 11946| ID| Error Message | 11947| -------- | ------------- | 11948| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 11949| 19020001 | memory malloc failed. | 11950| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 11951| 19030001 | crypto operation error. | 11952| 19030008 | maybe wrong password. | 11953 11954**Example** 11955 11956```ts 11957import { cert } from '@kit.DeviceCertificateKit'; 11958import { BusinessError } from '@kit.BasicServicesKit'; 11959 11960let certData = '-----BEGIN CERTIFICATE-----\n' + 11961 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 11962 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 11963 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 11964 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 11965 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 11966 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 11967 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 11968 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 11969 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 11970 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 11971 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 11972 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 11973 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 11974 '-----END CERTIFICATE-----\n'; 11975 11976let rsaStr1024: string = 11977 '-----BEGIN RSA PRIVATE KEY-----\n' + 11978 'Proc-Type: 4,ENCRYPTED\n' + 11979 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 11980 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 11981 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 11982 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 11983 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 11984 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 11985 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 11986 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 11987 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 11988 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 11989 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 11990 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 11991 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 11992 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 11993 '-----END RSA PRIVATE KEY-----\n'; 11994 11995// Convert the string into a Uint8Array. 11996function stringToUint8Array(str: string): Uint8Array { 11997 let arr: Array<number> = []; 11998 for (let i = 0, j = str.length; i < j; i++) { 11999 arr.push(str.charCodeAt(i)); 12000 } 12001 return new Uint8Array(arr); 12002} 12003 12004function testAddSigner() { 12005 let certEncodingBlob: cert.EncodingBlob = { 12006 data: stringToUint8Array(certData), 12007 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 12008 encodingFormat: cert.EncodingFormat.FORMAT_PEM 12009 }; 12010 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 12011 if (error) { 12012 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 12013 } else { 12014 try { 12015 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 12016 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 12017 console.info('testAddSigner createCmsGenerator success.'); 12018 let privateKeyInfo: cert.PrivateKeyInfo = { 12019 key: rsaStr1024, 12020 password: '123456' 12021 }; 12022 // If addCert is true, an error will be reported if the same certificate is added to addSigner. 12023 let config: cert.CmsSignerConfig = { 12024 mdName:'SHA256', 12025 addCert:false, 12026 addAttr:false, 12027 addSmimeCapAttr:false 12028 } 12029 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 12030 console.info('testAddSigner addSigner success.'); 12031 } catch (err) { 12032 let e: BusinessError = err as BusinessError; 12033 console.error('testAddSigner failed, errCode: ' + e.code + ', errMsg: ' + e.message); 12034 } 12035 } 12036 }); 12037} 12038``` 12039 12040### addCert<sup>18+</sup> 12041 12042addCert(cert: X509Cert): void 12043 12044Adds a certificate, for example, the issuer certificate of a signing certificate. 12045 12046**Atomic service API**: This API can be used in atomic services since API version 18. 12047 12048**System capability**: SystemCapability.Security.Cert 12049 12050**Parameters** 12051 12052| Name| Type | Mandatory| Description | 12053| ------ | --------- | ---- | ------------------------ | 12054| cert | [X509Cert](#x509cert) | Yes | X.509 certificate to add. | 12055 12056**Error codes** 12057 12058For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 12059 12060| ID| Error Message | 12061| -------- | ------------- | 12062| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 12063| 19020001 | memory malloc failed. | 12064| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 12065| 19030001 | crypto operation error. | 12066 12067**Example** 12068 12069```ts 12070import { cert } from '@kit.DeviceCertificateKit'; 12071import { BusinessError } from '@kit.BasicServicesKit'; 12072 12073let certData = '-----BEGIN CERTIFICATE-----\n' + 12074 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 12075 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 12076 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 12077 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 12078 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 12079 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 12080 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 12081 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 12082 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 12083 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 12084 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 12085 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 12086 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 12087 '-----END CERTIFICATE-----\n'; 12088 12089// Convert the string into a Uint8Array. 12090function stringToUint8Array(str: string): Uint8Array { 12091 let arr: Array<number> = []; 12092 for (let i = 0, j = str.length; i < j; i++) { 12093 arr.push(str.charCodeAt(i)); 12094 } 12095 return new Uint8Array(arr); 12096} 12097 12098function testAddCert() { 12099 let certEncodingBlob: cert.EncodingBlob = { 12100 data: stringToUint8Array(certData), 12101 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 12102 encodingFormat: cert.EncodingFormat.FORMAT_PEM 12103 }; 12104 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 12105 if (error) { 12106 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 12107 } else { 12108 try { 12109 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 12110 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 12111 console.info('testAddCert createCmsGenerator success.'); 12112 // If the same certificate is added, an error will be reported. 12113 cmsGenerator.addCert(x509Cert); 12114 console.info('testAddCert addCert success.'); 12115 } catch (err) { 12116 let e: BusinessError = err as BusinessError; 12117 console.error('testAddCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 12118 } 12119 } 12120 }); 12121} 12122``` 12123 12124### doFinal<sup>18+</sup> 12125 12126doFinal(data: Uint8Array, options?: CmsGeneratorOptions): Promise<Uint8Array | string> 12127 12128Generates the CMS data, for example, the CMS signature data. 12129 12130**Atomic service API**: This API can be used in atomic services since API version 18. 12131 12132**System capability**: SystemCapability.Security.Cert 12133 12134**Parameters** 12135 12136| Name | Type | Mandatory| Description | 12137| ----------- | ------------------- | ---- | ------------------------------------------ | 12138| data | Uint8Array | Yes | Data to be operated. | 12139| options | [CmsGeneratorOptions](#cmsgeneratoroptions18) | No | Configuration of the CMS operation. | 12140 12141**Return value** 12142 12143| Type | Description | 12144| ------------------------------- | ---------------- | 12145| Promise<Uint8Array \| string> | Promise used to return the CMS data.| 12146 12147**Error codes** 12148 12149For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 12150 12151| ID| Error Message | 12152| -------- | ------------- | 12153| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 12154| 19020001 | memory malloc failed. | 12155| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 12156| 19030001 | crypto operation error. | 12157 12158**Example** 12159 12160```ts 12161import { cert } from '@kit.DeviceCertificateKit'; 12162import { BusinessError } from '@kit.BasicServicesKit'; 12163 12164let certData = '-----BEGIN CERTIFICATE-----\n' + 12165 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 12166 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 12167 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 12168 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 12169 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 12170 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 12171 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 12172 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 12173 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 12174 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 12175 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 12176 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 12177 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 12178 '-----END CERTIFICATE-----\n'; 12179 12180let rsaStr1024: string = 12181 '-----BEGIN RSA PRIVATE KEY-----\n' + 12182 'Proc-Type: 4,ENCRYPTED\n' + 12183 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 12184 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 12185 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 12186 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 12187 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 12188 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 12189 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 12190 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 12191 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 12192 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 12193 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 12194 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 12195 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 12196 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 12197 '-----END RSA PRIVATE KEY-----\n'; 12198 12199// Convert the string into a Uint8Array. 12200function stringToUint8Array(str: string): Uint8Array { 12201 let arr: Array<number> = []; 12202 for (let i = 0, j = str.length; i < j; i++) { 12203 arr.push(str.charCodeAt(i)); 12204 } 12205 return new Uint8Array(arr); 12206} 12207 12208async function testDoFinalByPromise() { 12209 let certEncodingBlob: cert.EncodingBlob = { 12210 data: stringToUint8Array(certData), 12211 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 12212 encodingFormat: cert.EncodingFormat.FORMAT_PEM 12213 }; 12214 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 12215 if (error) { 12216 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 12217 } else { 12218 try { 12219 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 12220 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 12221 console.info('testDoFinalByPromise createCmsGenerator success.'); 12222 let privateKeyInfo: cert.PrivateKeyInfo = { 12223 key: rsaStr1024, 12224 password: '123456' 12225 }; 12226 // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert. 12227 let config: cert.CmsSignerConfig = { 12228 mdName:'SHA256', 12229 addCert:false, 12230 addAttr:true, 12231 addSmimeCapAttr:true 12232 } 12233 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 12234 console.info('testDoFinalByPromise addSigner success.'); 12235 cmsGenerator.addCert(x509Cert); 12236 console.info('testDoFinalByPromise addCert success.'); 12237 let content = new Uint8Array([1,2,3,4]); 12238 let optionsFinal: cert.CmsGeneratorOptions = { 12239 contentDataFormat : cert.CmsContentDataFormat.BINARY, 12240 outFormat : cert.CmsFormat.PEM, 12241 isDetached : true 12242 }; 12243 cmsGenerator.doFinal(content, optionsFinal).then(result => { 12244 console.log('testDoFinalByPromise doFinal success, result = %s', result); 12245 }).catch((error: BusinessError) => { 12246 console.error('testDoFinalByPromise failed, errCode: ' + error.code + ', errMsg: ' + error.message); 12247 }); 12248 } catch (err) { 12249 let e: BusinessError = err as BusinessError; 12250 console.error('testDoFinalByPromise failed, errCode: ' + e.code + ', errMsg: ' + e.message); 12251 } 12252 } 12253 }); 12254} 12255``` 12256 12257### doFinalSync<sup>18+</sup> 12258 12259doFinalSync(data: Uint8Array, options?: CmsGeneratorOptions): Uint8Array | string 12260 12261Generates the CMS data, for example, the CMS signature data. This API returns the result synchronously. 12262 12263**Atomic service API**: This API can be used in atomic services since API version 18. 12264 12265**System capability**: SystemCapability.Security.Cert 12266 12267**Parameters** 12268 12269| Name | Type | Mandatory| Description | 12270| ----------- | ------------------- | ---- | ------------------------------------------ | 12271| data | Uint8Array | Yes | Data to be operated. | 12272| options | [CmsGeneratorOptions](#cmsgeneratoroptions18) | No | Configuration of the CMS operation. | 12273 12274**Return value** 12275 12276| Type | Description | 12277| ------------------------------- | ---------------- | 12278| Uint8Array \| string | CMS data generated.| 12279 12280**Error codes** 12281 12282For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). 12283 12284| ID| Error Message | 12285| -------- | ------------- | 12286| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed. | 12287| 19020001 | memory malloc failed. | 12288| 19020002 | runtime error. Possible causes: <br>1. Memory copy failed;<br>2. A null pointer occurs inside the system;<br>3. Failed to convert parameters between ArkTS and C. | 12289| 19030001 | crypto operation error. | 12290 12291**Example** 12292 12293```ts 12294import { cert } from '@kit.DeviceCertificateKit'; 12295import { BusinessError } from '@kit.BasicServicesKit'; 12296 12297let certData = '-----BEGIN CERTIFICATE-----\n' + 12298 'MIICXjCCAcegAwIBAgIGAXKnJjrAMA0GCSqGSIb3DQEBCwUAMEgxCzAJBgNVBAYT\n' + 12299 'AkNOMQwwCgYDVQQIDANzaGExDTALBgNVBAcMBHhpYW4xDTALBgNVBAoMBHRlc3Qx\n' + 12300 'DTALBgNVBAMMBHRlc3QwHhcNMjQxMTIyMDkwNTIyWhcNMzQxMTIwMDkwNTIyWjBI\n' + 12301 'MQswCQYDVQQGEwJDTjEMMAoGA1UECAwDc2hhMQ0wCwYDVQQHDAR4aWFuMQ0wCwYD\n' + 12302 'VQQKDAR0ZXN0MQ0wCwYDVQQDDAR0ZXN0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB\n' + 12303 'iQKBgQC6nCZTM16Rk2c4P/hwfVm++jqe6GCA/PXXGe4YL218q1dTKMHBGEw8kXi0\n' + 12304 'XLDcyyC2yUn8ywN2QSyly6ke9EE6PGfZywStLp4g2PTTWB04sS3aXT2y+fToiTXQ\n' + 12305 '3AxfFYRpB+EgSdSCkJs6jKXVwbzu54kEtQTfs8UdBQ9nVKaJLwIDAQABo1MwUTAd\n' + 12306 'BgNVHQ4EFgQU6QXnt1smb2HRSO/2zuRQnz/SDxowHwYDVR0jBBgwFoAU6QXnt1sm\n' + 12307 'b2HRSO/2zuRQnz/SDxowDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOB\n' + 12308 'gQBPR/+5xzFG1XlTdgwWVvqVxvhGUkbMTGW0IviJ+jbKsi57vnVsOtFzEA6y+bYx\n' + 12309 'xG/kEOcwLtzeVHOQA+ZU5SVcc+qc0dfFiWjL2PSAG4bpqSTjujpuUk+g8ugixbG1\n' + 12310 'a26pkDJhNeB/E3eBIbeydSY0A/dIGb6vbGo6BSq2KvnWAA==\n' + 12311 '-----END CERTIFICATE-----\n'; 12312 12313let rsaStr1024: string = 12314 '-----BEGIN RSA PRIVATE KEY-----\n' + 12315 'Proc-Type: 4,ENCRYPTED\n' + 12316 'DEK-Info: DES-EDE3-CBC,DB0AC6E3BEE16420\n\n' + 12317 '1N5xykdckthZnswMV7blxXm2RCqe/OByBfMwFI7JoXR8STtMiStd4xA3W405k1Ma\n' + 12318 'ExpsHgWwZaS23x+sQ1sL1dsqIPMrw1Vr+KrL20vQcCVjXPpGKauafVbtcWQ1r2PZ\n' + 12319 'QJ4KWP6FhUp+sGt2ItODW3dK+1GdqL22ZtANrgFzS42Wh8FSn0UMCf6RG62DK62J\n' + 12320 'z2jtf4XaorrGSjdTeY+fyyGfSyKidIMMBe+IXwlhCgAe7aHSaqXtMsv+BibB7PJ3\n' + 12321 'XmEp1D/0ptL3r46txyYcuy8jSNCkW8er93KKnlRN6KbuYZPvPNncWkzZBzV17t5d\n' + 12322 'QgtvVh32AKgqk5jm8YVnspOFiPrbrK9UN3IW15juFkfnhriM3IrKap4/kW+tfawZ\n' + 12323 'DmHkSyl8xqFK413Rv0UvYBTjOcGbs2BSJYEvp8CIjtA17SvLmNw70K2nXWuQYutY\n' + 12324 '+HyucPtHfEqUPQRzWTAMMntTru77u7dxo2WMMMxOtMJO5h7MAnZH9bAFiuO3ewcY\n' + 12325 'eEePg10d8Owcfh9G6kc0HIGT9MMLMi0mTXhpoQTuWPYuSx6uUZL1fsp1x2fuM0qn\n' + 12326 'bdf3+UnATYUu4tgvBHrMV7405Y6Y3PnqOFxVMeAHeOTo6UThtJ10mfeCPXGcUaHo\n' + 12327 'P5enw7h4145cha3+S4hNrUwj3skrtavld7tY74p4DvgZSlCMF3JAm3DhpnEMVcYP\n' + 12328 'Y6TkSevvxOpBvEHE41Y4VBCBwd9clcixI6cSBJKPUU4A/sc/kkNdGFcbzLQCg/zR\n' + 12329 '1m7YmBROb2qy4w3lv/uwVnPGLg/YV465irRaN3hgz7/1lm8STKQhmQ==\n' + 12330 '-----END RSA PRIVATE KEY-----\n'; 12331 12332// Convert the string into a Uint8Array. 12333function stringToUint8Array(str: string): Uint8Array { 12334 let arr: Array<number> = []; 12335 for (let i = 0, j = str.length; i < j; i++) { 12336 arr.push(str.charCodeAt(i)); 12337 } 12338 return new Uint8Array(arr); 12339} 12340 12341function testDoFinalSync() { 12342 let certEncodingBlob: cert.EncodingBlob = { 12343 data: stringToUint8Array(certData), 12344 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 12345 encodingFormat: cert.EncodingFormat.FORMAT_PEM 12346 }; 12347 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 12348 if (error) { 12349 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 12350 } else { 12351 try { 12352 let cmsContentType = cert.CmsContentType.SIGNED_DATA; 12353 let cmsGenerator = cert.createCmsGenerator(cmsContentType); 12354 console.info('testDoFinalSync createCmsGenerator success.'); 12355 let privateKeyInfo: cert.PrivateKeyInfo = { 12356 key: rsaStr1024, 12357 password: '123456' 12358 }; 12359 // If addCert is true, an error will be reported if the same certificate is added to addSigner or addCert. 12360 let config: cert.CmsSignerConfig = { 12361 mdName:'SHA256', 12362 addCert:false, 12363 addAttr:false, 12364 addSmimeCapAttr:false 12365 } 12366 cmsGenerator.addSigner(x509Cert, privateKeyInfo, config); 12367 console.info('testDoFinalSync addSigner success.'); 12368 cmsGenerator.addCert(x509Cert); 12369 console.info('testDoFinalSync addCert success.'); 12370 let content = new Uint8Array([1,2,3,4]); 12371 let optionsFinal: cert.CmsGeneratorOptions = { 12372 contentDataFormat : cert.CmsContentDataFormat.BINARY, 12373 outFormat : cert.CmsFormat.DER, 12374 isDetached : false 12375 }; 12376 let output = cmsGenerator.doFinalSync(content, optionsFinal); 12377 console.info('testDoFinalSync doFinalSync success, output = %s.',output); 12378 } catch (err) { 12379 let e: BusinessError = err as BusinessError; 12380 console.error('testDoFinalSync failed, errCode: ' + e.code + ', errMsg: ' + e.message); 12381 } 12382 } 12383 }); 12384} 12385``` 12386