1# @ohos.security.cert (证书模块) 2 3证书算法库框架提供证书相关接口。其中,依赖加解密算法库框架的基础算法能力的部分,详细接口说明可参考[cryptoFramework API参考](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md)。 4 5> **说明:** 6> 7> 本模块首批接口从API version 9开始支持。后续版本的新增接口,采用上角标单独标记接口的起始版本。 8 9## 导入模块 10 11```ts 12import { cert } from '@kit.DeviceCertificateKit'; 13import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 14``` 15 16## CertResult 17 18 表示执行结果的枚举。 19 20 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 21 22 **系统能力:** SystemCapability.Security.Cert 23 24| 名称 | 值 | 说明 | 25| --------------------------------------| -------- | -----------------------------| 26| INVALID_PARAMS | 401 | 非法入参。 | 27| NOT_SUPPORT | 801 | 操作不支持。 | 28| ERR_OUT_OF_MEMORY | 19020001 | 内存错误。 | 29| ERR_RUNTIME_ERROR | 19020002 | 运行时外部错误。 | 30| ERR_CRYPTO_OPERATION | 19030001 | 调用三方算法库API出错。 | 31| ERR_CERT_SIGNATURE_FAILURE | 19030002 | 证书签名验证错误。 | 32| ERR_CERT_NOT_YET_VALID | 19030003 | 证书尚未生效。 | 33| ERR_CERT_HAS_EXPIRED | 19030004 | 证书过期。 | 34| ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | 无法获取证书的颁发者。 | 35| ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | 证书的秘钥用途不含证书签名。 | 36| ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | 证书的秘钥用途不含数字签名。 | 37 38## DataBlob 39buffer数组。 40 41 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 42 43 **系统能力:** SystemCapability.Security.Cert 44| 名称 | 类型 | 可读 | 可写 | 说明 | 45| -------------- | -------------- | ---- | ---- | ----------------| 46| data | Uint8Array | 是 | 是 | 数据。 | 47 48## DataArray 49 50buffer数组的列表。 51 52 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 53 54 **系统能力:** SystemCapability.Security.Cert 55| 名称 | 类型 | 可读 | 可写 | 说明 | 56| -------------- | -------------- | ---- | ---- | ----------------| 57| data | Array\<Uint8Array> | 是 | 是 | 数据列表。 | 58 59## EncodingFormat 60 61 表示证书编码格式的枚举。 62 63**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 64 65 **系统能力:** SystemCapability.Security.Cert 66 67| 名称 | 值 | 说明 | 68| ---------- | ------ | --------- | 69| FORMAT_DER | 0 | DER格式。 | 70| FORMAT_PEM | 1 | PEM格式。 | 71| FORMAT_PKCS7<sup>11+</sup> | 2 | PKCS7格式。 | 72 73## CertItemType<sup>10+</sup> 74 75 表示获取证书字段的枚举。 76 77**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 78 79 **系统能力:** SystemCapability.Security.Cert 80 81| 名称 | 值 | 说明 | 82| -------------------------------- | ---- | ------------------------------ | 83| CERT_ITEM_TYPE_TBS | 0 | 表示获取证书的待签名信息。 | 84| CERT_ITEM_TYPE_PUBLIC_KEY | 1 | 表示获取证书的公钥信息。 | 85| CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | 表示获取证书的颁发者唯一编号。 | 86| CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | 表示获取证书的主体唯一编号。 | 87| CERT_ITEM_TYPE_EXTENSIONS | 4 | 表示获取证书的扩展域信息。 | 88 89## ExtensionOidType<sup>10+</sup> 90 91 表示获取扩展域中对象标识符类型的枚举。 92 93 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 94 95 **系统能力:** SystemCapability.Security.Cert 96 97| 名称 | 值 | 说明 | 98| ----------------------------- | ---- | --------------------------------------------- | 99| EXTENSION_OID_TYPE_ALL | 0 | 表示获取扩展域中所有的对象标识符。 | 100| EXTENSION_OID_TYPE_CRITICAL | 1 | 表示获取扩展域中critical为true的对象标识符。 | 101| EXTENSION_OID_TYPE_UNCRITICAL | 2 | 表示获取扩展域中critical为false的对象标识符。 | 102 103## ExtensionEntryType<sup>10+</sup> 104 105 表示获取扩展域中对象类型的枚举。 106 107 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 108 109 **系统能力:** SystemCapability.Security.Cert 110 111| 名称 | 值 | 说明 | 112| ----------------------------------- | ---- | ---------------------------- | 113| EXTENSION_ENTRY_TYPE_ENTRY | 0 | 表示获取整个对象。 | 114| EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | 表示获取对象的critical属性。 | 115| EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | 表示获取对象的数据。 | 116 117## EncodingType<sup>12+</sup> 118 119 表示获取X509证书主体名称编码格式的枚举。 120 121**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 122 123 **系统能力:** SystemCapability.Security.Cert 124 125| 名称 | 值 | 说明 | 126| ---------- | ------ | --------- | 127| ENCODING_UTF8 | 0 | UTF8编码格式。 | 128 129## EncodingBlob 130 131带编码格式的证书二进制数组。 132 133### 属性 134 135**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 136 137**系统能力:** SystemCapability.Security.Cert 138 139| 名称 | 类型 | 可读 | 可写 | 说明 | 140| -------------- | --------------------------------- | ---- | ---- | ------------------------------ | 141| data | Uint8Array | 是 | 是 | 传入的证书数据。 | 142| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 143 144 145## CertChainData 146 147证书链数据,在证书链校验时,作为入参传入。 148 149### 属性 150 151**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 152 153**系统能力:** SystemCapability.Security.Cert 154 155| 名称 | 类型 | 可读 | 可写 | 说明 | 156| -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | 157| data | Uint8Array | 是 | 是 | 证书数据,按照长度(2字节)-数据的形式传入,如:08ABCDEFGH07ABCDEFG,第一本证书,前2个字节表示证书的长度为8字节,后面附加8字节的证书数据;第2本证书前2个字节表示证书的长度为7字节,后面附加7字节的证书数据。 | 158| count | number | 是 | 是 | 传入的数据中,包含的证书数量。 | 159| encodingFormat | [EncodingFormat](#encodingformat) | 是 | 是 | 指明证书编码格式。 | 160 161## GeneralNameType<sup>12+</sup> 162 163表示证书主体用途的枚举。 164 165**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 166 167**系统能力:** SystemCapability.Security.Cert 168 169| 名称 | 值 | 说明 | 170| -------------- | --------------------------------- | ------------------ | 171| GENERAL_NAME_TYPE_OTHER_NAME | 0 | 表示其他名称。 | 172| GENERAL_NAME_TYPE_RFC822_NAME | 1 | 表示电子邮件地址。 | 173| GENERAL_NAME_TYPE_DNS_NAME | 2 | 表示一个DNS名称。 | 174| GENERAL_NAME_TYPE_X400_ADDRESS | 3 | 表示X.400地址。 | 175| GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | 表示一个目录名称。 | 176| GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | 表示特定的EDI实体。 | 177| GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | 表示一个统一资源标识符。 | 178| GENERAL_NAME_TYPE_IP_ADDRESS | 7 | 表示一个IP地址。 | 179| GENERAL_NAME_TYPE_REGISTERED_ID | 8 | 表示一个已注册的对象标识符。 | 180 181## GeneralName<sup>12+</sup> 182 183用于表示证书主体信息对象。 184 185**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 186 187**系统能力:** SystemCapability.Security.Cert 188 189| 名称 | 类型 | 必填 | 说明 | 190| -------------- | --------------------------------- | ---- | ------------------ | 191| type | [GeneralNameType](#generalname12) | 是 | 指定具体的证书主体类型。 | 192| name | Uint8Array | 否 | 指定具体的证书主体DER格式内容。 | 193 194## X509CertMatchParameters<sup>11+</sup> 195 196用于匹配证书的过滤参数。如果参数中任一项都未指定,则匹配所有证书。 197 198**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 199 200**系统能力:** SystemCapability.Security.Cert 201 202| 名称 | 类型 | 必填 | 说明 | 203| -------------- | --------------------------------- | ---- | ------------------ | 204| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象。 | 205| validDate | string | 否 | 指定证书有效期。 | 206| issuer | Uint8Array | 否 | 指定证书颁发者,为DER编码格式。 | 207| keyUsage | Array\<boolean> | 否 | 指定是否需要匹配密钥用途。true为需要,false为不需要。 | 208| serialNumber | bigint | 否 | 指定证书的序列号。 | 209| subject | Uint8Array | 否 | 指定证书主题,DER编码格式。 | 210| publicKey | [DataBlob](#datablob) | 否 | 指定证书公钥,DER编码格式。 | 211| publicKeyAlgID | string | 否 | 指定证书公钥的算法。 | 212| subjectAlternativeNames<sup>12+</sup> | Array\<[GeneralName](#generalname12)> | 否 | 指定证书主体名称。 | 213| matchAllSubjectAltNames<sup>12+</sup> | boolean | 否 | 指定是否需要匹配证书主体名称。true为需要,false为不需要。 | 214| authorityKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书颁发机构秘钥。 | 215| minPathLenConstraint<sup>12+</sup> | number | 否 | 指定证书CA路径长度。 | 216| extendedKeyUsage<sup>12+</sup> | Array\<string> | 否 | 指定证书扩展用途。 | 217| nameConstraints<sup>12+</sup> | Uint8Array | 否 | 指定证书的使用者名称。 | 218| certPolicy<sup>12+</sup> | Array\<string> | 否 | 指定证书策略。 | 219| privateKeyValid<sup>12+</sup> | string | 否 | 指定证书私钥有效期。 | 220| subjectKeyIdentifier<sup>12+</sup> | Uint8Array | 否 | 指定证书公钥。 | 221 222## X509CRLMatchParameters<sup>11+</sup> 223 224用于匹配证书吊销列表的过滤参数。如果参数中任一项都未指定,则匹配所有证书吊销列表。 225 226**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 227 228**系统能力:** SystemCapability.Security.Cert 229 230| 名称 | 类型 | 必填 | 说明 | 231| -------------- | --------------------------------- | ---- | ------------------ | 232| issuer | Array\<Uint8Array> | 否 | 指定颁发者作为过滤条件, 至少要匹配到其中一个issuer。 | 233| x509Cert | [X509Cert](#x509cert) | 否 | 指定具体的证书对象作为过滤条件, 判断该证书是否在CRL列表中。 | 234| updateDateTime<sup>12+</sup> | string | 否 | 指定证书更新时间。 | 235| maxCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最大值。 | 236| minCRL<sup>12+</sup> | bigint | 否 | 指定CRL个数最小值。 | 237 238## CertChainBuildParameters<sup>12+</sup> 239 240用于指定证书链创建参数。 241 242**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 243 244**系统能力:** SystemCapability.Security.Cert 245 246| 名称 | 类型 | 必填 | 说明 | 247| -------------- | --------------------------------- | ---- | ------------------ | 248| certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 指定过滤条件。 | 249| maxLength | number | 否 | 指定最终证书链中CA证书的最大长度。 | 250| validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 指定验证条件。 | 251 252## CertChainBuildResult<sup>12+</sup> 253 254用于指定证书链创建结果。 255 256**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 257 258**系统能力:** SystemCapability.Security.Cert 259 260| 名称 | 类型 | 必填 | 说明 | 261| -------------- | --------------------------------- | ---- | ------------------ | 262| certChain | [X509CertChain](#x509certchain11) | 是 | 生成的证书链对象。 | 263| validationResult | [CertChainValidationResult](#certchainvalidationresult11) | 是 | 指定最终证书链的最大长度。 | 264 265## X509TrustAnchor<sup>11+</sup> 266 267表示X509信任锚,用于校验证书链。使用信任锚中的证书或者公钥作为可信根,对证书链进行校验。 268 269**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 270 271**系统能力:** SystemCapability.Security.Cert 272 273| 名称 | 类型 | 可读 | 可写 | 说明 | 274| --------- | --------------------- | ---- | ---- | --------------------------- | 275| CACert | [X509Cert](#x509cert) | 是 | 是 | 信任的CA证书。 | 276| CAPubKey | Uint8Array | 是 | 是 | 信任的CA证书公钥, DER格式。 | 277| CASubject | Uint8Array | 是 | 是 | 信任的CA证书主题, DER格式。 | 278| nameConstraints<sup>12+</sup> | Uint8Array | 是 | 是 | 名称约束, DER格式。 | 279 280## RevocationCheckOptions<sup>12+</sup> 281 282 表示证书链在线校验证书吊销状态选项的枚举。 283 284 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 285 286 **系统能力:** SystemCapability.Security.Cert 287 288| 名称 | 值 | 说明 | 289| --------------------------------------| -------- | -----------------------------| 290| REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | 优先采用OCSP进行校验,默认采用CRL校验。 | 291| REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | 支持通过访问网络获取CRL或OCSP响应进行吊销状态的校验,默认为关闭。 | 292| REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | 当ACCESS_NETWORK选项打开时有效,如果优选的校验方法由于网络原因导致无法校验证书状态,则采用备选的方案进行校验。 | 293| REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | 当ACCESS_NETWORK选项打开时有效,如果在线获取CRL和OCSP响应都由于网络的原因导致无法校验证书状态,则采用本地设置的CRL和OCSP响应进行校验。 | 294 295## ValidationPolicyType<sup>12+</sup> 296 297 表示证书链在线校验策略的枚举。 298 299 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 300 301 **系统能力:** SystemCapability.Security.Cert 302 303| 名称 | 值 | 说明 | 304| --------------------------------------| -------- | -----------------------------| 305| VALIDATION_POLICY_TYPE_X509 | 0 | 默认值,不需要校验证书中的sslHostname或dNSName。 | 306| VALIDATION_POLICY_TYPE_SSL | 1 | 需要校验证书中的sslHostname或dNSName。 | 307 308## KeyUsageType<sup>12+</sup> 309 310 表示证书中密钥用途的枚举。 311 312 **原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 313 314 **系统能力:** SystemCapability.Security.Cert 315 316| 名称 | 值 | 说明 | 317| --------------------------------------| -------- | -----------------------------| 318| KEYUSAGE_DIGITAL_SIGNATURE | 0 | 证书持有者可以用证书中包含的私钥进行数字签名操作。 | 319| KEYUSAGE_NON_REPUDIATION | 1 | 证书持有者不可否认使用证书中包含的私钥进行的数字签名操作。 | 320| KEYUSAGE_KEY_ENCIPHERMENT | 2 | 证书持有者可以使用证书中包含的公钥进行密钥加密操作。 | 321| KEYUSAGE_DATA_ENCIPHERMENT | 3 | 证书持有者可以使用证书中包含的公钥进行数据加密操作。 | 322| KEYUSAGE_KEY_AGREEMENT | 4 | 证书持有者可以使用证书中包含的私钥进行密钥协商操作。 | 323| KEYUSAGE_KEY_CERT_SIGN | 5 | 证书持有者可以使用证书中包含的私钥对其他证书进行签名。 | 324| KEYUSAGE_CRL_SIGN | 6 | 证书持有者可以使用证书中包含的私钥对证书吊销列表(CRL)进行签名。 | 325| KEYUSAGE_ENCIPHER_ONLY | 7 | 证书持有者只能进行加密操作,不能进行解密操作。 | 326| KEYUSAGE_DECIPHER_ONLY | 8 | 证书持有者只能进行解密操作,不能进行加密操作。 | 327 328## RevocationCheckParameter<sup>12+</sup> 329 330表示证书链校验证书吊销状态的参数。 331 332**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 333 334**系统能力:** SystemCapability.Security.Cert 335 336| 名称 | 类型 | 必填 | 说明 | 337| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 338| ocspRequestExtension | Array\<Uint8Array> | 否 | 表示发送OCSP请求的扩展字段。| 339| ocspResponderURI | string | 否 | 表示用于OCSP请求的备选服务器URL地址,支持HTTP/HTTPS,具体配置由与服务器协商决定。 | 340| ocspResponderCert | [X509Cert](#x509cert) | 否 | 表示用于OCSP响应的签名校验的签名证书。 | 341| ocspResponses | Uint8Array | 否 | 表示用于OCSP服务器响应的备选数据。 | 342| crlDownloadURI | string | 否 | 表示用于CRL请求的备选下载地址。 | 343| options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | 否 | 表示证书吊销状态查询的策略组合。 | 344| ocspDigest | string | 否 | 表示OCSP通信时创建证书ID使用的哈希算法。默认为SHA256,支持可配置MD5、SHA1、SHA224、SHA256、SHA384、SHA512算法。 | 345 346## CertChainValidationParameters<sup>11+</sup> 347 348表示证书链校验的参数。 349 350**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 351 352**系统能力:** SystemCapability.Security.Cert 353 354| 名称 | 类型 | 必填 | 说明 | 355| ------------ | ------------------------------------------------- | ---- | -------------------------------------- | 356| date | string | 否 | 表示需要校验证书的有效期。 | 357| trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | 是 | 表示信任锚列表。 | 358| certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | 否 | 表示需要校验证书是否在证书吊销列表中。 | 359| revocationCheckParam<sup>12+</sup> | [RevocationCheckParameter](#revocationcheckparameter12) | 否 | 表示需要在线校验证证书吊销状态的参数对象。 | 360| policy<sup>12+</sup> | [ValidationPolicyType](#validationpolicytype12) | 否 | 表示需要校验证书的策略类型。 | 361| sslHostname<sup>12+</sup> | string | 否 | 表示需要校验证书中主机名,与policy配合使用。 | 362| keyUsage<sup>12+</sup> | Array\<[KeyUsageType](#keyusagetype12)> | 否 | 表示需要校验证书中的密钥用途。 | 363 364## CertChainValidationResult<sup>11+</sup> 365 366表示证书链校验的返回值。 367 368**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 369 370**系统能力:** SystemCapability.Security.Cert 371 372| 名称 | 类型 | 可读 | 可写 | 说明 | 373| ----------- | ------------------------------------- | ---- | ---- | -------------- | 374| trustAnchor | [X509TrustAnchor](#x509trustanchor11) | 是 | 否 | 表示信任锚。 | 375| entityCert | [X509Cert](#x509cert) | 是 | 否 | 表示实体证书。 | 376 377## cert.createX509Cert 378 379createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\<X509Cert>) : void 380 381表示创建X509证书对象,使用Callback回调异步返回结果。 382 383**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 384 385**系统能力:** SystemCapability.Security.Cert 386 387**参数:** 388 389| 参数名 | 类型 | 必填 | 说明 | 390| -------- | ------------------------------------- | ---- | -------------------------- | 391| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 392| callback | AsyncCallback\<[X509Cert](#x509cert)> | 是 | 回调函数,表示X509证书对象。 | 393 394**错误码:** 395 396以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 397 398| 错误码ID | 错误信息 | 399| -------- | ------------- | 400| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 401| 801 | this operation is not supported. | 402| 19020001 | memory error. | 403 404**示例:** 405 406```ts 407import { cert } from '@kit.DeviceCertificateKit'; 408 409// string转Uint8Array。 410function stringToUint8Array(str: string): Uint8Array { 411 let arr: Array<number> = []; 412 for (let i = 0, j = str.length; i < j; i++) { 413 arr.push(str.charCodeAt(i)); 414 } 415 return new Uint8Array(arr); 416} 417 418// 证书二进制数据,需业务自行赋值。 419let certData = '-----BEGIN CERTIFICATE-----\n' + 420 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 421 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 422 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 423 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 424 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 425 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 426 'Qw==\n' + 427 '-----END CERTIFICATE-----\n'; 428 429let encodingBlob: cert.EncodingBlob = { 430 data: stringToUint8Array(certData), 431 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 432 encodingFormat: cert.EncodingFormat.FORMAT_PEM 433}; 434 435cert.createX509Cert(encodingBlob, (error, x509Cert) => { 436 if (error) { 437 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 438 } else { 439 console.log('createX509Cert success'); 440 } 441}); 442``` 443 444## cert.createX509Cert 445 446createX509Cert(inStream : EncodingBlob) : Promise\<X509Cert> 447 448表示创建X509证书对象,使用Promise方式异步返回结果。 449 450**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 451 452**系统能力:** SystemCapability.Security.Cert 453 454**参数:** 455 456| 参数名 | 类型 | 必填 | 说明 | 457| -------- | ----------------------------- | ---- | ------------------ | 458| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 459 460**返回值:** 461 462| 类型 | 说明 | 463| ------- | ---------------- | 464| Promise\<[X509Cert](#x509cert)> | 表示X509证书对象。 | 465 466**错误码:** 467 468以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 469 470| 错误码ID | 错误信息 | 471| -------- | ------------- | 472| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 473| 801 | this operation is not supported. | 474| 19020001 | memory error. | 475 476**示例:** 477 478```ts 479import { cert } from '@kit.DeviceCertificateKit'; 480import { BusinessError } from '@kit.BasicServicesKit'; 481 482// string转Uint8Array。 483function stringToUint8Array(str: string): Uint8Array { 484 let arr: Array<number> = []; 485 for (let i = 0, j = str.length; i < j; i++) { 486 arr.push(str.charCodeAt(i)); 487 } 488 return new Uint8Array(arr); 489} 490 491// 证书二进制数据,需业务自行赋值。 492let certData = '-----BEGIN CERTIFICATE-----\n' + 493 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 494 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 495 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 496 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 497 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 498 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 499 'Qw==\n' + 500 '-----END CERTIFICATE-----\n'; 501 502let encodingBlob: cert.EncodingBlob = { 503 data: stringToUint8Array(certData), 504 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 505 encodingFormat: cert.EncodingFormat.FORMAT_PEM 506}; 507 508cert.createX509Cert(encodingBlob).then(x509Cert => { 509 console.log('createX509Cert success'); 510}).catch((error: BusinessError) => { 511 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 512}); 513``` 514 515## X509Cert 516 517X509证书类。 518 519### verify 520 521verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 522 523表示对证书验签,使用Callback回调异步返回结果。 524 525**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 526 527**系统能力:** SystemCapability.Security.Cert 528 529**参数:** 530 531| 参数名 | 类型 | 必填 | 说明 | 532| -------- | --------------------- | ---- | ------------------------------------------------------------ | 533| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象。 | 534| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,不为null表示失败。 | 535 536**错误码:** 537 538以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 539 540| 错误码ID | 错误信息 | 541| -------- | ------------------ | 542| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 543| 19030001 | crypto operation error. | 544 545**示例:** 546 547```ts 548import { cert } from '@kit.DeviceCertificateKit'; 549import { BusinessError } from '@kit.BasicServicesKit'; 550 551// string转Uint8Array。 552function stringToUint8Array(str: string): Uint8Array { 553 let arr: Array<number> = []; 554 for (let i = 0, j = str.length; i < j; i++) { 555 arr.push(str.charCodeAt(i)); 556 } 557 return new Uint8Array(arr); 558} 559 560// 证书二进制数据,需业务自行赋值。 561let certData = '-----BEGIN CERTIFICATE-----\n' + 562 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 563 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 564 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 565 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 566 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 567 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 568 'Qw==\n' + 569 '-----END CERTIFICATE-----\n'; 570 571let encodingBlob: cert.EncodingBlob = { 572 data: stringToUint8Array(certData), 573 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 574 encodingFormat: cert.EncodingFormat.FORMAT_PEM 575}; 576 577cert.createX509Cert(encodingBlob, (error, x509Cert) => { 578 if (error) { 579 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 580 } else { 581 console.log('createX509Cert success'); 582 583 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey。 584 try { 585 let pubKey = x509Cert.getPublicKey(); 586 587 // 验证证书签名。 588 x509Cert.verify(pubKey, (err, data) => { 589 if (err) { 590 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 591 } else { 592 console.log('verify success'); 593 } 594 }); 595 } catch (error) { 596 let e: BusinessError = error as BusinessError; 597 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 598 } 599 } 600}); 601``` 602 603### verify 604 605verify(key : cryptoFramework.PubKey) : Promise\<void> 606 607表示对证书验签,使用Promise方式异步返回结果。 608 609**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 610 611**系统能力:** SystemCapability.Security.Cert 612 613**参数:** 614 615| 参数名 | 类型 | 必填 | 说明 | 616| ------ | ------ | ---- | ------------------ | 617| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 用于验签的公钥对象。 | 618 619**返回值:** 620 621| 类型 | 说明 | 622| -------------- | ----------- | 623| Promise\<void> | Promise对象。 | 624 625**错误码:** 626 627以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 628 629| 错误码ID | 错误信息 | 630| -------- | ------------------ | 631| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 632| 19030001 | crypto operation error. | 633 634**示例:** 635 636```ts 637import { cert } from '@kit.DeviceCertificateKit'; 638import { BusinessError } from '@kit.BasicServicesKit'; 639 640// string转Uint8Array。 641function stringToUint8Array(str: string): Uint8Array { 642 let arr: Array<number> = []; 643 for (let i = 0, j = str.length; i < j; i++) { 644 arr.push(str.charCodeAt(i)); 645 } 646 return new Uint8Array(arr); 647} 648 649// 证书二进制数据,需业务自行赋值。 650let certData = '-----BEGIN CERTIFICATE-----\n' + 651 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 652 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 653 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 654 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 655 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 656 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 657 'Qw==\n' + 658 '-----END CERTIFICATE-----\n'; 659 660let encodingBlob: cert.EncodingBlob = { 661 data: stringToUint8Array(certData), 662 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 663 encodingFormat: cert.EncodingFormat.FORMAT_PEM 664}; 665 666cert.createX509Cert(encodingBlob).then(x509Cert => { 667 console.log('createX509Cert success'); 668 669 try { 670 // 业务需通过上级X509Cert证书对象(或当前证书对象为自签名的证书)的getPublicKey获取PubKey。 671 let pubKey = x509Cert.getPublicKey(); 672 x509Cert.verify(pubKey).then(result => { 673 console.log('verify success'); 674 }).catch((error: BusinessError) => { 675 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 676 }); 677 } catch (err) { 678 console.error('get public key failed'); 679 } 680}).catch((error: BusinessError) => { 681 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 682}); 683``` 684 685### getEncoded 686 687getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 688 689表示获取X509证书序列化数据,使用Callback回调异步返回结果。 690 691**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 692 693**系统能力:** SystemCapability.Security.Cert 694 695**参数**: 696 697| 参数名 | 类型 | 必填 | 说明 | 698| -------- | --------------------------------------------- | ---- | -------------------------------- | 699| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示X509证书序列化数据。 | 700 701**错误码:** 702 703以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 704 705| 错误码ID | 错误信息 | 706| -------- | ------------------------------------------------- | 707| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 708| 19020001 | memory error. | 709| 19020002 | runtime error. | 710| 19030001 | crypto operation error.| 711 712**示例:** 713 714```ts 715import { cert } from '@kit.DeviceCertificateKit'; 716 717// string转Uint8Array。 718function stringToUint8Array(str: string): Uint8Array { 719 let arr: Array<number> = []; 720 for (let i = 0, j = str.length; i < j; i++) { 721 arr.push(str.charCodeAt(i)); 722 } 723 return new Uint8Array(arr); 724} 725 726// 证书二进制数据,需业务自行赋值。 727let certData = '-----BEGIN CERTIFICATE-----\n' + 728 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 729 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 730 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 731 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 732 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 733 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 734 'Qw==\n' + 735 '-----END CERTIFICATE-----\n'; 736 737let encodingBlob: cert.EncodingBlob = { 738 data: stringToUint8Array(certData), 739 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 740 encodingFormat: cert.EncodingFormat.FORMAT_PEM 741}; 742 743cert.createX509Cert(encodingBlob, (error, x509Cert) => { 744 if (error) { 745 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 746 } else { 747 console.log('createX509Cert success'); 748 x509Cert.getEncoded((error, data) => { 749 if (error) { 750 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 751 } else { 752 console.log('getEncoded success'); 753 } 754 }); 755 } 756}); 757``` 758 759### getEncoded 760 761getEncoded() : Promise\<EncodingBlob> 762 763表示获取X509证书序列化数据,使用Promise方式异步返回结果。 764 765**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 766 767**系统能力:** SystemCapability.Security.Cert 768 769**返回值**: 770 771| 类型 | 说明 | 772| --------------------------------------- | ---------------------- | 773| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书序列化数据。 | 774 775**错误码:** 776 777以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 778 779| 错误码ID | 错误信息 | 780| -------- | ------------------------------------------------- | 781| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 782| 19020001 | memory error. | 783| 19020002 | runtime error. | 784| 19030001 | crypto operation error.| 785 786**示例:** 787 788```ts 789import { cert } from '@kit.DeviceCertificateKit'; 790import { BusinessError } from '@kit.BasicServicesKit'; 791 792// string转Uint8Array。 793function stringToUint8Array(str: string): Uint8Array { 794 let arr: Array<number> = []; 795 for (let i = 0, j = str.length; i < j; i++) { 796 arr.push(str.charCodeAt(i)); 797 } 798 return new Uint8Array(arr); 799} 800 801// 证书二进制数据,需业务自行赋值。 802let certData = '-----BEGIN CERTIFICATE-----\n' + 803 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 804 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 805 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 806 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 807 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 808 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 809 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 810 '-----END CERTIFICATE-----\n'; 811 812// 证书二进制数据,需业务自行赋值。 813let encodingBlob: cert.EncodingBlob = { 814 data: stringToUint8Array(certData), 815 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 816 encodingFormat: cert.EncodingFormat.FORMAT_PEM 817}; 818cert.createX509Cert(encodingBlob).then(x509Cert => { 819 console.log('createX509Cert success'); 820 x509Cert.getEncoded().then(result => { 821 console.log('getEncoded success'); 822 }).catch((error: BusinessError) => { 823 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 824 }); 825}).catch((error: BusinessError) => { 826 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 827}); 828``` 829 830### getPublicKey 831 832getPublicKey() : cryptoFramework.PubKey 833 834表示获取X509证书公钥。 835 836**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 837 838**系统能力:** SystemCapability.Security.Cert 839 840**返回值**: 841 842| 类型 | 说明 | 843| ------ | ---------------- | 844| [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | X509证书公钥对象:仅用于X509Cert的verify接口。 | 845 846**错误码:** 847 848以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 849 850| 错误码ID | 错误信息 | 851| -------- | ------------------------------------------------- | 852| 19020001 | memory error. | 853| 19030001 | crypto operation error.| 854 855**示例:** 856 857```ts 858import { cert } from '@kit.DeviceCertificateKit'; 859import { BusinessError } from '@kit.BasicServicesKit'; 860 861// string转Uint8Array。 862function stringToUint8Array(str: string): Uint8Array { 863 let arr: Array<number> = []; 864 for (let i = 0, j = str.length; i < j; i++) { 865 arr.push(str.charCodeAt(i)); 866 } 867 return new Uint8Array(arr); 868} 869 870// 证书二进制数据,需业务自行赋值。 871let certData = '-----BEGIN CERTIFICATE-----\n' + 872 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 873 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 874 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 875 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 876 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 877 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 878 'Qw==\n' + 879 '-----END CERTIFICATE-----\n'; 880 881let encodingBlob: cert.EncodingBlob = { 882 data: stringToUint8Array(certData), 883 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 884 encodingFormat: cert.EncodingFormat.FORMAT_PEM 885}; 886 887cert.createX509Cert(encodingBlob, (error, x509Cert) => { 888 if (error) { 889 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 890 } else { 891 console.log('createX509Cert success'); 892 try { 893 let pubKey = x509Cert.getPublicKey(); 894 } catch (error) { 895 let e: BusinessError = error as BusinessError; 896 console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 897 } 898 } 899}); 900``` 901 902### checkValidityWithDate 903 904checkValidityWithDate(date: string) : void 905 906表示检查X509证书有效期。 907 908**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 909 910**系统能力:** SystemCapability.Security.Cert 911 912**参数**: 913 914| 参数名 | 类型 | 必填 | 说明 | 915| -------- | -------------- | ---- | ---------- | 916| date | string | 是 | 日期,为ASN.1时间格式。 | 917 918**错误码:** 919 920以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 921 922| 错误码ID | 错误信息 | 923| -------- | ------------------------------------------------- | 924| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 925| 19020001 | memory error. | 926| 19030001 | crypto operation error.| 927| 19030003 | the certificate has not taken effect. | 928| 19030004 | the certificate has expired.| 929 930**示例:** 931 932```ts 933import { cert } from '@kit.DeviceCertificateKit'; 934import { BusinessError } from '@kit.BasicServicesKit'; 935 936// string转Uint8Array。 937function stringToUint8Array(str: string): Uint8Array { 938 let arr: Array<number> = []; 939 for (let i = 0, j = str.length; i < j; i++) { 940 arr.push(str.charCodeAt(i)); 941 } 942 return new Uint8Array(arr); 943} 944 945// 证书二进制数据,需业务自行赋值。 946let certData = '-----BEGIN CERTIFICATE-----\n' + 947 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 948 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 949 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 950 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 951 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 952 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 953 'Qw==\n' + 954 '-----END CERTIFICATE-----\n'; 955 956let encodingBlob: cert.EncodingBlob = { 957 data: stringToUint8Array(certData), 958 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 959 encodingFormat: cert.EncodingFormat.FORMAT_PEM 960}; 961 962cert.createX509Cert(encodingBlob, (error, x509Cert) => { 963 if (error) { 964 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 965 } else { 966 console.log('createX509Cert success'); 967 968 let date = '231001000001Z'; 969 // Verify the certificate validity period. 970 try { 971 x509Cert.checkValidityWithDate(date); 972 } catch (error) { 973 let e: BusinessError = error as BusinessError; 974 console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 975 } 976 } 977}); 978``` 979 980### getVersion 981 982getVersion() : number 983 984表示获取X509证书版本。 985 986**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 987 988**系统能力:** SystemCapability.Security.Cert 989 990**返回值**: 991 992| 类型 | 说明 | 993| ------ | ---------------- | 994| number | 表示X509证书版本 | 995 996**示例:** 997 998```ts 999import { cert } from '@kit.DeviceCertificateKit'; 1000 1001// string转Uint8Array。 1002function stringToUint8Array(str: string): Uint8Array { 1003 let arr: Array<number> = []; 1004 for (let i = 0, j = str.length; i < j; i++) { 1005 arr.push(str.charCodeAt(i)); 1006 } 1007 return new Uint8Array(arr); 1008} 1009 1010// 证书二进制数据,需业务自行赋值。 1011let certData = '-----BEGIN CERTIFICATE-----\n' + 1012 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1013 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1014 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1015 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1016 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1017 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1018 'Qw==\n' + 1019 '-----END CERTIFICATE-----\n'; 1020 1021let encodingBlob: cert.EncodingBlob = { 1022 data: stringToUint8Array(certData), 1023 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1024 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1025}; 1026cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1027 if (error) { 1028 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1029 } else { 1030 console.log('createX509Cert success'); 1031 let version = x509Cert.getVersion(); 1032 } 1033}); 1034``` 1035 1036### getSerialNumber<sup>(deprecated)</sup> 1037 1038getSerialNumber() : number 1039 1040表示获取X509证书序列号。 1041 1042> **说明:** 1043> 1044> 从API version 9开始支持,从API version 10开始废弃,建议使用[getCertSerialNumber](#getcertserialnumber10)替代。 1045 1046**系统能力:** SystemCapability.Security.Cert 1047 1048**返回值**: 1049 1050| 类型 | 说明 | 1051| ------ | ------------------ | 1052| number | 表示X509证书序列号。 | 1053 1054**示例:** 1055 1056```ts 1057import { cert } from '@kit.DeviceCertificateKit'; 1058 1059// string转Uint8Array。 1060function stringToUint8Array(str: string): Uint8Array { 1061 let arr: Array<number> = []; 1062 for (let i = 0, j = str.length; i < j; i++) { 1063 arr.push(str.charCodeAt(i)); 1064 } 1065 return new Uint8Array(arr); 1066} 1067 1068// 证书二进制数据,需业务自行赋值。 1069let certData = '-----BEGIN CERTIFICATE-----\n' + 1070 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1071 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1072 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1073 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1074 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1075 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1076 'Qw==\n' + 1077 '-----END CERTIFICATE-----\n'; 1078 1079let encodingBlob: cert.EncodingBlob = { 1080 data: stringToUint8Array(certData), 1081 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1082 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1083}; 1084 1085cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1086 if (error) { 1087 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1088 } else { 1089 console.log('createX509Cert success'); 1090 let serialNumber = x509Cert.getSerialNumber(); 1091 } 1092}); 1093``` 1094 1095### getCertSerialNumber<sup>10+</sup> 1096 1097getCertSerialNumber() : bigint 1098 1099表示获取X509证书序列号。 1100 1101**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1102 1103**系统能力:** SystemCapability.Security.Cert 1104 1105**返回值**: 1106 1107| 类型 | 说明 | 1108| ------ | ------------------ | 1109| bigint | 表示X509证书序列号。 | 1110 1111**错误码:** 1112 1113以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1114 1115| 错误码ID | 错误信息 | 1116| -------- | ------------------------------------------------- | 1117| 19020002 | runtime error. | 1118 1119**示例:** 1120 1121```ts 1122import { cert } from '@kit.DeviceCertificateKit'; 1123import { BusinessError } from '@kit.BasicServicesKit'; 1124 1125// string转Uint8Array。 1126function stringToUint8Array(str: string): Uint8Array { 1127 let arr: Array<number> = []; 1128 for (let i = 0, j = str.length; i < j; i++) { 1129 arr.push(str.charCodeAt(i)); 1130 } 1131 return new Uint8Array(arr); 1132} 1133 1134// 证书二进制数据,需业务自行赋值。 1135let certData = '-----BEGIN CERTIFICATE-----\n' + 1136 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1137 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1138 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1139 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1140 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1141 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1142 'Qw==\n' + 1143 '-----END CERTIFICATE-----\n'; 1144 1145let encodingBlob: cert.EncodingBlob = { 1146 data: stringToUint8Array(certData), 1147 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1148 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1149}; 1150 1151cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1152 if (error) { 1153 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1154 } else { 1155 console.log('createX509Cert success'); 1156 try { 1157 let serialNumber = x509Cert.getCertSerialNumber(); 1158 } catch (err) { 1159 let e: BusinessError = err as BusinessError; 1160 console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1161 } 1162 } 1163}); 1164``` 1165 1166### getIssuerName 1167 1168getIssuerName() : DataBlob 1169 1170表示获取X509证书颁发者名称。 1171 1172> **说明:** 1173> 1174> 获取到的X509证书颁发者名称数据带字符串结束符。 1175 1176**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1177 1178**系统能力:** SystemCapability.Security.Cert 1179 1180**返回值**: 1181 1182| 类型 | 说明 | 1183| --------------------- | ---------------------- | 1184| [DataBlob](#datablob) | 表示X509证书颁发者名称。 | 1185 1186**错误码:** 1187 1188以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1189 1190| 错误码ID | 错误信息 | 1191| -------- | ------------------------------------------------- | 1192| 19020001 | memory error. | 1193| 19020002 | runtime error. | 1194| 19030001 | crypto operation error.| 1195 1196**示例:** 1197 1198```ts 1199import { cert } from '@kit.DeviceCertificateKit'; 1200import { BusinessError } from '@kit.BasicServicesKit'; 1201 1202// string转Uint8Array。 1203function stringToUint8Array(str: string): Uint8Array { 1204 let arr: Array<number> = []; 1205 for (let i = 0, j = str.length; i < j; i++) { 1206 arr.push(str.charCodeAt(i)); 1207 } 1208 return new Uint8Array(arr); 1209} 1210 1211// 证书二进制数据,需业务自行赋值。 1212let certData = '-----BEGIN CERTIFICATE-----\n' + 1213 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1214 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1215 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1216 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1217 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1218 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1219 'Qw==\n' + 1220 '-----END CERTIFICATE-----\n'; 1221 1222let encodingBlob: cert.EncodingBlob = { 1223 data: stringToUint8Array(certData), 1224 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1226}; 1227 1228cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1229 if (error) { 1230 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1231 } else { 1232 console.log('createX509Cert success'); 1233 try { 1234 let issuerName = x509Cert.getIssuerName(); 1235 } catch (err) { 1236 let e: BusinessError = err as BusinessError; 1237 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1238 } 1239 } 1240}); 1241``` 1242 1243### getSubjectName 1244 1245getSubjectName(encodingType?: EncodingType) : DataBlob 1246 1247表示获取X509证书主体名称。 1248 1249> **说明:** 1250> 1251> 获取到的X509证书主体名称数据带字符串结束符。 1252 1253**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1254 1255**系统能力:** SystemCapability.Security.Cert 1256 1257**参数**: 1258 1259| 参数名 | 类型 | 必填 | 说明 | 1260| -------- | ------------------------------------- | ---- | ------------------------------ | 1261| encodingType | [EncodingType](#encodingtype12) | 否 | 编码类型。设置参数表示获取UTF8格式编码;不设置默认获取ASCII格式编码。<br>API 12后支持设置此参数。 | 1262 1263**返回值**: 1264 1265| 类型 | 说明 | 1266| --------------------- | -------------------- | 1267| [DataBlob](#datablob) | 表示X509证书主体名称。 | 1268 1269**错误码:** 1270 1271以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1272 1273| 错误码ID | 错误信息 | 1274| -------- | ------------------------------------------------- | 1275| 401 | invalid parameters. Possible causes: <br>1. Incorrect parameter types;<br>2. Parameter verification failed. | 1276| 19020001 | memory error. | 1277| 19020002 | runtime error. | 1278| 19030001 | crypto operation error.| 1279 1280**示例:** 1281 1282```ts 1283import { cert } from '@kit.DeviceCertificateKit'; 1284import { BusinessError } from '@kit.BasicServicesKit'; 1285 1286// string转Uint8Array。 1287function stringToUint8Array(str: string): Uint8Array { 1288 let arr: Array<number> = []; 1289 for (let i = 0, j = str.length; i < j; i++) { 1290 arr.push(str.charCodeAt(i)); 1291 } 1292 return new Uint8Array(arr); 1293} 1294 1295// 证书二进制数据,需业务自行赋值。 1296let certData = '-----BEGIN CERTIFICATE-----\n' + 1297 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1298 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1299 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1300 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1301 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1302 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1303 'Qw==\n' + 1304 '-----END CERTIFICATE-----\n'; 1305 1306let encodingBlob: cert.EncodingBlob = { 1307 data: stringToUint8Array(certData), 1308 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1309 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1310}; 1311 1312cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1313 if (error) { 1314 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1315 } else { 1316 console.log('createX509Cert success'); 1317 try { 1318 let subjectName = x509Cert.getSubjectName(); 1319 } catch (err) { 1320 let e: BusinessError = err as BusinessError; 1321 console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1322 } 1323 try { 1324 let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); 1325 } catch (err) { 1326 let e: BusinessError = err as BusinessError; 1327 console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1328 } 1329 } 1330}); 1331``` 1332 1333### getNotBeforeTime 1334 1335getNotBeforeTime() : string 1336 1337表示获取X509证书有效期起始时间。 1338 1339**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1340 1341**系统能力:** SystemCapability.Security.Cert 1342 1343**返回值**: 1344 1345| 类型 | 说明 | 1346| ------ | ------------------------------------------------------------ | 1347| string | 表示X509证书有效期起始时间,日期为ASN.1时间格式。 | 1348 1349**错误码:** 1350 1351以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1352 1353| 错误码ID | 错误信息 | 1354| -------- | ------------------------------------------------- | 1355| 19020001 | memory error. | 1356| 19020002 | runtime error. | 1357| 19030001 | crypto operation error.| 1358 1359**示例:** 1360 1361```ts 1362import { cert } from '@kit.DeviceCertificateKit'; 1363import { BusinessError } from '@kit.BasicServicesKit'; 1364 1365// string转Uint8Array。 1366function stringToUint8Array(str: string): Uint8Array { 1367 let arr: Array<number> = []; 1368 for (let i = 0, j = str.length; i < j; i++) { 1369 arr.push(str.charCodeAt(i)); 1370 } 1371 return new Uint8Array(arr); 1372} 1373 1374// 证书二进制数据,需业务自行赋值。 1375let certData = '-----BEGIN CERTIFICATE-----\n' + 1376 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1377 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1378 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1379 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1380 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1381 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1382 'Qw==\n' + 1383 '-----END CERTIFICATE-----\n'; 1384 1385let encodingBlob: cert.EncodingBlob = { 1386 data: stringToUint8Array(certData), 1387 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1388 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1389}; 1390 1391cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1392 if (error) { 1393 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1394 } else { 1395 console.log('createX509Cert success'); 1396 try { 1397 let notBefore = x509Cert.getNotBeforeTime(); 1398 } catch (err) { 1399 let e: BusinessError = err as BusinessError; 1400 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1401 } 1402 } 1403}); 1404``` 1405 1406### getNotAfterTime 1407 1408getNotAfterTime() : string 1409 1410表示获取X509证书有效期截止时间。 1411 1412**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1413 1414**系统能力:** SystemCapability.Security.Cert 1415 1416**返回值**: 1417 1418| 类型 | 说明 | 1419| ------ | ------------------------------------------------------------ | 1420| string | 表示X509证书有效期截止时间,日期为ASN.1时间格式。 | 1421 1422**错误码:** 1423 1424以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1425 1426| 错误码ID | 错误信息 | 1427| -------- | ------------------------------------------------- | 1428| 19020001 | memory error. | 1429| 19020002 | runtime error. | 1430| 19030001 | crypto operation error.| 1431 1432**示例:** 1433 1434```ts 1435import { cert } from '@kit.DeviceCertificateKit'; 1436 1437import { BusinessError } from '@kit.BasicServicesKit'; 1438 1439// string转Uint8Array。 1440function stringToUint8Array(str: string): Uint8Array { 1441 let arr: Array<number> = []; 1442 for (let i = 0, j = str.length; i < j; i++) { 1443 arr.push(str.charCodeAt(i)); 1444 } 1445 return new Uint8Array(arr); 1446} 1447 1448// 证书二进制数据,需业务自行赋值。 1449let certData = '-----BEGIN CERTIFICATE-----\n' + 1450 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1451 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1452 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1453 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1454 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1455 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1456 'Qw==\n' + 1457 '-----END CERTIFICATE-----\n'; 1458 1459let encodingBlob: cert.EncodingBlob = { 1460 data: stringToUint8Array(certData), 1461 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1462 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1463}; 1464 1465cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1466 if (error) { 1467 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1468 } else { 1469 console.log('createX509Cert success'); 1470 try { 1471 let notAfter = x509Cert.getNotAfterTime(); 1472 } catch (err) { 1473 let e: BusinessError = err as BusinessError; 1474 console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1475 } 1476 } 1477}); 1478``` 1479 1480### getSignature 1481 1482getSignature() : DataBlob 1483 1484表示获取X509证书签名数据。 1485 1486**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1487 1488**系统能力:** SystemCapability.Security.Cert 1489 1490**返回值**: 1491 1492| 类型 | 说明 | 1493| --------------------- | -------------------- | 1494| [DataBlob](#datablob) | 表示X509证书签名数据。 | 1495 1496**错误码:** 1497 1498以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1499 1500| 错误码ID | 错误信息 | 1501| -------- | ------------------------------------------------- | 1502| 19020001 | memory error. | 1503| 19020002 | runtime error. | 1504| 19030001 | crypto operation error.| 1505 1506**示例:** 1507 1508```ts 1509import { cert } from '@kit.DeviceCertificateKit'; 1510 1511import { BusinessError } from '@kit.BasicServicesKit'; 1512 1513// string转Uint8Array。 1514function stringToUint8Array(str: string): Uint8Array { 1515 let arr: Array<number> = []; 1516 for (let i = 0, j = str.length; i < j; i++) { 1517 arr.push(str.charCodeAt(i)); 1518 } 1519 return new Uint8Array(arr); 1520} 1521 1522// 证书二进制数据,需业务自行赋值。 1523let certData = '-----BEGIN CERTIFICATE-----\n' + 1524 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1525 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1526 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1527 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1528 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1529 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1530 'Qw==\n' + 1531 '-----END CERTIFICATE-----\n'; 1532 1533let encodingBlob: cert.EncodingBlob = { 1534 data: stringToUint8Array(certData), 1535 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1536 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1537}; 1538 1539cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1540 if (error) { 1541 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1542 } else { 1543 console.log('createX509Cert success'); 1544 try { 1545 let signature = x509Cert.getSignature(); 1546 } catch (err) { 1547 let e: BusinessError = err as BusinessError; 1548 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1549 } 1550 } 1551}); 1552``` 1553 1554### getSignatureAlgName 1555 1556getSignatureAlgName() : string 1557 1558表示获取X509证书签名算法名称。 1559 1560**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1561 1562**系统能力:** SystemCapability.Security.Cert 1563 1564**返回值**: 1565 1566| 类型 | 说明 | 1567| ------ | ------------------------ | 1568| string | 表示X509证书签名算法名称。 | 1569 1570**错误码:** 1571 1572以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1573 1574| 错误码ID | 错误信息 | 1575| -------- | ------------------------------------------------- | 1576| 19020001 | memory error. | 1577| 19020002 | runtime error. | 1578| 19030001 | crypto operation error.| 1579 1580**示例:** 1581 1582```ts 1583import { cert } from '@kit.DeviceCertificateKit'; 1584 1585import { BusinessError } from '@kit.BasicServicesKit'; 1586 1587// string转Uint8Array。 1588function stringToUint8Array(str: string): Uint8Array { 1589 let arr: Array<number> = []; 1590 for (let i = 0, j = str.length; i < j; i++) { 1591 arr.push(str.charCodeAt(i)); 1592 } 1593 return new Uint8Array(arr); 1594} 1595 1596// 证书二进制数据,需业务自行赋值。 1597let certData = '-----BEGIN CERTIFICATE-----\n' + 1598 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1599 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1600 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1601 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1602 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1603 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1604 'Qw==\n' + 1605 '-----END CERTIFICATE-----\n'; 1606 1607let encodingBlob: cert.EncodingBlob = { 1608 data: stringToUint8Array(certData), 1609 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1610 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1611}; 1612 1613cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1614 if (error) { 1615 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1616 } else { 1617 console.log('createX509Cert success'); 1618 try { 1619 let sigAlgName = x509Cert.getSignatureAlgName(); 1620 } catch (err) { 1621 let e: BusinessError = err as BusinessError; 1622 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1623 } 1624 } 1625}); 1626``` 1627 1628### getSignatureAlgOid 1629 1630getSignatureAlgOid() : string 1631 1632表示获取X509证书签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 1633 1634**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1635 1636**系统能力:** SystemCapability.Security.Cert 1637 1638**返回值**: 1639 1640| 类型 | 说明 | 1641| ------ | --------------------------------- | 1642| string | 表示X509证书签名算法对象标志符OID。 | 1643 1644**错误码:** 1645 1646以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1647 1648| 错误码ID | 错误信息 | 1649| -------- | ------------------------------------------------- | 1650| 19020001 | memory error. | 1651| 19020002 | runtime error. | 1652| 19030001 | crypto operation error.| 1653 1654**示例:** 1655 1656```ts 1657import { cert } from '@kit.DeviceCertificateKit'; 1658import { BusinessError } from '@kit.BasicServicesKit'; 1659 1660// string转Uint8Array。 1661function stringToUint8Array(str: string): Uint8Array { 1662 let arr: Array<number> = []; 1663 for (let i = 0, j = str.length; i < j; i++) { 1664 arr.push(str.charCodeAt(i)); 1665 } 1666 return new Uint8Array(arr); 1667} 1668 1669// 证书二进制数据,需业务自行赋值。 1670let certData = '-----BEGIN CERTIFICATE-----\n' + 1671 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1672 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1673 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1674 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1675 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1676 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1677 'Qw==\n' + 1678 '-----END CERTIFICATE-----\n'; 1679 1680let encodingBlob: cert.EncodingBlob = { 1681 data: stringToUint8Array(certData), 1682 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1683 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1684}; 1685 1686cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1687 if (error) { 1688 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1689 } else { 1690 console.log('createX509Cert success'); 1691 try { 1692 let sigAlgOid = x509Cert.getSignatureAlgOid(); 1693 } catch (err) { 1694 let e: BusinessError = err as BusinessError; 1695 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1696 } 1697 } 1698}); 1699``` 1700 1701### getSignatureAlgParams 1702 1703getSignatureAlgParams() : DataBlob 1704 1705表示获取X509证书签名算法参数。 1706 1707**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1708 1709**系统能力:** SystemCapability.Security.Cert 1710 1711**返回值**: 1712 1713| 类型 | 说明 | 1714| --------------------- | ------------------------ | 1715| [DataBlob](#datablob) | 表示X509证书签名算法参数。 | 1716 1717**错误码:** 1718 1719以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1720 1721| 错误码ID | 错误信息 | 1722| -------- | ------------------------------------------------- | 1723| 801 | this operation is not supported. | 1724| 19020001 | memory error. | 1725| 19020002 | runtime error. | 1726| 19030001 | crypto operation error.| 1727 1728**示例:** 1729 1730```ts 1731import { cert } from '@kit.DeviceCertificateKit'; 1732import { BusinessError } from '@kit.BasicServicesKit'; 1733 1734// string转Uint8Array。 1735function stringToUint8Array(str: string): Uint8Array { 1736 let arr: Array<number> = []; 1737 for (let i = 0, j = str.length; i < j; i++) { 1738 arr.push(str.charCodeAt(i)); 1739 } 1740 return new Uint8Array(arr); 1741} 1742 1743// 证书二进制数据,需业务自行赋值。 1744let certData = '-----BEGIN CERTIFICATE-----\n' + 1745 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1746 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1747 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1748 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1749 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1750 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1751 'Qw==\n' + 1752 '-----END CERTIFICATE-----\n'; 1753 1754let encodingBlob: cert.EncodingBlob = { 1755 data: stringToUint8Array(certData), 1756 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1757 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1758}; 1759 1760cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1761 if (error) { 1762 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1763 } else { 1764 console.log('createX509Cert success'); 1765 try { 1766 let sigAlgParams = x509Cert.getSignatureAlgParams(); 1767 } catch (err) { 1768 let e: BusinessError = err as BusinessError; 1769 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1770 } 1771 } 1772}); 1773``` 1774 1775### getKeyUsage 1776 1777getKeyUsage() : DataBlob 1778 1779表示获取X509证书秘钥用途。 1780 1781**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1782 1783**系统能力:** SystemCapability.Security.Cert 1784 1785**返回值**: 1786 1787| 类型 | 说明 | 1788| --------------------- | -------------------- | 1789| [DataBlob](#datablob) | 表示X509证书秘钥用途。 | 1790 1791**错误码:** 1792 1793以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1794 1795| 错误码ID | 错误信息 | 1796| -------- | ------------------------------------------------- | 1797| 19020001 | memory error. | 1798| 19030001 | crypto operation error.| 1799 1800**示例:** 1801 1802```ts 1803import { cert } from '@kit.DeviceCertificateKit'; 1804import { BusinessError } from '@kit.BasicServicesKit'; 1805 1806// string转Uint8Array。 1807function stringToUint8Array(str: string): Uint8Array { 1808 let arr: Array<number> = []; 1809 for (let i = 0, j = str.length; i < j; i++) { 1810 arr.push(str.charCodeAt(i)); 1811 } 1812 return new Uint8Array(arr); 1813} 1814 1815// 证书二进制数据,需业务自行赋值。 1816let certData = '-----BEGIN CERTIFICATE-----\n' + 1817 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1818 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1819 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1820 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1821 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1822 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1823 'Qw==\n' + 1824 '-----END CERTIFICATE-----\n'; 1825 1826let encodingBlob: cert.EncodingBlob = { 1827 data: stringToUint8Array(certData), 1828 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1829 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1830}; 1831 1832cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1833 if (error) { 1834 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1835 } else { 1836 console.log('createX509Cert success'); 1837 try { 1838 let keyUsage = x509Cert.getKeyUsage(); 1839 } catch (err) { 1840 let e: BusinessError = err as BusinessError; 1841 console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1842 } 1843 } 1844}); 1845``` 1846 1847### getExtKeyUsage 1848 1849getExtKeyUsage() : DataArray 1850 1851表示获取X509证书扩展秘钥用途。 1852 1853**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1854 1855**系统能力:** SystemCapability.Security.Cert 1856 1857**返回值**: 1858 1859| 类型 | 说明 | 1860| ----------------------- | ------------------------ | 1861| [DataArray](#dataarray) | 表示X509证书扩展秘钥用途。 | 1862 1863**错误码:** 1864 1865以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 1866 1867| 错误码ID | 错误信息 | 1868| -------- | ------------------------------------------------- | 1869| 19020001 | memory error. | 1870| 19020002 | runtime error. | 1871| 19030001 | crypto operation error.| 1872 1873**示例:** 1874 1875```ts 1876import { cert } from '@kit.DeviceCertificateKit'; 1877import { BusinessError } from '@kit.BasicServicesKit'; 1878 1879// string转Uint8Array。 1880function stringToUint8Array(str: string): Uint8Array { 1881 let arr: Array<number> = []; 1882 for (let i = 0, j = str.length; i < j; i++) { 1883 arr.push(str.charCodeAt(i)); 1884 } 1885 return new Uint8Array(arr); 1886} 1887 1888// 证书二进制数据,需业务自行赋值。 1889let certData = '-----BEGIN CERTIFICATE-----\n' + 1890 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1891 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1892 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1893 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1894 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1895 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1896 'Qw==\n' + 1897 '-----END CERTIFICATE-----\n'; 1898 1899let encodingBlob: cert.EncodingBlob = { 1900 data: stringToUint8Array(certData), 1901 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1902 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1903}; 1904 1905cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1906 if (error) { 1907 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1908 } else { 1909 console.log('createX509Cert success'); 1910 try { 1911 let extKeyUsage = x509Cert.getExtKeyUsage(); 1912 } catch (err) { 1913 let e: BusinessError = err as BusinessError; 1914 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 1915 } 1916 } 1917}); 1918``` 1919 1920### getBasicConstraints 1921 1922getBasicConstraints() : number 1923 1924表示获取X509证书基本约束。 1925 1926**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1927 1928**系统能力:** SystemCapability.Security.Cert 1929 1930**返回值**: 1931 1932| 类型 | 说明 | 1933| ------ | -------------------- | 1934| number | 表示X509证书基本约束。 | 1935 1936**示例:** 1937 1938```ts 1939import { cert } from '@kit.DeviceCertificateKit'; 1940 1941// string转Uint8Array。 1942function stringToUint8Array(str: string): Uint8Array { 1943 let arr: Array<number> = []; 1944 for (let i = 0, j = str.length; i < j; i++) { 1945 arr.push(str.charCodeAt(i)); 1946 } 1947 return new Uint8Array(arr); 1948} 1949 1950// 证书二进制数据,需业务自行赋值。 1951let certData = '-----BEGIN CERTIFICATE-----\n' + 1952 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 1953 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 1954 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 1955 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 1956 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 1957 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 1958 'Qw==\n' + 1959 '-----END CERTIFICATE-----\n'; 1960 1961let encodingBlob: cert.EncodingBlob = { 1962 data: stringToUint8Array(certData), 1963 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 1964 encodingFormat: cert.EncodingFormat.FORMAT_PEM 1965}; 1966 1967cert.createX509Cert(encodingBlob, (error, x509Cert) => { 1968 if (error) { 1969 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 1970 } else { 1971 console.log('createX509Cert success'); 1972 let basicConstraints = x509Cert.getBasicConstraints(); 1973 } 1974}); 1975``` 1976 1977### getSubjectAltNames 1978 1979getSubjectAltNames() : DataArray 1980 1981表示获取X509证书主体可选名称。 1982 1983> **说明:** 1984> 1985> 获取到的X509证书主体可选名称数据带字符串结束符。 1986 1987**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 1988 1989**系统能力:** SystemCapability.Security.Cert 1990 1991**返回值**: 1992 1993| 类型 | 说明 | 1994| ----------------------- | ------------------------ | 1995| [DataArray](#dataarray) | 表示X509证书主体可选名称。 | 1996 1997**错误码:** 1998 1999以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2000 2001| 错误码ID | 错误信息 | 2002| -------- | ------------------------------------------------- | 2003| 19020001 | memory error. | 2004| 19020002 | runtime error. | 2005| 19030001 | crypto operation error.| 2006 2007**示例:** 2008 2009```ts 2010import { cert } from '@kit.DeviceCertificateKit'; 2011import { BusinessError } from '@kit.BasicServicesKit'; 2012 2013// string转Uint8Array。 2014function stringToUint8Array(str: string): Uint8Array { 2015 let arr: Array<number> = []; 2016 for (let i = 0, j = str.length; i < j; i++) { 2017 arr.push(str.charCodeAt(i)); 2018 } 2019 return new Uint8Array(arr); 2020} 2021 2022// 证书二进制数据,需业务自行赋值。 2023let certData = '-----BEGIN CERTIFICATE-----\n' + 2024 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2025 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2026 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2027 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2028 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2029 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2030 'Qw==\n' + 2031 '-----END CERTIFICATE-----\n'; 2032 2033let encodingBlob: cert.EncodingBlob = { 2034 data: stringToUint8Array(certData), 2035 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2036 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2037}; 2038 2039cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2040 if (error) { 2041 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2042 } else { 2043 console.log('createX509Cert success'); 2044 try { 2045 let subjectAltNames = x509Cert.getSubjectAltNames(); 2046 } catch (err) { 2047 let e: BusinessError = err as BusinessError; 2048 console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2049 } 2050 } 2051}); 2052``` 2053 2054### getIssuerAltNames 2055 2056getIssuerAltNames() : DataArray 2057 2058表示获取X509证书颁发者可选名称。 2059 2060> **说明:** 2061> 2062> 获取到的X509证书颁发者可选名称数据带字符串结束符。 2063 2064**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2065 2066**系统能力:** SystemCapability.Security.Cert 2067 2068**返回值**: 2069 2070| 类型 | 说明 | 2071| ----------------------- | -------------------------- | 2072| [DataArray](#dataarray) | 表示X509证书颁发者可选名称。 | 2073 2074**错误码:** 2075 2076以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2077 2078| 错误码ID | 错误信息 | 2079| -------- | ------------------------------------------------- | 2080| 19020001 | memory error. | 2081| 19020002 | runtime error. | 2082| 19030001 | crypto operation error.| 2083 2084**示例:** 2085 2086```ts 2087import { cert } from '@kit.DeviceCertificateKit'; 2088import { BusinessError } from '@kit.BasicServicesKit'; 2089 2090// string转Uint8Array。 2091function stringToUint8Array(str: string): Uint8Array { 2092 let arr: Array<number> = []; 2093 for (let i = 0, j = str.length; i < j; i++) { 2094 arr.push(str.charCodeAt(i)); 2095 } 2096 return new Uint8Array(arr); 2097} 2098 2099// 证书二进制数据,需业务自行赋值。 2100let certData = '-----BEGIN CERTIFICATE-----\n' + 2101 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2102 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2103 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2104 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2105 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2106 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2107 'Qw==\n' + 2108 '-----END CERTIFICATE-----\n'; 2109 2110let encodingBlob: cert.EncodingBlob = { 2111 data: stringToUint8Array(certData), 2112 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2113 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2114}; 2115 2116cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2117 if (error) { 2118 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2119 } else { 2120 console.log('createX509Cert success'); 2121 try { 2122 let issuerAltNames = x509Cert.getIssuerAltNames(); 2123 } catch (err) { 2124 let e: BusinessError = err as BusinessError; 2125 console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2126 } 2127 } 2128}); 2129``` 2130 2131### getItem<sup>10+</sup> 2132 2133getItem(itemType: CertItemType) : DataBlob 2134 2135表示获取X509证书对应的字段。 2136 2137**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2138 2139**系统能力:** SystemCapability.Security.Cert 2140 2141**参数**: 2142 2143| 参数名 | 类型 | 必填 | 说明 | 2144| --------- | ------ | ---- | ------------------------------------------ | 2145| itemType | [CertItemType](#certitemtype10) | 是 | 表示需要获取的证书字段。 | 2146 2147**返回值**: 2148 2149| 类型 | 说明 | 2150| --------------------- | ----------------------------------------- | 2151| [DataBlob](#datablob) | 表示X509证书对应的字段,返回值为DER格式。 | 2152 2153**错误码:** 2154 2155以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2156 2157| 错误码ID | 错误信息 | 2158| -------- | ----------------------- | 2159| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2160| 19020001 | memory error. | 2161| 19020002 | runtime error. | 2162| 19030001 | crypto operation error. | 2163 2164**示例:** 2165 2166```ts 2167import { cert } from '@kit.DeviceCertificateKit'; 2168import { BusinessError } from '@kit.BasicServicesKit'; 2169 2170// string转Uint8Array。 2171function stringToUint8Array(str: string): Uint8Array { 2172 let arr: Array<number> = []; 2173 for (let i = 0, j = str.length; i < j; i++) { 2174 arr.push(str.charCodeAt(i)); 2175 } 2176 return new Uint8Array(arr); 2177} 2178 2179// 证书二进制数据,需业务自行赋值。 2180let certData = '-----BEGIN CERTIFICATE-----\n' + 2181 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 2182 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 2183 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 2184 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 2185 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 2186 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 2187 'Qw==\n' + 2188 '-----END CERTIFICATE-----\n'; 2189 2190let encodingBlob: cert.EncodingBlob = { 2191 data: stringToUint8Array(certData), 2192 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2193 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2194}; 2195 2196cert.createX509Cert(encodingBlob, (error, x509Cert) => { 2197 if (error) { 2198 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2199 } else { 2200 console.log('createX509Cert success'); 2201 try { 2202 let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); 2203 let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); 2204 } catch (err) { 2205 let e: BusinessError = err as BusinessError; 2206 console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2207 } 2208 } 2209}); 2210``` 2211### match<sup>11+</sup> 2212 2213match(param: X509CertMatchParameters): boolean 2214 2215判断证书是否与输入参数匹配。 2216 2217**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2218 2219**系统能力:** SystemCapability.Security.Cert 2220 2221**参数**: 2222 2223| 参数名 | 类型 | 必填 | 说明 | 2224| --------- | ------ | ---- | ------------------------------------------ | 2225| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示需要匹配的参数。 | 2226 2227**返回值**: 2228 2229| 类型 | 说明 | 2230| --------------------- | ----------------------------------------- | 2231| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 2232 2233**错误码:** 2234 2235以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2236 2237| 错误码ID | 错误信息 | 2238| -------- | ------------- | 2239| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2240| 19020001 | memory error. | 2241| 19030001 | crypto operation error. | 2242 2243**示例:** 2244 2245```ts 2246import { cert } from '@kit.DeviceCertificateKit'; 2247import { BusinessError } from '@kit.BasicServicesKit'; 2248 2249// string转Uint8Array。 2250function stringToUint8Array(str: string): Uint8Array { 2251 let arr: Array<number> = []; 2252 for (let i = 0, j = str.length; i < j; i++) { 2253 arr.push(str.charCodeAt(i)); 2254 } 2255 return new Uint8Array(arr); 2256} 2257 2258async function createX509Cert(): Promise<cert.X509Cert> { 2259 let certData = '-----BEGIN CERTIFICATE-----\n' + 2260 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 2261 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 2262 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 2263 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + 2264 '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 2265 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 2266 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 2267 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 2268 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 2269 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 2270 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 2271 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 2272 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 2273 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 2274 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 2275 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 2276 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 2277 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + 2278 '-----END CERTIFICATE-----\n'; 2279 2280 let encodingBlob: cert.EncodingBlob = { 2281 data: stringToUint8Array(certData), 2282 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2283 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2284 }; 2285 2286 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2287 try { 2288 x509Cert = await cert.createX509Cert(encodingBlob); 2289 } catch (err) { 2290 let e: BusinessError = err as BusinessError; 2291 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2292 } 2293 return x509Cert; 2294} 2295 2296async function matchX509Cert() { 2297 const x509Cert = await createX509Cert(); 2298 try { 2299 // 需业务自行赋值。 2300 const param: cert.X509CertMatchParameters = { 2301 x509Cert, 2302 validDate: '20241121074700Z', 2303 keyUsage: [true, false, false, false, false, false, false, false, false], 2304 publicKeyAlgID: '1.2.840.113549.1.1.1' 2305 }; 2306 const result = x509Cert.match(param); 2307 console.log('call x509Cert match success'); 2308 } catch (err) { 2309 console.error('call x509Cert match failed'); 2310 } 2311} 2312``` 2313 2314### getCRLDistributionPoint<sup>12+</sup> 2315 2316getCRLDistributionPoint(): DataArray 2317 2318获取X509证书CRL的分发点统一资源标识符。 2319 2320**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2321 2322**系统能力:** SystemCapability.Security.Cert 2323 2324**返回值**: 2325 2326| 类型 | 说明 | 2327| ----------------------- | -------------------------- | 2328| [DataArray](#dataarray) | 表示X509证书CRL的分发点统一资源标识符。 | 2329 2330**错误码:** 2331 2332以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2333 2334| 错误码ID | 错误信息 | 2335| -------- | ------------- | 2336| 19020001 | memory error. | 2337| 19020002 | runtime error. | 2338| 19030001 | crypto operation error. | 2339 2340**示例:** 2341 2342```ts 2343import { cert } from '@kit.DeviceCertificateKit'; 2344import { BusinessError } from '@kit.BasicServicesKit'; 2345 2346// string转Uint8Array。 2347function stringToUint8Array(str: string): Uint8Array { 2348 let arr: Array<number> = []; 2349 for (let i = 0, j = str.length; i < j; i++) { 2350 arr.push(str.charCodeAt(i)); 2351 } 2352 return new Uint8Array(arr); 2353} 2354 2355let certData = "-----BEGIN CERTIFICATE-----\n" + 2356 "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + 2357 "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + 2358 "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + 2359 "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + 2360 "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + 2361 "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + 2362 "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + 2363 "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + 2364 "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + 2365 "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + 2366 "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + 2367 "-----END CERTIFICATE-----\n"; 2368 2369 // 证书二进制数据,需业务自行赋值。 2370let encodingBlob: cert.EncodingBlob = { 2371 data: stringToUint8Array(certData), 2372 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2373 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2374}; 2375 2376async function certGetCRLDistributionPoint() { 2377 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2378 try { 2379 x509Cert = await cert.createX509Cert(encodingBlob); 2380 console.log('createX509Cert success'); 2381 let point = x509Cert.getCRLDistributionPoint(); 2382 } catch (err) { 2383 let e: BusinessError = err as BusinessError; 2384 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2385 } 2386} 2387``` 2388 2389### getIssuerX500DistinguishedName<sup>12+</sup> 2390 2391getIssuerX500DistinguishedName(): X500DistinguishedName 2392 2393获取颁发者的X509可分辨名称。 2394 2395**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2396 2397**系统能力:** SystemCapability.Security.Cert 2398 2399**返回值**: 2400 2401| 类型 | 说明 | 2402| --------------------- | ----------------------------------------- | 2403| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2404 2405**错误码:** 2406 2407以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2408 2409| 错误码ID | 错误信息 | 2410| -------- | ------------- | 2411| 19020001 | memory error. | 2412| 19020002 | runtime error. | 2413| 19030001 | crypto operation error. | 2414 2415**示例:** 2416 2417```ts 2418import { cert } from '@kit.DeviceCertificateKit'; 2419import { BusinessError } from '@kit.BasicServicesKit'; 2420 2421// string转Uint8Array。 2422function stringToUint8Array(str: string): Uint8Array { 2423 let arr: Array<number> = []; 2424 for (let i = 0, j = str.length; i < j; i++) { 2425 arr.push(str.charCodeAt(i)); 2426 } 2427 return new Uint8Array(arr); 2428} 2429 2430let certData = "-----BEGIN CERTIFICATE-----\n" + 2431 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2432 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2433 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2434 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2435 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2436 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2437 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2438 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2439 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2440 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2441 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2442 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2443 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2444 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2445 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2446 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2447 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2448 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2449 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2450 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2451 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2452 "-----END CERTIFICATE-----\n" 2453 2454 // 证书二进制数据,需业务自行赋值。 2455 let encodingBlob: cert.EncodingBlob = { 2456 data: stringToUint8Array(certData), 2457 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2458 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2459 }; 2460 2461async function certGetIssuerX500DistinguishedName() { 2462 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2463 try { 2464 x509Cert = await cert.createX509Cert(encodingBlob); 2465 console.log('createX509Cert success'); 2466 let name = x509Cert.getIssuerX500DistinguishedName(); 2467 } catch (err) { 2468 let e: BusinessError = err as BusinessError; 2469 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2470 } 2471} 2472``` 2473 2474### getSubjectX500DistinguishedName<sup>12+</sup> 2475 2476getSubjectX500DistinguishedName(): X500DistinguishedName 2477 2478获取证书主题的X509可分辨名称。 2479 2480**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2481 2482**系统能力:** SystemCapability.Security.Cert 2483 2484**返回值**: 2485 2486| 类型 | 说明 | 2487| --------------------- | ----------------------------------------- | 2488| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 2489 2490**错误码:** 2491 2492以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2493 2494| 错误码ID | 错误信息 | 2495| -------- | ------------- | 2496| 19020001 | memory error. | 2497| 19020002 | runtime error. | 2498| 19030001 | crypto operation error. | 2499 2500**示例:** 2501 2502```ts 2503import { cert } from '@kit.DeviceCertificateKit'; 2504import { BusinessError } from '@kit.BasicServicesKit'; 2505 2506// string转Uint8Array。 2507function stringToUint8Array(str: string): Uint8Array { 2508 let arr: Array<number> = []; 2509 for (let i = 0, j = str.length; i < j; i++) { 2510 arr.push(str.charCodeAt(i)); 2511 } 2512 return new Uint8Array(arr); 2513} 2514 2515let certData = "-----BEGIN CERTIFICATE-----\n" + 2516 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2517 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2518 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2519 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2520 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2521 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2522 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2523 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2524 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2525 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2526 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2527 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2528 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2529 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2530 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2531 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2532 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2533 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2534 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2535 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2536 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2537 "-----END CERTIFICATE-----\n" 2538 2539 // 证书二进制数据,需业务自行赋值。 2540 let encodingBlob: cert.EncodingBlob = { 2541 data: stringToUint8Array(certData), 2542 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2543 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2544 }; 2545 2546async function certGetSubjectX500DistinguishedName() { 2547 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2548 try { 2549 x509Cert = await cert.createX509Cert(encodingBlob); 2550 console.log('createX509Cert success'); 2551 let name = x509Cert.getSubjectX500DistinguishedName(); 2552 } catch (err) { 2553 let e: BusinessError = err as BusinessError; 2554 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2555 } 2556} 2557``` 2558 2559### toString<sup>12+</sup> 2560 2561toString(): string 2562 2563获取对象的字符串类型数据。 2564 2565**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2566 2567**系统能力:** SystemCapability.Security.Cert 2568 2569**返回值**: 2570 2571| 类型 | 说明 | 2572| --------------------- | ----------------------------------------- | 2573| string | 对象的字符串类型数据。| 2574 2575**错误码:** 2576 2577以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2578 2579| 错误码ID | 错误信息 | 2580| -------- | ------------- | 2581| 19020001 | memory error. | 2582| 19020002 | runtime error. | 2583| 19030001 | crypto operation error. | 2584 2585**示例:** 2586 2587```ts 2588import { cert } from '@kit.DeviceCertificateKit'; 2589import { BusinessError } from '@kit.BasicServicesKit'; 2590 2591// string转Uint8Array。 2592function stringToUint8Array(str: string): Uint8Array { 2593 let arr: Array<number> = []; 2594 for (let i = 0, j = str.length; i < j; i++) { 2595 arr.push(str.charCodeAt(i)); 2596 } 2597 return new Uint8Array(arr); 2598} 2599 2600let certData = "-----BEGIN CERTIFICATE-----\n" + 2601 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2602 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2603 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2604 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2605 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2606 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2607 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2608 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2609 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2610 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2611 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2612 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2613 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2614 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2615 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2616 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2617 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2618 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2619 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2620 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2621 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2622 "-----END CERTIFICATE-----\n" 2623 2624 // 证书二进制数据,需业务自行赋值。 2625 let encodingBlob: cert.EncodingBlob = { 2626 data: stringToUint8Array(certData), 2627 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2628 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2629 }; 2630 2631async function certToString() { 2632 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2633 try { 2634 x509Cert = await cert.createX509Cert(encodingBlob); 2635 console.log('createX509Cert success'); 2636 console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); 2637 } catch (err) { 2638 let e: BusinessError = err as BusinessError; 2639 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2640 } 2641} 2642``` 2643 2644### hashCode<sup>12+</sup> 2645 2646hashCode(): Uint8Array 2647 2648获取DER格式数据的哈希值。 2649 2650**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2651 2652**系统能力:** SystemCapability.Security.Cert 2653 2654**返回值**: 2655 2656| 类型 | 说明 | 2657| --------------------- | ----------------------------------------- | 2658| Uint8Array | DER格式数据的哈希值。| 2659 2660**错误码:** 2661 2662以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2663 2664| 错误码ID | 错误信息 | 2665| -------- | ------------- | 2666| 19020001 | memory error. | 2667| 19020002 | runtime error. | 2668| 19030001 | crypto operation error. | 2669 2670**示例:** 2671 2672```ts 2673import { cert } from '@kit.DeviceCertificateKit'; 2674import { BusinessError } from '@kit.BasicServicesKit'; 2675 2676// string转Uint8Array。 2677function stringToUint8Array(str: string): Uint8Array { 2678 let arr: Array<number> = []; 2679 for (let i = 0, j = str.length; i < j; i++) { 2680 arr.push(str.charCodeAt(i)); 2681 } 2682 return new Uint8Array(arr); 2683} 2684 2685let certData = "-----BEGIN CERTIFICATE-----\n" + 2686 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2687 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2688 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2689 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2690 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2691 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2692 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2693 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2694 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2695 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2696 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2697 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2698 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2699 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2700 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2701 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2702 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2703 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2704 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2705 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2706 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2707 "-----END CERTIFICATE-----\n" 2708 2709 // 证书二进制数据,需业务自行赋值。 2710 let encodingBlob: cert.EncodingBlob = { 2711 data: stringToUint8Array(certData), 2712 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2713 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2714 }; 2715 2716async function certHashCode() { 2717 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2718 try { 2719 x509Cert = await cert.createX509Cert(encodingBlob); 2720 console.log('createX509Cert success'); 2721 console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); 2722 } catch (err) { 2723 let e: BusinessError = err as BusinessError; 2724 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2725 } 2726} 2727``` 2728 2729### getExtensionsObject<sup>12+</sup> 2730 2731getExtensionsObject(): CertExtension 2732 2733获取对应实体的扩展域DER格式数据。 2734 2735**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2736 2737**系统能力:** SystemCapability.Security.Cert 2738 2739**返回值**: 2740 2741| 类型 | 说明 | 2742| --------------------- | ----------------------------------------- | 2743| [CertExtension](#certextension10) | 证书扩展域段类对象。| 2744 2745**错误码:** 2746 2747以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2748 2749| 错误码ID | 错误信息 | 2750| -------- | ------------- | 2751| 19020001 | memory error. | 2752| 19020002 | runtime error. | 2753| 19030001 | crypto operation error. | 2754 2755**示例:** 2756 2757```ts 2758import { cert } from '@kit.DeviceCertificateKit'; 2759import { BusinessError } from '@kit.BasicServicesKit'; 2760 2761// string转Uint8Array。 2762function stringToUint8Array(str: string): Uint8Array { 2763 let arr: Array<number> = []; 2764 for (let i = 0, j = str.length; i < j; i++) { 2765 arr.push(str.charCodeAt(i)); 2766 } 2767 return new Uint8Array(arr); 2768} 2769 2770let certData = "-----BEGIN CERTIFICATE-----\n" + 2771 "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + 2772 "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + 2773 "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + 2774 "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + 2775 "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + 2776 "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + 2777 "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + 2778 "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + 2779 "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + 2780 "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + 2781 "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + 2782 "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + 2783 "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + 2784 "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + 2785 "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + 2786 "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + 2787 "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + 2788 "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + 2789 "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + 2790 "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + 2791 "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + 2792 "-----END CERTIFICATE-----\n" 2793 2794 // 证书二进制数据,需业务自行赋值。 2795 let encodingBlob: cert.EncodingBlob = { 2796 data: stringToUint8Array(certData), 2797 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 2798 encodingFormat: cert.EncodingFormat.FORMAT_PEM 2799 }; 2800 2801async function certGetExtensionsObject() { 2802 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 2803 try { 2804 x509Cert = await cert.createX509Cert(encodingBlob); 2805 console.log('createX509Cert success'); 2806 let object = x509Cert.getExtensionsObject(); 2807 } catch (err) { 2808 let e: BusinessError = err as BusinessError; 2809 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 2810 } 2811} 2812``` 2813 2814## cert.createCertExtension<sup>10+</sup> 2815 2816createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\<CertExtension>) : void 2817 2818表示创建证书扩展域段的对象,使用Callback回调异步返回结果。 2819 2820**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2821 2822**系统能力:** SystemCapability.Security.Cert 2823 2824**参数**: 2825 2826| 参数名 | 类型 | 必填 | 说明 | 2827| -------- | ------------------------------------------------- | ---- | -------------------------- | 2828| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据。 | 2829| callback | AsyncCallback\<[CertExtension](#certextension10)> | 是 | 回调函数,表示扩展域段对象。 | 2830 2831**错误码:** 2832 2833以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2834 2835| 错误码ID | 错误信息 | 2836| -------- | ------------- | 2837| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2838| 801 | this operation is not supported. | 2839| 19020001 | memory error. | 2840 2841**示例:** 2842 2843```ts 2844import { cert } from '@kit.DeviceCertificateKit'; 2845 2846// 证书扩展域段二进制数据,需业务自行赋值。 2847let extData = new Uint8Array([ 2848 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2849 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2850 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2851 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2852 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2853 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2854 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2855 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2856 0xD9, 0xE4 2857]); 2858 2859let encodingBlob: cert.EncodingBlob = { 2860 data: extData, 2861 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 2862 encodingFormat: cert.EncodingFormat.FORMAT_DER 2863}; 2864 2865cert.createCertExtension(encodingBlob, (error, certExt) => { 2866 if (error) { 2867 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2868 } else { 2869 console.log('createCertExtension success'); 2870 } 2871}); 2872``` 2873 2874## cert.createCertExtension<sup>10+</sup> 2875 2876createCertExtension(inStream : EncodingBlob) : Promise\<CertExtension> 2877 2878表示创建证书扩展域段的对象,使用Promise方式异步返回结果。 2879 2880**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2881 2882**系统能力:** SystemCapability.Security.Cert 2883 2884**参数**: 2885 2886| 参数名 | 类型 | 必填 | 说明 | 2887| -------- | ----------------------------- | ---- | -------------------------- | 2888| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书扩展域段序列化数据。 | 2889 2890**返回值**: 2891 2892| 类型 | 说明 | 2893| ------------------------------------------- | -------------------- | 2894| Promise\<[CertExtension](#certextension10)> | 表示证书扩展域段对象。 | 2895 2896**错误码:** 2897 2898以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2899 2900| 错误码ID | 错误信息 | 2901| -------- | ------------- | 2902| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 2903| 801 | this operation is not supported. | 2904| 19020001 | memory error. | 2905 2906**示例:** 2907 2908```ts 2909import { cert } from '@kit.DeviceCertificateKit'; 2910import { BusinessError } from '@kit.BasicServicesKit'; 2911 2912// 证书扩展域段二进制数据,需业务自行赋值。 2913let extData = new Uint8Array([ 2914 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2915 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2916 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2917 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2918 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2919 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2920 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2921 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2922 0xD9, 0xE4 2923]); 2924 2925let encodingBlob: cert.EncodingBlob = { 2926 data: extData, 2927 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 2928 encodingFormat: cert.EncodingFormat.FORMAT_DER 2929}; 2930 2931cert.createCertExtension(encodingBlob).then(certExt => { 2932 console.log('createCertExtension success'); 2933}).catch((error: BusinessError) => { 2934 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2935}); 2936``` 2937 2938## CertExtension<sup>10+</sup> 2939 2940证书扩展域段类。 2941 2942### getEncoded<sup>10+</sup> 2943 2944getEncoded() : EncodingBlob 2945 2946表示获取证书扩展域段序列化数据。 2947 2948**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 2949 2950**系统能力:** SystemCapability.Security.Cert 2951 2952**返回值**: 2953 2954| 类型 | 说明 | 2955| ----------------------------- | ---------------------------- | 2956| [EncodingBlob](#encodingblob) | 表示证书扩展域段序列化数据。 | 2957 2958**错误码:** 2959 2960以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 2961 2962| 错误码ID | 错误信息 | 2963| -------- | ----------------------- | 2964| 19020001 | memory error. | 2965| 19020002 | runtime error. | 2966| 19030001 | crypto operation error. | 2967 2968**示例:** 2969 2970```ts 2971import { cert } from '@kit.DeviceCertificateKit'; 2972import { BusinessError } from '@kit.BasicServicesKit'; 2973 2974// 证书扩展域段二进制数据,需业务自行赋值。 2975let extData = new Uint8Array([ 2976 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 2977 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 2978 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 2979 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 2980 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 2981 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 2982 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 2983 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 2984 0xD9, 0xE4 2985]); 2986 2987let encodingBlob: cert.EncodingBlob = { 2988 data: extData, 2989 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 2990 encodingFormat: cert.EncodingFormat.FORMAT_DER 2991}; 2992 2993cert.createCertExtension(encodingBlob, (error, certExt) => { 2994 if (error) { 2995 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 2996 } else { 2997 console.log('createCertExtension success'); 2998 try { 2999 let extEncodedBlob = certExt.getEncoded(); 3000 } catch (err) { 3001 let e: BusinessError = err as BusinessError; 3002 console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3003 } 3004 } 3005}); 3006``` 3007 3008### getOidList<sup>10+</sup> 3009 3010getOidList(valueType : ExtensionOidType) : DataArray 3011 3012表示获取证书扩展域段对象标识符列表。 3013 3014**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3015 3016**系统能力:** SystemCapability.Security.Cert 3017 3018**参数**: 3019 3020| 参数名 | 类型 | 必填 | 说明 | 3021| --------- | ------------------------------------- | ---- | ------------------------------ | 3022| valueType | [ExtensionOidType](#extensionoidtype10) | 是 | 表示证书扩展域段对象标识符类型。 | 3023 3024**返回值**: 3025 3026| 类型 | 说明 | 3027| ----------------------- | -------------------------------- | 3028| [DataArray](#dataarray) | 表示证书扩展域段对象标识符列表。 | 3029 3030**错误码:** 3031 3032以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3033 3034| 错误码ID | 错误信息 | 3035| -------- | ----------------------- | 3036| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3037| 19020001 | memory error. | 3038| 19020002 | runtime error. | 3039| 19030001 | crypto operation error. | 3040 3041**示例:** 3042 3043```ts 3044import { cert } from '@kit.DeviceCertificateKit'; 3045import { BusinessError } from '@kit.BasicServicesKit'; 3046 3047// 证书扩展域段二进制数据,需业务自行赋值。 3048let extData = new Uint8Array([ 3049 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3050 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3051 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3052 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3053 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3054 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3055 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3056 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3057 0xD9, 0xE4 3058]); 3059 3060let encodingBlob: cert.EncodingBlob = { 3061 data: extData, 3062 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3063 encodingFormat: cert.EncodingFormat.FORMAT_DER 3064}; 3065 3066cert.createCertExtension(encodingBlob, (error, certExt) => { 3067 if (error) { 3068 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3069 } else { 3070 console.log('createCertExtension success'); 3071 try { 3072 let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); 3073 } catch (err) { 3074 let e: BusinessError = err as BusinessError; 3075 console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3076 } 3077 } 3078}); 3079``` 3080 3081### getEntry<sup>10+</sup> 3082 3083getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob 3084 3085表示获取证书扩展域段对象信息。 3086 3087**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3088 3089**系统能力:** SystemCapability.Security.Cert 3090 3091**参数**: 3092 3093| 参数名 | 类型 | 必填 | 说明 | 3094| --------- | ----------------------------------------- | ---- | -------------------------------- | 3095| valueType | [ExtensionEntryType](#extensionentrytype10) | 是 | 表示证书扩展域段获取的类型。 | 3096| oid | [DataBlob](#datablob) | 是 | 表示证书扩展域段获取的对象标识符。 | 3097 3098**返回值**: 3099 3100| 类型 | 说明 | 3101| --------------------- | ---------------------------- | 3102| [DataBlob](#datablob) | 表示证书扩展域段对象的数据。 | 3103 3104**错误码:** 3105 3106以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3107 3108| 错误码ID | 错误信息 | 3109| -------- | ----------------------- | 3110| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3111| 19020001 | memory error. | 3112| 19020002 | runtime error. | 3113| 19030001 | crypto operation error. | 3114 3115**示例:** 3116 3117```ts 3118import { cert } from '@kit.DeviceCertificateKit'; 3119import { BusinessError } from '@kit.BasicServicesKit'; 3120 3121// 证书扩展域段二进制数据,需业务自行赋值。 3122let extData = new Uint8Array([ 3123 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3124 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3125 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3126 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3127 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3128 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3129 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3130 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3131 0xD9, 0xE4 3132]); 3133 3134let encodingBlob: cert.EncodingBlob = { 3135 data: extData, 3136 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3137 encodingFormat: cert.EncodingFormat.FORMAT_DER 3138}; 3139 3140cert.createCertExtension(encodingBlob, (error, certExt) => { 3141 if (error) { 3142 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3143 } else { 3144 console.log('createCertExtension success'); 3145 let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); 3146 let oidBlob: cert.DataBlob = { 3147 data: oid 3148 } 3149 try { 3150 let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); 3151 } catch (err) { 3152 let e: BusinessError = err as BusinessError; 3153 console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3154 } 3155 } 3156}); 3157``` 3158 3159 3160### checkCA<sup>10+</sup> 3161 3162checkCA() : number 3163 3164表示校验证书是否为CA证书。 3165 3166**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3167 3168**系统能力:** SystemCapability.Security.Cert 3169 3170**返回值**: 3171 3172| 类型 | 说明 | 3173| ------ | ------------------------------------------------------------ | 3174| number | 当证书扩展域段中密钥用途包含签名用途,并且基本约束中cA字段为true时,表示证书为CA证书。如果不是CA,则返回-1;否则返回基本约束中的路径长度。如果证书是CA证书,但是基本约束中未给定路径长度,则返回-2,表示无路径长度限制。 | 3175 3176**错误码:** 3177 3178以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3179 3180| 错误码ID | 错误信息 | 3181| -------- | ----------------------- | 3182| 19020001 | memory error. | 3183| 19020002 | runtime error. | 3184| 19030001 | crypto operation error. | 3185 3186**示例:** 3187 3188```ts 3189import { cert } from '@kit.DeviceCertificateKit'; 3190import { BusinessError } from '@kit.BasicServicesKit'; 3191 3192// 证书扩展域段二进制数据,需业务自行赋值。 3193let extData = new Uint8Array([ 3194 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3195 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3196 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3197 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3198 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3199 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3200 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3201 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3202 0xD9, 0xE4 3203]); 3204 3205let encodingBlob: cert.EncodingBlob = { 3206 data: extData, 3207 // 根据encodingData的格式进行赋值,仅支持FORMAT_DER。 3208 encodingFormat: cert.EncodingFormat.FORMAT_DER 3209}; 3210cert.createCertExtension(encodingBlob, (error, certExt) => { 3211 if (error) { 3212 console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3213 } else { 3214 console.log('createCertExtension success'); 3215 try { 3216 let res = certExt.checkCA(); 3217 } catch (err) { 3218 let e: BusinessError = err as BusinessError; 3219 console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3220 } 3221 } 3222}); 3223``` 3224 3225### hasUnsupportedCriticalExtension<sup>11+</sup> 3226 3227hasUnsupportedCriticalExtension(): boolean 3228 3229判断是否存在不支持的关键扩展。 3230 3231**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3232 3233**系统能力:** SystemCapability.Security.Cert 3234 3235**返回值**: 3236 3237| 类型 | 说明 | 3238| ------- | ------------------------------------------------------- | 3239| boolean | 当存在不支持的关键扩展时,该方法返回true,否则返回false。 | 3240 3241**错误码:** 3242 3243以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3244 3245| 错误码ID | 错误信息 | 3246| -------- | ----------------------- | 3247| 19020001 | memory error. | 3248| 19020002 | runtime error. | 3249| 19030001 | crypto operation error. | 3250 3251**示例:** 3252 3253```ts 3254import { cert } from '@kit.DeviceCertificateKit'; 3255import { BusinessError } from '@kit.BasicServicesKit'; 3256 3257let encodingData = new Uint8Array([ 3258 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 3259 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 3260 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 3261 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 3262 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 3263 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 3264 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 3265 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 3266 0xD9, 0xE4 3267]); 3268let encodingBlob: cert.EncodingBlob = { 3269 data: new Uint8Array(encodingData), 3270 encodingFormat: cert.EncodingFormat.FORMAT_DER 3271}; 3272 3273cert.createCertExtension(encodingBlob).then((extensionObj) => { 3274 console.log('createCertExtension success!'); 3275 const result = extensionObj.hasUnsupportedCriticalExtension() 3276 console.log('has unsupported critical extension result is:' + result); 3277}).catch((err: BusinessError) => { 3278 console.error('createCertExtension failed'); 3279}); 3280``` 3281 3282## cert.createX509Crl<sup>(deprecated)</sup> 3283 3284createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\<X509Crl>) : void 3285 3286表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3287 3288> **说明:** 3289> 3290> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11)替代。 3291 3292**系统能力:** SystemCapability.Security.Cert 3293 3294**参数**: 3295 3296| 参数名 | 类型 | 必填 | 说明 | 3297| -------- | ----------------------------------- | ---- | ------------------------------ | 3298| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3299| callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | 是 | 回调函数,表示证书吊销列表对象。 | 3300 3301**错误码:** 3302 3303以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3304 3305| 错误码ID | 错误信息 | 3306| -------- | ------------- | 3307| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3308| 801 | this operation is not supported. | 3309| 19020001 | memory error. | 3310 3311**示例:** 3312 3313```ts 3314import { cert } from '@kit.DeviceCertificateKit'; 3315 3316// string转Uint8Array。 3317function stringToUint8Array(str: string): Uint8Array { 3318 let arr: Array<number> = []; 3319 for (let i = 0, j = str.length; i < j; i++) { 3320 arr.push(str.charCodeAt(i)); 3321 } 3322 return new Uint8Array(arr); 3323} 3324 3325let crlData = '-----BEGIN X509 CRL-----\n' + 3326 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3327 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3328 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3329 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3330 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3331 'eavsH0Q3\n' + 3332 '-----END X509 CRL-----\n'; 3333 3334// 证书吊销列表二进制数据,需业务自行赋值。 3335let encodingBlob: cert.EncodingBlob = { 3336 data: stringToUint8Array(crlData), 3337 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3338 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3339}; 3340 3341cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3342 if (error) { 3343 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3344 } else { 3345 console.log('createX509Crl success'); 3346 } 3347}); 3348``` 3349 3350## cert.createX509Crl<sup>(deprecated)</sup> 3351 3352createX509Crl(inStream : EncodingBlob) : Promise\<X509Crl> 3353 3354表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3355 3356> **说明:** 3357> 3358> 从API version 11开始废弃,建议使用[cert.createX509CRL](#certcreatex509crl11-1)替代。 3359 3360**系统能力:** SystemCapability.Security.Cert 3361 3362**参数**: 3363 3364| 参数名 | 类型 | 必填 | 说明 | 3365| -------- | ----------------------------- | ---- | -------------------------- | 3366| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3367 3368**返回值**: 3369 3370| 类型 | 说明 | 3371| ----------------------------- | -------------------- | 3372| Promise\<[X509Crl](#x509crldeprecated)> | 表示证书吊销列表对象。 | 3373 3374**错误码:** 3375 3376以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3377 3378| 错误码ID | 错误信息 | 3379| -------- | ------------- | 3380| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3381| 801 | this operation is not supported. | 3382| 19020001 | memory error. | 3383 3384**示例:** 3385 3386```ts 3387import { cert } from '@kit.DeviceCertificateKit'; 3388import { BusinessError } from '@kit.BasicServicesKit'; 3389 3390// string转Uint8Array。 3391function stringToUint8Array(str: string): Uint8Array { 3392 let arr: Array<number> = []; 3393 for (let i = 0, j = str.length; i < j; i++) { 3394 arr.push(str.charCodeAt(i)); 3395 } 3396 return new Uint8Array(arr); 3397} 3398 3399let crlData = '-----BEGIN X509 CRL-----\n' + 3400 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3401 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3402 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3403 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3404 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3405 'eavsH0Q3\n' + 3406 '-----END X509 CRL-----\n'; 3407 3408// 证书吊销列表二进制数据,需业务自行赋值。 3409let encodingBlob: cert.EncodingBlob = { 3410 data: stringToUint8Array(crlData), 3411 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3412 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3413}; 3414 3415cert.createX509Crl(encodingBlob).then(x509Crl => { 3416 console.log('createX509Crl success'); 3417}).catch((error: BusinessError) => { 3418 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3419}); 3420``` 3421 3422## cert.createX509CRL<sup>11+</sup> 3423 3424createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\<X509CRL>) : void 3425 3426表示创建X509证书吊销列表的对象,使用Callback回调异步返回结果。 3427 3428**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3429 3430**系统能力:** SystemCapability.Security.Cert 3431 3432**参数**: 3433 3434| 参数名 | 类型 | 必填 | 说明 | 3435| -------- | ------------------------------------- | ---- | ------------------------------ | 3436| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3437| callback | AsyncCallback\<[X509CRL](#x509crl11)> | 是 | 回调函数,表示证书吊销列表对象。 | 3438 3439**错误码:** 3440 3441以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3442 3443| 错误码ID | 错误信息 | 3444| -------- | ------------- | 3445| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3446| 801 | this operation is not supported. | 3447| 19020001 | memory error. | 3448 3449**示例:** 3450 3451```ts 3452import { cert } from '@kit.DeviceCertificateKit'; 3453 3454// string转Uint8Array。 3455function stringToUint8Array(str: string): Uint8Array { 3456 let arr: Array<number> = []; 3457 for (let i = 0, j = str.length; i < j; i++) { 3458 arr.push(str.charCodeAt(i)); 3459 } 3460 return new Uint8Array(arr); 3461} 3462 3463let crlData = '-----BEGIN X509 CRL-----\n' + 3464 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3465 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3466 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3467 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3468 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3469 'eavsH0Q3\n' + 3470 '-----END X509 CRL-----\n'; 3471 3472// 证书吊销列表二进制数据,需业务自行赋值。 3473let encodingBlob: cert.EncodingBlob = { 3474 data: stringToUint8Array(crlData), 3475 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3476 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3477}; 3478 3479cert.createX509CRL(encodingBlob, (error, X509CRL) => { 3480 if (error) { 3481 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3482 } else { 3483 console.log('createX509CRL success'); 3484 } 3485}); 3486``` 3487 3488## cert.createX509CRL<sup>11+</sup> 3489 3490createX509CRL(inStream : EncodingBlob) : Promise\<X509CRL> 3491 3492表示创建X509证书吊销列表的对象,使用Promise方式异步返回结果。 3493 3494**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 3495 3496**系统能力:** SystemCapability.Security.Cert 3497 3498**参数**: 3499 3500| 参数名 | 类型 | 必填 | 说明 | 3501| -------- | ----------------------------- | ---- | -------------------------- | 3502| inStream | [EncodingBlob](#encodingblob) | 是 | 表示证书吊销列表序列化数据。 | 3503 3504**返回值**: 3505 3506| 类型 | 说明 | 3507| ------------------------------- | -------------------- | 3508| Promise\<[X509CRL](#x509crl11)> | 表示证书吊销列表对象。 | 3509 3510**错误码:** 3511 3512以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3513 3514| 错误码ID | 错误信息 | 3515| -------- | ------------- | 3516| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3517| 801 | this operation is not supported. | 3518| 19020001 | memory error. | 3519 3520**示例:** 3521 3522```ts 3523import { cert } from '@kit.DeviceCertificateKit'; 3524import { BusinessError } from '@kit.BasicServicesKit'; 3525 3526// string转Uint8Array。 3527function stringToUint8Array(str: string): Uint8Array { 3528 let arr: Array<number> = []; 3529 for (let i = 0, j = str.length; i < j; i++) { 3530 arr.push(str.charCodeAt(i)); 3531 } 3532 return new Uint8Array(arr); 3533} 3534 3535let crlData = '-----BEGIN X509 CRL-----\n' + 3536 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3537 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3538 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3539 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3540 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3541 'eavsH0Q3\n' + 3542 '-----END X509 CRL-----\n'; 3543 3544// 证书吊销列表二进制数据,需业务自行赋值。 3545let encodingBlob: cert.EncodingBlob = { 3546 data: stringToUint8Array(crlData), 3547 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3548 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3549}; 3550 3551cert.createX509CRL(encodingBlob).then(X509CRL => { 3552 console.log('createX509CRL success'); 3553}).catch((error: BusinessError) => { 3554 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3555}); 3556``` 3557 3558## X509Crl<sup>(deprecated)</sup> 3559 3560X509证书吊销列表对象。 3561 3562> **说明:** 3563> 3564> 从API version 11开始废弃,建议使用[X509CRL](#x509crl11)替代。 3565 3566### isRevoked<sup>(deprecated)</sup> 3567 3568isRevoked(cert : X509Cert) : boolean 3569 3570表示检查证书是否吊销。 3571 3572> **说明:** 3573> 3574> 从API version 11开始废弃,建议使用[X509CRL.isRevoked](#isrevoked11)替代。 3575 3576**系统能力:** SystemCapability.Security.Cert 3577 3578**参数**: 3579 3580| 参数名 | 类型 | 必填 | 说明 | 3581| ------ | -------- | ---- | -------------------- | 3582| cert | X509Cert | 是 | 表示被检查的证书对象。 | 3583 3584**返回值**: 3585 3586| 类型 | 说明 | 3587| --------- | --------------------------------------------- | 3588| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销。 | 3589 3590**错误码:** 3591 3592以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3593 3594| 错误码ID | 错误信息 | 3595| -------- | ------------- | 3596| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3597 3598**示例:** 3599 3600```ts 3601import { cert } from '@kit.DeviceCertificateKit'; 3602import { BusinessError } from '@kit.BasicServicesKit'; 3603 3604// string转Uint8Array。 3605function stringToUint8Array(str: string): Uint8Array { 3606 let arr: Array<number> = []; 3607 for (let i = 0, j = str.length; i < j; i++) { 3608 arr.push(str.charCodeAt(i)); 3609 } 3610 return new Uint8Array(arr); 3611} 3612 3613let crlData = '-----BEGIN X509 CRL-----\n' + 3614 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3615 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3616 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3617 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3618 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3619 'eavsH0Q3\n' + 3620 '-----END X509 CRL-----\n'; 3621 3622let certData = '-----BEGIN CERTIFICATE-----\n' + 3623 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 3624 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 3625 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 3626 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 3627 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 3628 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 3629 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 3630 '-----END CERTIFICATE-----\n'; 3631 3632// 证书吊销列表二进制数据,需业务自行赋值。 3633let encodingBlob: cert.EncodingBlob = { 3634 data: stringToUint8Array(crlData), 3635 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3636 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3637}; 3638 3639let certEncodingBlob: cert.EncodingBlob = { 3640 data: stringToUint8Array(certData), 3641 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3642 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3643}; 3644 3645cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3646 if (error) { 3647 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3648 } else { 3649 console.log('createX509Crl success'); 3650 // Create an X509Cert instance. 3651 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 3652 if (error) { 3653 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3654 } else { 3655 try { 3656 let revokedFlag = x509Crl.isRevoked(x509Cert); 3657 } catch (error) { 3658 let e: BusinessError = error as BusinessError; 3659 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 3660 } 3661 } 3662 }); 3663 } 3664}); 3665``` 3666 3667### getType<sup>(deprecated)</sup> 3668 3669getType() : string 3670 3671表示获取证书吊销列表类型。 3672 3673> **说明:** 3674> 3675> 从API version 11开始废弃,建议使用[X509CRL.getType](#gettype11)替代。 3676 3677**系统能力:** SystemCapability.Security.Cert 3678 3679**返回值**: 3680 3681| 类型 | 说明 | 3682| ------ | -------------------- | 3683| string | 表示证书吊销列表类型。 | 3684 3685**示例:** 3686 3687```ts 3688import { cert } from '@kit.DeviceCertificateKit'; 3689 3690// string转Uint8Array。 3691function stringToUint8Array(str: string): Uint8Array { 3692 let arr: Array<number> = []; 3693 for (let i = 0, j = str.length; i < j; i++) { 3694 arr.push(str.charCodeAt(i)); 3695 } 3696 return new Uint8Array(arr); 3697} 3698 3699let crlData = '-----BEGIN X509 CRL-----\n' + 3700 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3701 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3702 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3703 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3704 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3705 'eavsH0Q3\n' + 3706 '-----END X509 CRL-----\n'; 3707 3708// 证书吊销列表二进制数据,需业务自行赋值。 3709let encodingBlob: cert.EncodingBlob = { 3710 data: stringToUint8Array(crlData), 3711 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3712 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3713}; 3714 3715cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3716 if (error) { 3717 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3718 } else { 3719 console.log('createX509Crl success'); 3720 let type = x509Crl.getType(); 3721 } 3722}); 3723``` 3724 3725### getEncoded<sup>(deprecated)</sup> 3726 3727getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 3728 3729表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 3730 3731> **说明:** 3732> 3733> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11)替代。 3734 3735**系统能力:** SystemCapability.Security.Cert 3736 3737**参数**: 3738 3739| 参数名 | 类型 | 必填 | 说明 | 3740| -------- | ---------------------------- | ---- | ------------------------------------------ | 3741| callback | AsyncCallback\<EncodingBlob> | 是 | 回调函数,表示X509证书吊销列表的序列化数据。 | 3742 3743**错误码:** 3744 3745以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3746 3747| 错误码ID | 错误信息 | 3748| -------- | ----------------------- | 3749| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3750| 19020001 | memory error. | 3751| 19020002 | runtime error. | 3752| 19030001 | crypto operation error. | 3753 3754**示例:** 3755 3756```ts 3757import { cert } from '@kit.DeviceCertificateKit'; 3758 3759// string转Uint8Array。 3760function stringToUint8Array(str: string): Uint8Array { 3761 let arr: Array<number> = []; 3762 for (let i = 0, j = str.length; i < j; i++) { 3763 arr.push(str.charCodeAt(i)); 3764 } 3765 return new Uint8Array(arr); 3766} 3767 3768let crlData = '-----BEGIN X509 CRL-----\n' + 3769 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3770 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3771 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3772 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3773 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3774 'eavsH0Q3\n' + 3775 '-----END X509 CRL-----\n'; 3776 3777// 证书吊销列表二进制数据,需业务自行赋值。 3778let encodingBlob: cert.EncodingBlob = { 3779 data: stringToUint8Array(crlData), 3780 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3781 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3782}; 3783 3784cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3785 if (error) { 3786 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3787 } else { 3788 console.log('createX509Crl success'); 3789 x509Crl.getEncoded((error, data) => { 3790 if (error) { 3791 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3792 } else { 3793 console.log('getEncoded success'); 3794 } 3795 }); 3796 } 3797}); 3798``` 3799 3800### getEncoded<sup>(deprecated)</sup> 3801 3802getEncoded() : Promise\<EncodingBlob> 3803 3804表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 3805 3806> **说明:** 3807> 3808> 从API version 11开始废弃,建议使用[X509CRL.getEncoded](#getencoded11-1)替代。 3809 3810**系统能力:** SystemCapability.Security.Cert 3811 3812**返回值**: 3813 3814| 类型 | 说明 | 3815| ---------------------- | -------------------------------- | 3816| Promise\<EncodingBlob> | 表示X509证书吊销列表的序列化数据。 | 3817 3818**错误码:** 3819 3820以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3821 3822| 错误码ID | 错误信息 | 3823| -------- | ----------------------- | 3824| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 3825| 19020001 | memory error. | 3826| 19020002 | runtime error. | 3827| 19030001 | crypto operation error. | 3828 3829**示例:** 3830 3831```ts 3832import { cert } from '@kit.DeviceCertificateKit'; 3833import { BusinessError } from '@kit.BasicServicesKit'; 3834 3835// string转Uint8Array。 3836function stringToUint8Array(str: string): Uint8Array { 3837 let arr: Array<number> = []; 3838 for (let i = 0, j = str.length; i < j; i++) { 3839 arr.push(str.charCodeAt(i)); 3840 } 3841 return new Uint8Array(arr); 3842} 3843 3844let crlData = '-----BEGIN X509 CRL-----\n' + 3845 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3846 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3847 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3848 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3849 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3850 'eavsH0Q3\n' + 3851 '-----END X509 CRL-----\n'; 3852 3853// 证书吊销列表二进制数据,需业务自行赋值。 3854let encodingBlob: cert.EncodingBlob = { 3855 data: stringToUint8Array(crlData), 3856 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3857 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3858}; 3859 3860cert.createX509Crl(encodingBlob).then(x509Crl => { 3861 console.log('createX509Crl success'); 3862 x509Crl.getEncoded().then(result => { 3863 console.log('getEncoded success'); 3864 }).catch((error: BusinessError) => { 3865 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3866 }); 3867}).catch((error: BusinessError) => { 3868 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3869}); 3870``` 3871 3872### verify<sup>(deprecated)</sup> 3873 3874verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 3875 3876表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 3877 3878> **说明:** 3879> 3880> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11)替代。 3881 3882**系统能力:** SystemCapability.Security.Cert 3883 3884**参数**: 3885 3886| 参数名 | 类型 | 必填 | 说明 | 3887| -------- | -------------------- | ---- | ------------------------------------------------------------ | 3888| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 3889| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 3890 3891**错误码:** 3892 3893以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 3894 3895| 错误码ID | 错误信息 | 3896| -------- | ----------------------- | 3897| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 3898| 19030001 | crypto operation error. | 3899 3900**示例:** 3901 3902```ts 3903import { cert } from '@kit.DeviceCertificateKit'; 3904import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 3905import { BusinessError } from '@kit.BasicServicesKit'; 3906 3907// string转Uint8Array。 3908function stringToUint8Array(str: string): Uint8Array { 3909 let arr: Array<number> = []; 3910 for (let i = 0, j = str.length; i < j; i++) { 3911 arr.push(str.charCodeAt(i)); 3912 } 3913 return new Uint8Array(arr); 3914} 3915 3916let crlData = '-----BEGIN X509 CRL-----\n' + 3917 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 3918 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 3919 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 3920 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 3921 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 3922 'eavsH0Q3\n' + 3923 '-----END X509 CRL-----\n'; 3924 3925let pubKeyData = new Uint8Array([ 3926 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 3927 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 3928 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 3929 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 3930 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 3931 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 3932 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 3933 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 3934 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 3935 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 3936 0x00, 0x01 3937]); 3938 3939let priKeyData = new Uint8Array([ 3940 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 3941 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 3942 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 3943 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 3944 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 3945 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 3946 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 3947 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 3948 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 3949 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 3950 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 3951 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 3952 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 3953 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 3954 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 3955 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 3956 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 3957 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 3958 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 3959 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 3960 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 3961 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 3962 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 3963 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 3964 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 3965 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 3966 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 3967 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 3968 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 3969 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 3970 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 3971 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 3972 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 3973 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 3974 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 3975 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 3976 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 3977 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 3978 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 3979 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 3980]); 3981 3982// 证书吊销列表二进制数据,需业务自行赋值。 3983let encodingBlob: cert.EncodingBlob = { 3984 data: stringToUint8Array(crlData), 3985 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 3986 encodingFormat: cert.EncodingFormat.FORMAT_PEM 3987}; 3988 3989cert.createX509Crl(encodingBlob, (error, x509Crl) => { 3990 if (error) { 3991 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 3992 } else { 3993 console.log('createX509Crl success'); 3994 try { 3995 // Generate the public key by AsyKeyGenerator. 3996 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 3997 console.log('createAsyKeyGenerator success'); 3998 let priEncodingBlob: cryptoFramework.DataBlob = { 3999 data: priKeyData, 4000 }; 4001 let pubEncodingBlob: cryptoFramework.DataBlob = { 4002 data: pubKeyData, 4003 }; 4004 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 4005 if (e) { 4006 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 4007 } else { 4008 console.log('convert key success'); 4009 x509Crl.verify(keyPair.pubKey, (err, data) => { 4010 if (err) { 4011 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 4012 } else { 4013 console.log('verify success'); 4014 } 4015 }); 4016 } 4017 }) 4018 } catch (error) { 4019 let e: BusinessError = error as BusinessError; 4020 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4021 } 4022 } 4023}); 4024``` 4025 4026### verify<sup>(deprecated)</sup> 4027 4028verify(key : cryptoFramework.PubKey) : Promise\<void> 4029 4030表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 4031 4032> **说明:** 4033> 4034> 从API version 11开始废弃,建议使用[X509CRL.verify](#verify11-1)替代。 4035 4036**系统能力:** SystemCapability.Security.Cert 4037 4038**参数**: 4039 4040| 参数名 | 类型 | 必填 | 说明 | 4041| ------ | ------ | ---- | ---------------------- | 4042| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 4043 4044**返回值**: 4045 4046| 类型 | 说明 | 4047| ---- | ------------------------------------------------------------ | 4048| Promise\<void> | Promise对象。 | 4049 4050**错误码:** 4051 4052以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4053 4054| 错误码ID | 错误信息 | 4055| -------- | ----------------------- | 4056| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4057| 19030001 | crypto operation error. | 4058 4059**示例:** 4060 4061```ts 4062import { cert } from '@kit.DeviceCertificateKit'; 4063import { cryptoFramework } from '@kit.CryptoArchitectureKit' 4064import { BusinessError } from '@kit.BasicServicesKit'; 4065 4066// string转Uint8Array。 4067function stringToUint8Array(str: string): Uint8Array { 4068 let arr: Array<number> = []; 4069 for (let i = 0, j = str.length; i < j; i++) { 4070 arr.push(str.charCodeAt(i)); 4071 } 4072 return new Uint8Array(arr); 4073} 4074 4075let crlData = '-----BEGIN X509 CRL-----\n' + 4076 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4077 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4078 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4079 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4080 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4081 'eavsH0Q3\n' + 4082 '-----END X509 CRL-----\n'; 4083 4084let pubKeyData = new Uint8Array([ 4085 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 4086 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 4087 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 4088 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 4089 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 4090 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 4091 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 4092 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 4093 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 4094 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 4095 0x00, 0x01 4096]); 4097 4098let priKeyData = new Uint8Array([ 4099 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 4100 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 4101 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 4102 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 4103 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 4104 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 4105 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 4106 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 4107 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 4108 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 4109 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 4110 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 4111 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 4112 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 4113 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 4114 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 4115 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 4116 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 4117 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 4118 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 4119 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 4120 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 4121 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 4122 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 4123 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 4124 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 4125 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 4126 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 4127 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 4128 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 4129 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 4130 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 4131 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 4132 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 4133 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 4134 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 4135 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 4136 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 4137 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 4138 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 4139]); 4140 4141// 证书吊销列表二进制数据,需业务自行赋值。 4142let encodingBlob: cert.EncodingBlob = { 4143 data: stringToUint8Array(crlData), 4144 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4145 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4146}; 4147 4148cert.createX509Crl(encodingBlob).then(x509Crl => { 4149 console.log('createX509Crl success'); 4150 4151 try { 4152 // 生成公钥对象。 4153 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 4154 console.log('createAsyKeyGenerator success'); 4155 let priEncodingBlob: cryptoFramework.DataBlob = { 4156 data: priKeyData, 4157 }; 4158 let pubEncodingBlob: cryptoFramework.DataBlob = { 4159 data: pubKeyData, 4160 }; 4161 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 4162 console.log('convert key success'); 4163 x509Crl.verify(keyPair.pubKey).then(result => { 4164 console.log('verify success'); 4165 }).catch((error: BusinessError) => { 4166 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4167 }); 4168 }).catch((error: BusinessError) => { 4169 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 4170 }); 4171 } catch (error) { 4172 let e: BusinessError = error as BusinessError; 4173 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4174 } 4175}).catch((error: BusinessError) => { 4176 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4177}); 4178``` 4179 4180### getVersion<sup>(deprecated)</sup> 4181 4182getVersion() : number 4183 4184表示获取X509证书吊销列表的版本号。 4185 4186> **说明:** 4187> 4188> 从API version 11开始废弃,建议使用[X509CRL.getVersion](#getversion11)替代。 4189 4190**系统能力:** SystemCapability.Security.Cert 4191 4192**返回值**: 4193 4194| 类型 | 说明 | 4195| ------ | -------------------------------- | 4196| number | 表示获取X509证书吊销列表的版本号。 | 4197 4198**示例:** 4199 4200```ts 4201import { cert } from '@kit.DeviceCertificateKit'; 4202 4203// string转Uint8Array。 4204function stringToUint8Array(str: string): Uint8Array { 4205 let arr: Array<number> = []; 4206 for (let i = 0, j = str.length; i < j; i++) { 4207 arr.push(str.charCodeAt(i)); 4208 } 4209 return new Uint8Array(arr); 4210} 4211 4212let crlData = '-----BEGIN X509 CRL-----\n' + 4213 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4214 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4215 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4216 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4217 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4218 'eavsH0Q3\n' + 4219 '-----END X509 CRL-----\n'; 4220 4221// 证书吊销列表二进制数据,需业务自行赋值。 4222let encodingBlob: cert.EncodingBlob = { 4223 data: stringToUint8Array(crlData), 4224 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4226}; 4227 4228cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4229 if (error) { 4230 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4231 } else { 4232 console.log('createX509Crl success'); 4233 let version = x509Crl.getVersion(); 4234 } 4235}); 4236``` 4237 4238### getIssuerName<sup>(deprecated)</sup> 4239 4240getIssuerName() : DataBlob 4241 4242表示获取X509证书吊销列表颁发者名称。 4243 4244> **说明:** 4245> 4246> 从API version 11开始废弃,建议使用[X509CRL.getIssuerName](#getissuername11)替代。 4247 4248**系统能力:** SystemCapability.Security.Cert 4249 4250**返回值**: 4251 4252| 类型 | 说明 | 4253| --------------------- | ------------------------------ | 4254| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称。 | 4255 4256**错误码:** 4257 4258以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4259 4260| 错误码ID | 错误信息 | 4261| -------- | ----------------------- | 4262| 19020001 | memory error. | 4263| 19020002 | runtime error. | 4264| 19030001 | crypto operation error. | 4265 4266**示例:** 4267 4268```ts 4269import { cert } from '@kit.DeviceCertificateKit'; 4270import { BusinessError } from '@kit.BasicServicesKit'; 4271 4272// string转Uint8Array。 4273function stringToUint8Array(str: string): Uint8Array { 4274 let arr: Array<number> = []; 4275 for (let i = 0, j = str.length; i < j; i++) { 4276 arr.push(str.charCodeAt(i)); 4277 } 4278 return new Uint8Array(arr); 4279} 4280 4281let crlData = '-----BEGIN X509 CRL-----\n' + 4282 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4283 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4284 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4285 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4286 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4287 'eavsH0Q3\n' + 4288 '-----END X509 CRL-----\n'; 4289 4290// 证书吊销列表二进制数据,需业务自行赋值。 4291let encodingBlob: cert.EncodingBlob = { 4292 data: stringToUint8Array(crlData), 4293 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4294 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4295}; 4296 4297cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4298 if (error) { 4299 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4300 } else { 4301 console.log('createX509Crl success'); 4302 try { 4303 let issuerName = x509Crl.getIssuerName(); 4304 } catch (err) { 4305 let e: BusinessError = err as BusinessError; 4306 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4307 } 4308 } 4309}); 4310``` 4311 4312### getLastUpdate<sup>(deprecated)</sup> 4313 4314getLastUpdate() : string 4315 4316表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 4317 4318> **说明:** 4319> 4320> 从API version 11开始废弃,建议使用[X509CRL.getLastUpdate](#getlastupdate11)替代。 4321 4322**系统能力:** SystemCapability.Security.Cert 4323 4324**返回值**: 4325 4326| 类型 | 说明 | 4327| ------ | ------------------------------------ | 4328| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 4329 4330**错误码:** 4331 4332以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4333 4334| 错误码ID | 错误信息 | 4335| -------- | ----------------------- | 4336| 19020001 | memory error. | 4337| 19020002 | runtime error. | 4338| 19030001 | crypto operation error. | 4339 4340**示例:** 4341 4342```ts 4343import { cert } from '@kit.DeviceCertificateKit'; 4344import { BusinessError } from '@kit.BasicServicesKit'; 4345 4346// string转Uint8Array。 4347function stringToUint8Array(str: string): Uint8Array { 4348 let arr: Array<number> = []; 4349 for (let i = 0, j = str.length; i < j; i++) { 4350 arr.push(str.charCodeAt(i)); 4351 } 4352 return new Uint8Array(arr); 4353} 4354 4355let crlData = '-----BEGIN X509 CRL-----\n' + 4356 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4357 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4358 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4359 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4360 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4361 'eavsH0Q3\n' + 4362 '-----END X509 CRL-----\n'; 4363 4364// 证书吊销列表二进制数据,需业务自行赋值。 4365let encodingBlob: cert.EncodingBlob = { 4366 data: stringToUint8Array(crlData), 4367 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4368 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4369}; 4370 4371cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4372 if (error) { 4373 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4374 } else { 4375 console.log('createX509Crl success'); 4376 try { 4377 let lastUpdate = x509Crl.getLastUpdate(); 4378 } catch (err) { 4379 let e: BusinessError = err as BusinessError; 4380 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4381 } 4382 } 4383}); 4384``` 4385 4386### getNextUpdate<sup>(deprecated)</sup> 4387 4388getNextUpdate() : string 4389 4390表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 4391 4392> **说明:** 4393> 4394> 从API version 11开始废弃,建议使用[X509CRL.getNextUpdate](#getnextupdate11)替代。 4395 4396**系统能力:** SystemCapability.Security.Cert 4397 4398**返回值**: 4399 4400| 类型 | 说明 | 4401| ------ | ------------------------------------ | 4402| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 4403 4404**错误码:** 4405 4406以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4407 4408| 错误码ID | 错误信息 | 4409| -------- | ----------------------- | 4410| 19020001 | memory error. | 4411| 19020002 | runtime error. | 4412| 19030001 | crypto operation error. | 4413 4414**示例:** 4415 4416```ts 4417import { cert } from '@kit.DeviceCertificateKit'; 4418import { BusinessError } from '@kit.BasicServicesKit'; 4419 4420// string转Uint8Array。 4421function stringToUint8Array(str: string): Uint8Array { 4422 let arr: Array<number> = []; 4423 for (let i = 0, j = str.length; i < j; i++) { 4424 arr.push(str.charCodeAt(i)); 4425 } 4426 return new Uint8Array(arr); 4427} 4428 4429let crlData = '-----BEGIN X509 CRL-----\n' + 4430 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4431 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4432 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4433 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4434 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4435 'eavsH0Q3\n' + 4436 '-----END X509 CRL-----\n'; 4437 4438// 证书吊销列表二进制数据,需业务自行赋值。 4439let encodingBlob: cert.EncodingBlob = { 4440 data: stringToUint8Array(crlData), 4441 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4442 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4443}; 4444 4445cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4446 if (error) { 4447 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4448 } else { 4449 console.log('createX509Crl success'); 4450 try { 4451 let nextUpdate = x509Crl.getNextUpdate(); 4452 } catch (err) { 4453 let e: BusinessError = err as BusinessError; 4454 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4455 } 4456 } 4457}); 4458``` 4459 4460### getRevokedCert<sup>(deprecated)</sup> 4461 4462getRevokedCert(serialNumber : number) : X509CrlEntry 4463 4464表示通过指定证书序列号获取被吊销X509证书对象。 4465 4466> **说明:** 4467> 4468> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCert](#getrevokedcert11)替代。 4469 4470**系统能力:** SystemCapability.Security.Cert 4471 4472**参数**: 4473 4474| 参数名 | 类型 | 必填 | 说明 | 4475| ------------ | ------ | ---- | -------------- | 4476| serialNumber | number | 是 | 表示证书序列号。 | 4477 4478**返回值**: 4479 4480| 类型 | 说明 | 4481| ---------------------- | --------------------- | 4482| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象。 | 4483 4484**错误码:** 4485 4486以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4487 4488| 错误码ID | 错误信息 | 4489| -------- | ----------------------- | 4490| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4491| 19020001 | memory error. | 4492| 19030001 | crypto operation error. | 4493 4494**示例:** 4495 4496```ts 4497import { cert } from '@kit.DeviceCertificateKit'; 4498import { BusinessError } from '@kit.BasicServicesKit'; 4499 4500// string转Uint8Array。 4501function stringToUint8Array(str: string): Uint8Array { 4502 let arr: Array<number> = []; 4503 for (let i = 0, j = str.length; i < j; i++) { 4504 arr.push(str.charCodeAt(i)); 4505 } 4506 return new Uint8Array(arr); 4507} 4508 4509let crlData = '-----BEGIN X509 CRL-----\n' + 4510 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4511 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4512 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4513 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4514 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4515 'eavsH0Q3\n' + 4516 '-----END X509 CRL-----\n'; 4517 4518// 证书吊销列表二进制数据,需业务自行赋值。 4519let encodingBlob: cert.EncodingBlob = { 4520 data: stringToUint8Array(crlData), 4521 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4522 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4523}; 4524 4525cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4526 if (error) { 4527 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4528 } else { 4529 console.log('createX509Crl success'); 4530 let serialNumber = 1000; 4531 try { 4532 let entry = x509Crl.getRevokedCert(serialNumber); 4533 } catch (error) { 4534 let e: BusinessError = error as BusinessError; 4535 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4536 } 4537 } 4538}); 4539``` 4540 4541### getRevokedCertWithCert<sup>(deprecated)</sup> 4542 4543getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry 4544 4545表示通过指定证书对象获取被吊销X509证书对象。 4546 4547> **说明:** 4548> 4549> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11)替代。 4550 4551**系统能力:** SystemCapability.Security.Cert 4552 4553**参数**: 4554 4555| 参数名 | 类型 | 必填 | 说明 | 4556| ------ | --------------------- | ---- | ------------ | 4557| cert | [X509Cert](#x509cert) | 是 | 表示证书对象。 | 4558 4559**返回值**: 4560 4561| 类型 | 说明 | 4562| ------------ | -------------------- | 4563| [X509CrlEntry](#x509crlentrydeprecated) | 表示被吊销X509证书对象。 | 4564 4565**错误码:** 4566 4567以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4568 4569| 错误码ID | 错误信息 | 4570| -------- | ----------------------- | 4571| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 4572| 19020001 | memory error. | 4573| 19030001 | crypto operation error. | 4574 4575**示例:** 4576 4577```ts 4578import { cert } from '@kit.DeviceCertificateKit'; 4579import { BusinessError } from '@kit.BasicServicesKit'; 4580 4581// string转Uint8Array。 4582function stringToUint8Array(str: string): Uint8Array { 4583 let arr: Array<number> = []; 4584 for (let i = 0, j = str.length; i < j; i++) { 4585 arr.push(str.charCodeAt(i)); 4586 } 4587 return new Uint8Array(arr); 4588} 4589 4590let crlData = '-----BEGIN X509 CRL-----\n' + 4591 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 4592 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 4593 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 4594 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 4595 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 4596 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 4597 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 4598 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 4599 '+i2osvdPWRia0dJCL1PCA14k\n' + 4600 '-----END X509 CRL-----\n'; 4601 4602// 证书二进制数据,需业务自行赋值。 4603let certData = '-----BEGIN CERTIFICATE-----\n' + 4604 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 4605 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 4606 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 4607 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 4608 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 4609 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 4610 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 4611 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 4612 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 4613 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 4614 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 4615 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 4616 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 4617 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 4618 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 4619 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 4620 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 4621 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 4622 '-----END CERTIFICATE-----\n'; 4623 4624let certEncodingBlob: cert.EncodingBlob = { 4625 data: stringToUint8Array(certData), 4626 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4627 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4628}; 4629 4630// 证书吊销列表二进制数据,需业务自行赋值。 4631let encodingBlob: cert.EncodingBlob = { 4632 data: stringToUint8Array(crlData), 4633 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4634 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4635}; 4636 4637cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4638 if (error) { 4639 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4640 } else { 4641 console.log('createX509Crl success'); 4642 // 创建X509证书对象。 4643 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 4644 try { 4645 let entry = x509Crl.getRevokedCertWithCert(x509Cert); 4646 console.log('getRevokedCertWithCert success'); 4647 } catch (error) { 4648 let e: BusinessError = error as BusinessError; 4649 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4650 } 4651 }).catch((error: BusinessError) => { 4652 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4653 }) 4654 } 4655}); 4656``` 4657 4658### getRevokedCerts<sup>(deprecated)</sup> 4659 4660getRevokedCerts(callback : AsyncCallback<Array\<X509CrlEntry>>) : void 4661 4662表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 4663 4664> **说明:** 4665> 4666> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11)替代。 4667 4668**系统能力:** SystemCapability.Security.Cert 4669 4670**参数**: 4671 4672| 参数名 | 类型 | 必填 | 说明 | 4673| -------- | ---------------------------------------------------- | ---- | -------------------------------- | 4674| callback | AsyncCallback<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 是 | 回调函数,表示被吊销X509证书列表。 | 4675 4676**错误码:** 4677 4678以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4679 4680| 错误码ID | 错误信息 | 4681| -------- | ----------------------- | 4682| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4683| 19020001 | memory error. | 4684| 19030001 | crypto operation error. | 4685 4686**示例:** 4687 4688```ts 4689import { cert } from '@kit.DeviceCertificateKit'; 4690import { BusinessError } from '@kit.BasicServicesKit'; 4691 4692// string转Uint8Array。 4693function stringToUint8Array(str: string): Uint8Array { 4694 let arr: Array<number> = []; 4695 for (let i = 0, j = str.length; i < j; i++) { 4696 arr.push(str.charCodeAt(i)); 4697 } 4698 return new Uint8Array(arr); 4699} 4700 4701let crlData = '-----BEGIN X509 CRL-----\n' + 4702 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4703 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4704 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4705 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4706 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4707 'eavsH0Q3\n' + 4708 '-----END X509 CRL-----\n'; 4709 4710// 证书吊销列表二进制数据,需业务自行赋值。 4711let encodingBlob: cert.EncodingBlob = { 4712 data: stringToUint8Array(crlData), 4713 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4714 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4715}; 4716 4717cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4718 if (error) { 4719 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4720 } else { 4721 console.log('createX509Crl success'); 4722 x509Crl.getRevokedCerts((error, array) => { 4723 if (error) { 4724 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4725 } else { 4726 console.log('getRevokedCerts success'); 4727 } 4728 }); 4729 } 4730}); 4731``` 4732 4733### getRevokedCerts<sup>(deprecated)</sup> 4734 4735getRevokedCerts() : Promise<Array\<X509CrlEntry>> 4736 4737表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 4738 4739> **说明:** 4740> 4741> 从API version 11开始废弃,建议使用[X509CRL.getRevokedCerts](#getrevokedcerts11-1)替代。 4742 4743**系统能力:** SystemCapability.Security.Cert 4744 4745**返回值**: 4746 4747| 类型 | 说明 | 4748| ---------------------------------------------- | ---------------------- | 4749| Promise<Array\<[X509CrlEntry](#x509crlentrydeprecated)>> | 表示被吊销X509证书列表。 | 4750 4751**错误码:** 4752 4753以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4754 4755| 错误码ID | 错误信息 | 4756| -------- | ----------------------- | 4757| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 4758| 19020001 | memory error. | 4759| 19030001 | crypto operation error. | 4760 4761**示例:** 4762 4763```ts 4764import { cert } from '@kit.DeviceCertificateKit'; 4765import { BusinessError } from '@kit.BasicServicesKit'; 4766 4767// string转Uint8Array。 4768function stringToUint8Array(str: string): Uint8Array { 4769 let arr: Array<number> = []; 4770 for (let i = 0, j = str.length; i < j; i++) { 4771 arr.push(str.charCodeAt(i)); 4772 } 4773 return new Uint8Array(arr); 4774} 4775 4776let crlData = '-----BEGIN X509 CRL-----\n' + 4777 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4778 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4779 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4780 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4781 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4782 'eavsH0Q3\n' + 4783 '-----END X509 CRL-----\n'; 4784 4785// 证书吊销列表二进制数据,需业务自行赋值。 4786let encodingBlob: cert.EncodingBlob = { 4787 data: stringToUint8Array(crlData), 4788 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4789 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4790}; 4791 4792cert.createX509Crl(encodingBlob).then(x509Crl => { 4793 console.log('createX509Crl success'); 4794 x509Crl.getRevokedCerts().then(array => { 4795 console.log('getRevokedCerts success'); 4796 }).catch((error: BusinessError) => { 4797 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4798 }); 4799}).catch((error: BusinessError) => { 4800 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4801}); 4802``` 4803 4804### getTbsInfo<sup>(deprecated)</sup> 4805 4806getTbsInfo() : DataBlob 4807 4808表示获取证书吊销列表的tbsCertList信息。 4809 4810> **说明:** 4811> 4812> 从API version 11开始废弃,建议使用[X509CRL.getTBSInfo](#gettbsinfo11)替代。 4813 4814**系统能力:** SystemCapability.Security.Cert 4815 4816**返回值**: 4817 4818| 类型 | 说明 | 4819| --------------------- | ------------------------------- | 4820| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息。 | 4821 4822**错误码:** 4823 4824以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4825 4826| 错误码ID | 错误信息 | 4827| -------- | ----------------------- | 4828| 19020001 | memory error. | 4829| 19020002 | runtime error. | 4830| 19030001 | crypto operation error. | 4831 4832**示例:** 4833 4834```ts 4835import { cert } from '@kit.DeviceCertificateKit'; 4836import { BusinessError } from '@kit.BasicServicesKit'; 4837 4838// string转Uint8Array。 4839function stringToUint8Array(str: string): Uint8Array { 4840 let arr: Array<number> = []; 4841 for (let i = 0, j = str.length; i < j; i++) { 4842 arr.push(str.charCodeAt(i)); 4843 } 4844 return new Uint8Array(arr); 4845} 4846 4847let crlData = '-----BEGIN X509 CRL-----\n' + 4848 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4849 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4850 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4851 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4852 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4853 'eavsH0Q3\n' + 4854 '-----END X509 CRL-----\n'; 4855 4856// 证书吊销列表二进制数据,需业务自行赋值。 4857let encodingBlob: cert.EncodingBlob = { 4858 data: stringToUint8Array(crlData), 4859 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4860 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4861}; 4862 4863cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4864 if (error) { 4865 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4866 } else { 4867 console.log('createX509Crl success'); 4868 try { 4869 let tbsInfo = x509Crl.getTbsInfo(); 4870 } catch (error) { 4871 let e: BusinessError = error as BusinessError; 4872 console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4873 } 4874 } 4875}); 4876``` 4877 4878### getSignature<sup>(deprecated)</sup> 4879 4880getSignature() : DataBlob 4881 4882表示获取X509证书吊销列表的签名数据。 4883 4884> **说明:** 4885> 4886> 从API version 11开始废弃,建议使用[X509CRL.getSignature](#getsignature11)替代。 4887 4888**系统能力:** SystemCapability.Security.Cert 4889 4890**返回值**: 4891 4892| 类型 | 说明 | 4893| --------------------- | ------------------------------ | 4894| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据。 | 4895 4896**错误码:** 4897 4898以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4899 4900| 错误码ID | 错误信息 | 4901| -------- | ----------------------- | 4902| 19020001 | memory error. | 4903| 19020002 | runtime error. | 4904| 19030001 | crypto operation error. | 4905 4906**示例:** 4907 4908```ts 4909import { cert } from '@kit.DeviceCertificateKit'; 4910import { BusinessError } from '@kit.BasicServicesKit'; 4911 4912// string转Uint8Array。 4913function stringToUint8Array(str: string): Uint8Array { 4914 let arr: Array<number> = []; 4915 for (let i = 0, j = str.length; i < j; i++) { 4916 arr.push(str.charCodeAt(i)); 4917 } 4918 return new Uint8Array(arr); 4919} 4920 4921let crlData = '-----BEGIN X509 CRL-----\n' + 4922 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4923 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4924 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4925 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 4926 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 4927 'eavsH0Q3\n' + 4928 '-----END X509 CRL-----\n'; 4929 4930// 证书吊销列表二进制数据,需业务自行赋值。 4931let encodingBlob: cert.EncodingBlob = { 4932 data: stringToUint8Array(crlData), 4933 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 4934 encodingFormat: cert.EncodingFormat.FORMAT_PEM 4935}; 4936 4937cert.createX509Crl(encodingBlob, (error, x509Crl) => { 4938 if (error) { 4939 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 4940 } else { 4941 console.log('createX509Crl success'); 4942 try { 4943 let signature = x509Crl.getSignature(); 4944 } catch (err) { 4945 let e: BusinessError = err as BusinessError; 4946 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 4947 } 4948 } 4949}); 4950``` 4951 4952### getSignatureAlgName<sup>(deprecated)</sup> 4953 4954getSignatureAlgName() : string 4955 4956表示获取X509证书吊销列表签名的算法名称。 4957 4958> **说明:** 4959> 4960> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgName](#getsignaturealgname11)替代。 4961 4962**系统能力:** SystemCapability.Security.Cert 4963 4964**返回值**: 4965 4966| 类型 | 说明 | 4967| ------ | -------------------------------- | 4968| string | 表示X509证书吊销列表签名的算法名。 | 4969 4970**错误码:** 4971 4972以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 4973 4974| 错误码ID | 错误信息 | 4975| -------- | ----------------------- | 4976| 19020001 | memory error. | 4977| 19020002 | runtime error. | 4978| 19030001 | crypto operation error. | 4979 4980**示例:** 4981 4982```ts 4983import { cert } from '@kit.DeviceCertificateKit'; 4984import { BusinessError } from '@kit.BasicServicesKit'; 4985 4986// string转Uint8Array。 4987function stringToUint8Array(str: string): Uint8Array { 4988 let arr: Array<number> = []; 4989 for (let i = 0, j = str.length; i < j; i++) { 4990 arr.push(str.charCodeAt(i)); 4991 } 4992 return new Uint8Array(arr); 4993} 4994 4995let crlData = '-----BEGIN X509 CRL-----\n' + 4996 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 4997 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 4998 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 4999 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5000 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5001 'eavsH0Q3\n' + 5002 '-----END X509 CRL-----\n'; 5003 5004// 证书吊销列表二进制数据,需业务自行赋值。 5005let encodingBlob: cert.EncodingBlob = { 5006 data: stringToUint8Array(crlData), 5007 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5008 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5009}; 5010 5011cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5012 if (error) { 5013 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5014 } else { 5015 console.log('createX509Crl success'); 5016 try { 5017 let sigAlgName = x509Crl.getSignatureAlgName(); 5018 } catch (err) { 5019 let e: BusinessError = err as BusinessError; 5020 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5021 } 5022 } 5023}); 5024``` 5025 5026### getSignatureAlgOid<sup>(deprecated)</sup> 5027 5028getSignatureAlgOid() : string 5029 5030表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 5031 5032> **说明:** 5033> 5034> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgOid](#getsignaturealgoid11)替代。 5035 5036**系统能力:** SystemCapability.Security.Cert 5037 5038**返回值**: 5039 5040| 类型 | 说明 | 5041| ------ | --------------------------------------------- | 5042| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 5043 5044**错误码:** 5045 5046以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5047 5048| 错误码ID | 错误信息 | 5049| -------- | ----------------------- | 5050| 19020001 | memory error. | 5051| 19020002 | runtime error. | 5052| 19030001 | crypto operation error. | 5053 5054**示例:** 5055 5056```ts 5057import { cert } from '@kit.DeviceCertificateKit'; 5058import { BusinessError } from '@kit.BasicServicesKit'; 5059 5060// string转Uint8Array。 5061function stringToUint8Array(str: string): Uint8Array { 5062 let arr: Array<number> = []; 5063 for (let i = 0, j = str.length; i < j; i++) { 5064 arr.push(str.charCodeAt(i)); 5065 } 5066 return new Uint8Array(arr); 5067} 5068 5069let crlData = '-----BEGIN X509 CRL-----\n' + 5070 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5071 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5072 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5073 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5074 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5075 'eavsH0Q3\n' + 5076 '-----END X509 CRL-----\n'; 5077 5078// 证书吊销列表二进制数据,需业务自行赋值。 5079let encodingBlob: cert.EncodingBlob = { 5080 data: stringToUint8Array(crlData), 5081 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5082 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5083}; 5084 5085cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5086 if (error) { 5087 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5088 } else { 5089 console.log('createX509Crl success'); 5090 try { 5091 let sigAlgOid = x509Crl.getSignatureAlgOid(); 5092 } catch (err) { 5093 let e: BusinessError = err as BusinessError; 5094 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5095 } 5096 } 5097}); 5098``` 5099 5100### getSignatureAlgParams<sup>(deprecated)</sup> 5101 5102getSignatureAlgParams() : DataBlob 5103 5104表示获取X509证书吊销列表签名的算法参数。 5105 5106> **说明:** 5107> 5108> 从API version 11开始废弃,建议使用[X509CRL.getSignatureAlgParams](#getsignaturealgparams11)替代。 5109 5110**系统能力:** SystemCapability.Security.Cert 5111 5112**返回值**: 5113 5114| 类型 | 说明 | 5115| --------------------- | ---------------------------------- | 5116| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数。 | 5117 5118**错误码:** 5119 5120以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5121 5122| 错误码ID | 错误信息 | 5123| -------- | ----------------------- | 5124| 801 | this operation is not supported. | 5125| 19020001 | memory error. | 5126| 19020002 | runtime error. | 5127| 19030001 | crypto operation error. | 5128 5129**示例:** 5130 5131```ts 5132import { cert } from '@kit.DeviceCertificateKit'; 5133import { BusinessError } from '@kit.BasicServicesKit'; 5134 5135// string转Uint8Array。 5136function stringToUint8Array(str: string): Uint8Array { 5137 let arr: Array<number> = []; 5138 for (let i = 0, j = str.length; i < j; i++) { 5139 arr.push(str.charCodeAt(i)); 5140 } 5141 return new Uint8Array(arr); 5142} 5143 5144let crlData = '-----BEGIN X509 CRL-----\n' + 5145 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5146 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5147 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5148 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5149 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5150 'eavsH0Q3\n' + 5151 '-----END X509 CRL-----\n'; 5152 5153// 证书吊销列表二进制数据,需业务自行赋值。 5154let encodingBlob: cert.EncodingBlob = { 5155 data: stringToUint8Array(crlData), 5156 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5157 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5158}; 5159 5160cert.createX509Crl(encodingBlob, (error, x509Crl) => { 5161 if (error) { 5162 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5163 } else { 5164 console.log('createX509Crl success'); 5165 try { 5166 let sigAlgParams = x509Crl.getSignatureAlgParams(); 5167 } catch (err) { 5168 let e: BusinessError = err as BusinessError; 5169 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5170 } 5171 } 5172}); 5173``` 5174## X509CRL<sup>11+</sup> 5175 5176被吊销证书列表对象。 5177 5178### isRevoked<sup>11+</sup> 5179 5180isRevoked(cert : X509Cert) : boolean 5181 5182表示检查证书是否吊销。 5183 5184**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5185 5186**系统能力:** SystemCapability.Security.Cert 5187 5188**参数**: 5189 5190| 参数名 | 类型 | 必填 | 说明 | 5191| ------ | -------- | ---- | -------------------- | 5192| cert | [X509Cert](#x509cert) | 是 | 表示被检查的证书对象。 | 5193 5194**返回值**: 5195 5196| 类型 | 说明 | 5197| ------- | ------------------------------------------------- | 5198| boolean | 表示证书吊销状态,true表示已吊销,false表示未吊销。 | 5199 5200**错误码:** 5201 5202以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5203 5204| 错误码ID | 错误信息 | 5205| -------- | ----------------------- | 5206| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5207 5208**示例:** 5209 5210```ts 5211import { cert } from '@kit.DeviceCertificateKit'; 5212import { BusinessError } from '@kit.BasicServicesKit'; 5213 5214// string转Uint8Array。 5215function stringToUint8Array(str: string): Uint8Array { 5216 let arr: Array<number> = []; 5217 for (let i = 0, j = str.length; i < j; i++) { 5218 arr.push(str.charCodeAt(i)); 5219 } 5220 return new Uint8Array(arr); 5221} 5222 5223let crlData = '-----BEGIN X509 CRL-----\n' + 5224 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5225 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5226 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5227 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5228 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5229 'eavsH0Q3\n' + 5230 '-----END X509 CRL-----\n'; 5231 5232let certData = '-----BEGIN CERTIFICATE-----\n' + 5233 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 5234 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 5235 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 5236 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 5237 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + 5238 '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 5239 'BetUokslUfjT6+s/X4ByaxycAA==\n' + 5240 '-----END CERTIFICATE-----\n'; 5241 5242// 证书吊销列表二进制数据,需业务自行赋值。 5243let encodingBlob: cert.EncodingBlob = { 5244 data: stringToUint8Array(crlData), 5245 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5246 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5247}; 5248 5249let certEncodingBlob: cert.EncodingBlob = { 5250 data: stringToUint8Array(certData), 5251 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5252 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5253}; 5254 5255cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5256 if (error) { 5257 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5258 } else { 5259 console.log('createX509CRL success'); 5260 // Create an X509Cert instance. 5261 cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { 5262 if (error) { 5263 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5264 } else { 5265 try { 5266 let revokedFlag = x509CRL.isRevoked(x509Cert); 5267 } catch (error) { 5268 let e: BusinessError = error as BusinessError; 5269 console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5270 } 5271 } 5272 }); 5273 } 5274}); 5275``` 5276 5277### getType<sup>11+</sup> 5278 5279getType() : string 5280 5281表示获取证书吊销列表类型。 5282 5283**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5284 5285**系统能力:** SystemCapability.Security.Cert 5286 5287**返回值**: 5288 5289| 类型 | 说明 | 5290| ------ | -------------------- | 5291| string | 表示证书吊销列表类型。 | 5292 5293**示例:** 5294 5295```ts 5296import { cert } from '@kit.DeviceCertificateKit'; 5297 5298// string转Uint8Array。 5299function stringToUint8Array(str: string): Uint8Array { 5300 let arr: Array<number> = []; 5301 for (let i = 0, j = str.length; i < j; i++) { 5302 arr.push(str.charCodeAt(i)); 5303 } 5304 return new Uint8Array(arr); 5305} 5306 5307let crlData = '-----BEGIN X509 CRL-----\n' + 5308 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5309 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5310 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5311 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5312 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5313 'eavsH0Q3\n' + 5314 '-----END X509 CRL-----\n'; 5315 5316// 证书吊销列表二进制数据,需业务自行赋值。 5317let encodingBlob: cert.EncodingBlob = { 5318 data: stringToUint8Array(crlData), 5319 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5320 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5321}; 5322 5323cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5324 if (error) { 5325 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5326 } else { 5327 console.log('createX509CRL success'); 5328 let type = x509CRL.getType(); 5329 } 5330}); 5331``` 5332 5333### getEncoded<sup>11+</sup> 5334 5335getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 5336 5337表示获取X509证书吊销列表的序列化数据,使用Callback回调异步返回结果。 5338 5339**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5340 5341**系统能力:** SystemCapability.Security.Cert 5342 5343**参数**: 5344 5345| 参数名 | 类型 | 必填 | 说明 | 5346| -------- | --------------------------------------------- | ---- | ------------------------------------------ | 5347| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示X509证书吊销列表的序列化数据。 | 5348 5349**错误码:** 5350 5351以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5352 5353| 错误码ID | 错误信息 | 5354| -------- | ----------------------- | 5355| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5356| 19020001 | memory error. | 5357| 19020002 | runtime error. | 5358| 19030001 | crypto operation error. | 5359 5360**示例:** 5361 5362```ts 5363import { cert } from '@kit.DeviceCertificateKit'; 5364 5365// string转Uint8Array。 5366function stringToUint8Array(str: string): Uint8Array { 5367 let arr: Array<number> = []; 5368 for (let i = 0, j = str.length; i < j; i++) { 5369 arr.push(str.charCodeAt(i)); 5370 } 5371 return new Uint8Array(arr); 5372} 5373 5374let crlData = '-----BEGIN X509 CRL-----\n' + 5375 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5376 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5377 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5378 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5379 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5380 'eavsH0Q3\n' + 5381 '-----END X509 CRL-----\n'; 5382 5383// 证书吊销列表二进制数据,需业务自行赋值。 5384let encodingBlob: cert.EncodingBlob = { 5385 data: stringToUint8Array(crlData), 5386 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5387 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5388}; 5389 5390cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5391 if (error) { 5392 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5393 } else { 5394 console.log('createX509CRL success'); 5395 x509CRL.getEncoded((error, data) => { 5396 if (error) { 5397 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5398 } else { 5399 console.log('getEncoded success'); 5400 } 5401 }); 5402 } 5403}); 5404``` 5405 5406### getEncoded<sup>11+</sup> 5407 5408getEncoded() : Promise\<EncodingBlob> 5409 5410表示获取X509证书吊销列表的序列化数据,使用Promise方式异步返回结果。 5411 5412**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5413 5414**系统能力:** SystemCapability.Security.Cert 5415 5416**返回值**: 5417 5418| 类型 | 说明 | 5419| --------------------------------------- | -------------------------------- | 5420| Promise\<[EncodingBlob](#encodingblob)> | 表示X509证书吊销列表的序列化数据。 | 5421**错误码:** 5422 5423以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5424 5425| 错误码ID | 错误信息 | 5426| -------- | ----------------------- | 5427| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 5428| 19020001 | memory error. | 5429| 19020002 | runtime error. | 5430| 19030001 | crypto operation error. | 5431 5432**示例:** 5433 5434```ts 5435import { cert } from '@kit.DeviceCertificateKit'; 5436import { BusinessError } from '@kit.BasicServicesKit'; 5437 5438// string转Uint8Array。 5439function stringToUint8Array(str: string): Uint8Array { 5440 let arr: Array<number> = []; 5441 for (let i = 0, j = str.length; i < j; i++) { 5442 arr.push(str.charCodeAt(i)); 5443 } 5444 return new Uint8Array(arr); 5445} 5446 5447let crlData = '-----BEGIN X509 CRL-----\n' + 5448 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5449 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5450 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5451 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5452 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5453 'eavsH0Q3\n' + 5454 '-----END X509 CRL-----\n'; 5455 5456// 证书吊销列表二进制数据,需业务自行赋值。 5457let encodingBlob: cert.EncodingBlob = { 5458 data: stringToUint8Array(crlData), 5459 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5460 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5461}; 5462 5463cert.createX509CRL(encodingBlob).then(x509CRL => { 5464 console.log('createX509CRL success'); 5465 x509CRL.getEncoded().then(result => { 5466 console.log('getEncoded success'); 5467 }).catch((error: BusinessError) => { 5468 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5469 }); 5470}).catch((error: BusinessError) => { 5471 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5472}); 5473``` 5474 5475### verify<sup>11+</sup> 5476 5477verify(key : cryptoFramework.PubKey, callback : AsyncCallback\<void>) : void 5478 5479表示对X509证书吊销列表进行验签,使用Callback回调异步返回结果。验签支持RSA算法。 5480 5481**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5482 5483**系统能力:** SystemCapability.Security.Cert 5484 5485**参数**: 5486 5487| 参数名 | 类型 | 必填 | 说明 | 5488| -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | 5489| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 5490| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否验签成功,error为null表示成功,error不为null表示失败。 | 5491 5492**错误码:** 5493 5494以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5495 5496| 错误码ID | 错误信息 | 5497| -------- | ----------------------- | 5498| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5499| 19030001 | crypto operation error. | 5500 5501**示例:** 5502 5503```ts 5504import { cert } from '@kit.DeviceCertificateKit'; 5505import { cryptoFramework } from '@kit.CryptoArchitectureKit'; 5506import { BusinessError } from '@kit.BasicServicesKit'; 5507 5508// string转Uint8Array。 5509function stringToUint8Array(str: string): Uint8Array { 5510 let arr: Array<number> = []; 5511 for (let i = 0, j = str.length; i < j; i++) { 5512 arr.push(str.charCodeAt(i)); 5513 } 5514 return new Uint8Array(arr); 5515} 5516 5517let crlData = '-----BEGIN X509 CRL-----\n' + 5518 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5519 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5520 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5521 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5522 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5523 'eavsH0Q3\n' + 5524 '-----END X509 CRL-----\n'; 5525 5526let pubKeyData = new Uint8Array([ 5527 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5528 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5529 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5530 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5531 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5532 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5533 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5534 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5535 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5536 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5537 0x00, 0x01 5538]); 5539 5540let priKeyData = new Uint8Array([ 5541 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5542 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5543 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5544 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5545 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5546 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5547 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5548 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5549 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5550 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5551 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5552 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5553 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5554 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5555 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5556 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5557 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5558 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5559 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5560 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5561 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5562 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5563 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5564 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5565 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5566 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5567 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5568 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5569 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5570 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5571 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5572 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5573 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5574 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5575 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5576 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5577 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5578 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5579 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5580 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5581]); 5582 5583// 证书吊销列表二进制数据,需业务自行赋值。 5584let encodingBlob: cert.EncodingBlob = { 5585 data: stringToUint8Array(crlData), 5586 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5587 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5588}; 5589 5590cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5591 if (error) { 5592 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5593 } else { 5594 console.log('createX509Crl success'); 5595 try { 5596 // Generate the public key by AsyKeyGenerator. 5597 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5598 console.log('createAsyKeyGenerator success'); 5599 let priEncodingBlob: cryptoFramework.DataBlob = { 5600 data: priKeyData, 5601 }; 5602 let pubEncodingBlob: cryptoFramework.DataBlob = { 5603 data: pubKeyData, 5604 }; 5605 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { 5606 if (e) { 5607 console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); 5608 } else { 5609 console.log('convert key success'); 5610 x509CRL.verify(keyPair.pubKey, (err, data) => { 5611 if (err) { 5612 console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); 5613 } else { 5614 console.log('verify success'); 5615 } 5616 }); 5617 } 5618 }) 5619 } catch (error) { 5620 let e: BusinessError = error as BusinessError; 5621 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5622 } 5623 } 5624}); 5625``` 5626 5627### verify<sup>11+</sup> 5628 5629verify(key : cryptoFramework.PubKey) : Promise\<void> 5630 5631表示对X509证书吊销列表进行验签,使用Promise方式异步返回结果。验签支持RSA算法。 5632 5633**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5634 5635**系统能力:** SystemCapability.Security.Cert 5636 5637**参数**: 5638 5639| 参数名 | 类型 | 必填 | 说明 | 5640| ------ | ----------------------------------------------------------- | ---- | ------------------------ | 5641| key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | 是 | 表示用于验签的公钥对象。 | 5642 5643**返回值**: 5644 5645| 类型 | 说明 | 5646| -------------- | ----------- | 5647| Promise\<void> | Promise对象。 | 5648 5649**错误码:** 5650 5651以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5652 5653| 错误码ID | 错误信息 | 5654| -------- | ----------------------- | 5655| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 5656| 19030001 | crypto operation error. | 5657 5658**示例:** 5659 5660```ts 5661import { cert } from '@kit.DeviceCertificateKit'; 5662import { cryptoFramework } from '@kit.CryptoArchitectureKit' 5663import { BusinessError } from '@kit.BasicServicesKit'; 5664 5665// string转Uint8Array。 5666function stringToUint8Array(str: string): Uint8Array { 5667 let arr: Array<number> = []; 5668 for (let i = 0, j = str.length; i < j; i++) { 5669 arr.push(str.charCodeAt(i)); 5670 } 5671 return new Uint8Array(arr); 5672} 5673 5674let crlData = '-----BEGIN X509 CRL-----\n' + 5675 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5676 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5677 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5678 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5679 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5680 'eavsH0Q3\n' + 5681 '-----END X509 CRL-----\n'; 5682 5683let pubKeyData = new Uint8Array([ 5684 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 5685 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 5686 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 5687 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 5688 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 5689 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 5690 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 5691 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 5692 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 5693 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 5694 0x00, 0x01 5695]); 5696 5697let priKeyData = new Uint8Array([ 5698 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 5699 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 5700 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 5701 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 5702 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 5703 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 5704 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 5705 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 5706 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 5707 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 5708 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 5709 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 5710 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 5711 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 5712 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 5713 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 5714 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 5715 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 5716 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 5717 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 5718 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 5719 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 5720 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 5721 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 5722 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 5723 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 5724 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 5725 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 5726 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 5727 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 5728 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 5729 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 5730 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 5731 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 5732 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 5733 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 5734 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 5735 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 5736 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 5737 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D 5738]); 5739 5740// 证书吊销列表二进制数据,需业务自行赋值。 5741let encodingBlob: cert.EncodingBlob = { 5742 data: stringToUint8Array(crlData), 5743 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5744 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5745}; 5746 5747cert.createX509CRL(encodingBlob).then(x509CRL => { 5748 console.log('createX509Crl success'); 5749 5750 try { 5751 // 生成公钥对象。 5752 let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); 5753 console.log('createAsyKeyGenerator success'); 5754 let priEncodingBlob: cryptoFramework.DataBlob = { 5755 data: priKeyData, 5756 }; 5757 let pubEncodingBlob: cryptoFramework.DataBlob = { 5758 data: pubKeyData, 5759 }; 5760 keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { 5761 console.log('convert key success'); 5762 x509CRL.verify(keyPair.pubKey).then(result => { 5763 console.log('verify success'); 5764 }).catch((error: BusinessError) => { 5765 console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5766 }); 5767 }).catch((error: BusinessError) => { 5768 console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); 5769 }); 5770 } catch (error) { 5771 let e: BusinessError = error as BusinessError; 5772 console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5773 } 5774}).catch((error: BusinessError) => { 5775 console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5776}); 5777``` 5778 5779### getVersion<sup>11+</sup> 5780 5781getVersion() : number 5782 5783表示获取X509证书吊销列表的版本号。 5784 5785**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5786 5787**系统能力:** SystemCapability.Security.Cert 5788 5789**返回值**: 5790 5791| 类型 | 说明 | 5792| ------ | -------------------------------- | 5793| number | 表示获取X509证书吊销列表的版本号。 | 5794 5795**示例:** 5796 5797```ts 5798import { cert } from '@kit.DeviceCertificateKit'; 5799 5800// string转Uint8Array。 5801function stringToUint8Array(str: string): Uint8Array { 5802 let arr: Array<number> = []; 5803 for (let i = 0, j = str.length; i < j; i++) { 5804 arr.push(str.charCodeAt(i)); 5805 } 5806 return new Uint8Array(arr); 5807} 5808 5809let crlData = '-----BEGIN X509 CRL-----\n' + 5810 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5811 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5812 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5813 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5814 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5815 'eavsH0Q3\n' + 5816 '-----END X509 CRL-----\n'; 5817 5818// 证书吊销列表二进制数据,需业务自行赋值。 5819let encodingBlob: cert.EncodingBlob = { 5820 data: stringToUint8Array(crlData), 5821 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5822 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5823}; 5824 5825cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5826 if (error) { 5827 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5828 } else { 5829 console.log('createX509CRL success'); 5830 let version = x509CRL.getVersion(); 5831 } 5832}); 5833``` 5834 5835### getIssuerName<sup>11+</sup> 5836 5837getIssuerName() : DataBlob 5838 5839表示获取X509证书吊销列表颁发者名称。 5840 5841> **说明:** 5842> 5843> 获取到的X509证书吊销列表颁发者名称数据带字符串结束符。 5844 5845**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5846 5847**系统能力:** SystemCapability.Security.Cert 5848 5849**返回值**: 5850 5851| 类型 | 说明 | 5852| --------------------- | ------------------------------ | 5853| [DataBlob](#datablob) | 表示X509证书吊销列表颁发者名称。 | 5854 5855**错误码:** 5856 5857以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5858 5859| 错误码ID | 错误信息 | 5860| -------- | ----------------------- | 5861| 19020001 | memory error. | 5862| 19020002 | runtime error. | 5863| 19030001 | crypto operation error. | 5864 5865**示例:** 5866 5867```ts 5868import { cert } from '@kit.DeviceCertificateKit'; 5869import { BusinessError } from '@kit.BasicServicesKit'; 5870 5871// string转Uint8Array。 5872function stringToUint8Array(str: string): Uint8Array { 5873 let arr: Array<number> = []; 5874 for (let i = 0, j = str.length; i < j; i++) { 5875 arr.push(str.charCodeAt(i)); 5876 } 5877 return new Uint8Array(arr); 5878} 5879 5880let crlData = '-----BEGIN X509 CRL-----\n' + 5881 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5882 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5883 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5884 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5885 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5886 'eavsH0Q3\n' + 5887 '-----END X509 CRL-----\n'; 5888 5889// 证书吊销列表二进制数据,需业务自行赋值。 5890let encodingBlob: cert.EncodingBlob = { 5891 data: stringToUint8Array(crlData), 5892 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5893 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5894}; 5895 5896cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5897 if (error) { 5898 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5899 } else { 5900 console.log('createX509CRL success'); 5901 try { 5902 let issuerName = x509CRL.getIssuerName(); 5903 } catch (err) { 5904 let e: BusinessError = err as BusinessError; 5905 console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5906 } 5907 } 5908}); 5909``` 5910 5911### getLastUpdate<sup>11+</sup> 5912 5913getLastUpdate() : string 5914 5915表示获取X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 5916 5917**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5918 5919**系统能力:** SystemCapability.Security.Cert 5920 5921**返回值**: 5922 5923| 类型 | 说明 | 5924| ------ | ------------------------------------ | 5925| string | 表示X509证书吊销列表最后一次更新日期,日期为ASN.1时间格式。 | 5926 5927**错误码:** 5928 5929以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 5930 5931| 错误码ID | 错误信息 | 5932| -------- | ----------------------- | 5933| 19020001 | memory error. | 5934| 19020002 | runtime error. | 5935| 19030001 | crypto operation error. | 5936 5937**示例:** 5938 5939```ts 5940import { cert } from '@kit.DeviceCertificateKit'; 5941import { BusinessError } from '@kit.BasicServicesKit'; 5942 5943// string转Uint8Array。 5944function stringToUint8Array(str: string): Uint8Array { 5945 let arr: Array<number> = []; 5946 for (let i = 0, j = str.length; i < j; i++) { 5947 arr.push(str.charCodeAt(i)); 5948 } 5949 return new Uint8Array(arr); 5950} 5951 5952let crlData = '-----BEGIN X509 CRL-----\n' + 5953 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 5954 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 5955 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 5956 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 5957 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 5958 'eavsH0Q3\n' + 5959 '-----END X509 CRL-----\n'; 5960 5961// 证书吊销列表二进制数据,需业务自行赋值。 5962let encodingBlob: cert.EncodingBlob = { 5963 data: stringToUint8Array(crlData), 5964 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 5965 encodingFormat: cert.EncodingFormat.FORMAT_PEM 5966}; 5967 5968cert.createX509CRL(encodingBlob, (error, x509CRL) => { 5969 if (error) { 5970 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 5971 } else { 5972 console.log('createX509CRL success'); 5973 try { 5974 let lastUpdate = x509CRL.getLastUpdate(); 5975 } catch (err) { 5976 let e: BusinessError = err as BusinessError; 5977 console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 5978 } 5979 } 5980}); 5981``` 5982 5983### getNextUpdate<sup>11+</sup> 5984 5985getNextUpdate() : string 5986 5987表示获取证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 5988 5989**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 5990 5991**系统能力:** SystemCapability.Security.Cert 5992 5993**返回值**: 5994 5995| 类型 | 说明 | 5996| ------ | ------------------------------------ | 5997| string | 表示X509证书吊销列表下一次更新的日期,日期为ASN.1时间格式。 | 5998 5999**错误码:** 6000 6001以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6002 6003| 错误码ID | 错误信息 | 6004| -------- | ----------------------- | 6005| 19020001 | memory error. | 6006| 19020002 | runtime error. | 6007| 19030001 | crypto operation error. | 6008 6009**示例:** 6010 6011```ts 6012import { cert } from '@kit.DeviceCertificateKit'; 6013import { BusinessError } from '@kit.BasicServicesKit'; 6014 6015// string转Uint8Array。 6016function stringToUint8Array(str: string): Uint8Array { 6017 let arr: Array<number> = []; 6018 for (let i = 0, j = str.length; i < j; i++) { 6019 arr.push(str.charCodeAt(i)); 6020 } 6021 return new Uint8Array(arr); 6022} 6023 6024let crlData = '-----BEGIN X509 CRL-----\n' + 6025 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6026 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6027 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6028 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6029 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6030 'eavsH0Q3\n' + 6031 '-----END X509 CRL-----\n'; 6032 6033// 证书吊销列表二进制数据,需业务自行赋值。 6034let encodingBlob: cert.EncodingBlob = { 6035 data: stringToUint8Array(crlData), 6036 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6037 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6038}; 6039 6040cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6041 if (error) { 6042 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6043 } else { 6044 console.log('createX509CRL success'); 6045 try { 6046 let nextUpdate = x509CRL.getNextUpdate(); 6047 } catch (err) { 6048 let e: BusinessError = err as BusinessError; 6049 console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6050 } 6051 } 6052}); 6053``` 6054 6055### getRevokedCert<sup>11+</sup> 6056 6057getRevokedCert(serialNumber : bigint) : X509CRLEntry 6058 6059表示通过指定证书序列号获取被吊销X509证书对象。 6060 6061**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6062 6063**系统能力:** SystemCapability.Security.Cert 6064 6065**参数**: 6066 6067| 参数名 | 类型 | 必填 | 说明 | 6068| ------------ | ------ | ---- | -------------- | 6069| serialNumber | bigint | 是 | 表示证书序列号。 | 6070 6071**返回值**: 6072 6073| 类型 | 说明 | 6074| ------------------------------- | ---------------------- | 6075| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象。 | 6076 6077**错误码:** 6078 6079以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6080 6081| 错误码ID | 错误信息 | 6082| -------- | ----------------------- | 6083| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6084| 19020001 | memory error. | 6085| 19030001 | crypto operation error. | 6086 6087**示例:** 6088 6089```ts 6090import { cert } from '@kit.DeviceCertificateKit'; 6091import { BusinessError } from '@kit.BasicServicesKit'; 6092 6093// string转Uint8Array。 6094function stringToUint8Array(str: string): Uint8Array { 6095 let arr: Array<number> = []; 6096 for (let i = 0, j = str.length; i < j; i++) { 6097 arr.push(str.charCodeAt(i)); 6098 } 6099 return new Uint8Array(arr); 6100} 6101 6102let crlData = '-----BEGIN X509 CRL-----\n' + 6103 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6104 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6105 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6106 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6107 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6108 'eavsH0Q3\n' + 6109 '-----END X509 CRL-----\n'; 6110 6111// 证书吊销列表二进制数据,需业务自行赋值。 6112let encodingBlob: cert.EncodingBlob = { 6113 data: stringToUint8Array(crlData), 6114 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6115 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6116}; 6117 6118cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6119 if (error) { 6120 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6121 } else { 6122 console.log('createX509CRL success'); 6123 let serialNumber = BigInt(1000); 6124 try { 6125 let entry = x509CRL.getRevokedCert(serialNumber); 6126 } catch (error) { 6127 let e: BusinessError = error as BusinessError; 6128 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6129 } 6130 } 6131}); 6132``` 6133 6134### getRevokedCertWithCert<sup>11+</sup> 6135 6136getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry 6137 6138表示通过指定证书对象获取被吊销X509证书对象。 6139 6140**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6141 6142**系统能力:** SystemCapability.Security.Cert 6143 6144**参数**: 6145 6146| 参数名 | 类型 | 必填 | 说明 | 6147| ------ | --------------------- | ---- | ------------ | 6148| cert | [X509Cert](#x509cert) | 是 | 表示证书对象。 | 6149 6150**返回值**: 6151 6152| 类型 | 说明 | 6153| ------------------------------- | ---------------------- | 6154| [X509CRLEntry](#x509crlentry11) | 表示被吊销X509证书对象。 | 6155 6156**错误码:** 6157 6158以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6159 6160| 错误码ID | 错误信息 | 6161| -------- | ----------------------- | 6162| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6163| 19020001 | memory error. | 6164| 19030001 | crypto operation error. | 6165 6166**示例:** 6167 6168```ts 6169import { cert } from '@kit.DeviceCertificateKit'; 6170import { BusinessError } from '@kit.BasicServicesKit'; 6171 6172// string转Uint8Array。 6173function stringToUint8Array(str: string): Uint8Array { 6174 let arr: Array<number> = []; 6175 for (let i = 0, j = str.length; i < j; i++) { 6176 arr.push(str.charCodeAt(i)); 6177 } 6178 return new Uint8Array(arr); 6179} 6180 6181let crlData = '-----BEGIN X509 CRL-----\n' + 6182 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6183 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6184 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6185 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6186 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6187 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6188 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6189 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6190 '+i2osvdPWRia0dJCL1PCA14k\n' + 6191 '-----END X509 CRL-----\n'; 6192 6193// 证书二进制数据,需业务自行赋值。 6194let certData = '-----BEGIN CERTIFICATE-----\n' + 6195 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 6196 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 6197 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 6198 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 6199 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 6200 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 6201 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 6202 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 6203 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 6204 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 6205 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 6206 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 6207 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 6208 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 6209 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 6210 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 6211 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 6212 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 6213 '-----END CERTIFICATE-----\n'; 6214 6215let certEncodingBlob: cert.EncodingBlob = { 6216 data: stringToUint8Array(certData), 6217 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6218 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6219}; 6220 6221// 证书吊销列表二进制数据,需业务自行赋值。 6222let encodingBlob: cert.EncodingBlob = { 6223 data: stringToUint8Array(crlData), 6224 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6225 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6226}; 6227 6228cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6229 if (error) { 6230 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6231 } else { 6232 console.log('createX509CRL success'); 6233 // 创建X509证书对象。 6234 cert.createX509Cert(certEncodingBlob).then((x509Cert) => { 6235 try { 6236 let entry = x509CRL.getRevokedCertWithCert(x509Cert); 6237 console.log('getRevokedCertWithCert success'); 6238 } catch (error) { 6239 let e: BusinessError = error as BusinessError; 6240 console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6241 } 6242 }).catch((error: BusinessError) => { 6243 console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6244 }) 6245 } 6246}); 6247``` 6248 6249### getRevokedCerts<sup>11+</sup> 6250 6251getRevokedCerts(callback : AsyncCallback<Array\<X509CRLEntry>>) : void 6252 6253表示获取被吊销X509证书列表,使用Callback回调异步返回结果。 6254 6255**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6256 6257**系统能力:** SystemCapability.Security.Cert 6258 6259**参数**: 6260 6261| 参数名 | 类型 | 必填 | 说明 | 6262| -------- | ------------------------------------------------------ | ---- | -------------------------------- | 6263| callback | AsyncCallback<Array\<[X509CRLEntry](#x509crlentry11)>> | 是 | 回调函数,表示被吊销X509证书列表。 | 6264 6265**错误码:** 6266 6267以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6268 6269| 错误码ID | 错误信息 | 6270| -------- | ----------------------- | 6271| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6272| 19020001 | memory error. | 6273| 19030001 | crypto operation error. | 6274 6275**示例:** 6276 6277```ts 6278import { cert } from '@kit.DeviceCertificateKit'; 6279import { BusinessError } from '@kit.BasicServicesKit'; 6280 6281// string转Uint8Array。 6282function stringToUint8Array(str: string): Uint8Array { 6283 let arr: Array<number> = []; 6284 for (let i = 0, j = str.length; i < j; i++) { 6285 arr.push(str.charCodeAt(i)); 6286 } 6287 return new Uint8Array(arr); 6288} 6289 6290let crlData = '-----BEGIN X509 CRL-----\n' + 6291 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6292 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6293 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6294 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6295 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6296 'eavsH0Q3\n' + 6297 '-----END X509 CRL-----\n'; 6298 6299// 证书吊销列表二进制数据,需业务自行赋值。 6300let encodingBlob: cert.EncodingBlob = { 6301 data: stringToUint8Array(crlData), 6302 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6303 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6304}; 6305 6306cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6307 if (error) { 6308 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6309 } else { 6310 console.log('createX509CRL success'); 6311 x509CRL.getRevokedCerts((error, array) => { 6312 if (error) { 6313 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6314 } else { 6315 console.log('getRevokedCerts success'); 6316 } 6317 }); 6318 } 6319}); 6320``` 6321 6322### getRevokedCerts<sup>11+</sup> 6323 6324getRevokedCerts() : Promise<Array\<X509CRLEntry>> 6325 6326表示获取被吊销X509证书列表,使用Promise方式异步返回结果。 6327 6328**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6329 6330**系统能力:** SystemCapability.Security.Cert 6331 6332**返回值**: 6333 6334| 类型 | 说明 | 6335| ------------------------------------------------ | ---------------------- | 6336| Promise<Array\<[X509CRLEntry](#x509crlentry11)>> | 表示被吊销X509证书列表。 | 6337 6338**错误码:** 6339 6340以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6341 6342| 错误码ID | 错误信息 | 6343| -------- | ----------------------- | 6344| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 6345| 19020001 | memory error. | 6346| 19030001 | crypto operation error. | 6347 6348**示例:** 6349 6350```ts 6351import { cert } from '@kit.DeviceCertificateKit'; 6352import { BusinessError } from '@kit.BasicServicesKit'; 6353 6354// string转Uint8Array。 6355function stringToUint8Array(str: string): Uint8Array { 6356 let arr: Array<number> = []; 6357 for (let i = 0, j = str.length; i < j; i++) { 6358 arr.push(str.charCodeAt(i)); 6359 } 6360 return new Uint8Array(arr); 6361} 6362 6363let crlData = '-----BEGIN X509 CRL-----\n' + 6364 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6365 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6366 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6367 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6368 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6369 'eavsH0Q3\n' + 6370 '-----END X509 CRL-----\n'; 6371 6372// 证书吊销列表二进制数据,需业务自行赋值。 6373let encodingBlob: cert.EncodingBlob = { 6374 data: stringToUint8Array(crlData), 6375 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6376 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6377}; 6378 6379cert.createX509CRL(encodingBlob).then(x509CRL => { 6380 console.log('createX509CRL success'); 6381 x509CRL.getRevokedCerts().then(array => { 6382 console.log('getRevokedCerts success'); 6383 }).catch((error: BusinessError) => { 6384 console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6385 }); 6386}).catch((error: BusinessError) => { 6387 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6388}); 6389``` 6390 6391### getSignature<sup>11+</sup> 6392 6393getSignature() : DataBlob 6394 6395表示获取X509证书吊销列表的签名数据。 6396 6397**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6398 6399**系统能力:** SystemCapability.Security.Cert 6400 6401**返回值**: 6402 6403| 类型 | 说明 | 6404| --------------------- | ------------------------------ | 6405| [DataBlob](#datablob) | 表示X509证书吊销列表的签名数据。 | 6406 6407**错误码:** 6408 6409以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6410 6411| 错误码ID | 错误信息 | 6412| -------- | ----------------------- | 6413| 19020001 | memory error. | 6414| 19020002 | runtime error. | 6415| 19030001 | crypto operation error. | 6416 6417**示例:** 6418 6419```ts 6420import { cert } from '@kit.DeviceCertificateKit'; 6421import { BusinessError } from '@kit.BasicServicesKit'; 6422 6423// string转Uint8Array。 6424function stringToUint8Array(str: string): Uint8Array { 6425 let arr: Array<number> = []; 6426 for (let i = 0, j = str.length; i < j; i++) { 6427 arr.push(str.charCodeAt(i)); 6428 } 6429 return new Uint8Array(arr); 6430} 6431 6432let crlData = '-----BEGIN X509 CRL-----\n' + 6433 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6434 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6435 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6436 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6437 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6438 'eavsH0Q3\n' + 6439 '-----END X509 CRL-----\n'; 6440 6441// 证书吊销列表二进制数据,需业务自行赋值。 6442let encodingBlob: cert.EncodingBlob = { 6443 data: stringToUint8Array(crlData), 6444 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6445 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6446}; 6447 6448cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6449 if (error) { 6450 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6451 } else { 6452 console.log('createX509CRL success'); 6453 try { 6454 let signature = x509CRL.getSignature(); 6455 } catch (err) { 6456 let e: BusinessError = err as BusinessError; 6457 console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6458 } 6459 } 6460}); 6461``` 6462 6463### getSignatureAlgName<sup>11+</sup> 6464 6465getSignatureAlgName() : string 6466 6467表示获取X509证书吊销列表签名的算法名称。 6468 6469**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6470 6471**系统能力:** SystemCapability.Security.Cert 6472 6473**返回值**: 6474 6475| 类型 | 说明 | 6476| ------ | -------------------------------- | 6477| string | 表示X509证书吊销列表签名的算法名。 | 6478 6479**错误码:** 6480 6481以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6482 6483| 错误码ID | 错误信息 | 6484| -------- | ----------------------- | 6485| 19020001 | memory error. | 6486| 19020002 | runtime error. | 6487| 19030001 | crypto operation error. | 6488 6489**示例:** 6490 6491```ts 6492import { cert } from '@kit.DeviceCertificateKit'; 6493import { BusinessError } from '@kit.BasicServicesKit'; 6494 6495// string转Uint8Array。 6496function stringToUint8Array(str: string): Uint8Array { 6497 let arr: Array<number> = []; 6498 for (let i = 0, j = str.length; i < j; i++) { 6499 arr.push(str.charCodeAt(i)); 6500 } 6501 return new Uint8Array(arr); 6502} 6503 6504let crlData = '-----BEGIN X509 CRL-----\n' + 6505 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6506 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6507 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6508 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6509 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6510 'eavsH0Q3\n' + 6511 '-----END X509 CRL-----\n'; 6512 6513// 证书吊销列表二进制数据,需业务自行赋值。 6514let encodingBlob: cert.EncodingBlob = { 6515 data: stringToUint8Array(crlData), 6516 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6517 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6518}; 6519 6520cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6521 if (error) { 6522 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6523 } else { 6524 console.log('createX509CRL success'); 6525 try { 6526 let sigAlgName = x509CRL.getSignatureAlgName(); 6527 } catch (err) { 6528 let e: BusinessError = err as BusinessError; 6529 console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6530 } 6531 } 6532}); 6533``` 6534 6535### getSignatureAlgOid<sup>11+</sup> 6536 6537getSignatureAlgOid() : string 6538 6539表示获取X509证书吊销列表签名算法的对象标志符OID(Object Identifier)。OID是由国际标准组织(ISO)的名称注册机构分配。 6540 6541**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6542 6543**系统能力:** SystemCapability.Security.Cert 6544 6545**返回值**: 6546 6547| 类型 | 说明 | 6548| ------ | --------------------------------------------- | 6549| string | 表示X509证书吊销列表签名算法的对象标志符OID。 | 6550 6551**错误码:** 6552 6553以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6554 6555| 错误码ID | 错误信息 | 6556| -------- | ----------------------- | 6557| 19020001 | memory error. | 6558| 19020002 | runtime error. | 6559| 19030001 | crypto operation error. | 6560 6561**示例:** 6562 6563```ts 6564import { cert } from '@kit.DeviceCertificateKit'; 6565import { BusinessError } from '@kit.BasicServicesKit'; 6566 6567// string转Uint8Array。 6568function stringToUint8Array(str: string): Uint8Array { 6569 let arr: Array<number> = []; 6570 for (let i = 0, j = str.length; i < j; i++) { 6571 arr.push(str.charCodeAt(i)); 6572 } 6573 return new Uint8Array(arr); 6574} 6575 6576let crlData = '-----BEGIN X509 CRL-----\n' + 6577 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6578 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6579 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6580 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6581 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6582 'eavsH0Q3\n' + 6583 '-----END X509 CRL-----\n'; 6584 6585// 证书吊销列表二进制数据,需业务自行赋值。 6586let encodingBlob: cert.EncodingBlob = { 6587 data: stringToUint8Array(crlData), 6588 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6589 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6590}; 6591 6592cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6593 if (error) { 6594 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6595 } else { 6596 console.log('createX509CRL success'); 6597 try { 6598 let sigAlgOid = x509CRL.getSignatureAlgOid(); 6599 } catch (err) { 6600 let e: BusinessError = err as BusinessError; 6601 console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6602 } 6603 } 6604}); 6605``` 6606 6607### getSignatureAlgParams<sup>11+</sup> 6608 6609getSignatureAlgParams() : DataBlob 6610 6611表示获取X509证书吊销列表签名的算法参数。 6612 6613**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6614 6615**系统能力:** SystemCapability.Security.Cert 6616 6617**返回值**: 6618 6619| 类型 | 说明 | 6620| --------------------- | ---------------------------------- | 6621| [DataBlob](#datablob) | 表示X509证书吊销列表签名的算法参数。 | 6622 6623**错误码:** 6624 6625以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6626 6627| 错误码ID | 错误信息 | 6628| -------- | ----------------------- | 6629| 801 | this operation is not supported. | 6630| 19020001 | memory error. | 6631| 19020002 | runtime error. | 6632| 19030001 | crypto operation error. | 6633 6634**示例:** 6635 6636```ts 6637import { cert } from '@kit.DeviceCertificateKit'; 6638import { BusinessError } from '@kit.BasicServicesKit'; 6639 6640// string转Uint8Array。 6641function stringToUint8Array(str: string): Uint8Array { 6642 let arr: Array<number> = []; 6643 for (let i = 0, j = str.length; i < j; i++) { 6644 arr.push(str.charCodeAt(i)); 6645 } 6646 return new Uint8Array(arr); 6647} 6648 6649let crlData = '-----BEGIN X509 CRL-----\n' + 6650 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6651 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6652 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6653 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6654 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6655 'eavsH0Q3\n' + 6656 '-----END X509 CRL-----\n'; 6657 6658// 证书吊销列表二进制数据,需业务自行赋值。 6659let encodingBlob: cert.EncodingBlob = { 6660 data: stringToUint8Array(crlData), 6661 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6662 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6663}; 6664 6665cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6666 if (error) { 6667 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6668 } else { 6669 console.log('createX509CRL success'); 6670 try { 6671 let sigAlgParams = x509CRL.getSignatureAlgParams(); 6672 } catch (err) { 6673 let e: BusinessError = err as BusinessError; 6674 console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6675 } 6676 } 6677}); 6678``` 6679 6680### getTBSInfo<sup>11+</sup> 6681 6682getTBSInfo() : DataBlob 6683 6684表示获取证书吊销列表的tbsCertList信息。 6685 6686**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6687 6688**系统能力:** SystemCapability.Security.Cert 6689 6690**返回值**: 6691 6692| 类型 | 说明 | 6693| --------------------- | --------------------------------- | 6694| [DataBlob](#datablob) | 表示证书吊销列表的tbsCertList信息。 | 6695 6696**错误码:** 6697 6698以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6699 6700| 错误码ID | 错误信息 | 6701| -------- | ----------------------- | 6702| 19020001 | memory error. | 6703| 19020002 | runtime error. | 6704| 19030001 | crypto operation error. | 6705 6706**示例:** 6707 6708```ts 6709import { cert } from '@kit.DeviceCertificateKit'; 6710import { BusinessError } from '@kit.BasicServicesKit'; 6711 6712// string转Uint8Array。 6713function stringToUint8Array(str: string): Uint8Array { 6714 let arr: Array<number> = []; 6715 for (let i = 0, j = str.length; i < j; i++) { 6716 arr.push(str.charCodeAt(i)); 6717 } 6718 return new Uint8Array(arr); 6719} 6720 6721let crlData = '-----BEGIN X509 CRL-----\n' + 6722 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6723 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6724 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6725 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6726 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6727 'eavsH0Q3\n' + 6728 '-----END X509 CRL-----\n'; 6729 6730// 证书吊销列表二进制数据,需业务自行赋值。 6731let encodingBlob: cert.EncodingBlob = { 6732 data: stringToUint8Array(crlData), 6733 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6734 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6735}; 6736 6737cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6738 if (error) { 6739 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6740 } else { 6741 console.log('createX509CRL success'); 6742 try { 6743 let tbsInfo = x509CRL.getTBSInfo(); 6744 } catch (error) { 6745 let e: BusinessError = error as BusinessError; 6746 console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6747 } 6748 } 6749}); 6750``` 6751 6752### getExtensions<sup>11+</sup> 6753 6754getExtensions(): DataBlob 6755 6756表示获取CRL的扩展。 6757 6758**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6759 6760**系统能力:** SystemCapability.Security.Cert 6761 6762**返回值**: 6763 6764| 类型 | 说明 | 6765| --------------------- | ------------------- | 6766| [DataBlob](#datablob) | 表示X509CRL扩展用途。 | 6767 6768**错误码:** 6769 6770以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6771 6772| 错误码ID | 错误信息 | 6773| -------- | ----------------------- | 6774| 19020001 | memory error. | 6775| 19020002 | runtime error. | 6776| 19030001 | crypto operation error. | 6777 6778**示例:** 6779 6780```ts 6781import { cert } from '@kit.DeviceCertificateKit'; 6782import { BusinessError } from '@kit.BasicServicesKit'; 6783 6784// string转Uint8Array。 6785function stringToUint8Array(str: string): Uint8Array { 6786 let arr: Array<number> = []; 6787 for (let i = 0, j = str.length; i < j; i++) { 6788 arr.push(str.charCodeAt(i)); 6789 } 6790 return new Uint8Array(arr); 6791} 6792 6793let crlData = '-----BEGIN X509 CRL-----\n' + 6794 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 6795 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 6796 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 6797 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 6798 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 6799 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 6800 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 6801 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 6802 '+i2osvdPWRia0dJCL1PCA14k\n' + 6803 '-----END X509 CRL-----\n'; 6804 6805// 证书吊销列表二进制数据,需业务自行赋值。 6806let encodingBlob: cert.EncodingBlob = { 6807 data: stringToUint8Array(crlData), 6808 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6809 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6810}; 6811 6812cert.createX509CRL(encodingBlob, (error, x509CRL) => { 6813 if (error) { 6814 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6815 } else { 6816 console.log('createX509CRL success'); 6817 try { 6818 let extensions = x509CRL.getExtensions(); 6819 } catch (error) { 6820 let e: BusinessError = error as BusinessError; 6821 console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6822 } 6823 } 6824}); 6825``` 6826 6827### match<sup>11+</sup> 6828 6829match(param: X509CRLMatchParameters): boolean 6830 6831判断证书吊销列表是否与输入参数匹配。 6832 6833**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6834 6835**系统能力:** SystemCapability.Security.Cert 6836 6837**参数**: 6838 6839| 参数名 | 类型 | 必填 | 说明 | 6840| --------- | ------ | ---- | ------------------------------------------ | 6841| param | [X509CRLMatchParameters](#x509crlmatchparameters11)| 是 | 表示需要匹配的参数。 | 6842 6843**返回值**: 6844 6845| 类型 | 说明 | 6846| --------------------- | ----------------------------------------- | 6847| boolean | 当参数匹配时,该方法返回true,否则返回false。 | 6848 6849**错误码:** 6850 6851以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6852 6853| 错误码ID | 错误信息 | 6854| -------- | -------------- | 6855| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 6856| 19020001 | memory error. | 6857| 19030001 | crypto operation error. | 6858 6859**示例:** 6860 6861```ts 6862import { cert } from '@kit.DeviceCertificateKit'; 6863import { BusinessError } from '@kit.BasicServicesKit'; 6864 6865// string转Uint8Array。 6866function stringToUint8Array(str: string): Uint8Array { 6867 let arr: Array<number> = []; 6868 for (let i = 0, j = str.length; i < j; i++) { 6869 arr.push(str.charCodeAt(i)); 6870 } 6871 return new Uint8Array(arr); 6872} 6873 6874let crlData = '-----BEGIN X509 CRL-----\n' + 6875 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6876 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6877 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6878 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6879 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6880 'eavsH0Q3\n' + 6881 '-----END X509 CRL-----\n'; 6882 6883// 证书吊销列表二进制数据,需业务自行赋值。 6884let crlEncodingBlob: cert.EncodingBlob = { 6885 data: stringToUint8Array(crlData), 6886 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6887 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6888}; 6889 6890const certData = "-----BEGIN CERTIFICATE-----\r\n" + 6891 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 6892 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 6893 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 6894 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 6895 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 6896 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 6897 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 6898 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 6899 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 6900 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 6901 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 6902 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 6903 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 6904 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 6905 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 6906 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 6907 "-----END CERTIFICATE-----\r\n"; 6908const certEncodingBlob: cert.EncodingBlob = { 6909 data: stringToUint8Array(certData), 6910 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 6911}; 6912 6913async function crlMatch() { 6914 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 6915 try { 6916 x509Cert = await cert.createX509Cert(certEncodingBlob); 6917 console.log('createX509Cert success'); 6918 } catch (err) { 6919 console.error('createX509Cert failed'); 6920 } 6921 6922 cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { 6923 if (error) { 6924 console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); 6925 } else { 6926 console.log('createX509CRL success'); 6927 try { 6928 const param: cert.X509CRLMatchParameters = { 6929 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 6930 x509Cert: x509Cert 6931 } 6932 const result = x509CRL.match(param); 6933 } catch (error) { 6934 let e: BusinessError = error as BusinessError; 6935 console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); 6936 } 6937 } 6938 }); 6939} 6940``` 6941 6942### getIssuerX500DistinguishedName<sup>12+</sup> 6943 6944getIssuerX500DistinguishedName(): X500DistinguishedName 6945 6946获取颁发者的X509可分辨名称。 6947 6948**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 6949 6950**系统能力:** SystemCapability.Security.Cert 6951 6952**返回值**: 6953 6954| 类型 | 说明 | 6955| --------------------- | ----------------------------------------- | 6956| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。 | 6957 6958**错误码:** 6959 6960以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 6961 6962| 错误码ID | 错误信息 | 6963| -------- | -------------- | 6964| 19020001 | memory error. | 6965| 19020002 | runtime error. | 6966| 19030001 | crypto operation error. | 6967 6968**示例:** 6969 6970```ts 6971import { cert } from '@kit.DeviceCertificateKit'; 6972import { BusinessError } from '@kit.BasicServicesKit'; 6973 6974// string转Uint8Array。 6975function stringToUint8Array(str: string): Uint8Array { 6976 let arr: Array<number> = []; 6977 for (let i = 0, j = str.length; i < j; i++) { 6978 arr.push(str.charCodeAt(i)); 6979 } 6980 return new Uint8Array(arr); 6981} 6982 6983let crlData = '-----BEGIN X509 CRL-----\n' + 6984 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 6985 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 6986 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 6987 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 6988 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 6989 'eavsH0Q3\n' + 6990 '-----END X509 CRL-----\n'; 6991 6992// 证书吊销列表二进制数据,需业务自行赋值。 6993let crlEncodingBlob: cert.EncodingBlob = { 6994 data: stringToUint8Array(crlData), 6995 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 6996 encodingFormat: cert.EncodingFormat.FORMAT_PEM 6997}; 6998 6999async function crlGetIssuerX500DistinguishedName() { 7000 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7001 try { 7002 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7003 console.log('createX509CRL success'); 7004 let name = x509Crl.getIssuerX500DistinguishedName(); 7005 } catch (err) { 7006 let e: BusinessError = err as BusinessError; 7007 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7008 } 7009} 7010``` 7011 7012### toString<sup>12+</sup> 7013 7014toString(): string 7015 7016获取对象的字符串类型数据。 7017 7018**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7019 7020**系统能力:** SystemCapability.Security.Cert 7021 7022**返回值**: 7023 7024| 类型 | 说明 | 7025| --------------------- | ----------------------------------------- | 7026| string | 对象的字符串类型数据。 | 7027 7028**错误码:** 7029 7030以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7031 7032| 错误码ID | 错误信息 | 7033| -------- | -------------- | 7034| 19020001 | memory error. | 7035| 19020002 | runtime error. | 7036| 19030001 | crypto operation error. | 7037 7038**示例:** 7039 7040```ts 7041import { cert } from '@kit.DeviceCertificateKit'; 7042import { BusinessError } from '@kit.BasicServicesKit'; 7043 7044// string转Uint8Array。 7045function stringToUint8Array(str: string): Uint8Array { 7046 let arr: Array<number> = []; 7047 for (let i = 0, j = str.length; i < j; i++) { 7048 arr.push(str.charCodeAt(i)); 7049 } 7050 return new Uint8Array(arr); 7051} 7052 7053let crlData = '-----BEGIN X509 CRL-----\n' + 7054 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7055 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7056 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7057 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7058 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7059 'eavsH0Q3\n' + 7060 '-----END X509 CRL-----\n'; 7061 7062// 证书吊销列表二进制数据,需业务自行赋值。 7063let crlEncodingBlob: cert.EncodingBlob = { 7064 data: stringToUint8Array(crlData), 7065 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7066 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7067}; 7068 7069async function crlToString() { 7070 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7071 try { 7072 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7073 console.log('createX509CRL success'); 7074 console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); 7075 } catch (err) { 7076 let e: BusinessError = err as BusinessError; 7077 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7078 } 7079} 7080``` 7081 7082### hashCode<sup>12+</sup> 7083 7084hashCode(): Uint8Array 7085 7086获取DER格式数据的哈希值。 7087 7088**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7089 7090**系统能力:** SystemCapability.Security.Cert 7091 7092**返回值**: 7093 7094| 类型 | 说明 | 7095| --------------------- | ----------------------------------------- | 7096| Uint8Array | DER格式数据的哈希值。 | 7097 7098**错误码:** 7099 7100以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7101 7102| 错误码ID | 错误信息 | 7103| -------- | -------------- | 7104| 19020001 | memory error. | 7105| 19020002 | runtime error. | 7106| 19030001 | crypto operation error. | 7107 7108**示例:** 7109 7110```ts 7111import { cert } from '@kit.DeviceCertificateKit'; 7112import { BusinessError } from '@kit.BasicServicesKit'; 7113 7114// string转Uint8Array。 7115function stringToUint8Array(str: string): Uint8Array { 7116 let arr: Array<number> = []; 7117 for (let i = 0, j = str.length; i < j; i++) { 7118 arr.push(str.charCodeAt(i)); 7119 } 7120 return new Uint8Array(arr); 7121} 7122 7123let crlData = '-----BEGIN X509 CRL-----\n' + 7124 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7125 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7126 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7127 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7128 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7129 'eavsH0Q3\n' + 7130 '-----END X509 CRL-----\n'; 7131 7132// 证书吊销列表二进制数据,需业务自行赋值。 7133let crlEncodingBlob: cert.EncodingBlob = { 7134 data: stringToUint8Array(crlData), 7135 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7136 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7137}; 7138 7139async function crlHashCode() { 7140 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7141 try { 7142 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7143 console.log('createX509CRL success'); 7144 console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); 7145 } catch (err) { 7146 let e: BusinessError = err as BusinessError; 7147 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7148 } 7149} 7150``` 7151 7152### getExtensionsObject<sup>12+</sup> 7153 7154getExtensionsObject(): CertExtension 7155 7156获取对应实体的扩展域DER格式数据。 7157 7158**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7159 7160**系统能力:** SystemCapability.Security.Cert 7161 7162**返回值**: 7163 7164| 类型 | 说明 | 7165| --------------------- | ----------------------------------------- | 7166| [CertExtension](#certextension10) | 证书扩展域段类对象。| 7167 7168**错误码:** 7169 7170以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7171 7172| 错误码ID | 错误信息 | 7173| -------- | -------------- | 7174| 19020001 | memory error. | 7175| 19020002 | runtime error. | 7176| 19030001 | crypto operation error. | 7177 7178**示例:** 7179 7180```ts 7181import { cert } from '@kit.DeviceCertificateKit'; 7182import { BusinessError } from '@kit.BasicServicesKit'; 7183 7184// string转Uint8Array。 7185function stringToUint8Array(str: string): Uint8Array { 7186 let arr: Array<number> = []; 7187 for (let i = 0, j = str.length; i < j; i++) { 7188 arr.push(str.charCodeAt(i)); 7189 } 7190 return new Uint8Array(arr); 7191} 7192 7193let crlData = '-----BEGIN X509 CRL-----\n' + 7194 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 7195 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 7196 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + 7197 '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 7198 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + 7199 '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 7200 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + 7201 '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 7202 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 7203 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + 7204 '+X48g7VE2o2X4cfy\n' + 7205 '-----END X509 CRL-----\n'; 7206 7207// 证书吊销列表二进制数据,需业务自行赋值。 7208let crlEncodingBlob: cert.EncodingBlob = { 7209 data: stringToUint8Array(crlData), 7210 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7211 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7212}; 7213 7214async function crlHashCode() { 7215 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 7216 try { 7217 x509Crl = await cert.createX509CRL(crlEncodingBlob); 7218 console.log('createX509CRL success'); 7219 let object = x509Crl.getExtensionsObject(); 7220 } catch (err) { 7221 let e: BusinessError = err as BusinessError; 7222 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7223 } 7224} 7225``` 7226 7227## cert.createCertChainValidator 7228 7229createCertChainValidator(algorithm :string) : CertChainValidator 7230 7231表示创建证书链校验器对象。 7232 7233**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7234 7235**系统能力:** SystemCapability.Security.Cert 7236 7237**参数**: 7238 7239| 参数名 | 类型 | 必填 | 说明 | 7240| --------- | ------ | ---- | ------------------------------------------ | 7241| algorithm | string | 是 | 表示证书链校验器算法。当前仅支持输入“PKIX”。 | 7242 7243**返回值**: 7244 7245| 类型 | 说明 | 7246| ------------------ | -------------------- | 7247| [CertChainValidator](#certchainvalidator) | 表示证书链校验器对象。 | 7248 7249**错误码:** 7250 7251以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7252 7253| 错误码ID | 错误信息 | 7254| -------- | ----------------------- | 7255| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7256| 801 | this operation is not supported. | 7257| 19020001 | memory error. | 7258| 19020002 | runtime error. | 7259| 19030001 | crypto operation error. | 7260 7261**示例:** 7262 7263```ts 7264import { cert } from '@kit.DeviceCertificateKit'; 7265import { BusinessError } from '@kit.BasicServicesKit'; 7266 7267try { 7268 let validator = cert.createCertChainValidator('PKIX'); 7269} catch (error) { 7270 let e: BusinessError = error as BusinessError; 7271 console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7272} 7273``` 7274 7275## CertChainValidator 7276 7277证书链校验器对象。 7278 7279 7280### 属性 7281 7282**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7283 7284**系统能力:** SystemCapability.Security.Cert 7285 7286| 名称 | 类型 | 可读 | 可写 | 说明 | 7287| ------- | ------ | ---- | ---- | -------------------------- | 7288| algorithm | string | 是 | 否 | X509证书链校验器算法名称。 | 7289 7290 7291### validate 7292 7293validate(certChain : CertChainData, callback : AsyncCallback\<void>) : void 7294 7295表示校验X509证书链,使用Callback回调异步返回结果。 7296由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7297 7298**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7299 7300**系统能力:** SystemCapability.Security.Cert 7301 7302**参数**: 7303 7304| 参数名 | 类型 | 必填 | 说明 | 7305| --------- | ------------------------------- | ---- | ------------------------------------------------------------ | 7306| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据。 | 7307| callback | AsyncCallback\<void> | 是 | 回调函数,使用AsyncCallback的第一个error参数判断是否校验成功,error为null表示成功,error不为null表示失败。 | 7308 7309**错误码:** 7310 7311以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7312 7313| 错误码ID | 错误信息 | 7314| -------- | ------------------------------------------------- | 7315| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7316| 19020001 | memory error. | 7317| 19020002 | runtime error. | 7318| 19030001 | crypto operation error. | 7319| 19030002 | the certificate signature verification failed. | 7320| 19030003 | the certificate has not taken effect. | 7321| 19030004 | the certificate has expired. | 7322| 19030005 | failed to obtain the certificate issuer. | 7323| 19030006 | the key cannot be used for signing a certificate. | 7324| 19030007 | the key cannot be used for digital signature. | 7325 7326**示例:** 7327 7328```ts 7329import { cert } from '@kit.DeviceCertificateKit'; 7330import { BusinessError } from '@kit.BasicServicesKit'; 7331 7332// string转Uint8Array。 7333function stringToUint8Array(str: string): Uint8Array { 7334 let arr: Array<number> = []; 7335 for (let i = 0, j = str.length; i < j; i++) { 7336 arr.push(str.charCodeAt(i)); 7337 } 7338 return new Uint8Array(arr); 7339} 7340 7341// 证书链二进制数据。 7342let certPem = '-----BEGIN CERTIFICATE-----\n' + 7343 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7344 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7345 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7346 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7347 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7348 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7349 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7350 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7351 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7352 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7353 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7354 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7355 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7356 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7357 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7358 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7359 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7360 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7361 '-----END CERTIFICATE-----'; 7362 7363let caPem = '-----BEGIN CERTIFICATE-----\n' + 7364'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7365'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7366'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7367'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7368'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7369'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7370'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7371'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7372'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7373'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7374'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7375'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7376'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7377'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7378'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7379'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7380'sSus\n' + 7381'-----END CERTIFICATE-----'; 7382 7383let certPemData = stringToUint8Array(certPem); 7384let caPemData = stringToUint8Array(caPem); 7385 7386let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7387let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7388 7389let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7390certChainBuff.set(certPemDataLenData) 7391certChainBuff.set(certPemData, certPemDataLenData.length) 7392certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7393certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7394 7395let certChainData: cert.CertChainData = { 7396 data: certChainBuff, 7397 // 证书链包含的证书个数,需业务自行赋值。 7398 count: 2, 7399 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7400 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7401}; 7402 7403try { 7404 let validator = cert.createCertChainValidator('PKIX'); 7405 validator.validate(certChainData, (error, data) => { 7406 if (error) { 7407 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7408 } else { 7409 console.log('validate success'); 7410 } 7411 }); 7412} catch (error) { 7413 let e: BusinessError = error as BusinessError; 7414 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7415} 7416``` 7417 7418### validate 7419 7420validate(certChain : CertChainData) : Promise\<void> 7421 7422表示校验X509证书链,使用Promise方式异步返回结果。 7423由于端侧系统时间不可信,证书链校验不包含对证书有效时间的校验。如果需要检查证书的时间有效性,可使用X509证书的[checkValidityWithDate](#checkvaliditywithdate)方法进行检查。详见[证书规格](../../security/DeviceCertificateKit/certificate-framework-overview.md#证书规格)。 7424 7425**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7426 7427**系统能力:** SystemCapability.Security.Cert 7428 7429**参数**: 7430 7431| 参数名 | 类型 | 必填 | 说明 | 7432| --------- | ------------------------------- | ---- | -------------------------- | 7433| certChain | [CertChainData](#certchaindata) | 是 | 表示X509证书链序列化数据。 | 7434 7435**返回值**: 7436 7437| 类型 | 说明 | 7438| -------------- | ----------- | 7439| Promise\<void> | Promise对象。 | 7440 7441**错误码:** 7442 7443以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7444 7445| 错误码ID | 错误信息 | 7446| -------- | ------------------------------------------------- | 7447| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 7448| 19020001 | memory error. | 7449| 19020002 | runtime error. | 7450| 19030001 | crypto operation error. | 7451| 19030002 | the certificate signature verification failed. | 7452| 19030003 | the certificate has not taken effect. | 7453| 19030004 | the certificate has expired. | 7454| 19030005 | failed to obtain the certificate issuer. | 7455| 19030006 | the key cannot be used for signing a certificate. | 7456| 19030007 | the key cannot be used for digital signature. | 7457 7458**示例:** 7459 7460```ts 7461import { cert } from '@kit.DeviceCertificateKit'; 7462import { BusinessError } from '@kit.BasicServicesKit'; 7463 7464// string转Uint8Array。 7465function stringToUint8Array(str: string): Uint8Array { 7466 let arr: Array<number> = []; 7467 for (let i = 0, j = str.length; i < j; i++) { 7468 arr.push(str.charCodeAt(i)); 7469 } 7470 return new Uint8Array(arr); 7471} 7472 7473// 证书链数据。 7474let certPem = '-----BEGIN CERTIFICATE-----\n' + 7475 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7476 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 7477 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 7478 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 7479 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 7480 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 7481 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 7482 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 7483 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 7484 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 7485 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 7486 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 7487 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 7488 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 7489 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 7490 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 7491 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 7492 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 7493 '-----END CERTIFICATE-----'; 7494 7495let caPem = '-----BEGIN CERTIFICATE-----\n' + 7496'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 7497'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 7498'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 7499'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 7500'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 7501'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 7502'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 7503'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 7504'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 7505'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 7506'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 7507'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 7508'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 7509'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 7510'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 7511'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 7512'sSus\n' + 7513'-----END CERTIFICATE-----'; 7514 7515let certPemData = stringToUint8Array(certPem); 7516let caPemData = stringToUint8Array(caPem); 7517 7518let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) 7519let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) 7520 7521let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) 7522certChainBuff.set(certPemDataLenData) 7523certChainBuff.set(certPemData, certPemDataLenData.length) 7524certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) 7525certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) 7526 7527let certChainData: cert.CertChainData = { 7528 data: certChainBuff, 7529 // 证书链包含的证书个数,需业务自行赋值。 7530 count: 2, 7531 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7532 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7533}; 7534 7535try { 7536 let validator = cert.createCertChainValidator('PKIX'); 7537 validator.validate(certChainData).then(result => { 7538 console.log('validate success'); 7539 }).catch((error: BusinessError) => { 7540 console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7541 }); 7542} catch (error) { 7543 let e: BusinessError = error as BusinessError; 7544 console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7545} 7546``` 7547 7548## X509CrlEntry<sup>(deprecated)</sup> 7549 7550被吊销证书对象。 7551 7552> **说明:** 7553> 7554> 从API version 11开始废弃,建议使用[X509CrlEntry](#x509crlentry11)替代。 7555 7556### getEncoded<sup>(deprecated)</sup> 7557 7558getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7559 7560表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 7561 7562> **说明:** 7563> 7564> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-2)替代。 7565 7566**系统能力:** SystemCapability.Security.Cert 7567 7568**参数**: 7569 7570| 参数名 | 类型 | 必填 | 说明 | 7571| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7572| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示被吊销证书的序列化数据。 | 7573 7574**错误码:** 7575 7576以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7577 7578| 错误码ID | 错误信息 | 7579| -------- | ----------------------- | 7580| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7581| 19020001 | memory error. | 7582| 19020002 | runtime error. | 7583| 19030001 | crypto operation error. | 7584 7585**示例:** 7586 7587```ts 7588import { cert } from '@kit.DeviceCertificateKit'; 7589import { BusinessError } from '@kit.BasicServicesKit'; 7590 7591// string转Uint8Array。 7592function stringToUint8Array(str: string): Uint8Array { 7593 let arr: Array<number> = []; 7594 for (let i = 0, j = str.length; i < j; i++) { 7595 arr.push(str.charCodeAt(i)); 7596 } 7597 return new Uint8Array(arr); 7598} 7599 7600let crlData = '-----BEGIN X509 CRL-----\n' + 7601 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7602 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7603 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7604 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7605 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7606 'eavsH0Q3\n' + 7607 '-----END X509 CRL-----\n' 7608 7609let encodingBlob: cert.EncodingBlob = { 7610 data: stringToUint8Array(crlData), 7611 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7612 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7613}; 7614 7615cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7616 if (err) { 7617 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7618 } else { 7619 console.log('create x509 crl success'); 7620 7621 try { 7622 let serialNumber = 1000; 7623 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7624 crlEntry.getEncoded((error, data) => { 7625 if (error) { 7626 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7627 } else { 7628 console.log('getEncoded success'); 7629 } 7630 }); 7631 } catch (error) { 7632 let e: BusinessError = error as BusinessError; 7633 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7634 } 7635 } 7636}) 7637``` 7638 7639### getEncoded<sup>(deprecated)</sup> 7640 7641getEncoded() : Promise\<EncodingBlob> 7642 7643表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 7644 7645> **说明:** 7646> 7647> 从API version 11开始废弃,建议使用[X509CRLEntry.getEncoded](#getencoded11-3)替代。 7648 7649**系统能力:** SystemCapability.Security.Cert 7650 7651**返回值**: 7652 7653| 类型 | 说明 | 7654| --------------------------------------- | -------------------------- | 7655| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据。 | 7656 7657**错误码:** 7658 7659以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7660 7661| 错误码ID | 错误信息 | 7662| -------- | ----------------------- | 7663| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7664| 19020001 | memory error. | 7665| 19020002 | runtime error. | 7666| 19030001 | crypto operation error. | 7667 7668**示例:** 7669 7670```ts 7671import { cert } from '@kit.DeviceCertificateKit'; 7672import { BusinessError } from '@kit.BasicServicesKit'; 7673 7674// string转Uint8Array。 7675function stringToUint8Array(str: string): Uint8Array { 7676 let arr: Array<number> = []; 7677 for (let i = 0, j = str.length; i < j; i++) { 7678 arr.push(str.charCodeAt(i)); 7679 } 7680 return new Uint8Array(arr); 7681} 7682 7683let crlData = '-----BEGIN X509 CRL-----\n' + 7684 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7685 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7686 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7687 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7688 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7689 'eavsH0Q3\n' + 7690 '-----END X509 CRL-----\n' 7691 7692let encodingBlob: cert.EncodingBlob = { 7693 data: stringToUint8Array(crlData), 7694 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7695 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7696}; 7697 7698cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7699 if (err) { 7700 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7701 } else { 7702 console.log('create x509 crl success'); 7703 7704 try { 7705 let serialNumber = 1000; 7706 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7707 crlEntry.getEncoded().then(result => { 7708 console.log('getEncoded success'); 7709 }).catch((error: BusinessError) => { 7710 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 7711 }); 7712 } catch (error) { 7713 let e: BusinessError = error as BusinessError; 7714 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7715 } 7716 } 7717}) 7718``` 7719 7720### getSerialNumber<sup>(deprecated)</sup> 7721 7722getSerialNumber() : number 7723 7724表示获取被吊销证书的序列号。 7725 7726> **说明:** 7727> 7728> 从API version 11开始废弃,建议使用[X509CRLEntry.getSerialNumber](#getserialnumber11)替代。 7729 7730**系统能力:** SystemCapability.Security.Cert 7731 7732**返回值**: 7733 7734| 类型 | 说明 | 7735| ------ | ---------------------- | 7736| number | 表示被吊销证书的序列号。 | 7737 7738**示例:** 7739 7740```ts 7741import { cert } from '@kit.DeviceCertificateKit'; 7742import { BusinessError } from '@kit.BasicServicesKit'; 7743 7744// string转Uint8Array。 7745function stringToUint8Array(str: string): Uint8Array { 7746 let arr: Array<number> = []; 7747 for (let i = 0, j = str.length; i < j; i++) { 7748 arr.push(str.charCodeAt(i)); 7749 } 7750 return new Uint8Array(arr); 7751} 7752 7753let crlData = '-----BEGIN X509 CRL-----\n' + 7754 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7755 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7756 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7757 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7758 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7759 'eavsH0Q3\n' + 7760 '-----END X509 CRL-----\n' 7761 7762let encodingBlob: cert.EncodingBlob = { 7763 data: stringToUint8Array(crlData), 7764 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7765 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7766}; 7767 7768cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7769 if (err) { 7770 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7771 } else { 7772 console.log('create x509 crl success'); 7773 7774 try { 7775 let serialNumber = 1000; 7776 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7777 serialNumber = crlEntry.getSerialNumber(); 7778 } catch (error) { 7779 let e: BusinessError = error as BusinessError; 7780 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7781 } 7782 } 7783}) 7784``` 7785 7786### getCertIssuer<sup>(deprecated)</sup> 7787 7788getCertIssuer() : DataBlob 7789 7790表示获取被吊销证书的颁发者信息。 7791 7792> **说明:** 7793> 7794> 从API version 11开始废弃,建议使用[X509CRLEntry.getCertIssuer](#getcertissuer11)替代。 7795 7796**系统能力:** SystemCapability.Security.Cert 7797 7798**返回值**: 7799 7800| 类型 | 说明 | 7801| --------------------- | ----------------------- | 7802| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息。 | 7803 7804**错误码:** 7805 7806以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7807 7808| 错误码ID | 错误信息 | 7809| -------- | -------------- | 7810| 801 | this operation is not supported. | 7811| 19020001 | memory error. | 7812| 19020002 | runtime error. | 7813 7814**示例:** 7815 7816```ts 7817import { cert } from '@kit.DeviceCertificateKit'; 7818import { BusinessError } from '@kit.BasicServicesKit'; 7819 7820// string转Uint8Array。 7821function stringToUint8Array(str: string): Uint8Array { 7822 let arr: Array<number> = []; 7823 for (let i = 0, j = str.length; i < j; i++) { 7824 arr.push(str.charCodeAt(i)); 7825 } 7826 return new Uint8Array(arr); 7827} 7828 7829let crlData = '-----BEGIN X509 CRL-----\n' + 7830 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7831 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7832 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7833 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7834 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7835 'eavsH0Q3\n' + 7836 '-----END X509 CRL-----\n' 7837 7838let encodingBlob: cert.EncodingBlob = { 7839 data: stringToUint8Array(crlData), 7840 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7841 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7842}; 7843 7844cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7845 if (err) { 7846 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7847 } else { 7848 console.log('create x509 crl success'); 7849 7850 try { 7851 let serialNumber = 1000; 7852 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7853 let issuer = crlEntry.getCertIssuer(); 7854 } catch (error) { 7855 let e: BusinessError = error as BusinessError; 7856 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7857 } 7858 } 7859}) 7860``` 7861 7862### getRevocationDate<sup>(deprecated)</sup> 7863 7864getRevocationDate() : string 7865 7866表示获取证书被吊销的日期,日期为ASN.1时间格式。 7867 7868> **说明:** 7869> 7870> 从API version 11开始废弃,建议使用[X509CRLEntry.getRevocationDate](#getrevocationdate11)替代。 7871 7872**系统能力:** SystemCapability.Security.Cert 7873 7874**返回值**: 7875 7876| 类型 | 说明 | 7877| ------ | ------------------ | 7878| string | 表示证书被吊销的日期,日期为ASN.1时间格式。 | 7879 7880**错误码:** 7881 7882以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7883 7884| 错误码ID | 错误信息 | 7885| -------- | ----------------------- | 7886| 19020001 | memory error. | 7887| 19020002 | runtime error. | 7888| 19030001 | crypto operation error. | 7889 7890**示例:** 7891 7892```ts 7893import { cert } from '@kit.DeviceCertificateKit'; 7894import { BusinessError } from '@kit.BasicServicesKit'; 7895 7896// string转Uint8Array。 7897function stringToUint8Array(str: string): Uint8Array { 7898 let arr: Array<number> = []; 7899 for (let i = 0, j = str.length; i < j; i++) { 7900 arr.push(str.charCodeAt(i)); 7901 } 7902 return new Uint8Array(arr); 7903} 7904 7905let crlData = '-----BEGIN X509 CRL-----\n' + 7906 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7907 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7908 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7909 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7910 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7911 'eavsH0Q3\n' + 7912 '-----END X509 CRL-----\n' 7913 7914let encodingBlob: cert.EncodingBlob = { 7915 data: stringToUint8Array(crlData), 7916 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7917 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7918}; 7919 7920cert.createX509Crl(encodingBlob, (err, x509Crl) => { 7921 if (err) { 7922 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 7923 } else { 7924 console.log('create x509 crl success'); 7925 7926 try { 7927 let serialNumber = 1000; 7928 let crlEntry = x509Crl.getRevokedCert(serialNumber); 7929 let date = crlEntry.getRevocationDate(); 7930 } catch (error) { 7931 let e: BusinessError = error as BusinessError; 7932 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 7933 } 7934 } 7935}) 7936``` 7937 7938## X509CRLEntry<sup>11+</sup> 7939 7940被吊销证书对象。 7941 7942### getEncoded<sup>11+</sup> 7943 7944getEncoded(callback : AsyncCallback\<EncodingBlob>) : void 7945 7946表示获取被吊销证书的序列化数据,使用Callback回调异步返回结果。 7947 7948**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 7949 7950**系统能力:** SystemCapability.Security.Cert 7951 7952**参数**: 7953 7954| 参数名 | 类型 | 必填 | 说明 | 7955| -------- | --------------------------------------------- | ---- | ------------------------------------ | 7956| callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | 是 | 回调函数,表示被吊销证书的序列化数据。 | 7957 7958**错误码:** 7959 7960以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 7961 7962| 错误码ID | 错误信息 | 7963| -------- | ----------------------- | 7964| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 7965| 19020001 | memory error. | 7966| 19020002 | runtime error. | 7967| 19030001 | crypto operation error. | 7968 7969**示例:** 7970 7971```ts 7972import { cert } from '@kit.DeviceCertificateKit'; 7973import { BusinessError } from '@kit.BasicServicesKit'; 7974 7975// string转Uint8Array。 7976function stringToUint8Array(str: string): Uint8Array { 7977 let arr: Array<number> = []; 7978 for (let i = 0, j = str.length; i < j; i++) { 7979 arr.push(str.charCodeAt(i)); 7980 } 7981 return new Uint8Array(arr); 7982} 7983 7984let crlData = '-----BEGIN X509 CRL-----\n' + 7985 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 7986 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 7987 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 7988 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 7989 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 7990 'eavsH0Q3\n' + 7991 '-----END X509 CRL-----\n' 7992 7993let encodingBlob: cert.EncodingBlob = { 7994 data: stringToUint8Array(crlData), 7995 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 7996 encodingFormat: cert.EncodingFormat.FORMAT_PEM 7997}; 7998 7999cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8000 if (err) { 8001 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8002 } else { 8003 console.log('create x509 CRL success'); 8004 8005 try { 8006 let serialNumber = BigInt(1000); 8007 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8008 crlEntry.getEncoded((error, data) => { 8009 if (error) { 8010 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8011 } else { 8012 console.log('getEncoded success'); 8013 } 8014 }); 8015 } catch (error) { 8016 let e: BusinessError = error as BusinessError; 8017 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8018 } 8019 } 8020}) 8021``` 8022 8023### getEncoded<sup>11+</sup> 8024 8025getEncoded() : Promise\<EncodingBlob> 8026 8027表示获取被吊销证书的序列化数据,使用Promise方式异步返回结果。 8028 8029**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8030 8031**系统能力:** SystemCapability.Security.Cert 8032 8033**返回值**: 8034 8035| 类型 | 说明 | 8036| --------------------------------------- | -------------------------- | 8037| Promise\<[EncodingBlob](#encodingblob)> | 表示被吊销证书的序列化数据。 | 8038 8039**错误码:** 8040 8041以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8042 8043| 错误码ID | 错误信息 | 8044| -------- | ----------------------- | 8045| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types.| 8046| 19020001 | memory error. | 8047| 19020002 | runtime error. | 8048| 19030001 | crypto operation error. | 8049 8050**示例:** 8051 8052```ts 8053import { cert } from '@kit.DeviceCertificateKit'; 8054import { BusinessError } from '@kit.BasicServicesKit'; 8055 8056// string转Uint8Array。 8057function stringToUint8Array(str: string): Uint8Array { 8058 let arr: Array<number> = []; 8059 for (let i = 0, j = str.length; i < j; i++) { 8060 arr.push(str.charCodeAt(i)); 8061 } 8062 return new Uint8Array(arr); 8063} 8064 8065let crlData = '-----BEGIN X509 CRL-----\n' + 8066 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8067 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8068 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8069 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8070 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8071 'eavsH0Q3\n' + 8072 '-----END X509 CRL-----\n' 8073 8074let encodingBlob: cert.EncodingBlob = { 8075 data: stringToUint8Array(crlData), 8076 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8077 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8078}; 8079 8080cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8081 if (err) { 8082 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8083 } else { 8084 console.log('create x509 CRL success'); 8085 8086 try { 8087 let serialNumber = BigInt(1000); 8088 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8089 crlEntry.getEncoded().then(result => { 8090 console.log('getEncoded success'); 8091 }).catch((error: BusinessError) => { 8092 console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); 8093 }); 8094 } catch (error) { 8095 let e: BusinessError = error as BusinessError; 8096 console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8097 } 8098 } 8099}) 8100``` 8101 8102### getSerialNumber<sup>11+</sup> 8103 8104getSerialNumber() : bigint 8105 8106表示获取被吊销证书的序列号。 8107 8108**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8109 8110**系统能力:** SystemCapability.Security.Cert 8111 8112**返回值**: 8113 8114| 类型 | 说明 | 8115| ------ | ---------------------- | 8116| bigint | 表示被吊销证书的序列号。 | 8117 8118**错误码:** 8119 8120以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8121 8122| 错误码ID | 错误信息 | 8123| -------- | ----------------------- | 8124| 19020001 | memory error. | 8125| 19020002 | runtime error. | 8126| 19030001 | crypto operation error. | 8127 8128**示例:** 8129 8130```ts 8131import { cert } from '@kit.DeviceCertificateKit'; 8132import { BusinessError } from '@kit.BasicServicesKit'; 8133 8134// string转Uint8Array。 8135function stringToUint8Array(str: string): Uint8Array { 8136 let arr: Array<number> = []; 8137 for (let i = 0, j = str.length; i < j; i++) { 8138 arr.push(str.charCodeAt(i)); 8139 } 8140 return new Uint8Array(arr); 8141} 8142 8143let crlData = '-----BEGIN X509 CRL-----\n' + 8144 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8145 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8146 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8147 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8148 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8149 'eavsH0Q3\n' + 8150 '-----END X509 CRL-----\n' 8151 8152let encodingBlob: cert.EncodingBlob = { 8153 data: stringToUint8Array(crlData), 8154 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8155 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8156}; 8157 8158cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8159 if (err) { 8160 console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8161 } else { 8162 console.log('create x509 crl success'); 8163 8164 try { 8165 let serialNumber = BigInt(1000); 8166 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8167 serialNumber = crlEntry.getSerialNumber(); 8168 } catch (error) { 8169 let e: BusinessError = error as BusinessError; 8170 console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8171 } 8172 } 8173}) 8174``` 8175 8176### getCertIssuer<sup>11+</sup> 8177 8178getCertIssuer() : DataBlob 8179 8180表示获取被吊销证书的颁发者信息。 8181 8182> **说明:** 8183> 8184> 获取到的被吊销证书的颁发者信息数据带字符串结束符。 8185 8186**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8187 8188**系统能力:** SystemCapability.Security.Cert 8189 8190**返回值**: 8191 8192| 类型 | 说明 | 8193| --------------------- | -------------------------- | 8194| [DataBlob](#datablob) | 表示被吊销证书的颁发者信息。 | 8195 8196**错误码:** 8197 8198以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8199 8200| 错误码ID | 错误信息 | 8201| -------- | ----------------------- | 8202| 801 | this operation is not supported. | 8203| 19020001 | memory error. | 8204| 19020002 | runtime error. | 8205| 19030001 | crypto operation error. | 8206 8207**示例:** 8208 8209```ts 8210import { cert } from '@kit.DeviceCertificateKit'; 8211import { BusinessError } from '@kit.BasicServicesKit'; 8212 8213// string转Uint8Array。 8214function stringToUint8Array(str: string): Uint8Array { 8215 let arr: Array<number> = []; 8216 for (let i = 0, j = str.length; i < j; i++) { 8217 arr.push(str.charCodeAt(i)); 8218 } 8219 return new Uint8Array(arr); 8220} 8221 8222let crlData = '-----BEGIN X509 CRL-----\n' + 8223 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8224 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8225 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8226 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8227 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8228 'eavsH0Q3\n' + 8229 '-----END X509 CRL-----\n' 8230 8231let encodingBlob: cert.EncodingBlob = { 8232 data: stringToUint8Array(crlData), 8233 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8234 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8235}; 8236 8237cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8238 if (err) { 8239 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8240 } else { 8241 console.log('create x509 CRL success'); 8242 8243 try { 8244 let serialNumber = BigInt(1000); 8245 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8246 let issuer = crlEntry.getCertIssuer(); 8247 } catch (error) { 8248 let e: BusinessError = error as BusinessError; 8249 console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8250 } 8251 } 8252}) 8253``` 8254 8255### getRevocationDate<sup>11+</sup> 8256 8257getRevocationDate() : string 8258 8259表示获取证书被吊销的日期,日期为ASN.1时间格式。 8260 8261**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8262 8263**系统能力:** SystemCapability.Security.Cert 8264 8265**返回值**: 8266 8267| 类型 | 说明 | 8268| ------ | -------------------- | 8269| string | 表示证书被吊销的日期,日期为ASN.1时间格式。 | 8270 8271**错误码:** 8272 8273以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8274 8275| 错误码ID | 错误信息 | 8276| -------- | ----------------------- | 8277| 19020001 | memory error. | 8278| 19020002 | runtime error. | 8279| 19030001 | crypto operation error. | 8280 8281**示例:** 8282 8283```ts 8284import { cert } from '@kit.DeviceCertificateKit'; 8285import { BusinessError } from '@kit.BasicServicesKit'; 8286 8287// string转Uint8Array。 8288function stringToUint8Array(str: string): Uint8Array { 8289 let arr: Array<number> = []; 8290 for (let i = 0, j = str.length; i < j; i++) { 8291 arr.push(str.charCodeAt(i)); 8292 } 8293 return new Uint8Array(arr); 8294} 8295 8296let crlData = '-----BEGIN X509 CRL-----\n' + 8297 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8298 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8299 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8300 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8301 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8302 'eavsH0Q3\n' + 8303 '-----END X509 CRL-----\n' 8304 8305let encodingBlob: cert.EncodingBlob = { 8306 data: stringToUint8Array(crlData), 8307 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8308 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8309}; 8310 8311cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8312 if (err) { 8313 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8314 } else { 8315 console.log('create x509 CRL success'); 8316 8317 try { 8318 let serialNumber = BigInt(1000); 8319 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8320 let date = crlEntry.getRevocationDate(); 8321 } catch (error) { 8322 let e: BusinessError = error as BusinessError; 8323 console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8324 } 8325 } 8326}) 8327``` 8328 8329### getExtensions<sup>11+</sup> 8330 8331getExtensions(): DataBlob 8332 8333表示获取CRL的扩展。 8334 8335**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8336 8337**系统能力:** SystemCapability.Security.Cert 8338 8339**返回值**: 8340 8341| 类型 | 说明 | 8342| --------------------- | ------------------------ | 8343| [DataBlob](#datablob) | 表示X509CRLEntry扩展用途。 | 8344 8345**错误码:** 8346 8347以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8348 8349| 错误码ID | 错误信息 | 8350| -------- | ----------------------- | 8351| 19020001 | memory error. | 8352| 19020002 | runtime error. | 8353| 19030001 | crypto operation error. | 8354 8355**示例:** 8356 8357```ts 8358import { cert } from '@kit.DeviceCertificateKit'; 8359import { BusinessError } from '@kit.BasicServicesKit'; 8360 8361// string转Uint8Array。 8362function stringToUint8Array(str: string): Uint8Array { 8363 let arr: Array<number> = []; 8364 for (let i = 0, j = str.length; i < j; i++) { 8365 arr.push(str.charCodeAt(i)); 8366 } 8367 return new Uint8Array(arr); 8368} 8369 8370let crlData = '-----BEGIN X509 CRL-----\n' + 8371 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 8372 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 8373 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 8374 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 8375 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 8376 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 8377 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 8378 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + 8379 '+i2osvdPWRia0dJCL1PCA14k\n' + 8380 '-----END X509 CRL-----\n'; 8381 8382let encodingBlob: cert.EncodingBlob = { 8383 data: stringToUint8Array(crlData), 8384 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8385 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8386}; 8387 8388cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8389 if (err) { 8390 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8391 } else { 8392 console.log('create x509 CRL success'); 8393 8394 try { 8395 let serialNumber = BigInt(4); 8396 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8397 let extensions = crlEntry.getExtensions(); 8398 } catch (error) { 8399 let e: BusinessError = error as BusinessError; 8400 console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8401 } 8402 } 8403}) 8404``` 8405 8406### hasExtensions<sup>11+</sup> 8407 8408hasExtensions(): boolean 8409 8410表示判断CRL Entry是否有扩展。 8411 8412**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8413 8414**系统能力:** SystemCapability.Security.Cert 8415 8416**返回值**: 8417 8418| 类型 | 说明 | 8419| ------- | ---------------------------------------------------- | 8420| boolean | 返回true则表示CRL Entry有扩展,返回false则表示无扩展。 | 8421 8422**错误码:** 8423 8424以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8425 8426| 错误码ID | 错误信息 | 8427| -------- | ----------------------- | 8428| 19020001 | memory error. | 8429| 19020002 | runtime error. | 8430| 19030001 | crypto operation error. | 8431 8432**示例:** 8433 8434```ts 8435import { cert } from '@kit.DeviceCertificateKit'; 8436import { BusinessError } from '@kit.BasicServicesKit'; 8437 8438// string转Uint8Array。 8439function stringToUint8Array(str: string): Uint8Array { 8440 let arr: Array<number> = []; 8441 for (let i = 0, j = str.length; i < j; i++) { 8442 arr.push(str.charCodeAt(i)); 8443 } 8444 return new Uint8Array(arr); 8445} 8446 8447let crlData = '-----BEGIN X509 CRL-----\n' + 8448 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8449 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8450 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8451 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8452 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8453 'eavsH0Q3\n' + 8454 '-----END X509 CRL-----\n' 8455 8456let encodingBlob: cert.EncodingBlob = { 8457 data: stringToUint8Array(crlData), 8458 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8459 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8460}; 8461 8462cert.createX509CRL(encodingBlob, (err, x509CRL) => { 8463 if (err) { 8464 console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); 8465 } else { 8466 console.log('create x509 CRL success'); 8467 8468 try { 8469 let serialNumber = BigInt(1000); 8470 let crlEntry = x509CRL.getRevokedCert(serialNumber); 8471 let hasExtensions = crlEntry.hasExtensions(); 8472 } catch (error) { 8473 let e: BusinessError = error as BusinessError; 8474 console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8475 } 8476 } 8477}) 8478``` 8479 8480### getCertIssuerX500DistinguishedName<sup>12+</sup> 8481 8482getCertIssuerX500DistinguishedName(): X500DistinguishedName 8483 8484获取证书颁发者的X509可分辨名称。 8485 8486**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8487 8488**系统能力:** SystemCapability.Security.Cert 8489 8490**返回值**: 8491 8492| 类型 | 说明 | 8493| ------- | ---------------------------------------------------- | 8494| [X500DistinguishedName](#x500distinguishedname12) | X509的可分辨对象。| 8495 8496**错误码:** 8497 8498以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8499 8500| 错误码ID | 错误信息 | 8501| -------- | ----------------------- | 8502| 19020001 | memory error. | 8503| 19020002 | runtime error. | 8504| 19030001 | crypto operation error. | 8505 8506**示例:** 8507 8508```ts 8509import { cert } from '@kit.DeviceCertificateKit'; 8510import { BusinessError } from '@kit.BasicServicesKit'; 8511 8512// string转Uint8Array。 8513function stringToUint8Array(str: string): Uint8Array { 8514 let arr: Array<number> = []; 8515 for (let i = 0, j = str.length; i < j; i++) { 8516 arr.push(str.charCodeAt(i)); 8517 } 8518 return new Uint8Array(arr); 8519} 8520 8521let crlData = '-----BEGIN X509 CRL-----\n' + 8522 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8523 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8524 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8525 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8526 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8527 'eavsH0Q3\n' + 8528 '-----END X509 CRL-----\n' 8529 8530let encodingBlob: cert.EncodingBlob = { 8531 data: stringToUint8Array(crlData), 8532 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8533 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8534}; 8535 8536async function certGetCertIssuerX500DistinguishedName() { 8537 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8538 try { 8539 x509Crl = await cert.createX509CRL(encodingBlob); 8540 console.log('createX509CRL success'); 8541 let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); 8542 } catch (error) { 8543 let e: BusinessError = error as BusinessError; 8544 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8545 } 8546} 8547``` 8548 8549### toString<sup>12+</sup> 8550 8551toString(): string 8552 8553获取对象的字符串类型数据。 8554 8555**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8556 8557**系统能力:** SystemCapability.Security.Cert 8558 8559**返回值**: 8560 8561| 类型 | 说明 | 8562| ------- | ---------------------------------------------------- | 8563| string | 对象的字符串类型数据。| 8564 8565**错误码:** 8566 8567以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8568 8569| 错误码ID | 错误信息 | 8570| -------- | ----------------------- | 8571| 19020001 | memory error. | 8572| 19020002 | runtime error. | 8573| 19030001 | crypto operation error. | 8574 8575**示例:** 8576 8577```ts 8578import { cert } from '@kit.DeviceCertificateKit'; 8579import { BusinessError } from '@kit.BasicServicesKit'; 8580 8581// string转Uint8Array。 8582function stringToUint8Array(str: string): Uint8Array { 8583 let arr: Array<number> = []; 8584 for (let i = 0, j = str.length; i < j; i++) { 8585 arr.push(str.charCodeAt(i)); 8586 } 8587 return new Uint8Array(arr); 8588} 8589 8590let crlData = '-----BEGIN X509 CRL-----\n' + 8591 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8592 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8593 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8594 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8595 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8596 'eavsH0Q3\n' + 8597 '-----END X509 CRL-----\n' 8598 8599let encodingBlob: cert.EncodingBlob = { 8600 data: stringToUint8Array(crlData), 8601 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8602 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8603}; 8604 8605async function certToString() { 8606 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8607 try { 8608 x509Crl = await cert.createX509CRL(encodingBlob); 8609 console.log('createX509CRL success'); 8610 console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); 8611 } catch (error) { 8612 let e: BusinessError = error as BusinessError; 8613 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8614 } 8615} 8616``` 8617 8618### hashCode<sup>12+</sup> 8619 8620hashCode(): Uint8Array 8621 8622获取DER格式数据的哈希值。 8623 8624**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8625 8626**系统能力:** SystemCapability.Security.Cert 8627 8628**返回值**: 8629 8630| 类型 | 说明 | 8631| ------- | ---------------------------------------------------- | 8632| Uint8Array | DER格式数据的哈希值。| 8633 8634**错误码:** 8635 8636以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8637 8638| 错误码ID | 错误信息 | 8639| -------- | ----------------------- | 8640| 19020001 | memory error. | 8641| 19020002 | runtime error. | 8642| 19030001 | crypto operation error. | 8643 8644**示例:** 8645 8646```ts 8647import { cert } from '@kit.DeviceCertificateKit'; 8648import { BusinessError } from '@kit.BasicServicesKit'; 8649 8650// string转Uint8Array。 8651function stringToUint8Array(str: string): Uint8Array { 8652 let arr: Array<number> = []; 8653 for (let i = 0, j = str.length; i < j; i++) { 8654 arr.push(str.charCodeAt(i)); 8655 } 8656 return new Uint8Array(arr); 8657} 8658 8659let crlData = '-----BEGIN X509 CRL-----\n' + 8660 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8661 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8662 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8663 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8664 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8665 'eavsH0Q3\n' + 8666 '-----END X509 CRL-----\n' 8667 8668let encodingBlob: cert.EncodingBlob = { 8669 data: stringToUint8Array(crlData), 8670 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8671 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8672}; 8673 8674async function certHashCode() { 8675 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8676 try { 8677 x509Crl = await cert.createX509CRL(encodingBlob); 8678 console.log('createX509CRL success'); 8679 console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); 8680 } catch (error) { 8681 let e: BusinessError = error as BusinessError; 8682 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8683 } 8684} 8685``` 8686 8687### getExtensionsObject<sup>12+</sup> 8688 8689getExtensionsObject(): CertExtension 8690 8691获取对应实体的扩展域DER格式数据。 8692 8693**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8694 8695**系统能力:** SystemCapability.Security.Cert 8696 8697**返回值**: 8698 8699| 类型 | 说明 | 8700| ------- | ---------------------------------------------------- | 8701| [CertExtension](#certextension10) | 证书扩展域段类对象。| 8702 8703**错误码:** 8704 8705以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8706 8707| 错误码ID | 错误信息 | 8708| -------- | ----------------------- | 8709| 19020001 | memory error. | 8710| 19020002 | runtime error. | 8711| 19030001 | crypto operation error. | 8712 8713**示例:** 8714 8715```ts 8716import { cert } from '@kit.DeviceCertificateKit'; 8717import { BusinessError } from '@kit.BasicServicesKit'; 8718 8719// string转Uint8Array。 8720function stringToUint8Array(str: string): Uint8Array { 8721 let arr: Array<number> = []; 8722 for (let i = 0, j = str.length; i < j; i++) { 8723 arr.push(str.charCodeAt(i)); 8724 } 8725 return new Uint8Array(arr); 8726} 8727 8728let crlData = '-----BEGIN X509 CRL-----\n' + 8729 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 8730 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 8731 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 8732 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 8733 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 8734 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 8735 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 8736 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 8737 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + 8738 '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 8739 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 8740 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 8741 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 8742 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 8743 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 8744 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + 8745 '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 8746 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 8747 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 8748 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 8749 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 8750 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 8751 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 8752 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 8753 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 8754 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 8755 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 8756 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 8757 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + 8758 '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 8759 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 8760 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 8761 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 8762 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 8763 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 8764 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 8765 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 8766 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 8767 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 8768 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 8769 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 8770 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 8771 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 8772 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 8773 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 8774 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 8775 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 8776 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 8777 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 8778 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 8779 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 8780 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 8781 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + 8782 '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 8783 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 8784 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 8785 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 8786 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 8787 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 8788 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 8789 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 8790 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + 8791 '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 8792 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 8793 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 8794 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 8795 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 8796 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + 8797 '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 8798 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 8799 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + 8800 '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 8801 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + 8802 '-----END X509 CRL-----\n'; 8803 8804let encodingBlob: cert.EncodingBlob = { 8805 data: stringToUint8Array(crlData), 8806 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8807 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8808}; 8809 8810async function certGetExtensionsObject() { 8811 let x509Crl: cert.X509CRL = {} as cert.X509CRL; 8812 try { 8813 x509Crl = await cert.createX509CRL(encodingBlob); 8814 console.log('createX509CRL success'); 8815 let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); 8816 } catch (error) { 8817 let e: BusinessError = error as BusinessError; 8818 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8819 } 8820} 8821``` 8822 8823## cert.createCertCRLCollection<sup>11+</sup> 8824 8825createCertCRLCollection(certs: Array\<X509Cert>, crls?: Array\<X509CRL>): CertCRLCollection 8826 8827表示创建证书和证书吊销列表集合对象,并返回相应的结果。 8828 8829**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8830 8831**系统能力:** SystemCapability.Security.Cert 8832 8833**参数**: 8834 8835| 参数名 | 类型 | 必填 | 说明 | 8836| -------- | ------------------------------------- | ---- | ------------------------------ | 8837| certs | Array\<[X509Cert](#x509cert)> | 是 | X509Cert数组。 | 8838| crls | Array\<[X509CRL](#x509crl11)> | 否 | X509CRL数组。 | 8839 8840**返回值**: 8841 8842| 类型 | 说明 | 8843| ------------------ | -------------------- | 8844| [CertCRLCollection](#certcrlcollection11) | 表示证书和证书吊销列表集合对象。 | 8845 8846**错误码:** 8847 8848以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8849 8850| 错误码ID | 错误信息 | 8851| -------- | ----------------------- | 8852| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 8853| 19020001 | memory error. | 8854 8855**示例:** 8856 8857```ts 8858import { cert } from '@kit.DeviceCertificateKit'; 8859import { BusinessError } from '@kit.BasicServicesKit'; 8860 8861// string转Uint8Array。 8862function stringToUint8Array(str: string): Uint8Array { 8863 let arr: Array<number> = []; 8864 for (let i = 0, j = str.length; i < j; i++) { 8865 arr.push(str.charCodeAt(i)); 8866 } 8867 return new Uint8Array(arr); 8868} 8869 8870async function createX509CRL(): Promise<cert.X509CRL> { 8871 let crlData = '-----BEGIN X509 CRL-----\n' + 8872 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 8873 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 8874 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 8875 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 8876 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 8877 'eavsH0Q3\n' + 8878 '-----END X509 CRL-----\n'; 8879 8880 // 证书吊销列表二进制数据,需业务自行赋值。 8881 let encodingBlob: cert.EncodingBlob = { 8882 data: stringToUint8Array(crlData), 8883 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8884 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8885 }; 8886 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 8887 try { 8888 x509CRL = await cert.createX509CRL(encodingBlob); 8889 } catch (err) { 8890 let e: BusinessError = err as BusinessError; 8891 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8892 } 8893 return x509CRL; 8894} 8895 8896async function createX509Cert(): Promise<cert.X509Cert> { 8897 let certData = '-----BEGIN CERTIFICATE-----\n' + 8898 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 8899 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 8900 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 8901 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 8902 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 8903 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 8904 'Qw==\n' + 8905 '-----END CERTIFICATE-----\n'; 8906 8907 let encodingBlob: cert.EncodingBlob = { 8908 data: stringToUint8Array(certData), 8909 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 8910 encodingFormat: cert.EncodingFormat.FORMAT_PEM 8911 }; 8912 8913 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 8914 try { 8915 x509Cert = await cert.createX509Cert(encodingBlob); 8916 } catch (err) { 8917 let e: BusinessError = err as BusinessError; 8918 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 8919 } 8920 return x509Cert; 8921} 8922 8923async function createCollection() { 8924 const x509Cert = await createX509Cert(); 8925 const x509CRL = await createX509CRL(); 8926 try { 8927 const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); 8928 console.log('createCertCRLCollection success'); 8929 } catch (err) { 8930 console.error('createCertCRLCollection failed'); 8931 } 8932} 8933``` 8934 8935## CertCRLCollection<sup>11+</sup> 8936 8937证书和证书吊销列表集合对象。 8938 8939### selectCerts<sup>11+</sup> 8940 8941selectCerts(param: X509CertMatchParameters): Promise\<Array\<X509Cert>> 8942 8943查找证书和证书吊销列表集合中所有与参数匹配的证书对象,使用Promise方式异步返回结果。 8944 8945**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 8946 8947**系统能力:** SystemCapability.Security.Cert 8948 8949**参数**: 8950 8951| 参数名 | 类型 | 必填 | 说明 | 8952| --------- | ------------------------------- | ---- | ------------ | 8953| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 8954 8955**返回值**: 8956 8957| 类型 | 说明 | 8958| --------------------------------------- | --------------------------------------- | 8959| Promise\<Array\<[X509Cert](#x509cert)>> | Promise对象。表示匹配到的证书对象数组。 | 8960 8961**错误码:** 8962 8963以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 8964 8965| 错误码ID | 错误信息 | 8966| -------- | ----------------------- | 8967| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 8968| 19020001 | memory error. | 8969| 19030001 | crypto operation error. | 8970 8971**示例:** 8972 8973```ts 8974import { cert } from '@kit.DeviceCertificateKit'; 8975import { BusinessError } from '@kit.BasicServicesKit'; 8976 8977// string转Uint8Array。 8978function stringToUint8Array(str: string): Uint8Array { 8979 let arr: Array<number> = []; 8980 for (let i = 0, j = str.length; i < j; i++) { 8981 arr.push(str.charCodeAt(i)); 8982 } 8983 return new Uint8Array(arr); 8984} 8985 8986async function createX509Cert(): Promise<cert.X509Cert> { 8987 let certData = '-----BEGIN CERTIFICATE-----\n' + 8988 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 8989 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 8990 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 8991 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 8992 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 8993 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 8994 'Qw==\n' + 8995 '-----END CERTIFICATE-----\n'; 8996 8997 let encodingBlob: cert.EncodingBlob = { 8998 data: stringToUint8Array(certData), 8999 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9000 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9001 }; 9002 9003 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9004 try { 9005 x509Cert = await cert.createX509Cert(encodingBlob); 9006 } catch (err) { 9007 let e: BusinessError = err as BusinessError; 9008 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9009 } 9010 return x509Cert; 9011} 9012 9013async function selectCerts() { 9014 const x509Cert = await createX509Cert(); 9015 const collection = cert.createCertCRLCollection([x509Cert]); 9016 9017 try { 9018 const param: cert.X509CertMatchParameters = { 9019 x509Cert, 9020 validDate: '20231121074700Z', 9021 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9022 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9023 publicKeyAlgID: '1.2.840.10045.2.1' 9024 }; 9025 const certs = await collection.selectCerts(param); 9026 console.log('call selectCerts success'); 9027 } catch (err) { 9028 console.error('call selectCerts failed'); 9029 } 9030} 9031``` 9032 9033### selectCerts<sup>11+</sup> 9034 9035selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\<Array\<X509Cert>>): void 9036 9037查找证书和证书吊销列表集合中所有与参数匹配的证书对象, 使用Callback回调异步返回结果。 9038 9039**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9040 9041**系统能力:** SystemCapability.Security.Cert 9042 9043**参数**: 9044 9045| 参数名 | 类型 | 必填 | 说明 | 9046| --------- | ------------------------------- | ---- | ----------------- | 9047| param | [X509CertMatchParameters](#x509certmatchparameters11) | 是 | 表示证书需匹配的参数。 | 9048| callback | AsyncCallback\<Array\<[X509Cert](#x509cert)>> | 是 | 回调函数,表示匹配到的证书对象数组。 | 9049 9050**错误码:** 9051 9052以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9053 9054| 错误码ID | 错误信息 | 9055| -------- | ----------------------- | 9056| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9057| 19020001 | memory error. | 9058| 19030001 | crypto operation error. | 9059 9060**示例:** 9061 9062```ts 9063import { cert } from '@kit.DeviceCertificateKit'; 9064import { BusinessError } from '@kit.BasicServicesKit'; 9065 9066// string转Uint8Array。 9067function stringToUint8Array(str: string): Uint8Array { 9068 let arr: Array<number> = []; 9069 for (let i = 0, j = str.length; i < j; i++) { 9070 arr.push(str.charCodeAt(i)); 9071 } 9072 return new Uint8Array(arr); 9073} 9074 9075async function createX509Cert(): Promise<cert.X509Cert> { 9076 let certData = '-----BEGIN CERTIFICATE-----\n' + 9077 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9078 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9079 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9080 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9081 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9082 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9083 'Qw==\n' + 9084 '-----END CERTIFICATE-----\n'; 9085 9086 let encodingBlob: cert.EncodingBlob = { 9087 data: stringToUint8Array(certData), 9088 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9089 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9090 }; 9091 9092 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9093 try { 9094 x509Cert = await cert.createX509Cert(encodingBlob); 9095 } catch (err) { 9096 let e: BusinessError = err as BusinessError; 9097 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9098 } 9099 return x509Cert; 9100} 9101 9102async function selectCerts() { 9103 const x509Cert = await createX509Cert(); 9104 const collection = cert.createCertCRLCollection([x509Cert]); 9105 // 需业务自行赋值。 9106 const param: cert.X509CertMatchParameters = { 9107 x509Cert, 9108 validDate: '20231121074700Z', 9109 issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9110 subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), 9111 publicKeyAlgID: '1.2.840.10045.2.1' 9112 }; 9113 collection.selectCerts(param, (err, certs) => { 9114 if (err) { 9115 console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9116 } else { 9117 console.log('selectCerts success'); 9118 } 9119 }); 9120} 9121``` 9122 9123### selectCRLs<sup>11+</sup> 9124 9125selectCRLs(param: X509CRLMatchParameters): Promise\<Array\<X509CRL>> 9126 9127查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Promise方式异步返回结果。 9128 9129**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9130 9131**系统能力:** SystemCapability.Security.Cert 9132 9133**参数**: 9134 9135| 参数名 | 类型 | 必填 | 说明 | 9136| --------- | ------------------------------- | ---- | ------------ | 9137| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数。 | 9138 9139**返回值**: 9140 9141| 类型 | 说明 | 9142| -------------- | ----------- | 9143| Promise\<Array\<[X509CRL](#x509crl11)>> | Promise对象。表示匹配到的证书吊销列表对象数组。 | 9144 9145**错误码:** 9146 9147以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9148 9149| 错误码ID | 错误信息 | 9150| -------- | ----------------------- | 9151| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9152| 19020001 | memory error. | 9153| 19030001 | crypto operation error. | 9154 9155**示例:** 9156 9157```ts 9158import { cert } from '@kit.DeviceCertificateKit'; 9159import { BusinessError } from '@kit.BasicServicesKit'; 9160 9161// string转Uint8Array。 9162function stringToUint8Array(str: string): Uint8Array { 9163 let arr: Array<number> = []; 9164 for (let i = 0, j = str.length; i < j; i++) { 9165 arr.push(str.charCodeAt(i)); 9166 } 9167 return new Uint8Array(arr); 9168} 9169 9170async function createX509CRL(): Promise<cert.X509CRL> { 9171 let crlData = '-----BEGIN X509 CRL-----\n' + 9172 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9173 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9174 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9175 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9176 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9177 'eavsH0Q3\n' + 9178 '-----END X509 CRL-----\n'; 9179 9180 // 证书吊销列表二进制数据,需业务自行赋值。 9181 let encodingBlob: cert.EncodingBlob = { 9182 data: stringToUint8Array(crlData), 9183 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9184 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9185 }; 9186 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9187 try { 9188 x509CRL = await cert.createX509CRL(encodingBlob); 9189 } catch (err) { 9190 let e: BusinessError = err as BusinessError; 9191 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9192 } 9193 return x509CRL; 9194} 9195 9196async function createX509Cert(): Promise<cert.X509Cert> { 9197 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9198 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9199 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9200 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9201 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9202 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9203 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9204 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9205 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9206 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9207 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9208 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9209 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9210 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9211 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9212 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9213 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9214 "-----END CERTIFICATE-----\r\n"; 9215 const certEncodingBlob: cert.EncodingBlob = { 9216 data: stringToUint8Array(certData), 9217 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9218 }; 9219 9220 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9221 try { 9222 x509Cert = await cert.createX509Cert(certEncodingBlob); 9223 console.log('createX509Cert success'); 9224 } catch (err) { 9225 console.error('createX509Cert failed'); 9226 } 9227 return x509Cert; 9228} 9229 9230async function selectCRLs() { 9231 const x509CRL = await createX509CRL(); 9232 const x509Cert = await createX509Cert(); 9233 const collection = cert.createCertCRLCollection([], [x509CRL]); 9234 9235 const param: cert.X509CRLMatchParameters = { 9236 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9237 x509Cert: x509Cert 9238 } 9239 try { 9240 const crls = await collection.selectCRLs(param); 9241 console.log('selectCRLs success'); 9242 } catch (err) { 9243 console.error('selectCRLs failed'); 9244 } 9245} 9246``` 9247 9248### selectCRLs<sup>11+</sup> 9249 9250selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\<Array\<X509CRL>>): void 9251 9252查找证书和证书吊销列表集合中所有与参数匹配的证书吊销列表对象, 使用Callback回调异步返回结果。 9253 9254**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9255 9256**系统能力:** SystemCapability.Security.Cert 9257 9258**参数**: 9259 9260| 参数名 | 类型 | 必填 | 说明 | 9261| --------- | ------------------------------- | ---- | ----------------- | 9262| param | [X509CRLMatchParameters](#x509crlmatchparameters11) | 是 | 表示证书吊销列表需匹配的参数对象。 | 9263| callback | AsyncCallback\<Array\<[X509CRL](#x509crl11)>> | 是 | 回调函数,表示匹配到的证书吊销列表对象数组。 | 9264 9265**错误码:** 9266 9267以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9268 9269| 错误码ID | 错误信息 | 9270| -------- | ----------------------- | 9271| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9272| 19020001 | memory error. | 9273| 19030001 | crypto operation error. | 9274 9275**示例:** 9276 9277```ts 9278import { cert } from '@kit.DeviceCertificateKit'; 9279import { BusinessError } from '@kit.BasicServicesKit'; 9280 9281// string转Uint8Array。 9282function stringToUint8Array(str: string): Uint8Array { 9283 let arr: Array<number> = []; 9284 for (let i = 0, j = str.length; i < j; i++) { 9285 arr.push(str.charCodeAt(i)); 9286 } 9287 return new Uint8Array(arr); 9288} 9289 9290async function createX509CRL(): Promise<cert.X509CRL> { 9291 let crlData = '-----BEGIN X509 CRL-----\n' + 9292 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 9293 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 9294 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 9295 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + 9296 '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 9297 'eavsH0Q3\n' + 9298 '-----END X509 CRL-----\n'; 9299 9300 // 证书吊销列表二进制数据,需业务自行赋值。 9301 let encodingBlob: cert.EncodingBlob = { 9302 data: stringToUint8Array(crlData), 9303 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9304 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9305 }; 9306 let x509CRL: cert.X509CRL = {} as cert.X509CRL; 9307 try { 9308 x509CRL = await cert.createX509CRL(encodingBlob); 9309 } catch (err) { 9310 let e: BusinessError = err as BusinessError; 9311 console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9312 } 9313 return x509CRL; 9314} 9315 9316async function createX509Cert(): Promise<cert.X509Cert> { 9317 const certData = "-----BEGIN CERTIFICATE-----\r\n" + 9318 "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + 9319 "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + 9320 "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + 9321 "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + 9322 "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + 9323 "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + 9324 "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + 9325 "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + 9326 "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + 9327 "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + 9328 "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + 9329 "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + 9330 "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + 9331 "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + 9332 "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + 9333 "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + 9334 "-----END CERTIFICATE-----\r\n"; 9335 const certEncodingBlob: cert.EncodingBlob = { 9336 data: stringToUint8Array(certData), 9337 encodingFormat: cert.EncodingFormat.FORMAT_PEM, 9338 }; 9339 9340 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9341 try { 9342 x509Cert = await cert.createX509Cert(certEncodingBlob); 9343 console.log('createX509Cert success'); 9344 } catch (err) { 9345 console.error('createX509Cert failed'); 9346 } 9347 return x509Cert; 9348} 9349 9350async function selectCRLs() { 9351 const x509CRL = await createX509CRL(); 9352 const x509Cert = await createX509Cert(); 9353 const collection = cert.createCertCRLCollection([], [x509CRL]); 9354 9355 const param: cert.X509CRLMatchParameters = { 9356 issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], 9357 x509Cert: x509Cert 9358 } 9359 collection.selectCRLs(param, (err, crls) => { 9360 if (err) { 9361 console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9362 } else { 9363 console.log('selectCRLs success'); 9364 } 9365 }); 9366} 9367``` 9368 9369## cert.createX509CertChain<sup>11+</sup> 9370 9371createX509CertChain(inStream: EncodingBlob): Promise\<X509CertChain> 9372 9373表示创建X509证书链对象,使用Promise方式异步返回结果。 9374 9375**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9376 9377**系统能力:** SystemCapability.Security.Cert 9378 9379**参数:** 9380 9381| 参数名 | 类型 | 必填 | 说明 | 9382| -------- | ----------------------------- | ---- | -------------------- | 9383| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9384 9385**返回值:** 9386 9387| 类型 | 说明 | 9388| ------------------------------- | ---------------- | 9389| Promise\<[X509CertChain](#x509certchain11)> | 表示X509证书链对象。 | 9390 9391**错误码:** 9392 9393以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9394 9395| 错误码ID | 错误信息 | 9396| -------- | ------------- | 9397| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9398| 19020001 | memory error. | 9399| 19030001 | crypto operation error. | 9400 9401**示例:** 9402 9403```ts 9404import { cert } from '@kit.DeviceCertificateKit'; 9405import { BusinessError } from '@kit.BasicServicesKit'; 9406 9407// string转Uint8Array。 9408function stringToUint8Array(str: string): Uint8Array { 9409 let arr: Array<number> = []; 9410 for (let i = 0, j = str.length; i < j; i++) { 9411 arr.push(str.charCodeAt(i)); 9412 } 9413 return new Uint8Array(arr); 9414} 9415 9416async function createX509CertChain(): Promise<cert.X509CertChain> { 9417 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9418 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9419 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9420 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9421 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9422 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9423 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9424 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9425 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9426 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9427 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9428 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9429 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9430 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9431 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9432 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9433 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9434 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9435 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9436 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9437 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9438 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9439 "-----END CERTIFICATE-----\n" + 9440 "-----BEGIN CERTIFICATE-----\n" + 9441 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9442 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9443 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9444 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9445 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9446 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9447 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9448 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9449 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9450 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9451 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9452 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9453 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9454 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9455 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9456 "uKPWR9dKBA==\n" + 9457 "-----END CERTIFICATE-----\n" + 9458 "-----BEGIN CERTIFICATE-----\n" + 9459 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9460 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9461 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9462 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9463 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9464 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9465 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9466 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9467 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9468 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9469 "xjoE\n" + 9470 "-----END CERTIFICATE-----\n"; 9471 9472 // 证书链二进制数据,需业务自行赋值。 9473 let encodingBlob: cert.EncodingBlob = { 9474 data: stringToUint8Array(certChainData), 9475 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 9476 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9477 }; 9478 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9479 try { 9480 x509CertChain = await cert.createX509CertChain(encodingBlob); 9481 } catch (error) { 9482 let e: BusinessError = error as BusinessError; 9483 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9484 } 9485 return x509CertChain; 9486} 9487 9488createX509CertChain(); 9489``` 9490 9491## cert.createX509CertChain<sup>11+</sup> 9492 9493createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\<X509CertChain>): void 9494 9495表示创建X509证书链对象,使用Callback回调异步返回结果。 9496 9497**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9498 9499**系统能力:** SystemCapability.Security.Cert 9500 9501**参数:** 9502 9503| 参数名 | 类型 | 必填 | 说明 | 9504| -------- | ------------------------------------- | ---- | -------------------------- | 9505| inStream | [EncodingBlob](#encodingblob) | 是 | X509证书序列化数据。 | 9506| callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | 是 | 回调函数,表示X509证书链对象。 | 9507 9508**错误码:** 9509 9510以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9511 9512| 错误码ID | 错误信息 | 9513| -------- | ------------- | 9514| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9515| 19020001 | memory error. | 9516| 19030001 | crypto operation error. | 9517 9518**示例:** 9519 9520```ts 9521import { cert } from '@kit.DeviceCertificateKit'; 9522 9523// string转Uint8Array。 9524function stringToUint8Array(str: string): Uint8Array { 9525 let arr: Array<number> = []; 9526 for (let i = 0, j = str.length; i < j; i++) { 9527 arr.push(str.charCodeAt(i)); 9528 } 9529 return new Uint8Array(arr); 9530} 9531 9532let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9533 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9534 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9535 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9536 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9537 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9538 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9539 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9540 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9541 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9542 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9543 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9544 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9545 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9546 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9547 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9548 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9549 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9550 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9551 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9552 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9553 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9554 "-----END CERTIFICATE-----\n" + 9555 "-----BEGIN CERTIFICATE-----\n" + 9556 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9557 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9558 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9559 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9560 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9561 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9562 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9563 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9564 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9565 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9566 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9567 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9568 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9569 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9570 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9571 "uKPWR9dKBA==\n" + 9572 "-----END CERTIFICATE-----\n" + 9573 "-----BEGIN CERTIFICATE-----\n" + 9574 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9575 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9576 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9577 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9578 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9579 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9580 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9581 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9582 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9583 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9584 "xjoE\n" + 9585 "-----END CERTIFICATE-----\n"; 9586 9587// 证书链二进制数据,需业务自行赋值。 9588let encodingBlob: cert.EncodingBlob = { 9589 data: stringToUint8Array(certChainData), 9590 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 9591 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9592}; 9593 9594cert.createX509CertChain(encodingBlob, (err, certChain) => { 9595 if (err) { 9596 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 9597 } else { 9598 console.log('createX509CertChain success'); 9599 } 9600}); 9601``` 9602 9603## cert.createX509CertChain<sup>11+</sup> 9604 9605createX509CertChain(certs: Array\<X509Cert>): X509CertChain 9606 9607表示使用X509Cert数组方式创建X509证书链对象,并同步返回结果。 9608 9609**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9610 9611**系统能力:** SystemCapability.Security.Cert 9612 9613**参数:** 9614 9615| 参数名 | 类型 | 必填 | 说明 | 9616| -------- | -------------------- | ---- | -------------------------- | 9617| certs | Array\<[X509Cert](#x509cert)> | 是 | X509证书对象数组。 | 9618 9619**返回值:** 9620 9621| 类型 | 说明 | 9622| --------------------------------- | -------------------- | 9623| [X509CertChain](#x509certchain11) | 表示X509证书链对象。 | 9624 9625**错误码:** 9626 9627以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9628 9629| 错误码ID | 错误信息 | 9630| -------- | ------------- | 9631| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9632| 19020001 | memory error. | 9633| 19030001 | crypto operation error. | 9634 9635**示例:** 9636 9637```ts 9638import { cert } from '@kit.DeviceCertificateKit'; 9639import { BusinessError } from '@kit.BasicServicesKit'; 9640 9641// string转Uint8Array。 9642function stringToUint8Array(str: string): Uint8Array { 9643 let arr: Array<number> = []; 9644 for (let i = 0, j = str.length; i < j; i++) { 9645 arr.push(str.charCodeAt(i)); 9646 } 9647 return new Uint8Array(arr); 9648} 9649 9650async function createX509Cert(): Promise<cert.X509Cert> { 9651 let certData = '-----BEGIN CERTIFICATE-----\n' + 9652 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 9653 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 9654 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 9655 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 9656 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 9657 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 9658 'Qw==\n' + 9659 '-----END CERTIFICATE-----\n'; 9660 9661 // 证书二进制数据,需业务自行赋值。 9662 let encodingBlob: cert.EncodingBlob = { 9663 data: stringToUint8Array(certData), 9664 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9665 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9666 }; 9667 9668 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9669 try { 9670 x509Cert = await cert.createX509Cert(encodingBlob); 9671 } catch (error) { 9672 let e: BusinessError = error as BusinessError; 9673 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9674 } 9675 return x509Cert; 9676} 9677 9678async function createX509CertChain(): Promise<cert.X509CertChain> { 9679 const x509Cert = await createX509Cert(); 9680 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 9681 try { 9682 x509CertChain = cert.createX509CertChain([x509Cert]); 9683 } catch (error) { 9684 let e: BusinessError = error as BusinessError; 9685 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9686 } 9687 return x509CertChain; 9688} 9689 9690createX509CertChain(); 9691``` 9692 9693## cert.buildX509CertChain<sup>12+</sup> 9694 9695buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\<CertChainBuildResult> 9696 9697表示使用CertChainBuildParameters对象方式创建X509证书链对象,并用Promise方式返回结果。 9698 9699**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9700 9701**系统能力:** SystemCapability.Security.Cert 9702 9703**参数:** 9704 9705| 参数名 | 类型 | 必填 | 说明 | 9706| -------- | -------------------- | ---- | -------------------------- | 9707| param | [CertChainBuildParameters](#certchainbuildparameters12) | 是 | 构建证书链的参数对象。 | 9708 9709**返回值:** 9710 9711| 类型 | 说明 | 9712| --------------------------------- | -------------------- | 9713| [CertChainBuildResult](#certchainbuildresult12) | 表示X509证书链对象。 | 9714 9715**错误码:** 9716 9717以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9718 9719| 错误码ID | 错误信息 | 9720| -------- | ------------------------------------------------- | 9721| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9722| 19020001 | memory error. | 9723| 19020002 | runtime error. | 9724| 19030001 | crypto operation error. | 9725| 19030002 | the certificate signature verification failed. | 9726| 19030003 | the certificate has not taken effect. | 9727| 19030004 | the certificate has expired. | 9728| 19030005 | failed to obtain the certificate issuer. | 9729| 19030006 | the key cannot be used for signing a certificate. | 9730| 19030007 | the key cannot be used for digital signature. | 9731 9732**示例:** 9733 9734```ts 9735import { cert } from '@kit.DeviceCertificateKit'; 9736import { BusinessError } from '@kit.BasicServicesKit'; 9737 9738// string转Uint8Array。 9739function stringToUint8Array(str: string): Uint8Array { 9740 let arr: Array<number> = []; 9741 for (let i = 0, j = str.length; i < j; i++) { 9742 arr.push(str.charCodeAt(i)); 9743 } 9744 return new Uint8Array(arr); 9745} 9746 9747// 证书链数据。 9748let certPem = '-----BEGIN CERTIFICATE-----\n' + 9749 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9750 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 9751 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 9752 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 9753 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 9754 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 9755 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + 9756 '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + 9757 '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 9758 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 9759 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 9760 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 9761 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + 9762 '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 9763 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 9764 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 9765 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 9766 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + 9767 '-----END CERTIFICATE-----'; 9768 9769let caPem = '-----BEGIN CERTIFICATE-----\n' + 9770'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 9771'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 9772'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + 9773'6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 9774'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 9775'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 9776'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 9777'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 9778'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 9779'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 9780'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 9781'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 9782'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 9783'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 9784'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 9785'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 9786'sSus\n' + 9787'-----END CERTIFICATE-----'; 9788 9789async function createX509Cert(certData: string): Promise<cert.X509Cert> { 9790 // 证书二进制数据,需业务自行赋值。 9791 let encodingBlob: cert.EncodingBlob = { 9792 data: stringToUint8Array(certData), 9793 // 根据encodingData的格式进行赋值,支持FORMAT_PEM和FORMAT_DER。 9794 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9795 }; 9796 9797 let x509Cert: cert.X509Cert = {} as cert.X509Cert; 9798 try { 9799 x509Cert = await cert.createX509Cert(encodingBlob); 9800 } catch (error) { 9801 let e: BusinessError = error as BusinessError; 9802 console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9803 } 9804 return x509Cert; 9805} 9806 9807async function buildX509CertChain() { 9808 try { 9809 const caCert = await createX509Cert(caPem); 9810 const x509Cert = await createX509Cert(certPem); 9811 let certCrlCollection = cert.createCertCRLCollection([x509Cert]); 9812 let param: cert.CertChainBuildParameters = { 9813 certMatchParameters: {validDate:'20240812080000Z'}, 9814 maxLength: 3, 9815 validationParameters: { 9816 date: '20240812080000Z', 9817 certCRLs: [certCrlCollection], 9818 trustAnchors: [{CACert:caCert}, {CACert:caCert}], 9819 } 9820 } 9821 let certChainBuildResult = await cert.buildX509CertChain(param); 9822 console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) 9823 console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) 9824 } catch (error) { 9825 let e: BusinessError = error as BusinessError; 9826 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 9827 } 9828} 9829 9830buildX509CertChain(); 9831``` 9832 9833## cert.createTrustAnchorsWithKeyStore<sup>12+</sup> 9834 9835createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise<Array\<[X509TrustAnchor](#x509trustanchor11)>> 9836 9837表示从P12文件中读取ca证书来构造[TrustAnchor](#x509trustanchor11)对象数组,并用Promise方式返回结果。 9838 9839**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9840 9841**系统能力:** SystemCapability.Security.Cert 9842 9843**参数:** 9844 9845| 参数名 | 类型 | 必填 | 说明 | 9846| -------- | -------------------- | ---- | -------------------------- | 9847| keystore | Uint8Array | 是 | p12文件,DER格式。 | 9848| pwd | string | 是 | p12文件的密码。 | 9849 9850**返回值:** 9851 9852| 类型 | 说明 | 9853| --------------------------------- | -------------------- | 9854| Array\<[X509TrustAnchor](#x509trustanchor11)> | 表示X509TrustAnchor对象数组。 | 9855 9856**错误码:** 9857 9858以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9859 9860| 错误码ID | 错误信息 | 9861| -------- | ------------------------------------------------- | 9862| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9863| 19020001 | memory error. | 9864| 19020002 | runtime error. | 9865| 19030001 | crypto operation error. | 9866| 19030002 | the certificate signature verification failed. | 9867| 19030003 | the certificate has not taken effect. | 9868| 19030004 | the certificate has expired. | 9869| 19030005 | failed to obtain the certificate issuer. | 9870| 19030006 | the key cannot be used for signing a certificate. | 9871| 19030007 | the key cannot be used for digital signature. | 9872 9873**示例:** 9874 9875```ts 9876import { cert } from '@kit.DeviceCertificateKit'; 9877import { BusinessError } from '@kit.BasicServicesKit'; 9878 9879try { 9880 cert.createTrustAnchorsWithKeyStore( 9881 new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), 9882 '123456').then((data) => { 9883 console.log('createTrustAnchorsWithKeyStore sucess, number of the result is: ' + JSON.stringify(data.length)); 9884 }).catch((err : BusinessError) => { 9885 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); 9886 }) 9887} catch (error) { 9888 console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); 9889} 9890``` 9891 9892## X509CertChain<sup>11+</sup> 9893 9894X509证书链对象。 9895 9896### getCertList<sup>11+</sup> 9897 9898getCertList(): Array\<X509Cert> 9899 9900获取X509证书列表。 9901 9902**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 9903 9904**系统能力:** SystemCapability.Security.Cert 9905 9906**返回值**: 9907 9908| 类型 | 说明 | 9909| -------------- | ----------- | 9910| Array\<[X509Cert](#x509cert)> | X509证书数组。 | 9911 9912**错误码:** 9913 9914以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 9915 9916| 错误码ID | 错误信息 | 9917| -------- | ----------------------- | 9918| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 9919| 19020001 | memory error. | 9920| 19030001 | crypto operation error. | 9921 9922**示例:** 9923 9924```ts 9925import { cert } from '@kit.DeviceCertificateKit'; 9926import { BusinessError } from '@kit.BasicServicesKit'; 9927 9928// string转Uint8Array。 9929function stringToUint8Array(str: string): Uint8Array { 9930 let arr: Array<number> = []; 9931 for (let i = 0, j = str.length; i < j; i++) { 9932 arr.push(str.charCodeAt(i)); 9933 } 9934 return new Uint8Array(arr); 9935} 9936 9937let certChainData = "-----BEGIN CERTIFICATE-----\n" + 9938 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 9939 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 9940 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 9941 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 9942 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 9943 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 9944 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 9945 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 9946 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 9947 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 9948 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 9949 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 9950 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 9951 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 9952 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 9953 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 9954 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 9955 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 9956 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 9957 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 9958 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 9959 "-----END CERTIFICATE-----\n" + 9960 "-----BEGIN CERTIFICATE-----\n" + 9961 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9962 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9963 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 9964 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9965 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 9966 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 9967 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 9968 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 9969 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 9970 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 9971 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 9972 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 9973 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 9974 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 9975 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 9976 "uKPWR9dKBA==\n" + 9977 "-----END CERTIFICATE-----\n" + 9978 "-----BEGIN CERTIFICATE-----\n" + 9979 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 9980 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 9981 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 9982 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 9983 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 9984 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 9985 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 9986 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 9987 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 9988 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 9989 "xjoE\n" + 9990 "-----END CERTIFICATE-----\n"; 9991 9992// 证书链二进制数据,需业务自行赋值。 9993let encodingBlob: cert.EncodingBlob = { 9994 data: stringToUint8Array(certChainData), 9995 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 9996 encodingFormat: cert.EncodingFormat.FORMAT_PEM 9997}; 9998 9999cert.createX509CertChain(encodingBlob, (err, certChain) => { 10000 if (err) { 10001 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10002 } else { 10003 console.log('createX509CertChain success'); 10004 try { 10005 let certList = certChain.getCertList(); 10006 } catch (err) { 10007 let e: BusinessError = err as BusinessError; 10008 console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10009 } 10010 } 10011}); 10012``` 10013 10014### validate<sup>11+</sup> 10015 10016validate(param: CertChainValidationParameters): Promise\<CertChainValidationResult> 10017 10018校验证书链,并使用Promise方式异步返回结果。 10019 10020**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10021 10022**系统能力:** SystemCapability.Security.Cert 10023 10024**参数**: 10025 10026| 参数名 | 类型 | 必填 | 说明 | 10027| --------- | ------------------------------- | ---- | ----------------- | 10028| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 10029 10030**返回值**: 10031 10032| 类型 | 说明 | 10033| ------------------------------------------------------------ | --------------------------------- | 10034| Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise对象,返回证书链校验结果。 | 10035 10036**错误码:** 10037 10038以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10039 10040| 错误码ID | 错误信息 | 10041| -------- | ----------------------- | 10042| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10043| 19020001 | memory error. | 10044| 19020002 | runtime error. | 10045| 19030001 | crypto operation error. | 10046| 19030002 | the certificate signature verification failed. | 10047| 19030003 | the certificate has not taken effect. | 10048| 19030004 | the certificate has expired. | 10049| 19030005 | failed to obtain the certificate issuer. | 10050| 19030006 | the key cannot be used for signing a certificate. | 10051| 19030007 | the key cannot be used for digital signature. | 10052 10053**示例:** 10054 10055```ts 10056import { cert } from '@kit.DeviceCertificateKit'; 10057import { BusinessError } from '@kit.BasicServicesKit'; 10058 10059// string转Uint8Array。 10060function stringToUint8Array(str: string): Uint8Array { 10061 let arr: Array<number> = []; 10062 for (let i = 0, j = str.length; i < j; i++) { 10063 arr.push(str.charCodeAt(i)); 10064 } 10065 return new Uint8Array(arr); 10066} 10067 10068async function createX509CertChain(): Promise<cert.X509CertChain> { 10069 let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10070 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10071 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10072 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10073 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10074 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10075 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10076 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10077 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10078 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10079 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10080 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10081 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10082 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10083 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10084 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10085 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10086 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10087 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10088 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10089 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10090 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10091 "-----END CERTIFICATE-----\n" + 10092 "-----BEGIN CERTIFICATE-----\n" + 10093 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10094 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10095 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10096 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10097 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10098 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10099 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10100 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10101 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10102 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10103 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10104 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10105 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10106 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10107 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10108 "uKPWR9dKBA==\n" + 10109 "-----END CERTIFICATE-----\n" + 10110 "-----BEGIN CERTIFICATE-----\n" + 10111 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10112 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10113 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10114 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10115 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10116 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10117 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10118 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10119 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10120 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10121 "xjoE\n" + 10122 "-----END CERTIFICATE-----\n"; 10123 10124 // 证书链二进制数据,需业务自行赋值。 10125 let encodingBlob: cert.EncodingBlob = { 10126 data: stringToUint8Array(certChainData), 10127 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10128 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10129 }; 10130 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10131 try { 10132 x509CertChain = await cert.createX509CertChain(encodingBlob); 10133 } 10134 catch (error) { 10135 let e: BusinessError = error as BusinessError; 10136 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10137 } 10138 return x509CertChain; 10139} 10140 10141async function validate() { 10142 const certChain = await createX509CertChain(); 10143 // 证书链校验数据,需业务自行赋值。 10144 const param: cert.CertChainValidationParameters = { 10145 date: '20231212080000Z', 10146 trustAnchors: [{ 10147 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10148 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10149 }] 10150 } 10151 try { 10152 const validationRes = await certChain.validate(param); 10153 console.log('X509CertChain validate success'); 10154 } 10155 catch (err) { 10156 console.error('X509CertChain validate failed'); 10157 } 10158} 10159 10160validate(); 10161``` 10162 10163### validate<sup>11+</sup> 10164 10165validate(param: CertChainValidationParameters, callback: AsyncCallback\<CertChainValidationResult>): void 10166 10167使用校验参数校验证书链并使用callback方式异步返回结果。 10168 10169**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10170 10171**系统能力:** SystemCapability.Security.Cert 10172 10173**参数**: 10174 10175| 参数名 | 类型 | 必填 | 说明 | 10176| --------- | ------------------------------- | ---- | ------------ | 10177| param | [CertChainValidationParameters](#certchainvalidationparameters11) | 是 | 表示校验X509证书链的参数。 | 10178| callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | 是 | 回调函数,返回证书链校验结果。 | 10179 10180**错误码:** 10181 10182以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10183 10184| 错误码ID | 错误信息 | 10185| -------- | ----------------------- | 10186| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10187| 19020001 | memory error. | 10188| 19020002 | runtime error. | 10189| 19030001 | crypto operation error. | 10190| 19030002 | the certificate signature verification failed. | 10191| 19030003 | the certificate has not taken effect. | 10192| 19030004 | the certificate has expired. | 10193| 19030005 | failed to obtain the certificate issuer. | 10194| 19030006 | the key cannot be used for signing a certificate. | 10195| 19030007 | the key cannot be used for digital signature. | 10196 10197**示例:** 10198 10199```ts 10200import { cert } from '@kit.DeviceCertificateKit'; 10201 10202// string转Uint8Array。 10203function stringToUint8Array(str: string): Uint8Array { 10204 let arr: Array<number> = []; 10205 for (let i = 0, j = str.length; i < j; i++) { 10206 arr.push(str.charCodeAt(i)); 10207 } 10208 return new Uint8Array(arr); 10209} 10210 10211let certChainData = "-----BEGIN CERTIFICATE-----\n" + 10212 "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + 10213 "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + 10214 "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + 10215 "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + 10216 "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + 10217 "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + 10218 "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + 10219 "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + 10220 "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + 10221 "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + 10222 "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + 10223 "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + 10224 "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + 10225 "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + 10226 "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + 10227 "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + 10228 "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + 10229 "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + 10230 "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + 10231 "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + 10232 "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + 10233 "-----END CERTIFICATE-----\n" + 10234 "-----BEGIN CERTIFICATE-----\n" + 10235 "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10236 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10237 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + 10238 "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10239 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + 10240 "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + 10241 "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + 10242 "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + 10243 "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + 10244 "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + 10245 "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + 10246 "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + 10247 "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + 10248 "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + 10249 "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + 10250 "uKPWR9dKBA==\n" + 10251 "-----END CERTIFICATE-----\n" + 10252 "-----BEGIN CERTIFICATE-----\n" + 10253 "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + 10254 "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + 10255 "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + 10256 "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + 10257 "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + 10258 "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + 10259 "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + 10260 "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + 10261 "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + 10262 "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + 10263 "xjoE\n" + 10264 "-----END CERTIFICATE-----\n"; 10265 10266// 证书链二进制数据,需业务自行赋值。 10267let encodingBlob: cert.EncodingBlob = { 10268 data: stringToUint8Array(certChainData), 10269 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10270 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10271}; 10272 10273// 证书链校验数据,需业务自行赋值。 10274let param: cert.CertChainValidationParameters = { 10275 date: '20231212080000Z', 10276 trustAnchors: [{ 10277 CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), 10278 CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), 10279 }] 10280}; 10281 10282cert.createX509CertChain(encodingBlob, (err, certChain) => { 10283 if (err) { 10284 console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); 10285 } else { 10286 console.log('createX509CertChain success'); 10287 certChain.validate(param, (error, validationRes) => { 10288 if (error) { 10289 console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); 10290 } else { 10291 console.log('X509CertChain validate success'); 10292 } 10293 }); 10294 } 10295}); 10296``` 10297 10298### toString<sup>12+</sup> 10299 10300toString(): string 10301 10302获取对象的字符串类型数据。 10303 10304**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10305 10306**系统能力:** SystemCapability.Security.Cert 10307 10308**返回值**: 10309 10310| 类型 | 说明 | 10311| ------- | ---------------------------------------------------- | 10312| string | 对象的字符串类型数据。| 10313 10314**错误码:** 10315 10316以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10317 10318| 错误码ID | 错误信息 | 10319| -------- | ----------------------- | 10320| 19020001 | memory error. | 10321| 19020002 | runtime error. | 10322| 19030001 | crypto operation error. | 10323 10324**示例:** 10325 10326```ts 10327import { cert } from '@kit.DeviceCertificateKit'; 10328import { BusinessError } from '@kit.BasicServicesKit'; 10329 10330// string转Uint8Array。 10331function stringToUint8Array(str: string): Uint8Array { 10332 let arr: Array<number> = []; 10333 for (let i = 0, j = str.length; i < j; i++) { 10334 arr.push(str.charCodeAt(i)); 10335 } 10336 return new Uint8Array(arr); 10337} 10338 10339let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10340 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10341 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10342 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10343 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10344 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10345 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10346 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10347 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10348 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10349 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10350 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10351 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10352 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10353 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10354 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10355 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10356 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10357 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10358 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10359 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10360 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10361 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10362 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10363 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10364 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10365 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10366 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10367 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10368 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10369 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10370 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10371 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10372 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10373 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10374 '-----END CERTIFICATE-----\n' + 10375 '-----BEGIN CERTIFICATE-----\n' + 10376 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10377 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10378 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10379 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10380 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10381 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10382 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10383 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10384 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10385 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10386 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10387 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10388 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10389 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10390 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10391 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10392 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10393 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10394 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10395 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10396 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10397 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10398 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10399 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10400 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10401 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10402 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10403 'tPO+\n' + 10404 '-----END CERTIFICATE-----\n'; 10405 10406// 证书链二进制数据,需业务自行赋值。 10407let encodingBlob: cert.EncodingBlob = { 10408 data: stringToUint8Array(certChainData), 10409 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10410 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10411}; 10412 10413async function certChainToString() { 10414 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10415 try { 10416 x509CertChain = await cert.createX509CertChain(encodingBlob); 10417 console.log('createX509CertChain success'); 10418 console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); 10419 } catch (error) { 10420 let e: BusinessError = error as BusinessError; 10421 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10422 } 10423} 10424``` 10425### hashCode<sup>12+</sup> 10426 10427hashCode(): Uint8Array 10428 10429获取DER格式数据的哈希值。 10430 10431**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10432 10433**系统能力:** SystemCapability.Security.Cert 10434 10435**返回值**: 10436 10437| 类型 | 说明 | 10438| ------- | ---------------------------------------------------- | 10439| Uint8Array | DER格式数据的哈希值。| 10440 10441**错误码:** 10442 10443以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10444 10445| 错误码ID | 错误信息 | 10446| -------- | ----------------------- | 10447| 19020001 | memory error. | 10448| 19020002 | runtime error. | 10449| 19030001 | crypto operation error. | 10450 10451**示例:** 10452 10453```ts 10454import { cert } from '@kit.DeviceCertificateKit'; 10455import { BusinessError } from '@kit.BasicServicesKit'; 10456 10457// string转Uint8Array。 10458function stringToUint8Array(str: string): Uint8Array { 10459 let arr: Array<number> = []; 10460 for (let i = 0, j = str.length; i < j; i++) { 10461 arr.push(str.charCodeAt(i)); 10462 } 10463 return new Uint8Array(arr); 10464} 10465 10466let certChainData = '-----BEGIN CERTIFICATE-----\n' + 10467 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 10468 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 10469 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 10470 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 10471 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 10472 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 10473 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 10474 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 10475 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 10476 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 10477 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 10478 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 10479 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 10480 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 10481 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 10482 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 10483 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 10484 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 10485 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 10486 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 10487 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 10488 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 10489 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 10490 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 10491 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 10492 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 10493 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 10494 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 10495 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 10496 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 10497 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 10498 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + 10499 '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + 10500 '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + 10501 '-----END CERTIFICATE-----\n' + 10502 '-----BEGIN CERTIFICATE-----\n' + 10503 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 10504 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 10505 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 10506 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 10507 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 10508 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + 10509 '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + 10510 '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 10511 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 10512 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 10513 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 10514 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 10515 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 10516 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 10517 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 10518 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 10519 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 10520 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 10521 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 10522 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 10523 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 10524 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 10525 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 10526 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 10527 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + 10528 '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 10529 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 10530 'tPO+\n' + 10531 '-----END CERTIFICATE-----\n'; 10532 10533// 证书链二进制数据,需业务自行赋值。 10534let encodingBlob: cert.EncodingBlob = { 10535 data: stringToUint8Array(certChainData), 10536 // 根据encodingData的格式进行赋值,支持FORMAT_PEM、FORMAT_DER和FORMAT_PKCS7。 10537 encodingFormat: cert.EncodingFormat.FORMAT_PEM 10538}; 10539 10540async function certChainHashCode() { 10541 let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; 10542 try { 10543 x509CertChain = await cert.createX509CertChain(encodingBlob); 10544 console.log('createX509CertChain success'); 10545 console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); 10546 } catch (error) { 10547 let e: BusinessError = error as BusinessError; 10548 console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); 10549 } 10550} 10551``` 10552## cert.createX500DistinguishedName<sup>12+</sup> 10553 10554createX500DistinguishedName(nameStr: string): Promise\<X500DistinguishedName> 10555 10556表示使用字符串格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 10557 10558**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10559 10560**系统能力:** SystemCapability.Security.Cert 10561 10562**参数:** 10563 10564| 参数名 | 类型 | 必填 | 说明 | 10565| -------- | ----------------------------- | ---- | -------------------- | 10566| nameStr | string | 是 |X509定义的string类型的Name字符串格式数据。| 10567 10568**返回值:** 10569 10570| 类型 | 说明 | 10571| ------------------------------- | ---------------- | 10572| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 10573 10574**错误码:** 10575 10576以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10577 10578| 错误码ID | 错误信息 | 10579| -------- | ------------- | 10580| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10581| 19020001 | memory error. | 10582| 19020002 | runtime error. | 10583| 19030001 | crypto operation error. | 10584| 19030002 | the certificate signature verification failed. | 10585| 19030003 | the certificate has not taken effect. | 10586| 19030004 | the certificate has expired. | 10587| 19030005 | failed to obtain the certificate issuer. | 10588| 19030006 | the key cannot be used for signing a certificate. | 10589| 19030007 | the key cannot be used for digital signature. | 10590 10591**示例:** 10592 10593```ts 10594import { cert } from '@kit.DeviceCertificateKit'; 10595import { BusinessError } from '@kit.BasicServicesKit'; 10596 10597// string转Uint8Array。 10598function stringToUint8Array(str: string): Uint8Array { 10599 let arr: Array<number> = []; 10600 for (let i = 0, j = str.length; i < j; i++) { 10601 arr.push(str.charCodeAt(i)); 10602 } 10603 return new Uint8Array(arr); 10604} 10605 10606let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; 10607async function createX500DistinguishedName() { 10608 try { 10609 cert.createX500DistinguishedName(nameStr) 10610 .then((data) => { 10611 console.log('createX500DistinguishedName success'); 10612 }) 10613 .catch((err: BusinessError) => { 10614 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10615 }) 10616 } catch (error) { 10617 let e: BusinessError = error as BusinessError; 10618 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10619 } 10620} 10621``` 10622 10623## cert.createX500DistinguishedName<sup>12+</sup> 10624 10625createX500DistinguishedName(nameDer: Uint8Array): Promise\<X500DistinguishedName> 10626 10627表示使用DER格式的名称创建X500DistinguishedName对象,使用Promise方式异步返回结果。 10628 10629**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10630 10631**系统能力:** SystemCapability.Security.Cert 10632 10633**参数:** 10634 10635| 参数名 | 类型 | 必填 | 说明 | 10636| -------- | ----------------------------- | ---- | -------------------- | 10637| nameDer | Uint8Array | 是 |X509定义的Uint8Array类型的DER格式数据。| 10638 10639**返回值:** 10640 10641| 类型 | 说明 | 10642| ------------------------------- | ---------------- | 10643| Promise\<[X500DistinguishedName](#x500distinguishedname12)> | 表示X509的可分辨对象。| 10644 10645**错误码:** 10646 10647以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10648 10649| 错误码ID | 错误信息 | 10650| -------- | ------------- | 10651| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10652| 19020001 | memory error. | 10653| 19020002 | runtime error. | 10654| 19030001 | crypto operation error. | 10655| 19030002 | the certificate signature verification failed. | 10656| 19030003 | the certificate has not taken effect. | 10657| 19030004 | the certificate has expired. | 10658| 19030005 | failed to obtain the certificate issuer. | 10659| 19030006 | the key cannot be used for signing a certificate. | 10660| 19030007 | the key cannot be used for digital signature. | 10661 10662**示例:** 10663 10664```ts 10665import { cert } from '@kit.DeviceCertificateKit'; 10666import { BusinessError } from '@kit.BasicServicesKit'; 10667 10668let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 10669async function createX500DistinguishedName() { 10670 try { 10671 cert.createX500DistinguishedName(nameDer) 10672 .then((data) => { 10673 console.log('createX500DistinguishedName success'); 10674 }) 10675 .catch((err: BusinessError) => { 10676 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10677 }) 10678 } catch (error) { 10679 let e: BusinessError = error as BusinessError; 10680 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10681 } 10682} 10683``` 10684## X500DistinguishedName<sup>12+</sup> 10685 10686X509定义的Name类型的对象。 10687 10688### getName<sup>12+</sup> 10689 10690getName(): string 10691 10692获取可分辨名的字符串。 10693 10694**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10695 10696**系统能力:** SystemCapability.Security.Cert 10697 10698**返回值**: 10699 10700| 类型 | 说明 | 10701| ------- | ------------------------------------------------- | 10702| string | 可分辨名的字符串。| 10703 10704**错误码:** 10705 10706以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10707 10708| 错误码ID | 错误信息 | 10709| -------- | ------------- | 10710| 19020001 | memory error. | 10711| 19020002 | runtime error. | 10712| 19030001 | crypto operation error. | 10713 10714**示例:** 10715 10716```ts 10717import { cert } from '@kit.DeviceCertificateKit'; 10718import { BusinessError } from '@kit.BasicServicesKit'; 10719 10720let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); 10721async function getName() { 10722 try { 10723 cert.createX500DistinguishedName(nameDer) 10724 .then((data) => { 10725 console.log('createX500DistinguishedName success'); 10726 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) 10727 }) 10728 .catch((err: BusinessError) => { 10729 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10730 }) 10731 } catch (error) { 10732 let e: BusinessError = error as BusinessError; 10733 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10734 } 10735} 10736``` 10737 10738### getName<sup>12+</sup> 10739 10740getName(type: string): Array\<string> 10741 10742按类型获取可分辨名的字符串。 10743 10744**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10745 10746**系统能力:** SystemCapability.Security.Cert 10747 10748**参数**: 10749 10750| 参数名 | 类型 | 必填 | 说明 | 10751| ------------ | ------ | ---- | -------------- | 10752| type | string | 是 | 指定类型的名称。| 10753 10754**返回值**: 10755 10756| 类型 | 说明 | 10757| ------- | ------------------------------------------------- | 10758| Array\<string> | 可分辨名的字符串数组。| 10759 10760**错误码:** 10761 10762以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10763 10764| 错误码ID | 错误信息 | 10765| -------- | ------------- | 10766| 401 | invalid parameters. Possible causes: <br>1. Mandatory parameters are left unspecified;<br>2. Incorrect parameter types;<br>3. Parameter verification failed.| 10767| 19020001 | memory error. | 10768| 19020002 | runtime error. | 10769| 19030001 | crypto operation error. | 10770 10771**示例:** 10772 10773```ts 10774import { cert } from '@kit.DeviceCertificateKit'; 10775import { BusinessError } from '@kit.BasicServicesKit'; 10776 10777let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 10778async function getName() { 10779 try { 10780 cert.createX500DistinguishedName(nameStr) 10781 .then((data) => { 10782 console.log('createX500DistinguishedName success'); 10783 console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) 10784 }) 10785 .catch((err: BusinessError) => { 10786 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10787 }) 10788 } catch (error) { 10789 let e: BusinessError = error as BusinessError; 10790 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10791 } 10792} 10793``` 10794 10795### getEncoded<sup>12+</sup> 10796 10797getEncoded(): EncodingBlob 10798 10799获取X509证书扩展域的数据。 10800 10801**原子化服务API:** 从API version 12开始,该接口支持在原子化服务中使用。 10802 10803**系统能力:** SystemCapability.Security.Cert 10804 10805**返回值**: 10806 10807| 类型 | 说明 | 10808| ------- | ------------------------------------------------- | 10809| [EncodingBlob](#encodingblob) | X509证书序列化数据。| 10810 10811**错误码:** 10812 10813以下错误码的详细介绍请参见[证书错误码](errorcode-cert.md)。 10814 10815| 错误码ID | 错误信息 | 10816| -------- | ------------- | 10817| 19020001 | memory error. | 10818| 19020002 | runtime error. | 10819| 19030001 | crypto operation error. | 10820 10821**示例:** 10822 10823```ts 10824import { cert } from '@kit.DeviceCertificateKit'; 10825import { BusinessError } from '@kit.BasicServicesKit'; 10826 10827let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; 10828async function getEncoded() { 10829 try { 10830 cert.createX500DistinguishedName(nameStr) 10831 .then((data) => { 10832 console.log('createX500DistinguishedName success'); 10833 let encodingBlobData = data.getEncoded(); 10834 }) 10835 .catch((err: BusinessError) => { 10836 console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); 10837 }) 10838 } catch (error) { 10839 let e: BusinessError = error as BusinessError; 10840 console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); 10841 } 10842} 10843```