• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1# Certificate Extension Development
2
3
4This topic walks you through on how to create a certificate extension (**CertExtension**) instance, obtain the certificate extension information based on an object identifier (OID), and check whether the certificate is a CA certificate.
5
6
7## How to Develop
8
91. Import the [certFramework](../../reference/apis-device-certificate-kit/js-apis-cert.md) module.
10   ```ts
11   import certFramework from '@ohos.security.cert';
12   ```
13
142. Use [cryptoCert.createCertExtension](../../reference/apis-device-certificate-kit/js-apis-cert.md#cryptocertcreatecertextension10) to create a **CertExtension** instance.
15
163. Use [CertExtension.getEntry](../../reference/apis-device-certificate-kit/js-apis-cert.md#getentry10) to obtain the certificate extension of the specified OID.
17
18
194. Use [CertExtension.checkCA](../../reference/apis-device-certificate-kit/js-apis-cert.md#checkca10) to check whether the certificate is a CA certificate.
20
21```ts
22import certFramework from '@ohos.security.cert';
23import { BusinessError } from '@ohos.base';
24import util from '@ohos.util';
25
26// Certificate extension data. The following is only an example.
27let extData = new Uint8Array([
28  0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D,
29  0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03,
30  0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55,
31  0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03,
32  0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55,
33  0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C,
34  0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86,
35  0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0,
36  0xD9, 0xE4
37]);
38
39// Certificate extension example.
40function certExtensionSample(): void {
41  let textEncoder = new util.TextEncoder();
42  let encodingBlob: certFramework.EncodingBlob = {
43    data: extData,
44    // Certificate extension format. Currently, only the DER format is supported.
45    encodingFormat: certFramework.EncodingFormat.FORMAT_DER
46  };
47
48  // Create a CertExtension instance.
49  certFramework.createCertExtension(encodingBlob, (err, certExtension) => {
50    if (err != null) {
51      // The CertExtension instance fails to be created.
52      console.error(`createCertExtension failed, errCode:${err.code}, errMsg:${err.message} `);
53      return;
54    }
55    // The CertExtension instance is created.
56    console.log('createCertExtension success');
57
58    try {
59      // Obtain the certificate extension information based on an OID.
60      let oidData = '2.5.29.14';
61      let oid: certFramework.DataBlob = {
62        data: textEncoder.encodeInto(oidData),
63      }
64      let entry = certExtension.getEntry(certFramework.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oid);
65
66      // Check whether the certificate is a CA certificate.
67      let pathLen = certExtension.checkCA();
68      console.log('test cert extension success');
69    } catch (err) {
70      let e: BusinessError = err as BusinessError;
71      console.error(`operation failed, message:${e.message} ,code:${e.code} `);
72    }
73  });
74}
75```
76