1# 证书集合及证书吊销列表集合对象的创建和获取 2 3<!--Kit: Device Certificate Kit--> 4<!--Subsystem: Security--> 5<!--Owner: @zxz--3--> 6<!--Designer: @lanming--> 7<!--Tester: @PAFT--> 8<!--Adviser: @zengyawen--> 9 10从输入的证书集合和证书吊销列表集合中选择满足条件的证书或者证书吊销列表。 11 12## 开发步骤 13 141. 导入[证书算法库框架模块](../../reference/apis-device-certificate-kit/js-apis-cert.md)。 15 16 ```ts 17 import { cert } from '@kit.DeviceCertificateKit'; 18 ``` 19 202. 基于已有的证书数据,调用[cert.createX509Cert](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509cert-1)创建X509证书的对象。 21 223. 基于已有的CRL数据,调用[cert.createX509CRL](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509crl11-1)创建X509证书吊销列表的对象。 23 244. 调用[cert.createCertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatecertcrlcollection11)创建[CertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcrlcollection11)的对象,并返回相应的结果。 25 265. 调用[CertCRLCollection.selectCerts](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcerts11)查找所有与[X509CertMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509certmatchparameters11)匹配的证书对象数组,并返回结果。 27 286. 调用[CertCRLCollection.selectCRLs](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcrls11)查找所有与[X509CRLMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509crlmatchparameters11)匹配的证书吊销列表数组,并返回结果。 29 30```ts 31import { cert } from '@kit.DeviceCertificateKit'; 32import { BusinessError } from '@kit.BasicServicesKit'; 33import { util } from '@kit.ArkTS'; 34 35async function createX509CRL(): Promise<cert.X509CRL> { 36 let crlData = '-----BEGIN X509 CRL-----\n' + 37 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 38 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 39 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 40 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 41 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 42 'eavsH0Q3\n' + 43 '-----END X509 CRL-----\n'; 44 45 // 证书吊销列表二进制数据,需业务自行赋值。 46 let textEncoder = new util.TextEncoder(); 47 let encodingBlob: cert.EncodingBlob = { 48 data: textEncoder.encodeInto(crlData), 49 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 50 encodingFormat: cert.EncodingFormat.FORMAT_PEM 51 }; 52 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 53 try { 54 x509CRL = await cert.createX509CRL(encodingBlob); 55 } catch (err) { 56 let e: BusinessError = err as BusinessError; 57 console.error(`createX509CRL failed, errCode: ${e.code}, errMsg: ${e.message}`); 58 } 59 return x509CRL; 60} 61 62async function createX509Cert(): Promise<cert.X509Cert> { 63 let certData = '-----BEGIN CERTIFICATE-----\n' + 64 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 65 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 66 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 67 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 68 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 69 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 70 'Qw==\n' + 71 '-----END CERTIFICATE-----\n'; 72 73 let textEncoder = new util.TextEncoder(); 74 let encodingBlob: cert.EncodingBlob = { 75 data: textEncoder.encodeInto(certData), 76 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 77 encodingFormat: cert.EncodingFormat.FORMAT_PEM 78 }; 79 80 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 81 try { 82 x509Cert = await cert.createX509Cert(encodingBlob); 83 } catch (err) { 84 let e: BusinessError = err as BusinessError; 85 console.error(`createX509Cert failed, errCode: ${e.code}, errMsg: ${e.message}`); 86 } 87 return x509Cert; 88} 89 90async function sample() { 91 const x509Cert = await createX509Cert(); 92 const x509CRL = await createX509CRL(); 93 let collection: cert.CertCRLCollection = {} as cert.CertCRLCollection; 94 try { 95 collection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 96 console.log('createCertCRLCollection success'); 97 } catch (err) { 98 console.error('createCertCRLCollection failed'); 99 } 100 101 const certParam: cert.X509CertMatchParameters = { 102 validDate: '231128000000Z' 103 } 104 try { 105 let certs: cert.X509Cert[] = await collection.selectCerts(certParam); 106 } catch (err) { 107 console.error('selectCerts failed'); 108 } 109 110 const crlParam: cert.X509CRLMatchParameters = { 111 x509Cert: x509Cert 112 } 113 try { 114 let crls: cert.X509CRL[] = await collection.selectCRLs(crlParam); 115 console.info('selectCRLs success'); 116 } catch (err) { 117 console.error('selectCRLs failed'); 118 } 119} 120``` 121 122##