1# @ohos.security.cert (Certificate) 2 3The certificate algorithm library framework provides certificate-related APIs. For details about the APIs for implementing the basic algorithm capabilities based on the cryptographic (crypto) framework, see [Crypto Framework](js-apis-cryptoFramework.md). 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import certFramework from '@ohos.security.cert'; 13import cryptoFramework from '@ohos.security.cryptoFramework'; 14``` 15 16## CertResult 17 18 Enumerates the error codes. 19 20 **System capability**: SystemCapability.Security.Cert 21 22| Name | Value | Description | 23| --------------------------------------| -------- | -----------------------------| 24| INVALID_PARAMS | 401 | Invalid parameters. | 25| NOT_SUPPORT | 801 | This operation is not supported. | 26| ERR_OUT_OF_MEMORY | 19020001 | Memory error. | 27| ERR_RUNTIME_ERROR | 19020002 | Runtime error. | 28| ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error. | 29| ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed. | 30| ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect. | 31| ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired. | 32| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer. | 33| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate. | 34| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature. | 35 36## DataBlob 37Defines a binary data array. 38 **System capability**: SystemCapability.Security.Cert 39| Name | Type | Readable| Writable| Description | 40| -------------- | -------------- | ---- | ---- | ----------------| 41| data | Uint8Array | Yes | Yes | Data. | 42 43## DataArray 44 45Defines a list of data arrays. 46 **System capability**: SystemCapability.Security.Cert 47| Name | Type | Readable| Writable| Description | 48| -------------- | -------------- | ---- | ---- | ----------------| 49| data | Uint8Array | Yes | Yes | Data list. | 50 51## EncodingFormat 52 53 Enumerates the certificate encoding formats. 54 55 **System capability**: SystemCapability.Security.Cert 56 57| Name | Value| Description | 58| ---------- | ------ | --------- | 59| FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| 60| FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| 61 62## CertItemType<sup>10+</sup> 63 64 Enumerates the certificate fields that can be obtained. 65 66 **System capability**: SystemCapability.Security.Cert 67 68| Name | Value | Description | 69| -------------------------------- | ---- | ------------------------------ | 70| CERT_ITEM_TYPE_TBS | 0 | Information to be signed. | 71| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | Public key of the certificate. | 72| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | Unique ID of the certificate issuer.| 73| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | Unique ID of the certificate subject. | 74| CERT_ITEM_TYPE_EXTENSIONS | 4 | Certificate extensions, each of which is identified by a unique object identifier (OID). | 75 76## ExtensionOidType<sup>10+</sup> 77 78 Enumerates the OID types of the certificate extensions that can be obtained. 79 80 **System capability**: SystemCapability.Security.Cert 81 82| Name | Value | Description | 83| ----------------------------- | ---- | --------------------------------------------- | 84| EXTENSION_OID_TYPE_ALL | 0 | All object identifiers. | 85| EXTENSION_OID_TYPE_CRITICAL | 1 | Object identifier whose **critical** is **true**. | 86| EXTENSION_OID_TYPE_UNCRITICAL | 2 | Object identifier whose **critical** is **false**.| 87 88## ExtensionEntryType<sup>10+</sup> 89 90 Enumerates the object types in certificate extensions that can be obtained. 91 92 **System capability**: SystemCapability.Security.Cert 93 94| Name | Value | Description | 95| ----------------------------------- | ---- | ---------------------------- | 96| EXTENSION_ENTRY_TYPE_ENTRY | 0 | Entire object. | 97| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | Critical attribute of the object.| 98| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | Data of the object. | 99 100## EncodingBlob 101 102Defines a certificate binary array in encoding format. 103 104### Attributes 105 106**System capability**: SystemCapability.Security.Cert 107 108| Name | Type | Readable| Writable| Description | 109| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 110| data | Uint8Array | Yes | Yes | Certificate data.| 111| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 112 113 114## CertChainData 115 116Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. 117 118### Attributes 119 120**System capability**: SystemCapability.Security.Cert 121 122| Name | Type | Readable| Writable| Description | 123| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 124| data | Uint8Array | Yes | Yes | Certificate data, in the *length* (2 bytes) + *data* format. For example, **08ABCDEFGH07ABCDEFG**. The first two bytes indicate the length of the first certificate is eight bytes, and the following eight bytes indicate the certificate data. Then, the next two bytes indicate the length of another certificate is seven bytes, and the seven bytes followed indicate the certificate data.| 125| count | number | Yes | Yes | Number of certificates contained in the input data. | 126| encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | 127 128 129## cryptoCert.createX509Cert 130 131createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 132 133Creates an **X509Cert** instance. This API uses an asynchronous callback to return the result. 134 135**System capability**: SystemCapability.Security.Cert 136 137**Parameters** 138 139| Name | Type | Mandatory| Description | 140| -------- | ------------------------------------- | ---- | -------------------------- | 141| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | 142| callback | AsyncCallback\<[X509Cert](#x509cert)> | Yes | Callback invoked to return the result. **X509Cert** instance created.| 143 144**Error codes** 145 146| ID| Error Message | 147| -------- | ------------- | 148| 19020001 | memory error. | 149 150**Example** 151 152```ts 153import certFramework from '@ohos.security.cert'; 154 155// Convert the string into a Uint8Array. 156function stringToUint8Array(str: string): Uint8Array { 157 let arr: Array<number> = []; 158 for (let i = 0, j = str.length; i < j; i++) { 159 arr.push(str.charCodeAt(i)); 160 } 161 return new Uint8Array(arr); 162} 163 164// Certificate binary data, which must be set based on the service. 165let certData = '-----BEGIN CERTIFICATE-----\n' + 166 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 167 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 168 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 169 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 170 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 171 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 172 'Qw==\n' + 173 '-----END CERTIFICATE-----\n'; 174 175let encodingBlob: certFramework.EncodingBlob = { 176 data: stringToUint8Array(certData), 177 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 178 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 179}; 180 181certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 182 if (error != null) { 183 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 184 } else { 185 console.log('createX509Cert success'); 186 } 187}); 188``` 189 190## cryptoCert.createX509Cert 191 192createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 193 194Creates an **X509Cert** instance. This API uses a promise to return the result. 195 196**System capability**: SystemCapability.Security.Cert 197 198**Parameters** 199 200| Name | Type | Mandatory| Description | 201| -------- | ----------------------------- | ---- | ------------------ | 202| inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| 203 204**Return value** 205 206| Type | Description | 207| ------- | ---------------- | 208| Promise\<[X509Cert](#x509cert)> | **X509Cert** instance created.| 209 210**Error codes** 211 212| ID| Error Message | 213| -------- | ------------- | 214| 19020001 | memory error. | 215 216**Example** 217 218```ts 219import certFramework from '@ohos.security.cert'; 220import { BusinessError } from '@ohos.base'; 221 222// Convert the string into a Uint8Array. 223function stringToUint8Array(str: string): Uint8Array { 224 let arr: Array<number> = []; 225 for (let i = 0, j = str.length; i < j; i++) { 226 arr.push(str.charCodeAt(i)); 227 } 228 return new Uint8Array(arr); 229} 230 231// Certificate binary data, which must be set based on the service. 232let certData = '-----BEGIN CERTIFICATE-----\n' + 233 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 234 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 235 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 236 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 237 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 238 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 239 'Qw==\n' + 240 '-----END CERTIFICATE-----\n'; 241 242let encodingBlob: certFramework.EncodingBlob = { 243 data: stringToUint8Array(certData), 244 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 245 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 246}; 247 248certFramework.createX509Cert(encodingBlob).then(x509Cert => { 249 console.log('createX509Cert success'); 250}).catch((error: BusinessError) => { 251 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 252}); 253``` 254 255## X509Cert 256 257Provides APIs for X.509 certificate operations. 258 259### verify 260 261verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 262 263Verifies the signature of an X.509 certificate. This API uses an asynchronous callback to return the result. 264 265**System capability**: SystemCapability.Security.Cert 266 267**Parameters** 268 269| Name | Type | Mandatory| Description | 270| -------- | --------------------- | ---- | ------------------------------------------------------------ | 271| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 272| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 273 274**Error codes** 275 276| ID| Error Message | 277| -------- | ------------------ | 278| 19030001 | crypto operation error. | 279 280**Example** 281 282```ts 283import certFramework from '@ohos.security.cert'; 284import { BusinessError } from '@ohos.base'; 285 286// Convert the string into a Uint8Array. 287function stringToUint8Array(str: string): Uint8Array { 288 let arr: Array<number> = []; 289 for (let i = 0, j = str.length; i < j; i++) { 290 arr.push(str.charCodeAt(i)); 291 } 292 return new Uint8Array(arr); 293} 294 295// Certificate binary data, which must be set based on the service. 296let certData = '-----BEGIN CERTIFICATE-----\n' + 297 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 298 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 299 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 300 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 301 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 302 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 303 'Qw==\n' + 304 '-----END CERTIFICATE-----\n'; 305 306let encodingBlob: certFramework.EncodingBlob = { 307 data: stringToUint8Array(certData), 308 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 309 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 310}; 311 312certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 313 if (error != null) { 314 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 315 } else { 316 console.log('createX509Cert success'); 317 318 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 319 try { 320 let pubKey = x509Cert.getPublicKey(); 321 322 // Verify the certificate signature. 323 x509Cert.verify(pubKey, (err, data) => { 324 if (err == null) { 325 console.log('verify success'); 326 } else { 327 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 328 } 329 }); 330 } catch (error) { 331 let e: BusinessError = error as BusinessError; 332 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 333 } 334 } 335}); 336``` 337 338### verify 339 340verify(key : cryptoFramework.PubKey) : Promise\<void> 341 342Verifies the signature of an X.509 certificate. This API uses a promise to return the result. 343 344**System capability**: SystemCapability.Security.Cert 345 346**Parameters** 347 348| Name| Type | Mandatory| Description | 349| ------ | ------ | ---- | ------------------ | 350| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 351 352**Return value** 353 354| Type | Description | 355| -------------- | ----------- | 356| Promise\<void> | Promise used to return the result.| 357 358**Error codes** 359 360| ID| Error Message | 361| -------- | ------------------ | 362| 19030001 | crypto operation error. | 363 364**Example** 365 366```ts 367import certFramework from '@ohos.security.cert'; 368import { BusinessError } from '@ohos.base'; 369 370// Convert the string into a Uint8Array. 371function stringToUint8Array(str: string): Uint8Array { 372 let arr: Array<number> = []; 373 for (let i = 0, j = str.length; i < j; i++) { 374 arr.push(str.charCodeAt(i)); 375 } 376 return new Uint8Array(arr); 377} 378 379// Certificate binary data, which must be set based on the service. 380let certData = '-----BEGIN CERTIFICATE-----\n' + 381 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 382 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 383 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 384 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 385 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 386 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 387 'Qw==\n' + 388 '-----END CERTIFICATE-----\n'; 389 390let encodingBlob: certFramework.EncodingBlob = { 391 data: stringToUint8Array(certData), 392 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 393 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 394}; 395 396certFramework.createX509Cert(encodingBlob).then(x509Cert => { 397 console.log('createX509Cert success'); 398 399 try { 400 // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). 401 let pubKey = x509Cert.getPublicKey(); 402 x509Cert.verify(pubKey).then(result => { 403 console.log('verify success'); 404 }).catch((error: BusinessError) => { 405 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 406 }); 407 } catch (err) { 408 console.error('get public key failed'); 409 } 410}).catch((error: BusinessError) => { 411 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 412}); 413``` 414 415### getEncoded 416 417getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 418 419Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. 420 421**System capability**: SystemCapability.Security.Cert 422 423**Parameters** 424 425| Name | Type | Mandatory| Description | 426| -------- | --------------------------------------------- | ---- | -------------------------------- | 427| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the result. Promise used to return the serialized X.509 certificate data obtained.| 428 429**Error codes** 430 431| ID| Error Message | 432| -------- | ------------------------------------------------- | 433| 19020001 | memory error. | 434| 19020002 | runtime error. | 435| 19030001 | crypto operation error.| 436 437**Example** 438 439```ts 440import certFramework from '@ohos.security.cert'; 441 442// Convert the string into a Uint8Array. 443function stringToUint8Array(str: string): Uint8Array { 444 let arr: Array<number> = []; 445 for (let i = 0, j = str.length; i < j; i++) { 446 arr.push(str.charCodeAt(i)); 447 } 448 return new Uint8Array(arr); 449} 450 451// Certificate binary data, which must be set based on the service. 452let certData = '-----BEGIN CERTIFICATE-----\n' + 453 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 454 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 455 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 456 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 457 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 458 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 459 'Qw==\n' + 460 '-----END CERTIFICATE-----\n'; 461 462let encodingBlob: certFramework.EncodingBlob = { 463 data: stringToUint8Array(certData), 464 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 465 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 466}; 467 468certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 469 if (error != null) { 470 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 471 } else { 472 console.log('createX509Cert success'); 473 x509Cert.getEncoded((error, data) => { 474 if (error != null) { 475 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 476 } else { 477 console.log('getEncoded success'); 478 } 479 }); 480 } 481}); 482``` 483 484### getEncoded 485 486getEncoded() : Promise\<EncodingBlob> 487 488Obtains the serialized X.509 certificate data. This API uses a promise to return the result. 489 490**System capability**: SystemCapability.Security.Cert 491 492**Return value** 493 494| Type | Description | 495| --------------------------------------- | ---------------------- | 496| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 certificate data obtained.| 497 498**Error codes** 499 500| ID| Error Message | 501| -------- | ------------------------------------------------- | 502| 19020001 | memory error. | 503| 19020002 | runtime error. | 504| 19030001 | crypto operation error.| 505 506**Example** 507 508```ts 509import certFramework from '@ohos.security.cert'; 510import { BusinessError } from '@ohos.base'; 511 512// Convert the string into a Uint8Array. 513function stringToUint8Array(str: string): Uint8Array { 514 let arr: Array<number> = []; 515 for (let i = 0, j = str.length; i < j; i++) { 516 arr.push(str.charCodeAt(i)); 517 } 518 return new Uint8Array(arr); 519} 520 521// Certificate binary data, which must be set based on the service. 522let certData = '-----BEGIN CERTIFICATE-----\n' + 523 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 524 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 525 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 526 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 527 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 528 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 529 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 530 '-----END CERTIFICATE-----\n'; 531 532// Certificate binary data, which must be set based on the service. 533let encodingBlob: certFramework.EncodingBlob = { 534 data: stringToUint8Array(certData), 535 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 536 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 537}; 538certFramework.createX509Cert(encodingBlob).then(x509Cert => { 539 console.log('createX509Cert success'); 540 x509Cert.getEncoded().then(result => { 541 console.log('getEncoded success'); 542 }).catch((error: BusinessError) => { 543 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 544 }); 545}).catch((error: BusinessError) => { 546 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 547}); 548``` 549 550### getPublicKey 551 552getPublicKey() : cryptoFramework.PubKey 553 554Obtains the public key of this X.509 certificate. This API uses an asynchronous callback to return the result. 555 556**System capability**: SystemCapability.Security.Cert 557 558**Return value** 559 560| Type | Description | 561| ------ | ---------------- | 562| cryptoFramework.PubKey | Public key of the X509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| 563 564**Error codes** 565 566| ID| Error Message | 567| -------- | ------------------------------------------------- | 568| 19020001 | memory error. | 569| 19030001 | crypto operation error.| 570 571**Example** 572 573```ts 574import certFramework from '@ohos.security.cert'; 575import { BusinessError } from '@ohos.base'; 576 577// Convert the string into a Uint8Array. 578function stringToUint8Array(str: string): Uint8Array { 579 let arr: Array<number> = []; 580 for (let i = 0, j = str.length; i < j; i++) { 581 arr.push(str.charCodeAt(i)); 582 } 583 return new Uint8Array(arr); 584} 585 586// Certificate binary data, which must be set based on the service. 587let certData = '-----BEGIN CERTIFICATE-----\n' + 588 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 589 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 590 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 591 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 592 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 593 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 594 'Qw==\n' + 595 '-----END CERTIFICATE-----\n'; 596 597let encodingBlob: certFramework.EncodingBlob = { 598 data: stringToUint8Array(certData), 599 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 600 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 601}; 602 603certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 604 if (error != null) { 605 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 606 } else { 607 console.log('createX509Cert success'); 608 try { 609 let pubKey = x509Cert.getPublicKey(); 610 } catch (error) { 611 let e: BusinessError = error as BusinessError; 612 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 613 } 614 } 615}); 616``` 617 618### checkValidityWithDate 619 620checkValidityWithDate(date: string) : void 621 622Checks the validity period of this X.509 certificate. This API uses an asynchronous callback to return the result. 623 624**System capability**: SystemCapability.Security.Cert 625 626**Parameters** 627 628| Name | Type | Mandatory| Description | 629| -------- | -------------- | ---- | ---------- | 630| date | string | Yes | Date in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The date must end with **Z**, which indicates the UTC.| 631 632**Error codes** 633 634| ID| Error Message | 635| -------- | ------------------------------------------------- | 636| 19020001 | memory error. | 637| 19030001 | crypto operation error.| 638| 19030003 | the certificate has not taken effect. | 639| 19030004 | the certificate has expired.| 640 641**Example** 642 643```ts 644import certFramework from '@ohos.security.cert'; 645import { BusinessError } from '@ohos.base'; 646 647// Convert the string into a Uint8Array. 648function stringToUint8Array(str: string): Uint8Array { 649 let arr: Array<number> = []; 650 for (let i = 0, j = str.length; i < j; i++) { 651 arr.push(str.charCodeAt(i)); 652 } 653 return new Uint8Array(arr); 654} 655 656// Certificate binary data, which must be set based on the service. 657let certData = '-----BEGIN CERTIFICATE-----\n' + 658 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 659 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 660 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 661 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 662 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 663 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 664 'Qw==\n' + 665 '-----END CERTIFICATE-----\n'; 666 667let encodingBlob: certFramework.EncodingBlob = { 668 data: stringToUint8Array(certData), 669 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 670 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 671}; 672 673certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 674 if (error != null) { 675 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 676 } else { 677 console.log('createX509Cert success'); 678 679 let date = '231001000001Z'; 680 // Verify the certificate validity period. 681 try { 682 x509Cert.checkValidityWithDate(date); 683 } catch (error) { 684 let e: BusinessError = error as BusinessError; 685 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 686 } 687 } 688}); 689``` 690 691### getVersion 692 693getVersion() : number 694 695Obtains the X.509 certificate version. 696 697**System capability**: SystemCapability.Security.Cert 698 699**Return value** 700 701| Type | Description | 702| ------ | ---------------- | 703| number | X.509 certificate version obtained.| 704 705**Example** 706 707```ts 708import certFramework from '@ohos.security.cert'; 709 710// Convert the string into a Uint8Array. 711function stringToUint8Array(str: string): Uint8Array { 712 let arr: Array<number> = []; 713 for (let i = 0, j = str.length; i < j; i++) { 714 arr.push(str.charCodeAt(i)); 715 } 716 return new Uint8Array(arr); 717} 718 719// Certificate binary data, which must be set based on the service. 720let certData = '-----BEGIN CERTIFICATE-----\n' + 721 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 722 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 723 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 724 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 725 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 726 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 727 'Qw==\n' + 728 '-----END CERTIFICATE-----\n'; 729 730let encodingBlob: certFramework.EncodingBlob = { 731 data: stringToUint8Array(certData), 732 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 733 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 734}; 735certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 736 if (error != null) { 737 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 738 } else { 739 console.log('createX509Cert success'); 740 let version = x509Cert.getVersion(); 741 } 742}); 743``` 744 745### getSerialNumber<sup>(deprecated)</sup> 746 747getSerialNumber() : number 748 749Obtains the X.509 certificate serial number. 750 751> **NOTE** 752> 753> This API is supported since API version 9 and deprecated since API version 10. You are advised to use [getCertSerialNumber](#getcertserialnumber10). 754 755**System capability**: SystemCapability.Security.Cert 756 757**Return value** 758 759| Type | Description | 760| ------ | ------------------ | 761| number | X.509 certificate serial number obtained.| 762 763**Example** 764 765```ts 766import certFramework from '@ohos.security.cert'; 767 768// Convert the string into a Uint8Array. 769function stringToUint8Array(str: string): Uint8Array { 770 let arr: Array<number> = []; 771 for (let i = 0, j = str.length; i < j; i++) { 772 arr.push(str.charCodeAt(i)); 773 } 774 return new Uint8Array(arr); 775} 776 777// Certificate binary data, which must be set based on the service. 778let certData = '-----BEGIN CERTIFICATE-----\n' + 779 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 780 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 781 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 782 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 783 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 784 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 785 'Qw==\n' + 786 '-----END CERTIFICATE-----\n'; 787 788let encodingBlob: certFramework.EncodingBlob = { 789 data: stringToUint8Array(certData), 790 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 791 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 792}; 793 794certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 795 if (error != null) { 796 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 797 } else { 798 console.log('createX509Cert success'); 799 let serialNumber = x509Cert.getSerialNumber(); 800 } 801}); 802``` 803 804### getCertSerialNumber<sup>10+</sup> 805 806getCertSerialNumber() : bigint 807 808Obtains the X.509 certificate serial number. 809 810**System capability**: SystemCapability.Security.Cert 811 812**Return value** 813 814| Type | Description | 815| ------ | ------------------ | 816| bigint | X.509 certificate serial number obtained.| 817 818**Error codes** 819 820| ID| Error Message | 821| -------- | ------------------------------------------------- | 822| 19020002 | runtime error. | 823 824**Example** 825 826```ts 827import certFramework from '@ohos.security.cert'; 828import { BusinessError } from '@ohos.base'; 829 830// Convert the string into a Uint8Array. 831function stringToUint8Array(str: string): Uint8Array { 832 let arr: Array<number> = []; 833 for (let i = 0, j = str.length; i < j; i++) { 834 arr.push(str.charCodeAt(i)); 835 } 836 return new Uint8Array(arr); 837} 838 839// Certificate binary data, which must be set based on the service. 840let certData = '-----BEGIN CERTIFICATE-----\n' + 841 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 842 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 843 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 844 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 845 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 846 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 847 'Qw==\n' + 848 '-----END CERTIFICATE-----\n'; 849 850let encodingBlob: certFramework.EncodingBlob = { 851 data: stringToUint8Array(certData), 852 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 853 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 854}; 855 856certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 857 if (error != null) { 858 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 859 } else { 860 console.log('createX509Cert success'); 861 try { 862 let serialNumber = x509Cert.getCertSerialNumber(); 863 } catch (err) { 864 let e: BusinessError = err as BusinessError; 865 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 866 } 867 } 868}); 869``` 870 871### getIssuerName 872 873getIssuerName() : DataBlob 874 875Obtains the X.509 certificate issuer. 876 877**System capability**: SystemCapability.Security.Cert 878 879**Return value** 880 881| Type | Description | 882| --------------------- | ---------------------- | 883| [DataBlob](#datablob) | X.509 certificate issuer obtained.| 884 885**Error codes** 886 887| ID| Error Message | 888| -------- | ------------------------------------------------- | 889| 19020001 | memory error. | 890| 19020002 | runtime error. | 891| 19030001 | crypto operation error.| 892 893**Example** 894 895```ts 896import certFramework from '@ohos.security.cert'; 897import { BusinessError } from '@ohos.base'; 898 899// Convert the string into a Uint8Array. 900function stringToUint8Array(str: string): Uint8Array { 901 let arr: Array<number> = []; 902 for (let i = 0, j = str.length; i < j; i++) { 903 arr.push(str.charCodeAt(i)); 904 } 905 return new Uint8Array(arr); 906} 907 908// Certificate binary data, which must be set based on the service. 909let certData = '-----BEGIN CERTIFICATE-----\n' + 910 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 911 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 912 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 913 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 914 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 915 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 916 'Qw==\n' + 917 '-----END CERTIFICATE-----\n'; 918 919let encodingBlob: certFramework.EncodingBlob = { 920 data: stringToUint8Array(certData), 921 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 922 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 923}; 924 925certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 926 if (error != null) { 927 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 928 } else { 929 console.log('createX509Cert success'); 930 try { 931 let issuerName = x509Cert.getIssuerName(); 932 } catch (err) { 933 let e: BusinessError = err as BusinessError; 934 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 935 } 936 } 937}); 938``` 939 940### getSubjectName 941 942getSubjectName() : DataBlob 943 944Obtains the subject of this X.509 certificate. 945 946**System capability**: SystemCapability.Security.Cert 947 948**Return value** 949 950| Type | Description | 951| --------------------- | -------------------- | 952| [DataBlob](#datablob) | Subject name obtained.| 953 954**Error codes** 955 956| ID| Error Message | 957| -------- | ------------------------------------------------- | 958| 19020001 | memory error. | 959| 19020002 | runtime error. | 960| 19030001 | crypto operation error.| 961 962**Example** 963 964```ts 965import certFramework from '@ohos.security.cert'; 966import { BusinessError } from '@ohos.base'; 967 968// Convert the string into a Uint8Array. 969function stringToUint8Array(str: string): Uint8Array { 970 let arr: Array<number> = []; 971 for (let i = 0, j = str.length; i < j; i++) { 972 arr.push(str.charCodeAt(i)); 973 } 974 return new Uint8Array(arr); 975} 976 977// Certificate binary data, which must be set based on the service. 978let certData = '-----BEGIN CERTIFICATE-----\n' + 979 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 980 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 981 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 982 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 983 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 984 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 985 'Qw==\n' + 986 '-----END CERTIFICATE-----\n'; 987 988let encodingBlob: certFramework.EncodingBlob = { 989 data: stringToUint8Array(certData), 990 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 991 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 992}; 993 994certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 995 if (error != null) { 996 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 997 } else { 998 console.log('createX509Cert success'); 999 try { 1000 let subjectName = x509Cert.getSubjectName(); 1001 } catch (err) { 1002 let e: BusinessError = err as BusinessError; 1003 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1004 } 1005 } 1006}); 1007``` 1008 1009### getNotBeforeTime 1010 1011getNotBeforeTime() : string 1012 1013Obtains the start time of this X.509 certificate. 1014 1015**System capability**: SystemCapability.Security.Cert 1016 1017**Return value** 1018 1019| Type | Description | 1020| ------ | ------------------------------------------------------------ | 1021| string | Start time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 1022 1023**Error codes** 1024 1025| ID| Error Message | 1026| -------- | ------------------------------------------------- | 1027| 19020001 | memory error. | 1028| 19020002 | runtime error. | 1029| 19030001 | crypto operation error.| 1030 1031**Example** 1032 1033```ts 1034import certFramework from '@ohos.security.cert'; 1035import { BusinessError } from '@ohos.base'; 1036 1037// Convert the string into a Uint8Array. 1038function stringToUint8Array(str: string): Uint8Array { 1039 let arr: Array<number> = []; 1040 for (let i = 0, j = str.length; i < j; i++) { 1041 arr.push(str.charCodeAt(i)); 1042 } 1043 return new Uint8Array(arr); 1044} 1045 1046// Certificate binary data, which must be set based on the service. 1047let certData = '-----BEGIN CERTIFICATE-----\n' + 1048 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1049 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1050 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1051 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1052 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1053 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1054 'Qw==\n' + 1055 '-----END CERTIFICATE-----\n'; 1056 1057let encodingBlob: certFramework.EncodingBlob = { 1058 data: stringToUint8Array(certData), 1059 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1060 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1061}; 1062 1063certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1064 if (error != null) { 1065 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1066 } else { 1067 console.log('createX509Cert success'); 1068 try { 1069 let notBefore = x509Cert.getNotBeforeTime(); 1070 } catch (err) { 1071 let e: BusinessError = err as BusinessError; 1072 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1073 } 1074 } 1075}); 1076``` 1077 1078### getNotAfterTime 1079 1080getNotAfterTime() : string 1081 1082Obtains the expiration time of this X.509 certificate. 1083 1084**System capability**: SystemCapability.Security.Cert 1085 1086**Return value** 1087 1088| Type | Description | 1089| ------ | ------------------------------------------------------------ | 1090| string | Expiration time of the X509 certificate validity period, in the YYMMDDHHMMSSZ or YYYYMMDDHHMMSSZ format. The value must end with **Z**, which indicates the UTC.| 1091 1092**Error codes** 1093 1094| ID| Error Message | 1095| -------- | ------------------------------------------------- | 1096| 19020001 | memory error. | 1097| 19020002 | runtime error. | 1098| 19030001 | crypto operation error.| 1099 1100**Example** 1101 1102```ts 1103import certFramework from '@ohos.security.cert'; 1104 1105import { BusinessError } from '@ohos.base'; 1106 1107// Convert the string into a Uint8Array. 1108function stringToUint8Array(str: string): Uint8Array { 1109 let arr: Array<number> = []; 1110 for (let i = 0, j = str.length; i < j; i++) { 1111 arr.push(str.charCodeAt(i)); 1112 } 1113 return new Uint8Array(arr); 1114} 1115 1116// Certificate binary data, which must be set based on the service. 1117let certData = '-----BEGIN CERTIFICATE-----\n' + 1118 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1119 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1120 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1121 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1122 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1123 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1124 'Qw==\n' + 1125 '-----END CERTIFICATE-----\n'; 1126 1127let encodingBlob: certFramework.EncodingBlob = { 1128 data: stringToUint8Array(certData), 1129 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1130 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1131}; 1132 1133certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1134 if (error != null) { 1135 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1136 } else { 1137 console.log('createX509Cert success'); 1138 try { 1139 let notAfter = x509Cert.getNotAfterTime(); 1140 } catch (err) { 1141 let e: BusinessError = err as BusinessError; 1142 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1143 } 1144 } 1145}); 1146``` 1147 1148### getSignature 1149 1150getSignature() : DataBlob 1151 1152Obtains the signature data of this X.509 certificate. 1153 1154**System capability**: SystemCapability.Security.Cert 1155 1156**Return value** 1157 1158| Type | Description | 1159| --------------------- | -------------------- | 1160| [DataBlob](#datablob) | Signature data obtained.| 1161 1162**Error codes** 1163 1164| ID| Error Message | 1165| -------- | ------------------------------------------------- | 1166| 19020001 | memory error. | 1167| 19020002 | runtime error. | 1168| 19030001 | crypto operation error.| 1169 1170**Example** 1171 1172```ts 1173import certFramework from '@ohos.security.cert'; 1174 1175import { BusinessError } from '@ohos.base'; 1176 1177// Convert the string into a Uint8Array. 1178function stringToUint8Array(str: string): Uint8Array { 1179 let arr: Array<number> = []; 1180 for (let i = 0, j = str.length; i < j; i++) { 1181 arr.push(str.charCodeAt(i)); 1182 } 1183 return new Uint8Array(arr); 1184} 1185 1186// Certificate binary data, which must be set based on the service. 1187let certData = '-----BEGIN CERTIFICATE-----\n' + 1188 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1189 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1190 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1191 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1192 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1193 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1194 'Qw==\n' + 1195 '-----END CERTIFICATE-----\n'; 1196 1197let encodingBlob: certFramework.EncodingBlob = { 1198 data: stringToUint8Array(certData), 1199 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1200 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1201}; 1202 1203certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1204 if (error != null) { 1205 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1206 } else { 1207 console.log('createX509Cert success'); 1208 try { 1209 let signature = x509Cert.getSignature(); 1210 } catch (err) { 1211 let e: BusinessError = err as BusinessError; 1212 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1213 } 1214 } 1215}); 1216``` 1217 1218### getSignatureAlgName 1219 1220getSignatureAlgName() : string 1221 1222Obtains the signing algorithm of this X.509 certificate. 1223 1224**System capability**: SystemCapability.Security.Cert 1225 1226**Return value** 1227 1228| Type | Description | 1229| ------ | ------------------------ | 1230| string | X.509 certificate signing algorithm obtained.| 1231 1232**Error codes** 1233 1234| ID| Error Message | 1235| -------- | ------------------------------------------------- | 1236| 19020001 | memory error. | 1237| 19020002 | runtime error. | 1238| 19030001 | crypto operation error.| 1239 1240**Example** 1241 1242```ts 1243import certFramework from '@ohos.security.cert'; 1244 1245import { BusinessError } from '@ohos.base'; 1246 1247// Convert the string into a Uint8Array. 1248function stringToUint8Array(str: string): Uint8Array { 1249 let arr: Array<number> = []; 1250 for (let i = 0, j = str.length; i < j; i++) { 1251 arr.push(str.charCodeAt(i)); 1252 } 1253 return new Uint8Array(arr); 1254} 1255 1256// Certificate binary data, which must be set based on the service. 1257let certData = '-----BEGIN CERTIFICATE-----\n' + 1258 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1259 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1260 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1261 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1262 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1263 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1264 'Qw==\n' + 1265 '-----END CERTIFICATE-----\n'; 1266 1267let encodingBlob: certFramework.EncodingBlob = { 1268 data: stringToUint8Array(certData), 1269 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1270 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1271}; 1272 1273certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1274 if (error != null) { 1275 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1276 } else { 1277 console.log('createX509Cert success'); 1278 try { 1279 let sigAlgName = x509Cert.getSignatureAlgName(); 1280 } catch (err) { 1281 let e: BusinessError = err as BusinessError; 1282 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1283 } 1284 } 1285}); 1286``` 1287 1288### getSignatureAlgOid 1289 1290getSignatureAlgOid() : string 1291 1292Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 1293 1294**System capability**: SystemCapability.Security.Cert 1295 1296**Return value** 1297 1298| Type | Description | 1299| ------ | --------------------------------- | 1300| string | OID obtained.| 1301 1302**Error codes** 1303 1304| ID| Error Message | 1305| -------- | ------------------------------------------------- | 1306| 19020001 | memory error. | 1307| 19020002 | runtime error. | 1308| 19030001 | crypto operation error.| 1309 1310**Example** 1311 1312```ts 1313import certFramework from '@ohos.security.cert'; 1314import { BusinessError } from '@ohos.base'; 1315 1316// Convert the string into a Uint8Array. 1317function stringToUint8Array(str: string): Uint8Array { 1318 let arr: Array<number> = []; 1319 for (let i = 0, j = str.length; i < j; i++) { 1320 arr.push(str.charCodeAt(i)); 1321 } 1322 return new Uint8Array(arr); 1323} 1324 1325// Certificate binary data, which must be set based on the service. 1326let certData = '-----BEGIN CERTIFICATE-----\n' + 1327 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1328 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1329 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1330 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1331 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1332 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1333 'Qw==\n' + 1334 '-----END CERTIFICATE-----\n'; 1335 1336let encodingBlob: certFramework.EncodingBlob = { 1337 data: stringToUint8Array(certData), 1338 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1339 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1340}; 1341 1342certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1343 if (error != null) { 1344 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1345 } else { 1346 console.log('createX509Cert success'); 1347 try { 1348 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1349 } catch (err) { 1350 let e: BusinessError = err as BusinessError; 1351 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1352 } 1353 } 1354}); 1355``` 1356 1357### getSignatureAlgParams 1358 1359getSignatureAlgParams() : DataBlob 1360 1361Obtains the signing algorithm parameters of this X.509 certificate. 1362 1363**System capability**: SystemCapability.Security.Cert 1364 1365**Return value** 1366 1367| Type | Description | 1368| --------------------- | ------------------------ | 1369| [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| 1370 1371**Error codes** 1372 1373| ID| Error Message | 1374| -------- | ------------------------------------------------- | 1375| 19020001 | memory error. | 1376| 19020002 | runtime error. | 1377| 19030001 | crypto operation error.| 1378 1379**Example** 1380 1381```ts 1382import certFramework from '@ohos.security.cert'; 1383import { BusinessError } from '@ohos.base'; 1384 1385// Convert the string into a Uint8Array. 1386function stringToUint8Array(str: string): Uint8Array { 1387 let arr: Array<number> = []; 1388 for (let i = 0, j = str.length; i < j; i++) { 1389 arr.push(str.charCodeAt(i)); 1390 } 1391 return new Uint8Array(arr); 1392} 1393 1394// Certificate binary data, which must be set based on the service. 1395let certData = '-----BEGIN CERTIFICATE-----\n' + 1396 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1397 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1398 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1399 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1400 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1401 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1402 'Qw==\n' + 1403 '-----END CERTIFICATE-----\n'; 1404 1405let encodingBlob: certFramework.EncodingBlob = { 1406 data: stringToUint8Array(certData), 1407 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1408 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1409}; 1410 1411certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1412 if (error != null) { 1413 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1414 } else { 1415 console.log('createX509Cert success'); 1416 try { 1417 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1418 } catch (err) { 1419 let e: BusinessError = err as BusinessError; 1420 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1421 } 1422 } 1423}); 1424``` 1425 1426### getKeyUsage 1427 1428getKeyUsage() : DataBlob 1429 1430Obtains the key usage of this X.509 certificate. 1431 1432**System capability**: SystemCapability.Security.Cert 1433 1434**Return value** 1435 1436| Type | Description | 1437| --------------------- | -------------------- | 1438| [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| 1439 1440**Error codes** 1441 1442| ID| Error Message | 1443| -------- | ------------------------------------------------- | 1444| 19020001 | memory error. | 1445| 19030001 | crypto operation error.| 1446 1447**Example** 1448 1449```ts 1450import certFramework from '@ohos.security.cert'; 1451import { BusinessError } from '@ohos.base'; 1452 1453// Convert the string into a Uint8Array. 1454function stringToUint8Array(str: string): Uint8Array { 1455 let arr: Array<number> = []; 1456 for (let i = 0, j = str.length; i < j; i++) { 1457 arr.push(str.charCodeAt(i)); 1458 } 1459 return new Uint8Array(arr); 1460} 1461 1462// Certificate binary data, which must be set based on the service. 1463let certData = '-----BEGIN CERTIFICATE-----\n' + 1464 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1465 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1466 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1467 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1468 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1469 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1470 'Qw==\n' + 1471 '-----END CERTIFICATE-----\n'; 1472 1473let encodingBlob: certFramework.EncodingBlob = { 1474 data: stringToUint8Array(certData), 1475 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1476 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1477}; 1478 1479certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1480 if (error != null) { 1481 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1482 } else { 1483 console.log('createX509Cert success'); 1484 try { 1485 let keyUsage = x509Cert.getKeyUsage(); 1486 } catch (err) { 1487 let e: BusinessError = err as BusinessError; 1488 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1489 } 1490 } 1491}); 1492``` 1493 1494### getExtKeyUsage 1495 1496getExtKeyUsage() : DataArray 1497 1498Obtains the usage of the extended key of this X.509 certificate. 1499 1500**System capability**: SystemCapability.Security.Cert 1501 1502**Return value** 1503 1504| Type | Description | 1505| ----------------------- | ------------------------ | 1506| [DataArray](#dataarray) | Usage of the extended key obtained.| 1507 1508**Error codes** 1509 1510| ID| Error Message | 1511| -------- | ------------------------------------------------- | 1512| 19020001 | memory error. | 1513| 19020002 | runtime error. | 1514| 19030001 | crypto operation error.| 1515 1516**Example** 1517 1518```ts 1519import certFramework from '@ohos.security.cert'; 1520import { BusinessError } from '@ohos.base'; 1521 1522// Convert the string into a Uint8Array. 1523function stringToUint8Array(str: string): Uint8Array { 1524 let arr: Array<number> = []; 1525 for (let i = 0, j = str.length; i < j; i++) { 1526 arr.push(str.charCodeAt(i)); 1527 } 1528 return new Uint8Array(arr); 1529} 1530 1531// Certificate binary data, which must be set based on the service. 1532let certData = '-----BEGIN CERTIFICATE-----\n' + 1533 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1534 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1535 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1536 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1537 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1538 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1539 'Qw==\n' + 1540 '-----END CERTIFICATE-----\n'; 1541 1542let encodingBlob: certFramework.EncodingBlob = { 1543 data: stringToUint8Array(certData), 1544 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1545 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1546}; 1547 1548certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1549 if (error != null) { 1550 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1551 } else { 1552 console.log('createX509Cert success'); 1553 try { 1554 let extKeyUsage = x509Cert.getExtKeyUsage(); 1555 } catch (err) { 1556 let e: BusinessError = err as BusinessError; 1557 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1558 } 1559 } 1560}); 1561``` 1562 1563### getBasicConstraints 1564 1565getBasicConstraints() : number 1566 1567Obtains the basic constraints for obtaining this X.509 certificate. 1568 1569**System capability**: SystemCapability.Security.Cert 1570 1571**Return value** 1572 1573| Type | Description | 1574| ------ | -------------------- | 1575| number | Basic constraints obtained.| 1576 1577**Example** 1578 1579```ts 1580import certFramework from '@ohos.security.cert'; 1581 1582// Convert the string into a Uint8Array. 1583function stringToUint8Array(str: string): Uint8Array { 1584 let arr: Array<number> = []; 1585 for (let i = 0, j = str.length; i < j; i++) { 1586 arr.push(str.charCodeAt(i)); 1587 } 1588 return new Uint8Array(arr); 1589} 1590 1591// Certificate binary data, which must be set based on the service. 1592let certData = '-----BEGIN CERTIFICATE-----\n' + 1593 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1594 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1595 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1596 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1597 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1598 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1599 'Qw==\n' + 1600 '-----END CERTIFICATE-----\n'; 1601 1602let encodingBlob: certFramework.EncodingBlob = { 1603 data: stringToUint8Array(certData), 1604 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1605 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1606}; 1607 1608certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1609 if (error != null) { 1610 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1611 } else { 1612 console.log('createX509Cert success'); 1613 let basicConstraints = x509Cert.getBasicConstraints(); 1614 } 1615}); 1616``` 1617 1618### getSubjectAltNames 1619 1620getSubjectAltNames() : DataArray 1621 1622Obtains the Subject Alternative Names (SANs) of this X.509 certificate. 1623 1624**System capability**: SystemCapability.Security.Cert 1625 1626**Return value** 1627 1628| Type | Description | 1629| ----------------------- | ------------------------ | 1630| [DataArray](#dataarray) | SANs obtained.| 1631 1632**Error codes** 1633 1634| ID| Error Message | 1635| -------- | ------------------------------------------------- | 1636| 19020001 | memory error. | 1637| 19020002 | runtime error. | 1638| 19030001 | crypto operation error.| 1639 1640**Example** 1641 1642```ts 1643import certFramework from '@ohos.security.cert'; 1644import { BusinessError } from '@ohos.base'; 1645 1646// Convert the string into a Uint8Array. 1647function stringToUint8Array(str: string): Uint8Array { 1648 let arr: Array<number> = []; 1649 for (let i = 0, j = str.length; i < j; i++) { 1650 arr.push(str.charCodeAt(i)); 1651 } 1652 return new Uint8Array(arr); 1653} 1654 1655// Certificate binary data, which must be set based on the service. 1656let certData = '-----BEGIN CERTIFICATE-----\n' + 1657 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1658 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1659 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1660 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1661 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1662 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1663 'Qw==\n' + 1664 '-----END CERTIFICATE-----\n'; 1665 1666let encodingBlob: certFramework.EncodingBlob = { 1667 data: stringToUint8Array(certData), 1668 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1669 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1670}; 1671 1672certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1673 if (error != null) { 1674 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1675 } else { 1676 console.log('createX509Cert success'); 1677 try { 1678 let subjectAltNames = x509Cert.getSubjectAltNames(); 1679 } catch (err) { 1680 let e: BusinessError = err as BusinessError; 1681 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1682 } 1683 } 1684}); 1685``` 1686 1687### getIssuerAltNames 1688 1689getIssuerAltNames() : DataArray 1690 1691Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. 1692 1693**System capability**: SystemCapability.Security.Cert 1694 1695**Return value** 1696 1697| Type | Description | 1698| ----------------------- | -------------------------- | 1699| [DataArray](#dataarray) | IANs obtained.| 1700 1701**Error codes** 1702 1703| ID| Error Message | 1704| -------- | ------------------------------------------------- | 1705| 19020001 | memory error. | 1706| 19020002 | runtime error. | 1707| 19030001 | crypto operation error.| 1708 1709**Example** 1710 1711```ts 1712import certFramework from '@ohos.security.cert'; 1713import { BusinessError } from '@ohos.base'; 1714 1715// Convert the string into a Uint8Array. 1716function stringToUint8Array(str: string): Uint8Array { 1717 let arr: Array<number> = []; 1718 for (let i = 0, j = str.length; i < j; i++) { 1719 arr.push(str.charCodeAt(i)); 1720 } 1721 return new Uint8Array(arr); 1722} 1723 1724// Certificate binary data, which must be set based on the service. 1725let certData = '-----BEGIN CERTIFICATE-----\n' + 1726 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1727 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1728 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1729 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1730 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1731 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1732 'Qw==\n' + 1733 '-----END CERTIFICATE-----\n'; 1734 1735let encodingBlob: certFramework.EncodingBlob = { 1736 data: stringToUint8Array(certData), 1737 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1738 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1739}; 1740 1741certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1742 if (error != null) { 1743 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1744 } else { 1745 console.log('createX509Cert success'); 1746 try { 1747 let issuerAltNames = x509Cert.getIssuerAltNames(); 1748 } catch (err) { 1749 let e: BusinessError = err as BusinessError; 1750 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1751 } 1752 } 1753}); 1754``` 1755 1756### getItem<sup>10+</sup> 1757 1758getItem(itemType: CertItemType) : DataBlob 1759 1760Obtains the fields in the X.509 certificate. 1761 1762**System capability**: SystemCapability.Security.Cert 1763 1764**Return value** 1765 1766| Type | Description | 1767| --------------------- | ----------------------------------------- | 1768| [DataBlob](#datablob) | Returns the obtained fields in DER format.| 1769 1770**Error codes** 1771 1772| ID| Error Message | 1773| -------- | ----------------------- | 1774| 19020001 | memory error. | 1775| 19020002 | runtime error. | 1776| 19030001 | crypto operation error. | 1777 1778**Example** 1779 1780```ts 1781import certFramework from '@ohos.security.cert'; 1782import { BusinessError } from '@ohos.base'; 1783 1784// Convert the string into a Uint8Array. 1785function stringToUint8Array(str: string): Uint8Array { 1786 let arr: Array<number> = []; 1787 for (let i = 0, j = str.length; i < j; i++) { 1788 arr.push(str.charCodeAt(i)); 1789 } 1790 return new Uint8Array(arr); 1791} 1792 1793// Certificate binary data, which must be set based on the service. 1794let certData = '-----BEGIN CERTIFICATE-----\n' + 1795 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1796 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1797 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1798 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1799 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1800 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1801 'Qw==\n' + 1802 '-----END CERTIFICATE-----\n'; 1803 1804let encodingBlob: certFramework.EncodingBlob = { 1805 data: stringToUint8Array(certData), 1806 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 1807 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 1808}; 1809 1810certFramework.createX509Cert(encodingBlob, (error, x509Cert) => { 1811 if (error != null) { 1812 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1813 } else { 1814 console.log('createX509Cert success'); 1815 try { 1816 let tbs = x509Cert.getItem(certFramework.CertItemType.CERT_ITEM_TYPE_TBS); 1817 let pubKey = x509Cert.getItem(certFramework.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 1818 } catch (err) { 1819 let e: BusinessError = err as BusinessError; 1820 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1821 } 1822 } 1823}); 1824``` 1825 1826## cryptoCert.createCertExtension<sup>10+</sup> 1827 1828createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 1829 1830Creates a **CertExtension** instance. This API uses an asynchronous callback to return the result. 1831 1832**System capability**: SystemCapability.Security.Cert 1833 1834**Parameters** 1835 1836| Name | Type | Mandatory| Description | 1837| -------- | ------------------------------------------------- | ---- | -------------------------- | 1838| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 1839| callback | AsyncCallback\<[CertExtension](#certextension10)> | Yes | Callback invoked to return the **CertExtension** instance created.| 1840 1841**Error codes** 1842 1843| ID| Error Message | 1844| -------- | ------------- | 1845| 19020001 | memory error. | 1846 1847**Example** 1848 1849```ts 1850import certFramework from '@ohos.security.cert'; 1851 1852// Binary data of the certificate extension, which needs to be assigned by the service. 1853let extData = new Uint8Array([ 1854 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 1855 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 1856 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 1857 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 1858 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 1859 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 1860 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 1861 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 1862 0xD9, 0xE4 1863]); 1864 1865let encodingBlob: certFramework.EncodingBlob = { 1866 data: extData, 1867 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 1868 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 1869}; 1870 1871certFramework.createCertExtension(encodingBlob, (error, certExt) => { 1872 if (error != null) { 1873 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1874 } else { 1875 console.log('createCertExtension success'); 1876 } 1877}); 1878``` 1879 1880## cryptoCert.createCertExtension<sup>10+</sup> 1881 1882createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 1883 1884Creates a **CertExtension** instance. This API uses a promise to return the result. 1885 1886**System capability**: SystemCapability.Security.Cert 1887 1888**Parameters** 1889 1890| Name | Type | Mandatory| Description | 1891| -------- | ----------------------------- | ---- | -------------------------- | 1892| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| 1893 1894**Return value** 1895 1896| Type | Description | 1897| ------------------------------------------- | -------------------- | 1898| Promise\<[CertExtension](#certextension10)> | Promise used to return the **CertExtension** instance created.| 1899 1900**Error codes** 1901 1902| ID| Error Message | 1903| -------- | ------------- | 1904| 19020001 | memory error. | 1905 1906**Example** 1907 1908```ts 1909import certFramework from '@ohos.security.cert'; 1910import { BusinessError } from '@ohos.base'; 1911 1912// Binary data of the certificate extension, which needs to be assigned by the service. 1913let extData = new Uint8Array([ 1914 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 1915 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 1916 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 1917 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 1918 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 1919 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 1920 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 1921 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 1922 0xD9, 0xE4 1923]); 1924 1925let encodingBlob: certFramework.EncodingBlob = { 1926 data: extData, 1927 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 1928 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 1929}; 1930 1931certFramework.createCertExtension(encodingBlob).then(certExt => { 1932 console.log('createCertExtension success'); 1933}).catch((error: BusinessError) => { 1934 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1935}); 1936``` 1937 1938## CertExtension<sup>10+</sup> 1939 1940Provides APIs for operating the certificate extensions. 1941 1942### getEncoded<sup>10+</sup> 1943 1944getEncoded() : EncodingBlob 1945 1946Obtains the serialized data of the certificate extensions. 1947 1948**System capability**: SystemCapability.Security.Cert 1949 1950**Return value** 1951 1952| Type | Description | 1953| ----------------------------- | ---------------------------- | 1954| [EncodingBlob](#encodingblob) | Returns the serialized data obtained.| 1955 1956**Error codes** 1957 1958| ID| Error Message | 1959| -------- | ----------------------- | 1960| 19020001 | memory error. | 1961| 19020002 | runtime error. | 1962| 19030001 | crypto operation error. | 1963 1964**Example** 1965 1966```ts 1967import certFramework from '@ohos.security.cert'; 1968import { BusinessError } from '@ohos.base'; 1969 1970// Binary data of the certificate extension, which needs to be assigned by the service. 1971let extData = new Uint8Array([ 1972 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 1973 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 1974 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 1975 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 1976 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 1977 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 1978 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 1979 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 1980 0xD9, 0xE4 1981]); 1982 1983let encodingBlob: certFramework.EncodingBlob = { 1984 data: extData, 1985 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 1986 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 1987}; 1988 1989certFramework.createCertExtension(encodingBlob, (error, certExt) => { 1990 if (error != null) { 1991 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1992 } else { 1993 console.log('createCertExtension success'); 1994 try { 1995 let extEncodedBlob = certExt.getEncoded(); 1996 } catch (err) { 1997 let e: BusinessError = err as BusinessError; 1998 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1999 } 2000 } 2001}); 2002``` 2003 2004### getOidList<sup>10+</sup> 2005 2006getOidList(valueType : ExtensionOidType) : DataArray 2007 2008Obtains the OIDs of the certificate extensions. 2009 2010**System capability**: SystemCapability.Security.Cert 2011 2012**Parameters** 2013 2014| Name | Type | Mandatory| Description | 2015| --------- | ------------------------------------- | ---- | ------------------------------ | 2016| valueType | [ExtensionOidType](#extensionoidtype) | Yes | Type of the OIDs to obtain.| 2017 2018**Return value** 2019 2020| Type | Description | 2021| ----------------------- | -------------------------------- | 2022| [DataArray](#dataarray) | Returns a list of the OIDs obtained.| 2023 2024**Error codes** 2025 2026| ID| Error Message | 2027| -------- | ----------------------- | 2028| 19020001 | memory error. | 2029| 19020002 | runtime error. | 2030| 19030001 | crypto operation error. | 2031 2032**Example** 2033 2034```ts 2035import certFramework from '@ohos.security.cert'; 2036import { BusinessError } from '@ohos.base'; 2037 2038// Binary data of the certificate extension, which needs to be assigned by the service. 2039let extData = new Uint8Array([ 2040 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2041 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2042 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2043 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2044 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2045 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2046 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2047 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2048 0xD9, 0xE4 2049]); 2050 2051let encodingBlob: certFramework.EncodingBlob = { 2052 data: extData, 2053 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2054 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2055}; 2056 2057certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2058 if (error != null) { 2059 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2060 } else { 2061 console.log('createCertExtension success'); 2062 try { 2063 let oidList = certExt.getOidList(certFramework.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 2064 } catch (err) { 2065 let e: BusinessError = err as BusinessError; 2066 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2067 } 2068 } 2069}); 2070``` 2071 2072### getEntry<sup>10+</sup> 2073 2074getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 2075 2076Obtains the certificate extension object information. 2077 2078**System capability**: SystemCapability.Security.Cert 2079 2080**Parameters** 2081 2082| Name | Type | Mandatory| Description | 2083| --------- | ----------------------------------------- | ---- | -------------------------------- | 2084| valueType | [ExtensionEntryType](#extensionentrytype) | Yes | Type of the information to obtain. | 2085| oid | [DataBlob](#datablob) | Yes | OID of the certificate extension to obtain.| 2086 2087**Return value** 2088 2089| Type | Description | 2090| --------------------- | ---------------------------- | 2091| [DataBlob](#datablob) | Returns the certificate extension object information obtained.| 2092 2093**Error codes** 2094 2095| ID| Error Message | 2096| -------- | ----------------------- | 2097| 19020001 | memory error. | 2098| 19020002 | runtime error. | 2099| 19030001 | crypto operation error. | 2100 2101**Example** 2102 2103```ts 2104import certFramework from '@ohos.security.cert'; 2105import { BusinessError } from '@ohos.base'; 2106 2107// Binary data of the certificate extension, which needs to be assigned by the service. 2108let extData = new Uint8Array([ 2109 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2110 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2111 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2112 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2113 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2114 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2115 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2116 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2117 0xD9, 0xE4 2118]); 2119 2120let encodingBlob: certFramework.EncodingBlob = { 2121 data: extData, 2122 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2123 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2124}; 2125 2126certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2127 if (error != null) { 2128 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2129 } else { 2130 console.log('createCertExtension success'); 2131 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 2132 let oidBlob: certFramework.DataBlob = { 2133 data: oid 2134 } 2135 try { 2136 let entry = certExt.getEntry(certFramework.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 2137 } catch (err) { 2138 let e: BusinessError = err as BusinessError; 2139 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2140 } 2141 } 2142}); 2143``` 2144 2145 2146### checkCA<sup>10+</sup> 2147 2148checkCA() : number 2149 2150Checks whether the certificate is a CA certificate. 2151 2152**System capability**: SystemCapability.Security.Cert 2153 2154**Return value** 2155 2156| Type | Description | 2157| ------ | ------------------------------------------------------------ | 2158| number | If the key purpose in the certificate extension contains signing and the CA field in the basic constraints is **true**, the certificate is a CA certificate. Returns **-1** if the certificate is not a CA certificate; returns the path length in the basic constraints otherwise. Returns **-2** if the certificate is a CA certificate but the path length is not specified in the basic constraints, which means the path length is not limited.| 2159 2160**Error codes** 2161 2162| ID| Error Message | 2163| -------- | ----------------------- | 2164| 19020001 | memory error. | 2165| 19020002 | runtime error. | 2166| 19030001 | crypto operation error. | 2167 2168**Example** 2169 2170```ts 2171import certFramework from '@ohos.security.cert'; 2172import { BusinessError } from '@ohos.base'; 2173 2174// Binary data of the certificate extension, which needs to be assigned by the service. 2175let extData = new Uint8Array([ 2176 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2177 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2178 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2179 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2180 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2181 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2182 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2183 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2184 0xD9, 0xE4 2185]); 2186 2187let encodingBlob: certFramework.EncodingBlob = { 2188 data: extData, 2189 // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. 2190 encodingFormat: certFramework.EncodingFormat.FORMAT_DER 2191}; 2192certFramework.createCertExtension(encodingBlob, (error, certExt) => { 2193 if (error != null) { 2194 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2195 } else { 2196 console.log('createCertExtension success'); 2197 try { 2198 let res = certExt.checkCA(); 2199 } catch (err) { 2200 let e: BusinessError = err as BusinessError; 2201 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2202 } 2203 } 2204}); 2205``` 2206 2207## cryptoCert.createX509Crl 2208 2209createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 2210 2211Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. 2212 2213**System capability**: SystemCapability.Security.Cert 2214 2215**Parameters** 2216 2217| Name | Type | Mandatory| Description | 2218| -------- | ----------------------------------- | ---- | ------------------------------ | 2219| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized certificate revocation list (CRL) data. | 2220| callback | AsyncCallback\<[X509Crl](#x509crl)> | Yes | Callback invoked to return the result. Promise used to return the **X509Crl** instance created.| 2221 2222**Error codes** 2223 2224| ID| Error Message | 2225| -------- | ------------- | 2226| 19020001 | memory error. | 2227 2228**Example** 2229 2230```ts 2231import certFramework from '@ohos.security.cert'; 2232 2233// Convert the string into a Uint8Array. 2234function stringToUint8Array(str: string): Uint8Array { 2235 let arr: Array<number> = []; 2236 for (let i = 0, j = str.length; i < j; i++) { 2237 arr.push(str.charCodeAt(i)); 2238 } 2239 return new Uint8Array(arr); 2240} 2241 2242let crlData = '-----BEGIN X509 CRL-----\n' + 2243 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2244 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2245 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2246 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2247 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2248 'eavsH0Q3\n' + 2249 '-----END X509 CRL-----\n'; 2250 2251// Binary data of the CRL, which must be set based on the service. 2252let encodingBlob: certFramework.EncodingBlob = { 2253 data: stringToUint8Array(crlData), 2254 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2255 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2256}; 2257 2258certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2259 if (error != null) { 2260 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2261 } else { 2262 console.log('createX509Crl success'); 2263 } 2264}); 2265``` 2266 2267## cryptoCert.createX509Crl 2268 2269createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 2270 2271Creates an **X509Crl** instance. This API uses a promise to return the result. 2272 2273**System capability**: SystemCapability.Security.Cert 2274 2275**Parameters** 2276 2277| Name | Type | Mandatory| Description | 2278| -------- | ----------------------------- | ---- | -------------------------- | 2279| inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| 2280 2281**Return value** 2282 2283| Type | Description | 2284| ----------------------------- | -------------------- | 2285| Promise\<[X509Crl](#x509crl)> | Promise used to return the **X509Crl** instance created.| 2286 2287**Error codes** 2288 2289| ID| Error Message | 2290| -------- | ------------- | 2291| 19020001 | memory error. | 2292 2293**Example** 2294 2295```ts 2296import certFramework from '@ohos.security.cert'; 2297import { BusinessError } from '@ohos.base'; 2298 2299// Convert the string into a Uint8Array. 2300function stringToUint8Array(str: string): Uint8Array { 2301 let arr: Array<number> = []; 2302 for (let i = 0, j = str.length; i < j; i++) { 2303 arr.push(str.charCodeAt(i)); 2304 } 2305 return new Uint8Array(arr); 2306} 2307 2308let crlData = '-----BEGIN X509 CRL-----\n' + 2309 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2310 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2311 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2312 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2313 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2314 'eavsH0Q3\n' + 2315 '-----END X509 CRL-----\n'; 2316 2317// Binary data of the CRL, which must be set based on the service. 2318let encodingBlob: certFramework.EncodingBlob = { 2319 data: stringToUint8Array(crlData), 2320 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2321 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2322}; 2323 2324certFramework.createX509Crl(encodingBlob).then(x509Crl => { 2325 console.log('createX509Crl success'); 2326}).catch((error: BusinessError) => { 2327 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2328}); 2329``` 2330 2331## X509Crl 2332 2333Provides APIs for X.509 certificate CRL operations. 2334 2335### isRevoked 2336 2337isRevoked(cert : X509Cert) : boolean 2338 2339Checks whether an X.509 certificate is revoked. This API uses an asynchronous callback to return the result. 2340 2341**System capability**: SystemCapability.Security.Cert 2342 2343**Parameters** 2344 2345| Name| Type | Mandatory| Description | 2346| ------ | -------- | ---- | -------------------- | 2347| cert | X509Cert | Yes | X.509 certificate to check.| 2348 2349**Return value** 2350 2351| Type | Description | 2352| --------- | --------------------------------------------- | 2353| boolean | Promise used to return the result. The value **true** indicates the certificate is revoked; the value **false** indicates the opposite.| 2354 2355**Example** 2356 2357```ts 2358import certFramework from '@ohos.security.cert'; 2359import { BusinessError } from '@ohos.base'; 2360 2361// Convert the string into a Uint8Array. 2362function stringToUint8Array(str: string): Uint8Array { 2363 let arr: Array<number> = []; 2364 for (let i = 0, j = str.length; i < j; i++) { 2365 arr.push(str.charCodeAt(i)); 2366 } 2367 return new Uint8Array(arr); 2368} 2369 2370let crlData = '-----BEGIN X509 CRL-----\n' + 2371 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2372 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2373 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2374 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2375 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2376 'eavsH0Q3\n' + 2377 '-----END X509 CRL-----\n'; 2378 2379let certData = '-----BEGIN CERTIFICATE-----\n' + 2380 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 2381 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 2382 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 2383 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 2384 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 2385 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 2386 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 2387 '-----END CERTIFICATE-----\n'; 2388 2389// Binary data of the CRL, which must be set based on the service. 2390let encodingBlob: certFramework.EncodingBlob = { 2391 data: stringToUint8Array(crlData), 2392 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2393 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2394}; 2395 2396let certEncodingBlob: certFramework.EncodingBlob = { 2397 data: stringToUint8Array(certData), 2398 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2399 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2400}; 2401 2402certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2403 if (error != null) { 2404 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2405 } else { 2406 console.log('createX509Crl success'); 2407 // Create an X509Cert instance. 2408 certFramework.createX509Cert(certEncodingBlob, (error, x509Cert) => { 2409 if (error == null) { 2410 try { 2411 let revokedFlag = x509Crl.isRevoked(x509Cert); 2412 } catch (error) { 2413 let e: BusinessError = error as BusinessError; 2414 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2415 } 2416 } 2417 }); 2418 } 2419}); 2420``` 2421 2422### getType 2423 2424getType() : string 2425 2426Obtains the CRL type. 2427 2428**System capability**: SystemCapability.Security.Cert 2429 2430**Return value** 2431 2432| Type | Description | 2433| ------ | -------------------- | 2434| string | CRL type obtained.| 2435 2436**Example** 2437 2438```ts 2439import certFramework from '@ohos.security.cert'; 2440 2441// Convert the string into a Uint8Array. 2442function stringToUint8Array(str: string): Uint8Array { 2443 let arr: Array<number> = []; 2444 for (let i = 0, j = str.length; i < j; i++) { 2445 arr.push(str.charCodeAt(i)); 2446 } 2447 return new Uint8Array(arr); 2448} 2449 2450let crlData = '-----BEGIN X509 CRL-----\n' + 2451 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2452 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2453 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2454 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2455 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2456 'eavsH0Q3\n' + 2457 '-----END X509 CRL-----\n'; 2458 2459// Binary data of the CRL, which must be set based on the service. 2460let encodingBlob: certFramework.EncodingBlob = { 2461 data: stringToUint8Array(crlData), 2462 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2463 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2464}; 2465 2466certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2467 if (error != null) { 2468 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2469 } else { 2470 console.log('createX509Crl success'); 2471 let type = x509Crl.getType(); 2472 } 2473}); 2474``` 2475 2476### getEncoded 2477 2478getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 2479 2480Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. 2481 2482**System capability**: SystemCapability.Security.Cert 2483 2484**Parameters** 2485 2486| Name | Type | Mandatory| Description | 2487| -------- | ---------------------------- | ---- | ------------------------------------------ | 2488| callback | AsyncCallback\<EncodingBlob> | Yes | Callback invoked to return the serialized X.509 CRL data obtained.| 2489 2490**Error codes** 2491 2492| ID| Error Message | 2493| -------- | ----------------------- | 2494| 19020001 | memory error. | 2495| 19020002 | runtime error. | 2496| 19030001 | crypto operation error. | 2497 2498**Example** 2499 2500```ts 2501import certFramework from '@ohos.security.cert'; 2502 2503// Convert the string into a Uint8Array. 2504function stringToUint8Array(str: string): Uint8Array { 2505 let arr: Array<number> = []; 2506 for (let i = 0, j = str.length; i < j; i++) { 2507 arr.push(str.charCodeAt(i)); 2508 } 2509 return new Uint8Array(arr); 2510} 2511 2512let crlData = '-----BEGIN X509 CRL-----\n' + 2513 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2514 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2515 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2516 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2517 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2518 'eavsH0Q3\n' + 2519 '-----END X509 CRL-----\n'; 2520 2521// Binary data of the CRL, which must be set based on the service. 2522let encodingBlob: certFramework.EncodingBlob = { 2523 data: stringToUint8Array(crlData), 2524 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2525 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2526}; 2527 2528certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2529 if (error != null) { 2530 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2531 } else { 2532 console.log('createX509Crl success'); 2533 x509Crl.getEncoded((error, data) => { 2534 if (error != null) { 2535 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2536 } else { 2537 console.log('getEncoded success'); 2538 } 2539 }); 2540 } 2541}); 2542``` 2543 2544### getEncoded 2545 2546getEncoded() : Promise\<EncodingBlob> 2547 2548Obtains the serialized X.509 CRL data. This API uses a promise to return the result. 2549 2550**System capability**: SystemCapability.Security.Cert 2551 2552**Return value** 2553 2554| Type | Description | 2555| ---------------------- | -------------------------------- | 2556| Promise\<EncodingBlob> | Promise used to return the serialized X.509 CRL data obtained.| 2557 2558**Error codes** 2559 2560| ID| Error Message | 2561| -------- | ----------------------- | 2562| 19020001 | memory error. | 2563| 19020002 | runtime error. | 2564| 19030001 | crypto operation error. | 2565 2566**Example** 2567 2568```ts 2569import certFramework from '@ohos.security.cert'; 2570import { BusinessError } from '@ohos.base'; 2571 2572// Convert the string into a Uint8Array. 2573function stringToUint8Array(str: string): Uint8Array { 2574 let arr: Array<number> = []; 2575 for (let i = 0, j = str.length; i < j; i++) { 2576 arr.push(str.charCodeAt(i)); 2577 } 2578 return new Uint8Array(arr); 2579} 2580 2581let crlData = '-----BEGIN X509 CRL-----\n' + 2582 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2583 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2584 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2585 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2586 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2587 'eavsH0Q3\n' + 2588 '-----END X509 CRL-----\n'; 2589 2590// Binary data of the CRL, which must be set based on the service. 2591let encodingBlob: certFramework.EncodingBlob = { 2592 data: stringToUint8Array(crlData), 2593 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2594 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2595}; 2596 2597certFramework.createX509Crl(encodingBlob).then(x509Crl => { 2598 console.log('createX509Crl success'); 2599 x509Crl.getEncoded().then(result => { 2600 console.log('getEncoded success'); 2601 }).catch((error: BusinessError) => { 2602 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2603 }); 2604}).catch((error: BusinessError) => { 2605 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2606}); 2607``` 2608 2609### verify 2610 2611verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 2612 2613Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. 2614 2615**System capability**: SystemCapability.Security.Cert 2616 2617**Parameters** 2618 2619| Name | Type | Mandatory| Description | 2620| -------- | -------------------- | ---- | ------------------------------------------------------------ | 2621| key | cryptoFramework.PubKey | Yes | Public key used for signature verification. | 2622| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| 2623 2624**Error codes** 2625 2626| ID| Error Message | 2627| -------- | ----------------------- | 2628| 19030001 | crypto operation error. | 2629 2630**Example** 2631 2632```ts 2633import certFramework from '@ohos.security.cert'; 2634import cryptoFramework from '@ohos.security.cryptoFramework'; 2635import { BusinessError } from '@ohos.base'; 2636 2637// Convert the string into a Uint8Array. 2638function stringToUint8Array(str: string): Uint8Array { 2639 let arr: Array<number> = []; 2640 for (let i = 0, j = str.length; i < j; i++) { 2641 arr.push(str.charCodeAt(i)); 2642 } 2643 return new Uint8Array(arr); 2644} 2645 2646let crlData = '-----BEGIN X509 CRL-----\n' + 2647 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2648 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2649 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2650 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2651 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2652 'eavsH0Q3\n' + 2653 '-----END X509 CRL-----\n'; 2654 2655let pubKeyData = new Uint8Array([ 2656 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 2657 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 2658 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 2659 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 2660 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 2661 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 2662 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 2663 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 2664 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 2665 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 2666 0x00, 0x01 2667]); 2668 2669let priKeyData = new Uint8Array([ 2670 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 2671 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 2672 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 2673 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 2674 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 2675 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 2676 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 2677 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 2678 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 2679 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 2680 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 2681 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 2682 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 2683 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 2684 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 2685 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 2686 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 2687 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 2688 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 2689 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 2690 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 2691 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 2692 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 2693 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 2694 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 2695 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 2696 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 2697 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 2698 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 2699 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 2700 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 2701 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 2702 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 2703 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 2704 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 2705 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 2706 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 2707 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 2708 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 2709 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 2710]); 2711 2712// Binary data of the CRL, which must be set based on the service. 2713let encodingBlob: certFramework.EncodingBlob = { 2714 data: stringToUint8Array(crlData), 2715 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2716 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2717}; 2718 2719certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2720 if (error != null) { 2721 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2722 } else { 2723 console.log('createX509Crl success'); 2724 try { 2725 // Generate the public key by AsyKeyGenerator. 2726 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 2727 console.log('createAsyKeyGenerator success'); 2728 let priEncodingBlob: cryptoFramework.DataBlob = { 2729 data: priKeyData, 2730 }; 2731 let pubEncodingBlob: cryptoFramework.DataBlob = { 2732 data: pubKeyData, 2733 }; 2734 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 2735 if (e == null) { 2736 console.log('convert key success'); 2737 x509Crl.verify(keyPair.pubKey, (err, data) => { 2738 if (err == null) { 2739 console.log('verify success'); 2740 } else { 2741 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 2742 } 2743 }); 2744 } else { 2745 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 2746 } 2747 }) 2748 } catch (error) { 2749 let e: BusinessError = error as BusinessError; 2750 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2751 } 2752 } 2753}); 2754``` 2755 2756### verify 2757 2758verify(key : cryptoFramework.PubKey) : Promise\<void> 2759 2760Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. 2761 2762**System capability**: SystemCapability.Security.Cert 2763 2764**Parameters** 2765 2766| Name| Type | Mandatory| Description | 2767| ------ | ------ | ---- | ---------------------- | 2768| key | cryptoFramework.PubKey | Yes | Public key used for signature verification.| 2769 2770**Return value** 2771 2772| Type| Description | 2773| ---- | ------------------------------------------------------------ | 2774| Promise\<void> | Promise used to return the result.| 2775 2776**Error codes** 2777 2778| ID| Error Message | 2779| -------- | ----------------------- | 2780| 19030001 | crypto operation error. | 2781 2782**Example** 2783 2784```ts 2785import certFramework from '@ohos.security.cert'; 2786import cryptoFramework from '@ohos.security.cryptoFramework' 2787import { BusinessError } from '@ohos.base'; 2788 2789// Convert the string into a Uint8Array. 2790function stringToUint8Array(str: string): Uint8Array { 2791 let arr: Array<number> = []; 2792 for (let i = 0, j = str.length; i < j; i++) { 2793 arr.push(str.charCodeAt(i)); 2794 } 2795 return new Uint8Array(arr); 2796} 2797 2798let crlData = '-----BEGIN X509 CRL-----\n' + 2799 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2800 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2801 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2802 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2803 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2804 'eavsH0Q3\n' + 2805 '-----END X509 CRL-----\n'; 2806 2807let pubKeyData = new Uint8Array([ 2808 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 2809 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 2810 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 2811 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 2812 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 2813 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 2814 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 2815 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 2816 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 2817 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 2818 0x00, 0x01 2819]); 2820 2821let priKeyData = new Uint8Array([ 2822 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 2823 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 2824 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 2825 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 2826 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 2827 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 2828 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 2829 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 2830 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 2831 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 2832 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 2833 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 2834 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 2835 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 2836 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 2837 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 2838 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 2839 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 2840 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 2841 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 2842 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 2843 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 2844 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 2845 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 2846 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 2847 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 2848 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 2849 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 2850 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 2851 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 2852 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 2853 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 2854 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 2855 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 2856 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 2857 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 2858 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 2859 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 2860 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 2861 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 2862]); 2863 2864// Binary data of the CRL, which must be set based on the service. 2865let encodingBlob: certFramework.EncodingBlob = { 2866 data: stringToUint8Array(crlData), 2867 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2868 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2869}; 2870 2871certFramework.createX509Crl(encodingBlob).then(x509Crl => { 2872 console.log('createX509Crl success'); 2873 2874 try { 2875 // Generate a public key object. 2876 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 2877 console.log('createAsyKeyGenerator success'); 2878 let priEncodingBlob: cryptoFramework.DataBlob = { 2879 data: priKeyData, 2880 }; 2881 let pubEncodingBlob: cryptoFramework.DataBlob = { 2882 data: pubKeyData, 2883 }; 2884 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 2885 console.log('convert key success'); 2886 x509Crl.verify(keyPair.pubKey).then(result => { 2887 console.log('verify success'); 2888 }).catch((error: BusinessError) => { 2889 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2890 }); 2891 }).catch((error: BusinessError) => { 2892 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 2893 }); 2894 } catch (error) { 2895 let e: BusinessError = error as BusinessError; 2896 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2897 } 2898}).catch((error: BusinessError) => { 2899 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2900}); 2901``` 2902 2903### getVersion 2904 2905getVersion() : number 2906 2907Obtains the version of the X.509 CRL. 2908 2909**System capability**: SystemCapability.Security.Cert 2910 2911**Return value** 2912 2913| Type | Description | 2914| ------ | -------------------------------- | 2915| number | Version of the X.509 CRL obtained.| 2916 2917**Example** 2918 2919```ts 2920import certFramework from '@ohos.security.cert'; 2921 2922// Convert the string into a Uint8Array. 2923function stringToUint8Array(str: string): Uint8Array { 2924 let arr: Array<number> = []; 2925 for (let i = 0, j = str.length; i < j; i++) { 2926 arr.push(str.charCodeAt(i)); 2927 } 2928 return new Uint8Array(arr); 2929} 2930 2931let crlData = '-----BEGIN X509 CRL-----\n' + 2932 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2933 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2934 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2935 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2936 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 2937 'eavsH0Q3\n' + 2938 '-----END X509 CRL-----\n'; 2939 2940// Binary data of the CRL, which must be set based on the service. 2941let encodingBlob: certFramework.EncodingBlob = { 2942 data: stringToUint8Array(crlData), 2943 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 2944 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 2945}; 2946 2947certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 2948 if (error != null) { 2949 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2950 } else { 2951 console.log('createX509Crl success'); 2952 let version = x509Crl.getVersion(); 2953 } 2954}); 2955``` 2956 2957### getIssuerName 2958 2959getIssuerName() : DataBlob 2960 2961Obtains the issuer of the X.509 CRL. 2962 2963**System capability**: SystemCapability.Security.Cert 2964 2965**Return value** 2966 2967| Type | Description | 2968| --------------------- | ------------------------------ | 2969| [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| 2970 2971**Error codes** 2972 2973| ID| Error Message | 2974| -------- | ----------------------- | 2975| 19020001 | memory error. | 2976| 19020002 | runtime error. | 2977| 19030001 | crypto operation error. | 2978 2979**Example** 2980 2981```ts 2982import certFramework from '@ohos.security.cert'; 2983import { BusinessError } from '@ohos.base'; 2984 2985// Convert the string into a Uint8Array. 2986function stringToUint8Array(str: string): Uint8Array { 2987 let arr: Array<number> = []; 2988 for (let i = 0, j = str.length; i < j; i++) { 2989 arr.push(str.charCodeAt(i)); 2990 } 2991 return new Uint8Array(arr); 2992} 2993 2994let crlData = '-----BEGIN X509 CRL-----\n' + 2995 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 2996 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 2997 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 2998 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 2999 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3000 'eavsH0Q3\n' + 3001 '-----END X509 CRL-----\n'; 3002 3003// Binary data of the CRL, which must be set based on the service. 3004let encodingBlob: certFramework.EncodingBlob = { 3005 data: stringToUint8Array(crlData), 3006 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3007 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3008}; 3009 3010certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3011 if (error != null) { 3012 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3013 } else { 3014 console.log('createX509Crl success'); 3015 try { 3016 let issuerName = x509Crl.getIssuerName(); 3017 } catch (err) { 3018 let e: BusinessError = err as BusinessError; 3019 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3020 } 3021 } 3022}); 3023``` 3024 3025### getLastUpdate 3026 3027getLastUpdate() : string 3028 3029Obtains the date when the X.509 CRL was last updated. 3030 3031**System capability**: SystemCapability.Security.Cert 3032 3033**Return value** 3034 3035| Type | Description | 3036| ------ | ------------------------------------ | 3037| string | Last update date of the X.509 CRL.| 3038 3039**Error codes** 3040 3041| ID| Error Message | 3042| -------- | ----------------------- | 3043| 19020001 | memory error. | 3044| 19020002 | runtime error. | 3045| 19030001 | crypto operation error. | 3046 3047**Example** 3048 3049```ts 3050import certFramework from '@ohos.security.cert'; 3051import { BusinessError } from '@ohos.base'; 3052 3053// Convert the string into a Uint8Array. 3054function stringToUint8Array(str: string): Uint8Array { 3055 let arr: Array<number> = []; 3056 for (let i = 0, j = str.length; i < j; i++) { 3057 arr.push(str.charCodeAt(i)); 3058 } 3059 return new Uint8Array(arr); 3060} 3061 3062let crlData = '-----BEGIN X509 CRL-----\n' + 3063 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3064 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3065 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3066 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3067 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3068 'eavsH0Q3\n' + 3069 '-----END X509 CRL-----\n'; 3070 3071// Binary data of the CRL, which must be set based on the service. 3072let encodingBlob: certFramework.EncodingBlob = { 3073 data: stringToUint8Array(crlData), 3074 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3075 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3076}; 3077 3078certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3079 if (error != null) { 3080 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3081 } else { 3082 console.log('createX509Crl success'); 3083 try { 3084 let lastUpdate = x509Crl.getLastUpdate(); 3085 } catch (err) { 3086 let e: BusinessError = err as BusinessError; 3087 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3088 } 3089 } 3090}); 3091``` 3092 3093### getNextUpdate 3094 3095getNextUpdate() : string 3096 3097Obtains the date when the CRL will be updated the next time. 3098 3099**System capability**: SystemCapability.Security.Cert 3100 3101**Return value** 3102 3103| Type | Description | 3104| ------ | ------------------------------------ | 3105| string | Next update date obtained.| 3106 3107**Error codes** 3108 3109| ID| Error Message | 3110| -------- | ----------------------- | 3111| 19020001 | memory error. | 3112| 19020002 | runtime error. | 3113| 19030001 | crypto operation error. | 3114 3115**Example** 3116 3117```ts 3118import certFramework from '@ohos.security.cert'; 3119import { BusinessError } from '@ohos.base'; 3120 3121// Convert the string into a Uint8Array. 3122function stringToUint8Array(str: string): Uint8Array { 3123 let arr: Array<number> = []; 3124 for (let i = 0, j = str.length; i < j; i++) { 3125 arr.push(str.charCodeAt(i)); 3126 } 3127 return new Uint8Array(arr); 3128} 3129 3130let crlData = '-----BEGIN X509 CRL-----\n' + 3131 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3132 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3133 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3134 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3135 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3136 'eavsH0Q3\n' + 3137 '-----END X509 CRL-----\n'; 3138 3139// Binary data of the CRL, which must be set based on the service. 3140let encodingBlob: certFramework.EncodingBlob = { 3141 data: stringToUint8Array(crlData), 3142 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3143 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3144}; 3145 3146certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3147 if (error != null) { 3148 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3149 } else { 3150 console.log('createX509Crl success'); 3151 try { 3152 let nextUpdate = x509Crl.getNextUpdate(); 3153 } catch (err) { 3154 let e: BusinessError = err as BusinessError; 3155 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3156 } 3157 } 3158}); 3159``` 3160 3161### getRevokedCert 3162 3163getRevokedCert(serialNumber : number) : X509CrlEntry 3164 3165Obtains the revoked X.509 certificate based on the specified serial number of the certificate. This API uses an asynchronous callback to return the result. 3166 3167**System capability**: SystemCapability.Security.Cert 3168 3169**Parameters** 3170 3171| Name | Type | Mandatory| Description | 3172| ------------ | ------ | ---- | -------------- | 3173| serialNumber | number | Yes | Serial number of the certificate.| 3174 3175**Return value** 3176 3177| Type | Description | 3178| ---------------------- | --------------------- | 3179| [X509CrlEntry](#x509crlentry) | Promise used to return the revoked X.509 certificate obtained.| 3180 3181**Error codes** 3182 3183| ID| Error Message | 3184| -------- | ----------------------- | 3185| 19020001 | memory error. | 3186| 19030001 | crypto operation error. | 3187 3188**Example** 3189 3190```ts 3191import certFramework from '@ohos.security.cert'; 3192import { BusinessError } from '@ohos.base'; 3193 3194// Convert the string into a Uint8Array. 3195function stringToUint8Array(str: string): Uint8Array { 3196 let arr: Array<number> = []; 3197 for (let i = 0, j = str.length; i < j; i++) { 3198 arr.push(str.charCodeAt(i)); 3199 } 3200 return new Uint8Array(arr); 3201} 3202 3203let crlData = '-----BEGIN X509 CRL-----\n' + 3204 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3205 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3206 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3207 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3208 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3209 'eavsH0Q3\n' + 3210 '-----END X509 CRL-----\n'; 3211 3212// Binary data of the CRL, which must be set based on the service. 3213let encodingBlob: certFramework.EncodingBlob = { 3214 data: stringToUint8Array(crlData), 3215 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3216 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3217}; 3218 3219certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3220 if (error != null) { 3221 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3222 } else { 3223 console.log('createX509Crl success'); 3224 let serialNumber = 1000; 3225 try { 3226 let entry = x509Crl.getRevokedCert(serialNumber); 3227 } catch (error) { 3228 let e: BusinessError = error as BusinessError; 3229 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3230 } 3231 } 3232}); 3233``` 3234 3235### getRevokedCertWithCert 3236 3237getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 3238 3239Obtains the revoked X.509 certificate based on the specified certificate. This API uses an asynchronous callback to return the result. 3240 3241**System capability**: SystemCapability.Security.Cert 3242 3243**Parameters** 3244 3245| Name| Type | Mandatory| Description | 3246| ------ | --------------------- | ---- | ------------ | 3247| cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| 3248 3249**Return value** 3250 3251| Type | Description | 3252| ------------ | -------------------- | 3253| [X509CrlEntry](#x509crlentry) | Promise used to return the revoked X.509 certificate obtained.| 3254 3255**Error codes** 3256 3257| ID| Error Message | 3258| -------- | ----------------------- | 3259| 19020001 | memory error. | 3260| 19030001 | crypto operation error. | 3261 3262**Example** 3263 3264```ts 3265import certFramework from '@ohos.security.cert'; 3266import { BusinessError } from '@ohos.base'; 3267 3268// Convert the string into a Uint8Array. 3269function stringToUint8Array(str: string): Uint8Array { 3270 let arr: Array<number> = []; 3271 for (let i = 0, j = str.length; i < j; i++) { 3272 arr.push(str.charCodeAt(i)); 3273 } 3274 return new Uint8Array(arr); 3275} 3276 3277let crlData = '-----BEGIN X509 CRL-----\n' + 3278 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3279 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3280 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3281 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3282 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3283 'eavsH0Q3\n' + 3284 '-----END X509 CRL-----\n'; 3285 3286// Certificate binary data, which must be set based on the service. 3287let certData = '-----BEGIN CERTIFICATE-----\n' 3288 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' 3289 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' 3290 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' 3291 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' 3292 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' 3293 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' 3294 'Qw==\n' 3295 '-----END CERTIFICATE-----\n'; 3296 3297let certEncodingBlob: certFramework.EncodingBlob = { 3298 data: stringToUint8Array(certData), 3299 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3300 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3301}; 3302 3303// Binary data of the CRL, which must be set based on the service. 3304let encodingBlob: certFramework.EncodingBlob = { 3305 data: stringToUint8Array(crlData), 3306 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3307 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3308}; 3309 3310certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3311 if (error != null) { 3312 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3313 } else { 3314 console.log('createX509Crl success'); 3315 // Create an X.509 certificate object. 3316 certFramework.createX509Cert(certEncodingBlob).then((x509Cert) => { 3317 try { 3318 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 3319 } catch (error) { 3320 let e: BusinessError = error as BusinessError; 3321 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3322 } 3323 }).catch((error: BusinessError) => { 3324 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3325 }) 3326 } 3327}); 3328``` 3329 3330### getRevokedCerts 3331 3332getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 3333 3334Obtains all the revoked X.509 certificates. This API uses an asynchronous callback to return the result. 3335 3336**System capability**: SystemCapability.Security.Cert 3337 3338**Parameters** 3339 3340| Name | Type | Mandatory| Description | 3341| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 3342| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentry)>> | Yes | Callback invoked to return the result. Promise used to return a list of revoked X.509 certificates.| 3343 3344**Error codes** 3345 3346| ID| Error Message | 3347| -------- | ----------------------- | 3348| 19020001 | memory error. | 3349| 19030001 | crypto operation error. | 3350 3351**Example** 3352 3353```ts 3354import certFramework from '@ohos.security.cert'; 3355import { BusinessError } from '@ohos.base'; 3356 3357// Convert the string into a Uint8Array. 3358function stringToUint8Array(str: string): Uint8Array { 3359 let arr: Array<number> = []; 3360 for (let i = 0, j = str.length; i < j; i++) { 3361 arr.push(str.charCodeAt(i)); 3362 } 3363 return new Uint8Array(arr); 3364} 3365 3366let crlData = '-----BEGIN X509 CRL-----\n' + 3367 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3368 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3369 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3370 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3371 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3372 'eavsH0Q3\n' + 3373 '-----END X509 CRL-----\n'; 3374 3375// Binary data of the CRL, which must be set based on the service. 3376let encodingBlob: certFramework.EncodingBlob = { 3377 data: stringToUint8Array(crlData), 3378 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3379 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3380}; 3381 3382certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3383 if (error != null) { 3384 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3385 } else { 3386 console.log('createX509Crl success'); 3387 x509Crl.getRevokedCerts((error, array) => { 3388 if (error != null) { 3389 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3390 } else { 3391 console.log('getRevokedCerts success'); 3392 } 3393 }); 3394 } 3395}); 3396``` 3397 3398### getRevokedCerts 3399 3400getRevokedCerts() : Promise<Array\<X509CrlEntry>> 3401 3402Obtains all the revoked X.509 certificates. This API uses a promise to return the result. 3403 3404**System capability**: SystemCapability.Security.Cert 3405 3406**Return value** 3407 3408| Type | Description | 3409| ---------------------------------------------- | ---------------------- | 3410| Promise<Array\<[X509CrlEntry](#x509crlentry)>> | Promise used to return a list of revoked X.509 certificates.| 3411 3412**Error codes** 3413 3414| ID| Error Message | 3415| -------- | ----------------------- | 3416| 19020001 | memory error. | 3417| 19030001 | crypto operation error. | 3418 3419**Example** 3420 3421```ts 3422import certFramework from '@ohos.security.cert'; 3423import { BusinessError } from '@ohos.base'; 3424 3425// Convert the string into a Uint8Array. 3426function stringToUint8Array(str: string): Uint8Array { 3427 let arr: Array<number> = []; 3428 for (let i = 0, j = str.length; i < j; i++) { 3429 arr.push(str.charCodeAt(i)); 3430 } 3431 return new Uint8Array(arr); 3432} 3433 3434let crlData = '-----BEGIN X509 CRL-----\n' + 3435 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3436 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3437 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3438 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3439 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3440 'eavsH0Q3\n' + 3441 '-----END X509 CRL-----\n'; 3442 3443// Binary data of the CRL, which must be set based on the service. 3444let encodingBlob: certFramework.EncodingBlob = { 3445 data: stringToUint8Array(crlData), 3446 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3447 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3448}; 3449 3450certFramework.createX509Crl(encodingBlob).then(x509Crl => { 3451 console.log('createX509Crl success'); 3452 x509Crl.getRevokedCerts().then(array => { 3453 console.log('getRevokedCerts success'); 3454 }).catch((error: BusinessError) => { 3455 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3456 }); 3457}).catch((error: BusinessError) => { 3458 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3459}); 3460``` 3461 3462### getTbsInfo 3463 3464getTbsInfo() : DataBlob 3465 3466Obtains the DER-encoded CRL information, the **tbsCertList** from this CRL. This API uses an asynchronous callback to return the result. 3467 3468**System capability**: SystemCapability.Security.Cert 3469 3470**Return value** 3471 3472| Type | Description | 3473| --------------------- | ------------------------------- | 3474| [DataBlob](#datablob) | Promise used to return the **tbsCertList** information obtained.| 3475 3476**Error codes** 3477 3478| ID| Error Message | 3479| -------- | ----------------------- | 3480| 19020001 | memory error. | 3481| 19020002 | runtime error. | 3482| 19030001 | crypto operation error. | 3483 3484**Example** 3485 3486```ts 3487import certFramework from '@ohos.security.cert'; 3488import { BusinessError } from '@ohos.base'; 3489 3490// Convert the string into a Uint8Array. 3491function stringToUint8Array(str: string): Uint8Array { 3492 let arr: Array<number> = []; 3493 for (let i = 0, j = str.length; i < j; i++) { 3494 arr.push(str.charCodeAt(i)); 3495 } 3496 return new Uint8Array(arr); 3497} 3498 3499let crlData = '-----BEGIN X509 CRL-----\n' + 3500 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3501 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3502 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3503 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3504 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3505 'eavsH0Q3\n' + 3506 '-----END X509 CRL-----\n'; 3507 3508// Binary data of the CRL, which must be set based on the service. 3509let encodingBlob: certFramework.EncodingBlob = { 3510 data: stringToUint8Array(crlData), 3511 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3512 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3513}; 3514 3515certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3516 if (error != null) { 3517 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3518 } else { 3519 console.log('createX509Crl success'); 3520 try { 3521 let tbsInfo = x509Crl.getTbsInfo(); 3522 } catch (error) { 3523 let e: BusinessError = error as BusinessError; 3524 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3525 } 3526 } 3527}); 3528``` 3529 3530### getSignature 3531 3532getSignature() : DataBlob 3533 3534Obtains the signature data of the X.509 CRL. 3535 3536**System capability**: SystemCapability.Security.Cert 3537 3538**Return value** 3539 3540| Type | Description | 3541| --------------------- | ------------------------------ | 3542| [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| 3543 3544**Error codes** 3545 3546| ID| Error Message | 3547| -------- | ----------------------- | 3548| 19020001 | memory error. | 3549| 19020002 | runtime error. | 3550| 19030001 | crypto operation error. | 3551 3552**Example** 3553 3554```ts 3555import certFramework from '@ohos.security.cert'; 3556import { BusinessError } from '@ohos.base'; 3557 3558// Convert the string into a Uint8Array. 3559function stringToUint8Array(str: string): Uint8Array { 3560 let arr: Array<number> = []; 3561 for (let i = 0, j = str.length; i < j; i++) { 3562 arr.push(str.charCodeAt(i)); 3563 } 3564 return new Uint8Array(arr); 3565} 3566 3567let crlData = '-----BEGIN X509 CRL-----\n' + 3568 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3569 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3570 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3571 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3572 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3573 'eavsH0Q3\n' + 3574 '-----END X509 CRL-----\n'; 3575 3576// Binary data of the CRL, which must be set based on the service. 3577let encodingBlob: certFramework.EncodingBlob = { 3578 data: stringToUint8Array(crlData), 3579 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3580 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3581}; 3582 3583certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3584 if (error != null) { 3585 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3586 } else { 3587 console.log('createX509Crl success'); 3588 try { 3589 let signature = x509Crl.getSignature(); 3590 } catch (err) { 3591 let e: BusinessError = err as BusinessError; 3592 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3593 } 3594 } 3595}); 3596``` 3597 3598### getSignatureAlgName 3599 3600getSignatureAlgName() : string 3601 3602Obtains the signing algorithm of the X.509 CRL. 3603 3604**System capability**: SystemCapability.Security.Cert 3605 3606**Return value** 3607 3608| Type | Description | 3609| ------ | -------------------------------- | 3610| string | Signing algorithm obtained.| 3611 3612**Error codes** 3613 3614| ID| Error Message | 3615| -------- | ----------------------- | 3616| 19020001 | memory error. | 3617| 19020002 | runtime error. | 3618| 19030001 | crypto operation error. | 3619 3620**Example** 3621 3622```ts 3623import certFramework from '@ohos.security.cert'; 3624import { BusinessError } from '@ohos.base'; 3625 3626// Convert the string into a Uint8Array. 3627function stringToUint8Array(str: string): Uint8Array { 3628 let arr: Array<number> = []; 3629 for (let i = 0, j = str.length; i < j; i++) { 3630 arr.push(str.charCodeAt(i)); 3631 } 3632 return new Uint8Array(arr); 3633} 3634 3635let crlData = '-----BEGIN X509 CRL-----\n' + 3636 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3637 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3638 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3639 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3640 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3641 'eavsH0Q3\n' + 3642 '-----END X509 CRL-----\n'; 3643 3644// Binary data of the CRL, which must be set based on the service. 3645let encodingBlob: certFramework.EncodingBlob = { 3646 data: stringToUint8Array(crlData), 3647 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3648 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3649}; 3650 3651certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3652 if (error != null) { 3653 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3654 } else { 3655 console.log('createX509Crl success'); 3656 try { 3657 let sigAlgName = x509Crl.getSignatureAlgName(); 3658 } catch (err) { 3659 let e: BusinessError = err as BusinessError; 3660 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3661 } 3662 } 3663}); 3664``` 3665 3666### getSignatureAlgOid 3667 3668getSignatureAlgOid() : string 3669 3670Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). 3671 3672**System capability**: SystemCapability.Security.Cert 3673 3674**Return value** 3675 3676| Type | Description | 3677| ------ | --------------------------------------------- | 3678| string | OID of the X.509 CRL signing algorithm obtained.| 3679 3680**Error codes** 3681 3682| ID| Error Message | 3683| -------- | ----------------------- | 3684| 19020001 | memory error. | 3685| 19020002 | runtime error. | 3686| 19030001 | crypto operation error. | 3687 3688**Example** 3689 3690```ts 3691import certFramework from '@ohos.security.cert'; 3692import { BusinessError } from '@ohos.base'; 3693 3694// Convert the string into a Uint8Array. 3695function stringToUint8Array(str: string): Uint8Array { 3696 let arr: Array<number> = []; 3697 for (let i = 0, j = str.length; i < j; i++) { 3698 arr.push(str.charCodeAt(i)); 3699 } 3700 return new Uint8Array(arr); 3701} 3702 3703let crlData = '-----BEGIN X509 CRL-----\n' + 3704 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3705 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3706 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3707 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3708 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3709 'eavsH0Q3\n' + 3710 '-----END X509 CRL-----\n'; 3711 3712// Binary data of the CRL, which must be set based on the service. 3713let encodingBlob: certFramework.EncodingBlob = { 3714 data: stringToUint8Array(crlData), 3715 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3716 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3717}; 3718 3719certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3720 if (error != null) { 3721 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3722 } else { 3723 console.log('createX509Crl success'); 3724 try { 3725 let sigAlgOid = x509Crl.getSignatureAlgOid(); 3726 } catch (err) { 3727 let e: BusinessError = err as BusinessError; 3728 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3729 } 3730 } 3731}); 3732``` 3733 3734### getSignatureAlgParams 3735 3736getSignatureAlgParams() : DataBlob 3737 3738Obtains the parameters of the X.509 CRL signing algorithm. 3739 3740**System capability**: SystemCapability.Security.Cert 3741 3742**Return value** 3743 3744| Type | Description | 3745| --------------------- | ---------------------------------- | 3746| [DataBlob](#datablob) | Algorithm parameters obtained.| 3747 3748**Error codes** 3749 3750| ID| Error Message | 3751| -------- | ----------------------- | 3752| 19020001 | memory error. | 3753| 19020002 | runtime error. | 3754| 19030001 | crypto operation error. | 3755 3756**Example** 3757 3758```ts 3759import certFramework from '@ohos.security.cert'; 3760import { BusinessError } from '@ohos.base'; 3761 3762// Convert the string into a Uint8Array. 3763function stringToUint8Array(str: string): Uint8Array { 3764 let arr: Array<number> = []; 3765 for (let i = 0, j = str.length; i < j; i++) { 3766 arr.push(str.charCodeAt(i)); 3767 } 3768 return new Uint8Array(arr); 3769} 3770 3771let crlData = '-----BEGIN X509 CRL-----\n' + 3772 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3773 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3774 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3775 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3776 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3777 'eavsH0Q3\n' + 3778 '-----END X509 CRL-----\n'; 3779 3780// Binary data of the CRL, which must be set based on the service. 3781let encodingBlob: certFramework.EncodingBlob = { 3782 data: stringToUint8Array(crlData), 3783 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3784 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3785}; 3786 3787certFramework.createX509Crl(encodingBlob, (error, x509Crl) => { 3788 if (error != null) { 3789 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3790 } else { 3791 console.log('createX509Crl success'); 3792 try { 3793 let sigAlgParams = x509Crl.getSignatureAlgParams(); 3794 } catch (err) { 3795 let e: BusinessError = error as BusinessError; 3796 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3797 } 3798 } 3799}); 3800``` 3801 3802## cryptoCert.createCertChainValidator 3803 3804createCertChainValidator(algorithm :string) : CertChainValidator 3805 3806Creates a **CertChainValidator** object. 3807 3808**System capability**: SystemCapability.Security.Cert 3809 3810**Parameters** 3811 3812| Name | Type | Mandatory| Description | 3813| --------- | ------ | ---- | ------------------------------------------ | 3814| algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| 3815 3816**Return value** 3817 3818| Type | Description | 3819| ------------------ | -------------------- | 3820| CertChainValidator | **CertChainValidator** object created.| 3821 3822**Error codes** 3823 3824| ID| Error Message | 3825| -------- | ----------------------- | 3826| 19020001 | memory error. | 3827| 19020002 | runtime error. | 3828| 19030001 | crypto operation error. | 3829 3830**Example** 3831 3832```ts 3833import certFramework from '@ohos.security.cert'; 3834import { BusinessError } from '@ohos.base'; 3835 3836try { 3837 let validator = certFramework.createCertChainValidator('PKIX'); 3838} catch (error) { 3839 let e: BusinessError = error as BusinessError; 3840 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3841} 3842``` 3843 3844## CertChainValidator 3845 3846Provides APIs for certificate chain validator operations. 3847 3848 3849### Attributes 3850 3851**System capability**: SystemCapability.Security.Cert 3852 3853| Name | Type | Readable| Writable| Description | 3854| ------- | ------ | ---- | ---- | -------------------------- | 3855| algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| 3856 3857 3858### validate 3859 3860validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 3861 3862Validates the X.509 certificate chain. This API uses an asynchronous callback to return the result. 3863The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 3864 3865**System capability**: SystemCapability.Security.Cert 3866 3867**Parameters** 3868 3869| Name | Type | Mandatory| Description | 3870| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 3871| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | 3872| callback | AsyncCallback\<void> | Yes | Callback invoked to return the result. If **error** is **null**, the X.509 certificate chain is valid. If **error** is not **null**, the X.509 certificate chain is not valid.| 3873 3874**Error codes** 3875 3876| ID| Error Message | 3877| -------- | ------------------------------------------------- | 3878| 19020001 | memory error. | 3879| 19020002 | runtime error. | 3880| 19030001 | crypto operation error. | 3881| 19030002 | the certificate signature verification failed. | 3882| 19030003 | the certificate has not taken effect. | 3883| 19030004 | the certificate has expired. | 3884| 19030005 | failed to obtain the certificate issuer. | 3885| 19030006 | the key cannot be used for signing a certificate. | 3886| 19030007 | the key cannot be used for digital signature. | 3887 3888**Example** 3889 3890```ts 3891import certFramework from '@ohos.security.cert'; 3892import { BusinessError } from '@ohos.base'; 3893 3894// Certificate chain binary data, which must be set based on the service. 3895let certChainBuff = new Uint8Array([0x30, 0x82, 0x44]); 3896 3897let certChainData: certFramework.CertChainData = { 3898 data: certChainBuff, 3899 // Number of certificates in the certificate chain. It must be set based on the service. 3900 count: 2, 3901 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3902 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3903}; 3904 3905try { 3906 let validator = certFramework.createCertChainValidator('PKIX'); 3907 validator.validate(certChainData, (error, data) => { 3908 if (error != null) { 3909 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3910 } else { 3911 console.log('validate success'); 3912 } 3913 }); 3914} catch (error) { 3915 let e: BusinessError = error as BusinessError; 3916 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3917} 3918``` 3919 3920### validate 3921 3922validate(certChain : CertChainData) : Promise\<void> 3923 3924Validates the X.509 certificate chain. This API uses a promise to return the result. 3925The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details, see [Certificate Specifications](../../security/cert-overview.md#certificate-specifications). 3926 3927**System capability**: SystemCapability.Security.Cert 3928 3929**Parameters** 3930 3931| Name | Type | Mandatory| Description | 3932| --------- | ------------------------------- | ---- | -------------------------- | 3933| certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| 3934 3935**Return value** 3936 3937| Type | Description | 3938| -------------- | ----------- | 3939| Promise\<void> | Promise used to return the result.| 3940 3941**Error codes** 3942 3943| ID| Error Message | 3944| -------- | ------------------------------------------------- | 3945| 19020001 | memory error. | 3946| 19020002 | runtime error. | 3947| 19030001 | crypto operation error. | 3948| 19030002 | the certificate signature verification failed. | 3949| 19030003 | the certificate has not taken effect. | 3950| 19030004 | the certificate has expired. | 3951| 19030005 | failed to obtain the certificate issuer. | 3952| 19030006 | the key cannot be used for signing a certificate. | 3953| 19030007 | the key cannot be used for digital signature. | 3954 3955**Example** 3956 3957```ts 3958import certFramework from '@ohos.security.cert'; 3959import { BusinessError } from '@ohos.base'; 3960 3961// Certificate chain binary data, which must be set based on the service. 3962let certChainBuff = new Uint8Array([0x30, 0x82, 0x44]); 3963 3964let certChainData: certFramework.CertChainData = { 3965 data: certChainBuff, 3966 // Number of certificates in the certificate chain. It must be set based on the service. 3967 count: 2, 3968 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 3969 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 3970}; 3971 3972try { 3973 let validator = certFramework.createCertChainValidator('PKIX'); 3974 validator.validate(certChainData).then(result => { 3975 console.log('validate success'); 3976 }).catch((error: BusinessError) => { 3977 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3978 }); 3979} catch (error) { 3980 let e: BusinessError = error as BusinessError; 3981 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3982} 3983``` 3984 3985### algorithm 3986 3987algorithm : string 3988 3989Obtains the algorithm of the X.509 certificate chain validator. 3990 3991**System capability**: SystemCapability.Security.Cert 3992 3993**Return value** 3994 3995| Type | Description | 3996| ------ | ------------------------ | 3997| string | Algorithm of the X.509 certificate chain validator obtained.| 3998 3999**Example** 4000 4001```ts 4002import certFramework from '@ohos.security.cert'; 4003import { BusinessError } from '@ohos.base'; 4004 4005try { 4006 let validator = certFramework.createCertChainValidator('PKIX'); 4007 let algorithm = validator.algorithm; 4008} catch (error) { 4009 let e: BusinessError = error as BusinessError; 4010 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4011} 4012``` 4013 4014## X509CrlEntry 4015 4016Provides APIs for operating the revoked certificates. 4017 4018### getEncoded 4019 4020getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 4021 4022Obtains the serialized data of this revoked certificate. This API uses an asynchronous callback to return the result. 4023 4024**System capability**: SystemCapability.Security.Cert 4025 4026**Parameters** 4027 4028| Name | Type | Mandatory| Description | 4029| -------- | --------------------------------------------- | ---- | ------------------------------------ | 4030| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback invoked to return the result. Promise used to return the serialized data of the revoked certificate obtained.| 4031 4032**Error codes** 4033 4034| ID| Error Message | 4035| -------- | ----------------------- | 4036| 19020001 | memory error. | 4037| 19020002 | runtime error. | 4038| 19030001 | crypto operation error. | 4039 4040**Example** 4041 4042```ts 4043import certFramework from '@ohos.security.cert'; 4044import { BusinessError } from '@ohos.base'; 4045 4046// Convert the string into a Uint8Array. 4047function stringToUint8Array(str: string): Uint8Array { 4048 let arr: Array<number> = []; 4049 for (let i = 0, j = str.length; i < j; i++) { 4050 arr.push(str.charCodeAt(i)); 4051 } 4052 return new Uint8Array(arr); 4053} 4054 4055let crlData = '-----BEGIN X509 CRL-----\n' + 4056 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4057 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4058 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4059 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4060 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4061 'eavsH0Q3\n' + 4062 '-----END X509 CRL-----\n' 4063 4064let encodingBlob: certFramework.EncodingBlob = { 4065 data: stringToUint8Array(crlData), 4066 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4067 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4068}; 4069 4070certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 4071 if (err != null) { 4072 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4073 } else { 4074 console.log('create x509 crl success'); 4075 4076 try { 4077 let serialNumber = 1000; 4078 let crlEntry = x509Crl.getRevokedCert(serialNumber); 4079 crlEntry.getEncoded((error, data) => { 4080 if (error != null) { 4081 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4082 } else { 4083 console.log('getEncoded success'); 4084 } 4085 }); 4086 } catch (error) { 4087 let e: BusinessError = error as BusinessError; 4088 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4089 } 4090 } 4091}) 4092``` 4093 4094### getEncoded 4095 4096getEncoded() : Promise\<EncodingBlob> 4097 4098Obtains the serialized data of this revoked certificate. This API uses a promise to return the result. 4099 4100**System capability**: SystemCapability.Security.Cert 4101 4102**Return value** 4103 4104| Type | Description | 4105| --------------------------------------- | -------------------------- | 4106| Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| 4107 4108**Error codes** 4109 4110| ID| Error Message | 4111| -------- | ----------------------- | 4112| 19020001 | memory error. | 4113| 19020002 | runtime error. | 4114| 19030001 | crypto operation error. | 4115 4116**Example** 4117 4118```ts 4119import certFramework from '@ohos.security.cert'; 4120import { BusinessError } from '@ohos.base'; 4121 4122// Convert the string into a Uint8Array. 4123function stringToUint8Array(str: string): Uint8Array { 4124 let arr: Array<number> = []; 4125 for (let i = 0, j = str.length; i < j; i++) { 4126 arr.push(str.charCodeAt(i)); 4127 } 4128 return new Uint8Array(arr); 4129} 4130 4131let crlData = '-----BEGIN X509 CRL-----\n' + 4132 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4133 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4134 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4135 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4136 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4137 'eavsH0Q3\n' + 4138 '-----END X509 CRL-----\n' 4139 4140let encodingBlob: certFramework.EncodingBlob = { 4141 data: stringToUint8Array(crlData), 4142 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4143 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4144}; 4145 4146certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 4147 if (err != null) { 4148 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4149 } else { 4150 console.log('create x509 crl success'); 4151 4152 try { 4153 let serialNumber = 1000; 4154 let crlEntry = x509Crl.getRevokedCert(serialNumber); 4155 crlEntry.getEncoded().then(result => { 4156 console.log('getEncoded success'); 4157 }).catch((error: BusinessError) => { 4158 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4159 }); 4160 } catch (error) { 4161 let e: BusinessError = error as BusinessError; 4162 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4163 } 4164 } 4165}) 4166``` 4167 4168### getSerialNumber 4169 4170getSerialNumber() : number 4171 4172Obtains the serial number of this revoked certificate. 4173 4174**System capability**: SystemCapability.Security.Cert 4175 4176**Return value** 4177 4178| Type | Description | 4179| ------ | ---------------------- | 4180| number | Serial number of the revoked certificate obtained.| 4181 4182**Example** 4183 4184```ts 4185import certFramework from '@ohos.security.cert'; 4186import { BusinessError } from '@ohos.base'; 4187 4188// Convert the string into a Uint8Array. 4189function stringToUint8Array(str: string): Uint8Array { 4190 let arr: Array<number> = []; 4191 for (let i = 0, j = str.length; i < j; i++) { 4192 arr.push(str.charCodeAt(i)); 4193 } 4194 return new Uint8Array(arr); 4195} 4196 4197let crlData = '-----BEGIN X509 CRL-----\n' + 4198 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4199 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4200 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4201 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4202 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4203 'eavsH0Q3\n' + 4204 '-----END X509 CRL-----\n' 4205 4206let encodingBlob: certFramework.EncodingBlob = { 4207 data: stringToUint8Array(crlData), 4208 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4209 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4210}; 4211 4212certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 4213 if (err != null) { 4214 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4215 } else { 4216 console.log('create x509 crl success'); 4217 4218 try { 4219 let serialNumber = 1000; 4220 let crlEntry = x509Crl.getRevokedCert(serialNumber); 4221 serialNumber = crlEntry.getSerialNumber(); 4222 } catch (error) { 4223 let e: BusinessError = error as BusinessError; 4224 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4225 } 4226 } 4227}) 4228``` 4229 4230### getCertIssuer 4231 4232getCertIssuer() : DataBlob 4233 4234Obtains the issuer of this revoked certificate. This API uses an asynchronous callback to return the result. 4235 4236**System capability**: SystemCapability.Security.Cert 4237 4238**Return value** 4239 4240| Type | Description | 4241| --------------------- | ----------------------- | 4242| [DataBlob](#datablob) | Promise used to return the issuer of the revoked certificate obtained.| 4243 4244**Error codes** 4245 4246| ID| Error Message | 4247| -------- | -------------- | 4248| 19020001 | memory error. | 4249| 19020002 | runtime error. | 4250 4251**Example** 4252 4253```ts 4254import certFramework from '@ohos.security.cert'; 4255import { BusinessError } from '@ohos.base'; 4256 4257// Convert the string into a Uint8Array. 4258function stringToUint8Array(str: string): Uint8Array { 4259 let arr: Array<number> = []; 4260 for (let i = 0, j = str.length; i < j; i++) { 4261 arr.push(str.charCodeAt(i)); 4262 } 4263 return new Uint8Array(arr); 4264} 4265 4266let crlData = '-----BEGIN X509 CRL-----\n' + 4267 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4268 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4269 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4270 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4271 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4272 'eavsH0Q3\n' + 4273 '-----END X509 CRL-----\n' 4274 4275let encodingBlob: certFramework.EncodingBlob = { 4276 data: stringToUint8Array(crlData), 4277 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4278 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4279}; 4280 4281certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 4282 if (err != null) { 4283 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4284 } else { 4285 console.log('create x509 crl success'); 4286 4287 try { 4288 let serialNumber = 1000; 4289 let crlEntry = x509Crl.getRevokedCert(serialNumber); 4290 let issuer = crlEntry.getCertIssuer(); 4291 } catch (error) { 4292 let e: BusinessError = error as BusinessError; 4293 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4294 } 4295 } 4296}) 4297``` 4298 4299### getRevocationDate 4300 4301getRevocationDate() : string 4302 4303Obtains the date when the certificate was revoked. This API uses an asynchronous callback to return the result. 4304 4305**System capability**: SystemCapability.Security.Cert 4306 4307**Return value** 4308 4309| Type | Description | 4310| ------ | ------------------ | 4311| string | Promise used to return the certificate revocation date obtained.| 4312 4313**Error codes** 4314 4315| ID| Error Message | 4316| -------- | ----------------------- | 4317| 19020001 | memory error. | 4318| 19020002 | runtime error. | 4319| 19030001 | crypto operation error. | 4320 4321**Example** 4322 4323```ts 4324import certFramework from '@ohos.security.cert'; 4325import { BusinessError } from '@ohos.base'; 4326 4327// Convert the string into a Uint8Array. 4328function stringToUint8Array(str: string): Uint8Array { 4329 let arr: Array<number> = []; 4330 for (let i = 0, j = str.length; i < j; i++) { 4331 arr.push(str.charCodeAt(i)); 4332 } 4333 return new Uint8Array(arr); 4334} 4335 4336let crlData = '-----BEGIN X509 CRL-----\n' + 4337 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4338 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4339 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4340 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4341 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4342 'eavsH0Q3\n' + 4343 '-----END X509 CRL-----\n' 4344 4345let encodingBlob: certFramework.EncodingBlob = { 4346 data: stringToUint8Array(crlData), 4347 // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. 4348 encodingFormat: certFramework.EncodingFormat.FORMAT_PEM 4349}; 4350 4351certFramework.createX509Crl(encodingBlob, (err, x509Crl) => { 4352 if (err != null) { 4353 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4354 } else { 4355 console.log('create x509 crl success'); 4356 4357 try { 4358 let serialNumber = 1000; 4359 let crlEntry = x509Crl.getRevokedCert(serialNumber); 4360 let date = crlEntry.getRevocationDate(); 4361 } catch (error) { 4362 let e: BusinessError = error as BusinessError; 4363 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4364 } 4365 } 4366}) 4367``` 4368