1# Certificate and CRL Collection Development 2 3<!--Kit: Device Certificate Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10This topic walks you through on how to filter certificates or CRLs based on a **CertCRLCollection** object. 11 12## How to Develop 13 141. Import the [certFramework](../../reference/apis-device-certificate-kit/js-apis-cert.md) module. 15 16 ```ts 17 import { cert } from '@kit.DeviceCertificateKit'; 18 ``` 19 202. Use [cert.createX509Cert](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509cert-1) to create an X.509 certificate object. 21 223. Use [cert.createX509CRL](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509crl11-1) to create an X.509 CRL object. 23 244. Use [cert.createCertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatecertcrlcollection11) to create a [CertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcrlcollection11) object. 25 265. Use [CertCRLCollection.selectCerts](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcerts11) to search for all certificates that match [X509CertMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509certmatchparameters11). 27 286. Use [CertCRLCollection.selectCRLs](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcrls11) to search for all CRLs that match [X509CRLMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509crlmatchparameters11). 29 30```ts 31import { cert } from '@kit.DeviceCertificateKit'; 32import { BusinessError } from '@kit.BasicServicesKit'; 33import { util } from '@kit.ArkTS'; 34 35async function createX509CRL(): Promise<cert.X509CRL> { 36 let crlData = '-----BEGIN X509 CRL-----\n' + 37 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 38 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 39 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 40 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 41 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 42 'eavsH0Q3\n' + 43 '-----END X509 CRL-----\n'; 44 45 // Binary data of the CRL, which needs to match your case. 46 let textEncoder = new util.TextEncoder(); 47 let encodingBlob: cert.EncodingBlob = { 48 data: textEncoder.encodeInto(crlData), 49 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 50 encodingFormat: cert.EncodingFormat.FORMAT_PEM 51 }; 52 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 53 try { 54 x509CRL = await cert.createX509CRL(encodingBlob); 55 } catch (err) { 56 let e: BusinessError = err as BusinessError; 57 console.error(`createX509CRL failed, errCode: ${e.code}, errMsg: ${e.message}`); 58 } 59 return x509CRL; 60} 61 62async function createX509Cert(): Promise<cert.X509Cert> { 63 let certData = '-----BEGIN CERTIFICATE-----\n' + 64 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 65 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 66 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 67 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 68 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 69 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 70 'Qw==\n' + 71 '-----END CERTIFICATE-----\n'; 72 73 let textEncoder = new util.TextEncoder(); 74 let encodingBlob: cert.EncodingBlob = { 75 data: textEncoder.encodeInto(certData), 76 // Assign a value based on the encodingData format. FORMAT_PEM and FORMAT_DER are supported. 77 encodingFormat: cert.EncodingFormat.FORMAT_PEM 78 }; 79 80 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 81 try { 82 x509Cert = await cert.createX509Cert(encodingBlob); 83 } catch (err) { 84 let e: BusinessError = err as BusinessError; 85 console.error(`createX509Cert failed, errCode: ${e.code}, errMsg: ${e.message}`); 86 } 87 return x509Cert; 88} 89 90async function sample() { 91 const x509Cert = await createX509Cert(); 92 const x509CRL = await createX509CRL(); 93 let collection: cert.CertCRLCollection = {} as cert.CertCRLCollection; 94 try { 95 collection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 96 console.log('createCertCRLCollection success'); 97 } catch (err) { 98 console.error('createCertCRLCollection failed'); 99 } 100 101 const certParam: cert.X509CertMatchParameters = { 102 validDate: '231128000000Z' 103 } 104 try { 105 let certs: cert.X509Cert[] = await collection.selectCerts(certParam); 106 } catch (err) { 107 console.error('selectCerts failed'); 108 } 109 110 const crlParam: cert.X509CRLMatchParameters = { 111 x509Cert: x509Cert 112 } 113 try { 114 let crls: cert.X509CRL[] = await collection.selectCRLs(crlParam); 115 console.error('selectCRLs success'); 116 } catch (err) { 117 console.error('selectCRLs failed'); 118 } 119} 120``` 121 122## 123