kits/js/%40ohos.security.certManager.d.ts

/*
* Copyright (c) 2022 Huawei Device Co., Ltd.
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*     http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/

import {AsyncCallback} from './basic';

/**
 * OpenHarmony Universal CertificateManager
 * @since 9
 * @syscap SystemCapability.Security.CertificateManager
 * @permission N/A
 */
declare namespace CertificateManager {
  /**
   * Get a list of system root certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param context Indicates the context of the calling interface application.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getSystemTrustedCertificateList(callback: AsyncCallback<CMResult>) : void;
  function getSystemTrustedCertificateList() : Promise<CMResult>;

  /**
   * Get the detail of system root certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param context Indicates the context of the calling interface application.
   * @param certUri Indicates the certificate's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getSystemTrustedCertificate(certUri: string, callback: AsyncCallback<CMResult>) : void;
  function getSystemTrustedCertificate(certUri: string) : Promise<CMResult>;

  /**
   * Set the status of root certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param context Indicates the context of the calling interface application.
   * @param certUri Indicates the certificate's name.
   * @param store Indicates the type of certificate.
   * @param status Indicates the status of certificate to be set.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function setCertificateStatus(certUri: string, store: number, status: boolean, callback: AsyncCallback<boolean>) : void;
  function setCertificateStatus(certUri: string, store: number, status: boolean) : Promise<boolean>;

  /**
   * Install the user root certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param certificate Indicates the certificate file.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function installUserTrustedCertificate(certificate: CertBlob, callback: AsyncCallback<CMResult>) : void;
  function installUserTrustedCertificate(certificate: CertBlob,) : Promise<CMResult>;

  /**
   * Uninstall all user root certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function uninstallAllUserTrustedCertificate(callback: AsyncCallback<boolean>) : void;
  function uninstallAllUserTrustedCertificate() : Promise<boolean>;

  /**
   * Uninstall the specified user root certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param certUri Indicates the certificate's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function uninstallUserTrustedCertificate(certUri: string, callback: AsyncCallback<boolean>) : void;
  function uninstallUserTrustedCertificate(certUri: string) : Promise<boolean>;

  /**
   * Get a list of user root certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getUserTrustedCertificateList(callback: AsyncCallback<CMResult>) : void;
  function getUserTrustedCertificateList() : Promise<CMResult>;

  /**
   * Get the detail of user root certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param certUri Indicates the certificate's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getUserTrustedCertificate(certUri: string, callback: AsyncCallback<CMResult>) : void;
  function getUserTrustedCertificate(certUri: string) : Promise<CMResult>;

  /**
   * Install normal application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keystore Indicates the keystore file with key pair and certificate.
   * @param keystorePwd Indicates the password of keystore file.
   * @param certAlias Indicates the certificate name inputted by the user.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function installAppCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string, callback: AsyncCallback<CMResult>) : void;
  function installAppCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string) : Promise<CMResult>;

  /**
   * Install private application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keystore Indicates the keystore file with key pair and certificate.
   * @param keystorePwd Indicates the password of keystore file.
   * @param certAlias Indicates the certificate name inputted by the user.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string, callback: AsyncCallback<CMResult>) : void;
  function installPrivateCertificate(keystore: Uint8Array, keystorePwd: string, certAlias: string) : Promise<CMResult>;

  /**
   * Generate private application certificate locally.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyAlias Indicates the key alias inputted by the user.
   * @param keyProperties Indicates the properties of keys in keystore file.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function generatePrivateCertificate(keyAlias: string, keyProperties: CMKeyProperties, callback: AsyncCallback<CMResult>) : void;
  function generatePrivateCertificate(keyAlias: string, keyProperties: CMKeyProperties) : Promise<CMResult>;

  /**
   * Update private application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param type Indicates the type of the certificate used.
   * @param keyUri Indicates key's name.
   * @param certificate Indicates the certificate file.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function updatePrivateCertificate(type: string, keyUri: string, certificate: CertBlob, callback: AsyncCallback<boolean>) : void;
  function updatePrivateCertificate(type: string, keyUri: string, certificate: CertBlob) : Promise<boolean>;

  /**
   * Uninstall all application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function uninstallAllAppCertificate(callback: AsyncCallback<boolean>) : void;
  function uninstallAllAppCertificate() : Promise<boolean>;

  /**
   * Uninstall the specified normal application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function uninstallAppCertificate(keyUri: string, callback: AsyncCallback<boolean>) : void;
  function uninstallAppCertificate(keyUri: string) : Promise<boolean>;

  /**
   * Uninstall the specified normal application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function uninstallPrivateCertificate(keyUri: string, callback: AsyncCallback<boolean>) : void;
  function uninstallPrivateCertificate(keyUri: string) : Promise<boolean>;

  /**
   * Get a list of normal application certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function getAppCertificateList(callback: AsyncCallback<CMResult>) : void;
  function getAppCertificateList() : Promise<CMResult>;

  /**
   * Get a list of private application certificates.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function getPrivateCertificateList(callback: AsyncCallback<CMResult>) : void;
  function getPrivateCertificateList() : Promise<CMResult>;

  /**
   * Get the detail of normal application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getAppCertificate(keyUri: string, callback: AsyncCallback<CMResult>) : void;
  function getAppCertificate(keyUri: string, ) : Promise<CMResult>;

  /**
   * Get the detail of private application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function getPrivateCertificate(keyUri: string, callback: AsyncCallback<CMResult>) : void;
  function getPrivateCertificate(keyUri: string) : Promise<CMResult>;

  /**
   * Authorize the specified application certificate for the specified application.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @param clientAppUid Indicates the uid of the authorized application.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function grantAppCertificate(keyUri: string, clientAppUid: string, callback: AsyncCallback<CMResult>) : void;
  function grantAppCertificate(keyUri: string, clientAppUid: string) : Promise<CMResult>;

  /**
   * Whether the current application is authorized by the specified application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function isAuthorizedApp(keyUri: string, callback: AsyncCallback<boolean>) : void;
  function isAuthorizedApp(keyUri: string) : Promise<boolean>;

  /**
   * Get the list of applications authorized by the specified certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function getAuthorizedAppList(keyUri: string, callback: AsyncCallback<CMResult>) : void;
  function getAuthorizedAppList(keyUri: string) : Promise<CMResult>;

  /**
   * Deauthorize the specified application from the specified application certificate.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param keyUri Indicates key's name.
   * @param clientAppUid Indicates the uid of the deauthorized application.
   * @permission ohos.permission.ACCESS_CERT_MANAGER_INTERNAL
   * @systemapi Hide this for inner system use
   */
  function removeGrantedAppCertificate(keyUri: string, clientAppUid: string, callback: AsyncCallback<boolean>) : void;
  function removeGrantedAppCertificate(keyUri: string, clientAppUid: string) : Promise<boolean>;

  /**
   * Init operation for signing and verifying etc.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param authUri Indicates the authorization relationship between application and application certificate.
   * @param spec Indicates the properties of the signature and verification..
   * @return The handle of the init Operation.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function init(authUri: string, spec: CMSignatureSpec, callback: AsyncCallback<CMHandle>) : void;
  function init(authUri: string, spec: CMSignatureSpec) : Promise<CMHandle>;

  /**
   * Update operation for signing and verifying etc.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param handle Indicates the handle of the init operation.
   * @param data Indicates the input value.
   * @param token Indicates the value of token.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function update(handle: Uint8Array, data: Uint8Array, callback: AsyncCallback<boolean>) : void;
  function update(handle: Uint8Array, data: Uint8Array) : Promise<boolean>;

  /**
   * Finish operation for signing and verifying etc.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param handle Indicates the handle of the init operation.
   * @param signature Indicates the sign data.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function finish(handle: Uint8Array, callback: AsyncCallback<CMResult>) : void;
  function finish(handle: Uint8Array, signature: Uint8Array, callback: AsyncCallback<CMResult>) : void;
  function finish(handle: Uint8Array, signature?: Uint8Array) : Promise<CMResult>;

  /**
   * Abort operation for signing and verifying etc.
   * @since 9
   * @syscap SystemCapability.Security.CertificateManager
   * @param handle Indicates the handle of the init operation.
   * @permission ohos.permission.ACCESS_CERT_MANAGER
   */
  function abort(handle: Uint8Array, callback: AsyncCallback<boolean>) : void;
  function abort(handle: Uint8Array) : Promise<boolean>;

  export interface CertInfo {
    uri: string;
    certAlias: string;
    status: boolean;
    issuerName: string;
    subjectName: string;
    serial: string;
    notBefore: string;
    notAfter: string;
    fingerprintSha256: string;
    cert: Uint8Array;
  }

  export interface CertAbstract {
    uri: string;
    certAlias: string;
    status: boolean;
    subjectName: string;
  }

  export interface Credential {
    type: string;
    alias: string;
    keyUri: string;
    certNum: number;
    keyNum: number;
    credData:Uint8Array;
  }

  export interface CredentialAbstract {
    type: string;
    alias: string;
    keyUri: string;
  }

  export interface CertBlob {
    inData: Uint8Array;
    alias: string;
  }

  export interface CMResult {
    certList?: Array<CertAbstract>;
    certInfo?: CertInfo;
    credentialList?: Array<CredentialAbstract>;
    credential?: Credential;
    appUidList?: Array<string>;
    uri?: string;
    outData?: Uint8Array;
    isAuth?: boolean;
  }

  export interface CMKeyProperties {
    type: string;
    alg: string;
    size: number;
    padding: string;
    purpose: string;
    digest: string;
    authType: string;
    authTimeout: string;
  }

  export enum CmKeyPurpose {
    CM_KEY_PURPOSE_SIGN = 4,
    CM_KEY_PURPOSE_VERIFY = 8,
  }

  export interface CMSignatureSpec {
    purpose: CmKeyPurpose;
  }

  export interface CMHandle {
    handle: Uint8Array;
  }

  export enum CMErrorCode {
    CM_SUCCESS = 0,
    CM_ERROR_INNER_ERROR = 17500001,
    CM_ERROR_NO_PERMISSION = 17500002,
    CM_ERROR_NO_FOUND = 17500003,
    CM_ERROR_X509_FORMATE = 17500004,
  }
}

export default CertificateManager;