# @ohos.security.cert (Certificate) The certificate algorithm library framework provides certificate-related APIs. The **certFramework** module depends on the basic algorithm capabilities of the Crypto framework. For details, see [Crypto Framework](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md). > **NOTE** > > The initial APIs of this module are supported since API version 9. Newly added APIs will be marked with a superscript to indicate their earliest API version. ## Modules to Import ```ts import { cert } from '@kit.DeviceCertificateKit'; import { cryptoFramework } from '@kit.CryptoArchitectureKit'; ``` ## CertResult Enumerates the error codes. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | --------------------------------------| -------- | -----------------------------| | INVALID_PARAMS | 401 | Invalid parameters. | | NOT_SUPPORT | 801 | This operation is not supported. | | ERR_OUT_OF_MEMORY | 19020001 | Memory error. | | ERR_RUNTIME_ERROR | 19020002 | Runtime error. | | ERR_CRYPTO_OPERATION | 19030001 | Crypto operation error. | | ERR_CERT_SIGNATURE_FAILURE | 19030002 | The certificate signature verification failed. | | ERR_CERT_NOT_YET_VALID | 19030003 | The certificate has not taken effect. | | ERR_CERT_HAS_EXPIRED | 19030004 | The certificate has expired. | | ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY | 19030005 | Failed to obtain the certificate issuer. | | ERR_KEYUSAGE_NO_CERTSIGN | 19030006 | The key cannot be used for signing a certificate. | | ERR_KEYUSAGE_NO_DIGITAL_SIGNATURE | 19030007 | The key cannot be used for digital signature. | ## DataBlob Defines a binary data array. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | -------------- | -------------- | ---- | ---- | ----------------| | data | Uint8Array | Yes | Yes | Data. | ## DataArray Defines a list of data arrays. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | -------------- | -------------- | ---- | ---- | ----------------| | data | Uint8Array | Yes | Yes | Data list. | ## EncodingFormat Enumerates the certificate encoding formats. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value| Description | | ---------- | ------ | --------- | | FORMAT_DER | 0 | Distinguished Encoding Rules (DER) format.| | FORMAT_PEM | 1 | Privacy-Enhanced Mail (PEM) format.| | FORMAT_PKCS7¹¹⁺ | 2 | PKCS #7 format.| ## CertItemType¹⁰⁺ Enumerates the certificate fields that can be obtained. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | -------------------------------- | ---- | ------------------------------ | | CERT_ITEM_TYPE_TBS | 0 | Information to be signed. | | CERT_ITEM_TYPE_PUBLIC_KEY | 1 | Public key of the certificate. | | CERT_ITEM_TYPE_ISSUER_UNIQUE_ID | 2 | Unique ID of the certificate issuer.| | CERT_ITEM_TYPE_SUBJECT_UNIQUE_ID | 3 | Unique ID of the certificate subject. | | CERT_ITEM_TYPE_EXTENSIONS | 4 | Certificate extensions, each of which is identified by a unique object identifier (OID). | ## ExtensionOidType¹⁰⁺ Enumerates the OID types of the certificate extensions that can be obtained. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | ----------------------------- | ---- | --------------------------------------------- | | EXTENSION_OID_TYPE_ALL | 0 | All object identifiers. | | EXTENSION_OID_TYPE_CRITICAL | 1 | Object identifier whose **critical** is **true**. | | EXTENSION_OID_TYPE_UNCRITICAL | 2 | Object identifier whose **critical** is **false**.| ## ExtensionEntryType¹⁰⁺ Enumerates the object types in certificate extensions that can be obtained. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | ----------------------------------- | ---- | ---------------------------- | | EXTENSION_ENTRY_TYPE_ENTRY | 0 | Entire object. | | EXTENSION_ENTRY_TYPE_ENTRY_CRITICAL | 1 | Critical attribute of the object.| | EXTENSION_ENTRY_TYPE_ENTRY_VALUE | 2 | Data of the object. | ## EncodingType¹²⁺ Enumerates the encoding formats of the subject name in an X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value| Description | | ---------- | ------ | --------- | | ENCODING_UTF8 | 0 | UTF-8.| ## EncodingBlob Defines a certificate binary array in encoding format. ### Properties **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | -------------- | --------------------------------- | ---- | ---- | ------------------------------ | | data | Uint8Array | Yes | Yes | Certificate data.| | encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | ## CertChainData Defines the certificate chain data, which is passed in as input parameters during certificate chain verification. ### Properties **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | -------------- | --------------------------------- | ---- | ---- | ------------------------------------------------------------ | | data | Uint8Array | Yes | Yes | Certificate data, in the *length* (2 bytes) + *data* format. For example, **08ABCDEFGH07ABCDEFG**. The first two bytes indicate the length of the first certificate is eight bytes, and the following eight bytes indicate the certificate data. Then, the next two bytes indicate the length of another certificate is seven bytes, and the seven bytes followed indicate the certificate data.| | count | number | Yes | Yes | Number of certificates contained in the input data. | | encodingFormat | [EncodingFormat](#encodingformat) | Yes | Yes | Certificate encoding format. | ## GeneralNameType¹²⁺ Enumerates the types of the common name (CN), which uniquely identifies the subject of the certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | -------------- | --------------------------------- | ------------------ | | GENERAL_NAME_TYPE_OTHER_NAME | 0 | Indicates others. | | GENERAL_NAME_TYPE_RFC822_NAME | 1 | Indicates an email address. | | GENERAL_NAME_TYPE_DNS_NAME | 2 | Indicates a DNS name. | | GENERAL_NAME_TYPE_X400_ADDRESS | 3 | Indicates an X.400 address. | | GENERAL_NAME_TYPE_DIRECTORY_NAME | 4 | Indicates a directory name. | | GENERAL_NAME_TYPE_EDI_PARTY_NAME | 5 | Indicates an Electronic Data Interchange (EDI) entity. | | GENERAL_NAME_TYPE_UNIFORM_RESOURCE_ID | 6 | Indicates a uniform resource identifier. | | GENERAL_NAME_TYPE_IP_ADDRESS | 7 | Indicates an IP address. | | GENERAL_NAME_TYPE_REGISTERED_ID | 8 | Indicates a registered object identifier. | ## GeneralName¹²⁺ Represents the CN information of a certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | -------------- | --------------------------------- | ---- | ------------------ | | type | [GeneralNameType](#generalname12) | Yes| Type of the certificate subject. | | name | Uint8Array | No | DER format of the certificate subject. | ## X509CertMatchParameters¹¹⁺ Defines the parameters used to match a certificate. If no parameter is specified, all certificates are matched. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | -------------- | --------------------------------- | ---- | ------------------ | | x509Cert | [X509Cert](#x509cert) | No| Certificate object. | | validDate | string | No | Certificate validity period. | | issuer | Uint8Array | No | Certificate issuer, in DER format.| | keyUsage | Array\ | No | Whether to match the key usage.| | serialNumber | bigint | No | Serial number of the certificate. | | subject | Uint8Array | No | Certificate subject, in DER format.| | publicKey | [DataBlob](#datablob) | No | Public key of the certificate, in DER format.| | publicKeyAlgID | string | No | Algorithm of the certificate public key.| | subjectAlternativeNames¹²⁺ | Array\<[GeneralName](#generalname12)> | No | Subject Alternative Names (SANs) of the certificate.| | matchAllSubjectAltNames¹²⁺ | boolean | No | Whether to match all SANs of the certificate.| | authorityKeyIdentifier¹²⁺ | Uint8Array | No | Key of the certificate authority (CA).| | minPathLenConstraint¹²⁺ | number | No | Minimum length of the certification path (chain of trust) that can be built from the certificate to a trusted root CA.| | extendedKeyUsage¹²⁺ | Array\ | No | Usage of the certificate.| | nameConstraints¹²⁺ | Uint8Array | No | Constraints on the subject names that can be included in certificates.| | certPolicy¹²⁺ | Array\ | No | Certificate policy.| | privateKeyValid¹²⁺ | string | No | Validity period of the certificate private key.| | subjectKeyIdentifier¹²⁺ | Uint8Array | No | Identifier of the public key of the certificate's subject.| ## X509CRLMatchParameters¹¹⁺ Represents the parameters used to match a certificate revocation list (CRL). If no parameter is specified, all CRLs are matched. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | -------------- | --------------------------------- | ---- | ------------------ | | issuer | Array\ | No | Issuers of the certificates. At least one issuer must be matched.| | x509Cert | [X509Cert](#x509cert) | No | Certificate object used to determine whether the certificate is in the CRL.| | updateDateTime¹²⁺ | string | No | Certificate update time.| | maxCRL¹²⁺ | bigint | No | Maximum number of CRLs.| | minCRL¹²⁺ | bigint | No | Minimum number of CRLs.| ## CertChainBuildParameters¹²⁺ Represents the parameters for building a certificate chain. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | -------------- | --------------------------------- | ---- | ------------------ | | certMatchParameters | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Filter criteria.| | maxLength | number | No | Maximum length of the CA certificate in the certificate chain.| | validationParameters | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for certificate chain validation.| ## CertChainBuildResult¹²⁺ Represents the certificate chain build result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | -------------- | --------------------------------- | ---- | ------------------ | | certChain | [X509CertChain](#x509certchain11) | Yes | Certificate chain object created.| | validationResult | [CertChainValidationResult](#certchainvalidationresult11) | Yes | Result of the certificate chain validation.| ## X509TrustAnchor¹¹⁺ Represents an X.509 trust anchor, which is used to verify the certificate chain. The certificate or public key in the trust anchor is used as the trusted root to verify the certificate chain. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | --------- | --------------------- | ---- | ---- | --------------------------- | | CACert | [X509Cert](#x509cert) | Yes | Yes | Trusted CA certificate. | | CAPubKey | Uint8Array | Yes | Yes | Public key of the trusted CA certificate, in DER format.| | CASubject | Uint8Array | Yes | Yes | Subject of the trusted CA certificate, in DER format.| | nameConstraints¹²⁺ | Uint8Array | Yes | Yes | Name constraints, in DER format.| ## RevocationCheckOptions¹²⁺ Enumerates the options for checking the certificate revocation status. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | --------------------------------------| -------- | -----------------------------| | REVOCATION_CHECK_OPTION_PREFER_OCSP | 0 | Use OCSP over CRL (default).| | REVOCATION_CHECK_OPTION_ACCESS_NETWORK | 1 | Obtain the CRL/OCSP response over the network. By default, it is disabled.| | REVOCATION_CHECK_OPTION_FALLBACK_NO_PREFER | 2 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the alternative solution to be used to obtain the certificate revocation status if the preferred solution cannot be used due to network problems.| | REVOCATION_CHECK_OPTION_FALLBACK_LOCAL | 3 | This parameter is valid when the **ACCESS_NETWORK** option is enabled. It allows the locally configured CRL/OCSP response to be used to check the certificate revocation status if the online CRL/OCSP response cannot be used due to network problems.| ## ValidationPolicyType¹²⁺ Enumerates the types of the online certificate chain validation policy. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | --------------------------------------| -------- | -----------------------------| | VALIDATION_POLICY_TYPE_X509 | 0 | Do not verify **sslHostname** or **dNSName** in the certificate. It is the default value.| | VALIDATION_POLICY_TYPE_SSL | 1 | Verify **sslHostname** or **dNSName** in the certificate.| ## KeyUsageType¹²⁺ Enumerates the purposes, for which the key in the certificate is used. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Value | Description | | --------------------------------------| -------- | -----------------------------| | KEYUSAGE_DIGITAL_SIGNATURE | 0 | The certificate holder can use the private key contained in the certificate to generate a digital signature.| | KEYUSAGE_NON_REPUDIATION | 1 | The certificate holder can use the key to verify a digital signature as part of a nonrepudiation service.| | KEYUSAGE_KEY_ENCIPHERMENT | 2 | The certificate holder can use the public key contained in the certificate for key encryption.| | KEYUSAGE_DATA_ENCIPHERMENT | 3 | The certificate holder can use the public key contained in the certificate for data encryption.| | KEYUSAGE_KEY_AGREEMENT | 4 | The certificate holder can use the private key contained in the certificate to perform key agreement operations.| | KEYUSAGE_KEY_CERT_SIGN | 5 | The certificate holder can use the private key contained in the certificate to sign other certificates.| | KEYUSAGE_CRL_SIGN | 6 | The certificate holder can use the private key contained in the certificate to sign CRLs.| | KEYUSAGE_ENCIPHER_ONLY | 7 | The certificate holder can use the key to perform encryption operations only.| | KEYUSAGE_DECIPHER_ONLY | 8 | The certificate holder can use the key to perform decryption operations only.| ## RevocationCheckParameter¹²⁺ Represents the parameters for checking the certificate revocation status for a certificate chain. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | ------------ | ------------------------------------------------- | ---- | -------------------------------------- | | ocspRequestExtension | Array\ | No | OCSP request extensions.| | ocspResponderURI | string | No | URL of the alternative server used to send OCSP requests. HTTP and HTTPS are supported. The specific configuration is determined via the negotiation with the server.| | ocspResponderCert | [X509Cert](#x509cert) | No | Signing certificate used for verifying the signature of the OCSP response.| | ocspResponses | Uint8Array | No | Alternative OCSP responses.| | crlDownloadURI | string | No | Address used to download the CRLs.| | options | Array\<[RevocationCheckOptions](#revocationcheckoptions12)> | No | A set of rules for obtaining the certificate revocation status.| | ocspDigest | string | No | Hash algorithm used to create a certificate ID during OCSP communication. The options **MD5**, **SHA1**, **SHA224**, **SHA256**, **SHA384**, and **SHA512** are supported. The default value is **SHA256**.| ## CertChainValidationParameters¹¹⁺ Represents the parameters for certificate chain validation. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Mandatory| Description | | ------------ | ------------------------------------------------- | ---- | -------------------------------------- | | date | string | No | Validity period of the certificate to validate. | | trustAnchors | Array\<[X509TrustAnchor](#x509trustanchor11)> | Yes | List of trusted anchors. | | certCRLs | Array\<[CertCRLCollection](#certcrlcollection11)> | No | Check whether the certificate is in a CRL.| | revocationCheckParam¹²⁺ | [RevocationCheckParameter](#revocationcheckparameter12) | No | Parameters for checking the certificate revocation status online.| | policy¹²⁺ | [ValidationPolicyType](#validationpolicytype12) | No | Type of the policy for certificate validation.| | sslHostname¹²⁺ | string | No | Host name in the certificate to be verified. This parameter must be used with **policy** together.| | keyUsage¹²⁺ | Array\<[KeyUsageType](#keyusagetype12)> | No | Usage of the key in the certificate to be validated.| ## CertChainValidationResult¹¹⁺ Represents the return value of certificate chain validation. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | ----------- | ------------------------------------- | ---- | ---- | -------------- | | trustAnchor | [X509TrustAnchor](#x509trustanchor11) | Yes | No | Trust anchor. | | entityCert | [X509Cert](#x509cert) | Yes | No | Entity certificate.| ## cert.createX509Cert createX509Cert(inStream : EncodingBlob, callback : AsyncCallback\) : void Creates an X.509 certificate instance. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | | callback | AsyncCallback\<[X509Cert](#x509cert)> | Yes | Callback used to return the **X509Cert** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); } }); ``` ## cert.createX509Cert createX509Cert(inStream : EncodingBlob) : Promise\ Creates an X.509 certificate instance. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | ------------------ | | inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| **Return value** | Type | Description | | ------- | ---------------- | | Promise\<[X509Cert](#x509cert)> | Promise used to return the **X509Cert** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob).then(x509Cert => { console.log('createX509Cert success'); }).catch((error: BusinessError) => { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ## X509Cert Provides APIs for X.509 certificate operations. ### verify verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void Verifies the signature of an X.509 certificate. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | --------------------- | ---- | ------------------------------------------------------------ | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | | callback | AsyncCallback\ | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------ | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). try { let pubKey = x509Cert.getPublicKey(); // Verify the certificate signature. x509Cert.verify(pubKey, (err, data) => { if (err) { console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('verify success'); } }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### verify verify(key : cryptoFramework.PubKey) : Promise\ Verifies the signature of an X.509 certificate. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | ------ | ---- | ------------------ | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| **Return value** | Type | Description | | -------------- | ----------- | | Promise\ | Promise used to return the result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------ | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob).then(x509Cert => { console.log('createX509Cert success'); try { // Obtain PubKey by using getPublicKey() of the upper-level X509Cert object (or the current certificate object is a self-signed certificate). let pubKey = x509Cert.getPublicKey(); x509Cert.verify(pubKey).then(result => { console.log('verify success'); }).catch((error: BusinessError) => { console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); } catch (err) { console.error('get public key failed'); } }).catch((error: BusinessError) => { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getEncoded getEncoded(callback : AsyncCallback\) : void Obtains the serialized X.509 certificate data. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | --------------------------------------------- | ---- | -------------------------------- | | callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized X.509 certificate data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); x509Cert.getEncoded((error, data) => { if (error) { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getEncoded success'); } }); } }); ``` ### getEncoded getEncoded() : Promise\ Obtains the serialized X.509 certificate data. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------------------------- | ---------------------- | | Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 certificate data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 'BetUokslUfjT6+s/X4ByaxycAA==\n' + '-----END CERTIFICATE-----\n'; // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob).then(x509Cert => { console.log('createX509Cert success'); x509Cert.getEncoded().then(result => { console.log('getEncoded success'); }).catch((error: BusinessError) => { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getPublicKey getPublicKey() : cryptoFramework.PubKey Obtains the public key of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ---------------- | | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Public key of the X509 certificate obtained. This object is used only for **verify()** of **X509Cert**.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let pubKey = x509Cert.getPublicKey(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getPublicKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### checkValidityWithDate checkValidityWithDate(date: string) : void Checks the validity period of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | -------------- | ---- | ---------- | | date | string | Yes | Date in the ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error.| | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); let date = '231001000001Z'; // Verify the certificate validity period. try { x509Cert.checkValidityWithDate(date); } catch (error) { let e: BusinessError = error as BusinessError; console.error('checkValidityWithDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getVersion getVersion() : number Obtains the X.509 certificate version. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ---------------- | | number | X.509 certificate version obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); let version = x509Cert.getVersion(); } }); ``` ### getSerialNumber^(deprecated) getSerialNumber() : number Obtains the X.509 certificate serial number. > **NOTE** > > This API is supported since API version 9 and deprecated since API version 10. Use [getCertSerialNumber](#getcertserialnumber10) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------ | | number | X.509 certificate serial number obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); let serialNumber = x509Cert.getSerialNumber(); } }); ``` ### getCertSerialNumber¹⁰⁺ getCertSerialNumber() : bigint Obtains the X.509 certificate serial number. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------ | | bigint | X.509 certificate serial number obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020002 | runtime error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let serialNumber = x509Cert.getCertSerialNumber(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getCertSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getIssuerName getIssuerName() : DataBlob Obtains the X.509 certificate issuer. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ---------------------- | | [DataBlob](#datablob) | X.509 certificate issuer obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let issuerName = x509Cert.getIssuerName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSubjectName getSubjectName(encodingType?: EncodingType) : DataBlob Obtains the subject of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------- | ---- | ------------------------------ | | encodingType | [EncodingType](#encodingtype12) | No | Encoding type. If this parameter is set, the subject name in UTF-8 format is to be obtained. If this parameter is not set, the subject name in ASCII encoding format is obtained by default.
This parameter is available since API version 12. | **Return value** | Type | Description | | --------------------- | -------------------- | | [DataBlob](#datablob) | Subject name obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Incorrect parameter types;
2. Parameter verification failed. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let subjectName = x509Cert.getSubjectName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSubjectName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } try { let subjectNameutf8 = x509Cert.getSubjectName(cert.EncodingType.ENCODING_UTF8); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSubjectNameUtf8 failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getNotBeforeTime getNotBeforeTime() : string Obtains the start time of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------------------------------ | | string | Certificate start time obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let notBefore = x509Cert.getNotBeforeTime(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getNotAfterTime getNotAfterTime() : string Obtains the expiration time of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------------------------------ | | string | Certificate expiration time obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let notAfter = x509Cert.getNotAfterTime(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getNotAfterTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignature getSignature() : DataBlob Obtains the signature data of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | -------------------- | | [DataBlob](#datablob) | Signature data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let signature = x509Cert.getSignature(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgName getSignatureAlgName() : string Obtains the signing algorithm of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------ | | string | X.509 certificate signing algorithm obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let sigAlgName = x509Cert.getSignatureAlgName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgOid getSignatureAlgOid() : string Obtains the object identifier (OID) of the X.509 certificate signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | --------------------------------- | | string | OID obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let sigAlgOid = x509Cert.getSignatureAlgOid(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgParams getSignatureAlgParams() : DataBlob Obtains the signing algorithm parameters of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------ | | [DataBlob](#datablob) | X.509 certificate signing algorithm parameters obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let sigAlgParams = x509Cert.getSignatureAlgParams(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getKeyUsage getKeyUsage() : DataBlob Obtains the key usage of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | -------------------- | | [DataBlob](#datablob) | Key usage of the X.509 certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let keyUsage = x509Cert.getKeyUsage(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getKeyUsage failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getExtKeyUsage getExtKeyUsage() : DataArray Obtains the usage of the extended key of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ----------------------- | ------------------------ | | [DataArray](#dataarray) | Usage of the extended key obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let extKeyUsage = x509Cert.getExtKeyUsage(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getBasicConstraints getBasicConstraints() : number Obtains the basic constraints for obtaining this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------- | | number | Basic constraints obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); let basicConstraints = x509Cert.getBasicConstraints(); } }); ``` ### getSubjectAltNames getSubjectAltNames() : DataArray Obtains the Subject Alternative Names (SANs) of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ----------------------- | ------------------------ | | [DataArray](#dataarray) | SANs obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let subjectAltNames = x509Cert.getSubjectAltNames(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSubjectAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getIssuerAltNames getIssuerAltNames() : DataArray Obtains the Issuer Alternative Names (IANs) of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ----------------------- | -------------------------- | | [DataArray](#dataarray) | IANs obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let issuerAltNames = x509Cert.getIssuerAltNames(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getIssuerAltNames failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getItem¹⁰⁺ getItem(itemType: CertItemType) : DataBlob Obtains the fields in the X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [DataBlob](#datablob) | Fields in DER format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Cert(encodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Cert success'); try { let tbs = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_TBS); let pubKey = x509Cert.getItem(cert.CertItemType.CERT_ITEM_TYPE_PUBLIC_KEY); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getItem failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### match¹¹⁺ match(param: X509CertMatchParameters): boolean Checks whether this certificate matches the specified parameters. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------ | ---- | ------------------------------------------ | | param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters specified for matching the certificate.| **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | boolean | Returns **true** if the certificate matches the parameters specified; returns **false** otherwise.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509Cert(): Promise { let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTTCCAjWgAwIBAgIBAzANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDM1NFoXDTM0MDMxNzAyMDM1NFowETEPMA0GA1UEAwwG\n' + 'ZGV2aWNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuoGk2J0aKWTP\n' + 'J3D7lS3oFdME3MMA1z0Y0ftthrtUKybE2xh8P90ztMV73bewmgAPqiApqhaWEZM/\n' + '6DSLc/MxbOeYjg6njveJIu721gchiuB2PFikDFSWlcLOJNw+CgBx77Ct3KllivHs\n' + 'oi/gjuxrWiF/3VhbBErPNj/fw9se3pVrFRXIFdkcybtom2mUmkcxDfSg587SO14i\n' + 'ZzXGM6nhMzYWXxLho6SJrsnzfs4pD6ifksWmY4089zitqsN+9jQXafY1+/sh1mgu\n' + 'FvAwg9IbigGOBIiF8t5qdNGpqCHXbEHblNCWfT4fVNDV0Vc9pByjZaMYEGMhpz+6\n' + 'lxlc2CqbNQIDAQABo4GuMIGrMAkGA1UdEwQCMAAwHQYDVR0OBBYEFAEVpuP+pPpg\n' + 'kr3dA3aV2XdFZ9rGMB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMB0G\n' + 'A1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjALBgNVHQ8EBAMCB4AwMgYIKwYB\n' + 'BQUHAQEEJjAkMCIGCCsGAQUFBzABhhZodHRwczovLzEyNy4wLjAuMTo5OTk5MA0G\n' + 'CSqGSIb3DQEBCwUAA4IBAQBjM1agcDcgVHsD0dS39gxtlyRbZRvDcW3YsdwgpN6S\n' + 'e4wGzdZbhsiZv7y3+PSuozKwp5Yjn+UqnnEz7QuTGJRt/pzHDVY3QceNvlx2HPRe\n' + 'fECS4bpGLcM5B17oZZjE4HenIrGmigXnnwYL5TjhC4ybtddXPYv/M6z2eFCnfQNa\n' + 'zFwz8LJ7ukWvf5koBqcHq2zsuVByOIPXLIrAJPtMmBb/pHCFt8hxOxwqujdrxz16\n' + 'pe5LQUYzvG1YCxw3Ye9OrM1yXJQr/4KYncQC1yQQo+UK7NsDRK30PsMEYxhierLA\n' + 'JKyPn1xSlOJiGa2rRn/uevmEOhfagj5TtprU9Gu1+nZo\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function matchX509Cert() { const x509Cert = await createX509Cert(); try { // The data varies with the service. const param: cert.X509CertMatchParameters = { x509Cert, validDate: '20241121074700Z', keyUsage: [true, false, false, false, false, false, false, false, false], publicKeyAlgID: '1.2.840.113549.1.1.1' }; const result = x509Cert.match(param); console.log('call x509Cert match success'); } catch (err) { console.error('call x509Cert match failed'); } } ``` ### getCRLDistributionPoint¹²⁺ getCRLDistributionPoint(): DataArray Obtains the CRL distribution points of this X.509 certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ----------------------- | -------------------------- | | [DataArray](#dataarray) | URIs of the CRL distribution points obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIIB/jCCAaSgAwIBAgICA+gwCgYIKoZIzj0EAwIwLDELMAkGA1UEBhMCQ04xDTAL\n" + "BgNVBAoMBHRlc3QxDjAMBgNVBAMMBXN1YmNhMB4XDTIzMTAwNzA0MDEwOFoXDTMz\n" + "MTAwNDA0MDEwOFowLDELMAkGA1UEBhMCQ04xDTALBgNVBAoMBHRlc3QxDjAMBgNV\n" + "BAMMBWxvY2FsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEZDPvdlJI6Yv4fiaR\n" + "nQHcusXVbukk90mQ0rBGOYRikFvgvm5cjTdaUGcQKEtwYIKDQl5n6Pf7ElCJ7GRz\n" + "raWZ+qOBtTCBsjAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVuU1NMIEdl\n" + "bmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQU63Gbl8gIsUn0VyZ4rya3PCjm\n" + "sfEwHwYDVR0jBBgwFoAU77mynM0rz1SD43DQjleWM7bF+MEwNwYDVR0fBDAwLjAs\n" + "oCqgKIYmaHR0cDovL3Rlc3QudGVzdENSTGRwLmNvbS9DUkxfRFBfMS5jcmwwCgYI\n" + "KoZIzj0EAwIDSAAwRQIhAISKHH9u221mBgdDWfll3loLvEHJ3or9NUO5Zn6SrX6L\n" + "AiAtRlOa6/mTD68faQTdhsAaQP955QfW34B4yFqU2Bq72A==\n" + "-----END CERTIFICATE-----\n"; // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetCRLDistributionPoint() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); let point = x509Cert.getCRLDistributionPoint(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getIssuerX500DistinguishedName¹²⁺ getIssuerX500DistinguishedName(): X500DistinguishedName Obtains the distinguished name (DN) of the X.509 certificate issuer. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + "-----END CERTIFICATE-----\n" // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetIssuerX500DistinguishedName() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); let name = x509Cert.getIssuerX500DistinguishedName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getSubjectX500DistinguishedName¹²⁺ getSubjectX500DistinguishedName(): X500DistinguishedName Obtains the DN of the X.509 certificate subject (holder). **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + "-----END CERTIFICATE-----\n" // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetSubjectX500DistinguishedName() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); let name = x509Cert.getSubjectX500DistinguishedName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### toString¹²⁺ toString(): string Converts the object data into a string. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | string | String obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + "-----END CERTIFICATE-----\n" // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certToString() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); console.info('certToString success: ' + JSON.stringify(x509Cert.toString())); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### hashCode¹²⁺ hashCode(): Uint8Array Obtains the hash value of the data in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | Uint8Array | Hash value obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + "-----END CERTIFICATE-----\n" // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certHashCode() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); console.info('certHashCode success: ' + JSON.stringify(x509Cert.hashCode())); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getExtensionsObject¹²⁺ getExtensionsObject(): CertExtension Obtains the certification extensions in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [CertExtension](#certextension10) | Certificate extensions object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certData = "-----BEGIN CERTIFICATE-----\n" + "MIID1TCCAr2gAwIBAgIITXr1++kFUU4wDQYJKoZIhvcNAQELBQAwcDELMAkGA1UE\n" + "BhMCQ04xEjAQBgNVBAgTCWd1YW5nZG9uZzERMA8GA1UEBxMIc2hlbnpoZW4xEjAQ\n" + "BgNVBAoTCXRlc3RTZWNDYTESMBAGA1UECxMJdGVzdFNlY0NhMRIwEAYDVQQDEwl0\n" + "ZXN0U2VjQ2EwHhcNMjMxMjIxMDAwMDAwWhcNMjcxMjIwMjM1OTU5WjBxMQswCQYD\n" + "VQQGEwJDTjEOMAwGA1UECBMFZ2Fuc3UxEDAOBgNVBAcTB2xhbnpob3UxFDASBgNV\n" + "BAoTC3Rlc3RUaGlyZENhMRQwEgYDVQQLEwt0ZXN0VGhpcmRDYTEUMBIGA1UEAxML\n" + "dGVzdFRoaXJkQ2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJMKSq\n" + "Fn4G4EJATauw+4s+n/JbINBAiuhzURzzdt2T8JJQLDV9RHj4mZt84yv6lqEpl2fm\n" + "gIClfu173pEV51/PSq5IaV481u/Dz/OTy9TwfxmIXAWdNpyodDOg4I9K7LC01ge8\n" + "xxyKFi7k7m2eTGA4dYQM0E0AEXzCpg2JN3IIIPhzHCIVJmYjcbVxiaFkvT4ZFFUk\n" + "4rDSbAQdn6dJ29msrFm8iGhMGC/bzq9Bii38Qg4y4o89QYiboRWCxv3XfuibT+jw\n" + "O3pmfsFuT8/bKOWVm94FmRxiKuj6iE8UVewxtByzDgAsBtJKDjaCv3IkqfbIu+sq\n" + "/eeJkVJRJXAP3ZpLAgMBAAGjcjBwMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE\n" + "FIxvPSwEmjOMW10H+gn2gy5HvMmMMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEE\n" + "BAMCAAcwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTANBgkqhkiG9w0B\n" + "AQsFAAOCAQEAWu0u72g5y1weexPoJQnUgcwVtuC+/tTS9YvyCtKYE91gn97LSWn9\n" + "mXXGmLceU27B8JwhER9JeiQO1SUdDcvlfb5vt6eB+5cbZcgeERUBP8t0znh7DbMg\n" + "4TFjt9gZ970PZ1OlTBNPoZNRBKIox61KVUhiVKTVSbXlVP1yUF1uSlSq+0NYayHw\n" + "MnX1BeLxbAcAsTPYHjoeFJIrGkKlydLyt/8hDQzpLRW5uEUTjjqLh7vef0OaOP80\n" + "MmADt6ojRYvwdMDHF0ASJyupLQ+hiRLVadciK8Z5W34JGN2jwEw5X3nXyAgErIJZ\n" + "pqdTflnFLnSwy5M3QHB+xjYAcS9l1br2LA==\n" + "-----END CERTIFICATE-----\n" // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetExtensionsObject() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); console.log('createX509Cert success'); let object = x509Cert.getExtensionsObject(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## cert.createCertExtension¹⁰⁺ createCertExtension(inStream : EncodingBlob, callback : AsyncCallback\) : void Creates a **CertExtension** instance. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| | callback | AsyncCallback\<[CertExtension](#certextension10)> | Yes | Callback used to return the **CertExtension** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob, (error, certExt) => { if (error) { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createCertExtension success'); } }); ``` ## cert.createCertExtension¹⁰⁺ createCertExtension(inStream : EncodingBlob) : Promise\ Creates a **CertExtension** instance. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized data of the certificate extension.| **Return value** | Type | Description | | ------------------------------------------- | -------------------- | | Promise\<[CertExtension](#certextension10)> | Promise used to return the **CertExtension** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob).then(certExt => { console.log('createCertExtension success'); }).catch((error: BusinessError) => { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ## CertExtension¹⁰⁺ Provides APIs for operating the certificate extensions. ### getEncoded¹⁰⁺ getEncoded() : EncodingBlob Obtains the serialized data of the certificate extensions. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ----------------------------- | ---------------------------- | | [EncodingBlob](#encodingblob) | Serialized data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob, (error, certExt) => { if (error) { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createCertExtension success'); try { let extEncodedBlob = certExt.getEncoded(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('ext getEncoded failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getOidList¹⁰⁺ getOidList(valueType : ExtensionOidType) : DataArray Obtains the OIDs of the certificate extensions. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------------- | ---- | ------------------------------ | | valueType | [ExtensionOidType](#extensionoidtype10) | Yes | Type of the OIDs to obtain.| **Return value** | Type | Description | | ----------------------- | -------------------------------- | | [DataArray](#dataarray) | OIDs obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob, (error, certExt) => { if (error) { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createCertExtension success'); try { let oidList = certExt.getOidList(cert.ExtensionOidType.EXTENSION_OID_TYPE_ALL); } catch (err) { let e: BusinessError = err as BusinessError; console.error('ext getOidList failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getEntry¹⁰⁺ getEntry(valueType: ExtensionEntryType, oid : DataBlob) : DataBlob Obtains the certificate extension object information. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ----------------------------------------- | ---- | -------------------------------- | | valueType | [ExtensionEntryType](#extensionentrytype10) | Yes | Type of the information to obtain. | | oid | [DataBlob](#datablob) | Yes | OID of the certificate extension to obtain.| **Return value** | Type | Description | | --------------------- | ---------------------------- | | [DataBlob](#datablob) | Certificate extension object information obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob, (error, certExt) => { if (error) { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createCertExtension success'); let oid = new Uint8Array([0x32, 0x2e, 0x35, 0x2e, 0x32, 0x39, 0x2e, 0x31, 0x35]); let oidBlob: cert.DataBlob = { data: oid } try { let entry = certExt.getEntry(cert.ExtensionEntryType.EXTENSION_ENTRY_TYPE_ENTRY, oidBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('ext getEntry failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### checkCA¹⁰⁺ checkCA() : number Checks whether the certificate is a CA certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------------------------------ | | number | If the key purpose in the certificate extension contains signing and the CA field in the basic constraints is **true**, the certificate is a CA certificate. Returns **-1** if the certificate is not a CA certificate; returns the path length in the basic constraints otherwise. Returns **-2** if the certificate is a CA certificate but the path length is not specified in the basic constraints, which means the path length is not limited.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Binary data of the certificate extension, which varies with the services. let extData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: extData, // Assign a value based on the encodingData format. Currently, only FORMAT_DER is supported. encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob, (error, certExt) => { if (error) { console.error('createCertExtension failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createCertExtension success'); try { let res = certExt.checkCA(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('ext checkCA failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### hasUnsupportedCriticalExtension¹¹⁺ hasUnsupportedCriticalExtension(): boolean Checks whether there is critical extension that is not supported. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ------------------------------------------------------- | | boolean | Returns **true** if unsupported critical extension is found; returns **false** otherwise.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; let encodingData = new Uint8Array([ 0x30, 0x40, 0x30, 0x0F, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x01, 0x01, 0xFF, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x1D, 0x0F, 0x01, 0x01, 0xFF, 0x04, 0x04, 0x03, 0x02, 0x01, 0xC6, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xE0, 0x8C, 0x9B, 0xDB, 0x25, 0x49, 0xB3, 0xF1, 0x7C, 0x86, 0xD6, 0xB2, 0x42, 0x87, 0x0B, 0xD0, 0x6B, 0xA0, 0xD9, 0xE4 ]); let encodingBlob: cert.EncodingBlob = { data: new Uint8Array(encodingData), encodingFormat: cert.EncodingFormat.FORMAT_DER }; cert.createCertExtension(encodingBlob).then((extensionObj) => { console.log('createCertExtension success!'); const result = extensionObj.hasUnsupportedCriticalExtension() console.log('has unsupported critical extension result is:' + result); }).catch((err: BusinessError) => { console.error('createCertExtension failed'); }); ``` ## cert.createX509Crl^(deprecated) createX509Crl(inStream : EncodingBlob, callback : AsyncCallback\) : void Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------------- | ---- | ------------------------------ | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. | | callback | AsyncCallback\<[X509Crl](#x509crldeprecated)> | Yes | Callback used to return the **X509Crl** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); } }); ``` ## cert.createX509Crl^(deprecated) createX509Crl(inStream : EncodingBlob) : Promise\ Creates an **X509Crl** instance. This API uses a promise to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [cert.createX509CRL](#certcreatex509crl11-1) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| **Return value** | Type | Description | | ----------------------------- | -------------------- | | Promise\<[X509Crl](#x509crldeprecated)> | Promise used to return the **X509Crl** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob).then(x509Crl => { console.log('createX509Crl success'); }).catch((error: BusinessError) => { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ## cert.createX509CRL¹¹⁺ createX509CRL(inStream : EncodingBlob, callback : AsyncCallback\) : void Creates an **X509Crl** instance. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------- | ---- | ------------------------------ | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data. | | callback | AsyncCallback\<[X509CRL](#x509crl11)> | Yes | Callback used to return the **X509Crl** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, X509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); } }); ``` ## cert.createX509CRL¹¹⁺ createX509CRL(inStream : EncodingBlob) : Promise\ Creates an **X509Crl** instance. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | Serialized CRL data.| **Return value** | Type | Description | | ------------------------------- | -------------------- | | Promise\<[X509CRL](#x509crl11)> | Promise used to return the **X509Crl** instance created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob).then(X509CRL => { console.log('createX509CRL success'); }).catch((error: BusinessError) => { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ## X509Crl^(deprecated) Provides APIs for X.509 certificate CRL operations. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL](#x509crl11) instead. ### isRevoked^(deprecated) isRevoked(cert : X509Cert) : boolean Checks whether an X.509 certificate is revoked. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.isRevoked](#isrevoked11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | -------- | ---- | -------------------- | | cert | X509Cert | Yes | X.509 certificate to check.| **Return value** | Type | Description | | --------- | --------------------------------------------- | | boolean | Returns **true** if the certificate is revoked; returns **false** otherwise.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 'BetUokslUfjT6+s/X4ByaxycAA==\n' + '-----END CERTIFICATE-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); // Create an X509Cert instance. cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { try { let revokedFlag = x509Crl.isRevoked(x509Cert); } catch (error) { let e: BusinessError = error as BusinessError; console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); } }); ``` ### getType^(deprecated) getType() : string Obtains the CRL type. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getType](#gettype11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------- | | string | CRL type obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); let type = x509Crl.getType(); } }); ``` ### getEncoded^(deprecated) getEncoded(callback : AsyncCallback\) : void Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ---------------------------- | ---- | ------------------------------------------ | | callback | AsyncCallback\ | Yes | Callback used to return the serialized X.509 CRL data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); x509Crl.getEncoded((error, data) => { if (error) { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getEncoded success'); } }); } }); ``` ### getEncoded^(deprecated) getEncoded() : Promise\ Obtains the serialized X.509 CRL data. This API uses a promise to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getEncoded](#getencoded11-1) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ---------------------- | -------------------------------- | | Promise\ | Promise used to return the serialized X.509 CRL data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob).then(x509Crl => { console.log('createX509Crl success'); x509Crl.getEncoded().then(result => { console.log('getEncoded success'); }).catch((error: BusinessError) => { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### verify^(deprecated) verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.verify](#verify11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | -------------------- | ---- | ------------------------------------------------------------ | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | | callback | AsyncCallback\ | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { cryptoFramework } from '@kit.CryptoArchitectureKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let pubKeyData = new Uint8Array([ 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01 ]); let priKeyData = new Uint8Array([ 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D ]); // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { // Generate the public key by AsyKeyGenerator. let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); console.log('createAsyKeyGenerator success'); let priEncodingBlob: cryptoFramework.DataBlob = { data: priKeyData, }; let pubEncodingBlob: cryptoFramework.DataBlob = { data: pubKeyData, }; keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { if (e) { console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); } else { console.log('convert key success'); x509Crl.verify(keyPair.pubKey, (err, data) => { if (err) { console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('verify success'); } }); } }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### verify^(deprecated) verify(key : cryptoFramework.PubKey) : Promise\ Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.verify](#verify11-1) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | ------ | ---- | ---------------------- | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| **Return value** | Type| Description | | ---- | ------------------------------------------------------------ | | Promise\ | Promise used to return the result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { cryptoFramework } from '@kit.CryptoArchitectureKit' import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let pubKeyData = new Uint8Array([ 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01 ]); let priKeyData = new Uint8Array([ 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D ]); // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob).then(x509Crl => { console.log('createX509Crl success'); try { // Generate a public key object. let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); console.log('createAsyKeyGenerator success'); let priEncodingBlob: cryptoFramework.DataBlob = { data: priKeyData, }; let pubEncodingBlob: cryptoFramework.DataBlob = { data: pubKeyData, }; keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { console.log('convert key success'); x509Crl.verify(keyPair.pubKey).then(result => { console.log('verify success'); }).catch((error: BusinessError) => { console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } }).catch((error: BusinessError) => { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getVersion^(deprecated) getVersion() : number Obtains the version of the X.509 CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getVersion](#getversion11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------------------- | | number | Version of the X.509 CRL obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); let version = x509Crl.getVersion(); } }); ``` ### getIssuerName^(deprecated) getIssuerName() : DataBlob Obtains the issuer of the X.509 CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getIssuerName](#getissuername11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------------ | | [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let issuerName = x509Crl.getIssuerName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getLastUpdate^(deprecated) getLastUpdate() : string Obtains the last update date of this X.509 CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getLastUpdate](#getlastupdate11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------ | | string | Last update date of the X.509 CRL obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let lastUpdate = x509Crl.getLastUpdate(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getNextUpdate^(deprecated) getNextUpdate() : string Obtains the next update date of this CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getNextUpdate](#getnextupdate11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------ | | string | Next update date of the CRL obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let nextUpdate = x509Crl.getNextUpdate(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getRevokedCert^(deprecated) getRevokedCert(serialNumber : number) : X509CrlEntry Obtains the revoked X.509 certificate based on the specified serial number of the certificate. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getRevokedCert](#getrevokedcert11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | ------------ | ------ | ---- | -------------- | | serialNumber | number | Yes | Serial number of the certificate.| **Return value** | Type | Description | | ---------------------- | --------------------- | | [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); let serialNumber = 1000; try { let entry = x509Crl.getRevokedCert(serialNumber); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getRevokedCertWithCert^(deprecated) getRevokedCertWithCert(cert : X509Cert) : X509CrlEntry Obtains the revoked X.509 certificate based on the specified certificate. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getRevokedCertWithCert](#getrevokedcertwithcert11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | --------------------- | ---- | ------------ | | cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| **Return value** | Type | Description | | ------------ | -------------------- | | [X509CrlEntry](#x509crlentrydeprecated) | Revoked X.509 certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + '+i2osvdPWRia0dJCL1PCA14k\n' + '-----END X509 CRL-----\n'; // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + '-----END CERTIFICATE-----\n'; let certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); // Create an X.509 certificate object. cert.createX509Cert(certEncodingBlob).then((x509Cert) => { try { let entry = x509Crl.getRevokedCertWithCert(x509Cert); console.log('getRevokedCertWithCert success'); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } }).catch((error: BusinessError) => { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); }) } }); ``` ### getRevokedCerts^(deprecated) getRevokedCerts(callback : AsyncCallback>) : void Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ---------------------------------------------------- | ---- | -------------------------------- | | callback | AsyncCallback> | Yes | Callback used to return a list of revoked X.509 certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); x509Crl.getRevokedCerts((error, array) => { if (error) { console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getRevokedCerts success'); } }); } }); ``` ### getRevokedCerts^(deprecated) getRevokedCerts() : Promise> Obtains the revoked X.509 certificates. This API uses a promise to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getRevokedCerts](#getrevokedcerts11-1) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ---------------------------------------------- | ---------------------- | | Promise> | Promise used to return a list of revoked X.509 certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob).then(x509Crl => { console.log('createX509Crl success'); x509Crl.getRevokedCerts().then(array => { console.log('getRevokedCerts success'); }).catch((error: BusinessError) => { console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getTbsInfo^(deprecated) getTbsInfo() : DataBlob Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getTBSInfo](#gettbsinfo11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------------- | | [DataBlob](#datablob) | **tbsCertList** information obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let tbsInfo = x509Crl.getTbsInfo(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getTbsInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignature^(deprecated) getSignature() : DataBlob Obtains the signature data of the X.509 CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getSignature](#getsignature11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------------ | | [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let signature = x509Crl.getSignature(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgName^(deprecated) getSignatureAlgName() : string Obtains the signing algorithm of the X.509 CRL. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgName](#getsignaturealgname11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------------------- | | string | Signing algorithm obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let sigAlgName = x509Crl.getSignatureAlgName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgOid^(deprecated) getSignatureAlgOid() : string Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgOid](#getsignaturealgoid11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | --------------------------------------------- | | string | OID of the X.509 CRL signing algorithm obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let sigAlgOid = x509Crl.getSignatureAlgOid(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgParams^(deprecated) getSignatureAlgParams() : DataBlob Obtains the parameters of the X.509 CRL signing algorithm. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRL.getSignatureAlgParams](#getsignaturealgparams11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ---------------------------------- | | [DataBlob](#datablob) | Algorithm parameters obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (error, x509Crl) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { let sigAlgParams = x509Crl.getSignatureAlgParams(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ## X509CRL¹¹⁺ Provides APIs for managing a CRL object. ### isRevoked¹¹⁺ isRevoked(cert : X509Cert) : boolean Checks whether an X.509 certificate is revoked. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | -------- | ---- | -------------------- | | cert | [X509Cert](#x509cert) | Yes | X.509 certificate to check.| **Return value** | Type | Description | | ------- | ------------------------------------------------- | | boolean | Returns **true** if the certificate is revoked; returns **false** otherwise.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' + 'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' + 'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' + 'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' + 'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' + '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' + 'BetUokslUfjT6+s/X4ByaxycAA==\n' + '-----END CERTIFICATE-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); // Create an X509Cert instance. cert.createX509Cert(certEncodingBlob, (error, x509Cert) => { if (error) { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { try { let revokedFlag = x509CRL.isRevoked(x509Cert); } catch (error) { let e: BusinessError = error as BusinessError; console.error('isRevoked failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); } }); ``` ### getType¹¹⁺ getType() : string Obtains the CRL type. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------- | | string | CRL type obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); let type = x509CRL.getType(); } }); ``` ### getEncoded¹¹⁺ getEncoded(callback : AsyncCallback\) : void Obtains the serialized X.509 CRL data. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | --------------------------------------------- | ---- | ------------------------------------------ | | callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized X.509 CRL data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); x509CRL.getEncoded((error, data) => { if (error) { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getEncoded success'); } }); } }); ``` ### getEncoded¹¹⁺ getEncoded() : Promise\ Obtains the serialized X.509 CRL data. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------------------------- | -------------------------------- | | Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized X.509 CRL data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob).then(x509CRL => { console.log('createX509CRL success'); x509CRL.getEncoded().then(result => { console.log('getEncoded success'); }).catch((error: BusinessError) => { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### verify¹¹⁺ verify(key : cryptoFramework.PubKey, callback : AsyncCallback\) : void Verifies the signature of the X.509 CRL. This API uses an asynchronous callback to return the result. The RSA algorithm is supported. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------------------------------------- | ---- | ------------------------------------------------------------ | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification. | | callback | AsyncCallback\ | Yes | Callback used to return the result. If **error** is **null**, the signature verification is successful. If **error** is not **null**, the signature verification fails.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { cryptoFramework } from '@kit.CryptoArchitectureKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let pubKeyData = new Uint8Array([ 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01 ]); let priKeyData = new Uint8Array([ 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D ]); // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509Crl success'); try { // Generate the public key by AsyKeyGenerator. let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); console.log('createAsyKeyGenerator success'); let priEncodingBlob: cryptoFramework.DataBlob = { data: priKeyData, }; let pubEncodingBlob: cryptoFramework.DataBlob = { data: pubKeyData, }; keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob, (e, keyPair) => { if (e) { console.error('convert key failed, message: ' + e.message + 'code: ' + e.code); } else { console.log('convert key success'); x509CRL.verify(keyPair.pubKey, (err, data) => { if (err) { console.error('verify failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('verify success'); } }); } }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### verify¹¹⁺ verify(key : cryptoFramework.PubKey) : Promise\ Verifies the signature of the X.509 CRL. This API uses a promise to return the result. The RSA algorithm is supported. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | ----------------------------------------------------------- | ---- | ------------------------ | | key | [cryptoFramework.PubKey](../apis-crypto-architecture-kit/js-apis-cryptoFramework.md#pubkey) | Yes | Public key used for signature verification.| **Return value** | Type | Description | | -------------- | ----------- | | Promise\ | Promise used to return the result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { cryptoFramework } from '@kit.CryptoArchitectureKit' import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; let pubKeyData = new Uint8Array([ 0x30, 0x81, 0x9F, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8D, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01 ]); let priKeyData = new Uint8Array([ 0x30, 0x82, 0x02, 0x77, 0x02, 0x01, 0x00, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 0x02, 0x61, 0x30, 0x82, 0x02, 0x5D, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xDC, 0x4C, 0x2D, 0x57, 0x49, 0x3D, 0x42, 0x52, 0x1A, 0x09, 0xED, 0x3E, 0x90, 0x29, 0x51, 0xF7, 0x70, 0x15, 0xFE, 0x76, 0xB0, 0xDB, 0xDF, 0xA1, 0x2C, 0x6C, 0x67, 0x95, 0xDA, 0x63, 0x3D, 0x4F, 0x71, 0x48, 0x8C, 0x3E, 0xFA, 0x24, 0x79, 0xE9, 0xF2, 0xF2, 0x20, 0xCB, 0xF1, 0x59, 0x6B, 0xED, 0xC8, 0x72, 0x66, 0x6E, 0x31, 0xD4, 0xF3, 0xCE, 0x0B, 0x12, 0xC4, 0x17, 0x39, 0xB4, 0x52, 0x16, 0xD3, 0xE3, 0xC0, 0xF8, 0x48, 0xB3, 0xF6, 0x40, 0xD5, 0x47, 0x23, 0x30, 0x7F, 0xA7, 0xC5, 0x5A, 0x5A, 0xBB, 0x5C, 0x7B, 0xEF, 0x69, 0xE2, 0x74, 0x35, 0x24, 0x22, 0x25, 0x45, 0x7E, 0xFC, 0xE8, 0xC4, 0x52, 0x65, 0xA0, 0x4E, 0xBC, 0xFD, 0x3F, 0xD9, 0x85, 0x14, 0x8A, 0x5A, 0x93, 0x02, 0x24, 0x6C, 0x19, 0xBA, 0x81, 0xBE, 0x65, 0x2E, 0xCB, 0xBB, 0xE9, 0x91, 0x7B, 0x7C, 0x47, 0xC2, 0x61, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x81, 0x80, 0x5A, 0xCF, 0x0F, 0xF5, 0xA6, 0x1C, 0x19, 0x65, 0x8C, 0x94, 0x40, 0xF6, 0x84, 0x28, 0x74, 0x40, 0x42, 0x34, 0xDE, 0xC3, 0x00, 0x5E, 0x72, 0x4D, 0x96, 0xE9, 0x4C, 0xBD, 0xC9, 0xDB, 0x14, 0x9F, 0xD5, 0xBB, 0xA9, 0x0C, 0x20, 0xC2, 0xBE, 0x7A, 0x80, 0x89, 0xEC, 0x99, 0x04, 0xF0, 0xEE, 0x7B, 0x83, 0x20, 0x1D, 0x37, 0x19, 0x55, 0x85, 0xF6, 0x8E, 0x3B, 0xFB, 0x16, 0xF3, 0xD3, 0x6F, 0xEE, 0x73, 0x12, 0x53, 0xCA, 0x77, 0xD7, 0x6C, 0x29, 0xF5, 0x08, 0xA3, 0x09, 0x01, 0x0B, 0x00, 0x05, 0x57, 0xAD, 0x4D, 0xF0, 0x92, 0xB2, 0x5A, 0x8B, 0x19, 0x09, 0x81, 0x86, 0xFE, 0x66, 0xB9, 0x33, 0x88, 0x28, 0xF3, 0x37, 0x73, 0x09, 0x5F, 0xD7, 0xC9, 0xC6, 0xFA, 0x13, 0x74, 0xFE, 0xAE, 0x53, 0xA9, 0x71, 0x67, 0xCE, 0x3A, 0xE6, 0x8D, 0x35, 0xD1, 0xB8, 0xFD, 0x6F, 0x0D, 0x43, 0xC2, 0xD1, 0x02, 0x41, 0x00, 0xF7, 0x33, 0xE5, 0x6C, 0x29, 0x5A, 0x30, 0x58, 0xA4, 0x52, 0x65, 0xA0, 0x39, 0xC2, 0xE8, 0xAE, 0x5F, 0xA3, 0x2D, 0x0C, 0x65, 0xB1, 0x7B, 0xFD, 0x92, 0xBF, 0x47, 0x87, 0x97, 0x40, 0xCB, 0x54, 0xF9, 0xBB, 0x50, 0x27, 0x70, 0x51, 0xD0, 0xD8, 0x48, 0x0D, 0xC6, 0x47, 0x60, 0xF8, 0x4E, 0x0A, 0x32, 0x76, 0x6D, 0xA4, 0xBA, 0x40, 0xE5, 0x58, 0xF8, 0x4A, 0x39, 0x4E, 0xF8, 0x3F, 0x4E, 0x2D, 0x02, 0x41, 0x00, 0xE4, 0x23, 0x2A, 0x5F, 0x59, 0xCF, 0x7C, 0x91, 0x24, 0x0D, 0xA2, 0x44, 0x17, 0xCD, 0x37, 0xDE, 0x1F, 0x53, 0x4D, 0x33, 0x9F, 0x90, 0x4D, 0xD9, 0x72, 0x64, 0x25, 0xBA, 0xAB, 0x47, 0x91, 0xC4, 0x99, 0x95, 0x86, 0xB5, 0x8A, 0xEA, 0x77, 0xF7, 0x64, 0x72, 0x5E, 0xB7, 0xBB, 0x16, 0xA1, 0x64, 0xA4, 0xE1, 0x2D, 0x76, 0x6D, 0xEF, 0xB1, 0x5E, 0xD6, 0x17, 0xE8, 0xAA, 0xB6, 0xA0, 0xD9, 0x85, 0x02, 0x41, 0x00, 0xDF, 0xC8, 0x5B, 0x28, 0x4F, 0x47, 0x15, 0xFD, 0x28, 0xC4, 0x6E, 0xBB, 0x5D, 0x8E, 0xD4, 0x95, 0x06, 0x7E, 0xF1, 0x89, 0x07, 0x86, 0x64, 0x78, 0x69, 0x20, 0x3F, 0xE0, 0xBF, 0x4C, 0x28, 0xC6, 0x04, 0x4D, 0x4D, 0x82, 0x66, 0x6B, 0xAA, 0x64, 0x20, 0xD6, 0x57, 0x68, 0xC6, 0xA0, 0x02, 0x05, 0xB9, 0x28, 0xFC, 0x98, 0xE3, 0x03, 0x5C, 0x9B, 0xEE, 0x29, 0x43, 0x37, 0xFA, 0x03, 0x55, 0x01, 0x02, 0x40, 0x69, 0x5B, 0x7C, 0x24, 0x10, 0xDB, 0xEB, 0x91, 0x33, 0xEF, 0x3F, 0xF2, 0xE6, 0x73, 0x15, 0xCB, 0xF4, 0xF7, 0x89, 0x7D, 0xBF, 0xC0, 0xEA, 0xD2, 0xF3, 0x2B, 0x20, 0xE9, 0x76, 0x54, 0x55, 0x13, 0x50, 0x42, 0x67, 0xB5, 0xCB, 0x73, 0xC0, 0xF7, 0x75, 0x62, 0x04, 0x30, 0x21, 0xAC, 0xAF, 0xD8, 0x44, 0xF4, 0xE1, 0x04, 0x02, 0x7D, 0x61, 0x92, 0x84, 0x99, 0x02, 0x10, 0x64, 0xCB, 0x1F, 0xE9, 0x02, 0x41, 0x00, 0xAB, 0x4B, 0x7D, 0x90, 0x7C, 0x57, 0x08, 0x6B, 0xC0, 0x43, 0x72, 0x09, 0x8A, 0x18, 0x35, 0x36, 0x64, 0x9D, 0x84, 0x8D, 0xF1, 0x84, 0x94, 0x48, 0xC6, 0x80, 0x9D, 0xB9, 0xA2, 0x58, 0x0A, 0x4D, 0x0A, 0xCA, 0x1E, 0xD6, 0x05, 0x55, 0x5B, 0xFE, 0xD7, 0xAA, 0x70, 0xED, 0x76, 0xB3, 0x40, 0x2E, 0xA0, 0xB3, 0x32, 0x37, 0xB0, 0xA0, 0xB9, 0x96, 0x2D, 0xC4, 0x70, 0xE9, 0x99, 0x10, 0x67, 0x8D ]); // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob).then(x509CRL => { console.log('createX509Crl success'); try { // Generate a public key object. let keyGenerator = cryptoFramework.createAsyKeyGenerator('RSA1024|PRIMES_3'); console.log('createAsyKeyGenerator success'); let priEncodingBlob: cryptoFramework.DataBlob = { data: priKeyData, }; let pubEncodingBlob: cryptoFramework.DataBlob = { data: pubKeyData, }; keyGenerator.convertKey(pubEncodingBlob, priEncodingBlob).then((keyPair) => { console.log('convert key success'); x509CRL.verify(keyPair.pubKey).then(result => { console.log('verify success'); }).catch((error: BusinessError) => { console.error('verify failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('convert key failed, message: ' + error.message + 'code: ' + error.code); }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('get pubKey failed, errCode: ' + e.code + ', errMsg: ' + e.message); } }).catch((error: BusinessError) => { console.error('createX509Crl failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getVersion¹¹⁺ getVersion() : number Obtains the version of the X.509 CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------------------- | | number | Version of the X.509 CRL obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); let version = x509CRL.getVersion(); } }); ``` ### getIssuerName¹¹⁺ getIssuerName() : DataBlob Obtains the issuer of the X.509 CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------------ | | [DataBlob](#datablob) | Issuer of the X.509 CRL obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let issuerName = x509CRL.getIssuerName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getIssuerName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getLastUpdate¹¹⁺ getLastUpdate() : string Obtains the last update date of this X.509 CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------ | | string | Last update date of the X.509 CRL obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let lastUpdate = x509CRL.getLastUpdate(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getLastUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getNextUpdate¹¹⁺ getNextUpdate() : string Obtains the next update date of this CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------------------------ | | string | Next update date of the CRL obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let nextUpdate = x509CRL.getNextUpdate(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getNextUpdate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getRevokedCert¹¹⁺ getRevokedCert(serialNumber : bigint) : X509CRLEntry Obtains the revoked X.509 certificate based on the specified serial number of the certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | ------------ | ------ | ---- | -------------- | | serialNumber | bigint | Yes | Serial number of the certificate.| **Return value** | Type | Description | | ------------------------------- | ---------------------- | | [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); let serialNumber = BigInt(1000); try { let entry = x509CRL.getRevokedCert(serialNumber); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getRevokedCertWithCert¹¹⁺ getRevokedCertWithCert(cert : X509Cert) : X509CRLEntry Obtains the revoked X.509 certificate based on the specified certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name| Type | Mandatory| Description | | ------ | --------------------- | ---- | ------------ | | cert | [X509Cert](#x509cert) | Yes | Certificate based on which the revoked certificate is obtained.| **Return value** | Type | Description | | ------------------------------- | ---------------------- | | [X509CRLEntry](#x509crlentry11) | Revoked X.509 certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + '+i2osvdPWRia0dJCL1PCA14k\n' + '-----END X509 CRL-----\n'; // Certificate binary data, which varies with the service. let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + '-----END CERTIFICATE-----\n'; let certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); // Create an X.509 certificate object. cert.createX509Cert(certEncodingBlob).then((x509Cert) => { try { let entry = x509CRL.getRevokedCertWithCert(x509Cert); console.log('getRevokedCertWithCert success'); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCertWithCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } }).catch((error: BusinessError) => { console.error('createX509Cert failed, errCode: ' + error.code + ', errMsg: ' + error.message); }) } }); ``` ### getRevokedCerts¹¹⁺ getRevokedCerts(callback : AsyncCallback>) : void Obtains the revoked X.509 certificates. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------------------------ | ---- | -------------------------------- | | callback | AsyncCallback> | Yes | Callback used to return a list of revoked X.509 certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); x509CRL.getRevokedCerts((error, array) => { if (error) { console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getRevokedCerts success'); } }); } }); ``` ### getRevokedCerts¹¹⁺ getRevokedCerts() : Promise> Obtains the revoked X.509 certificates. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------------------------------------------------ | ---------------------- | | Promise> | Promise used to return a list of revoked X.509 certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob).then(x509CRL => { console.log('createX509CRL success'); x509CRL.getRevokedCerts().then(array => { console.log('getRevokedCerts success'); }).catch((error: BusinessError) => { console.error('getRevokedCerts failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); }).catch((error: BusinessError) => { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); ``` ### getSignature¹¹⁺ getSignature() : DataBlob Obtains the signature data of the X.509 CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------------ | | [DataBlob](#datablob) | Signature data of the X.509 CRL obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let signature = x509CRL.getSignature(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignature failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgName¹¹⁺ getSignatureAlgName() : string Obtains the signing algorithm of the X.509 CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------------------- | | string | Signing algorithm obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let sigAlgName = x509CRL.getSignatureAlgName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgName failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgOid¹¹⁺ getSignatureAlgOid() : string Obtains the OID of the X.509 CRL signing algorithm. OIDs are allocated by the International Organization for Standardization (ISO). **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | --------------------------------------------- | | string | OID of the X.509 CRL signing algorithm obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let sigAlgOid = x509CRL.getSignatureAlgOid(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgOid failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getSignatureAlgParams¹¹⁺ getSignatureAlgParams() : DataBlob Obtains the parameters of the X.509 CRL signing algorithm. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ---------------------------------- | | [DataBlob](#datablob) | Algorithm parameters obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let sigAlgParams = x509CRL.getSignatureAlgParams(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('getSignatureAlgParams failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getTBSInfo¹¹⁺ getTBSInfo() : DataBlob Obtains the DER-encoded CRL information, that is, **tbsCertList** from this CRL. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | --------------------------------- | | [DataBlob](#datablob) | **tbsCertList** information obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let tbsInfo = x509CRL.getTBSInfo(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getTBSInfo failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### getExtensions¹¹⁺ getExtensions(): DataBlob Obtains the CRL extensions. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------- | | [DataBlob](#datablob) | X.509 CRL extensions obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + '+i2osvdPWRia0dJCL1PCA14k\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { let extensions = x509CRL.getExtensions(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### match¹¹⁺ match(param: X509CRLMatchParameters): boolean Checks whether this CRL matches the specified parameters. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------ | ---- | ------------------------------------------ | | param | [X509CRLMatchParameters](#x509crlmatchparameters11)| Yes | Parameters specified for matching the CRL. | **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | boolean | Returns **true** if the CRL matches the parameters specified; returns **false** otherwise. | **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let crlEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; const certData = "-----BEGIN CERTIFICATE-----\r\n" + "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + "-----END CERTIFICATE-----\r\n"; const certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), encodingFormat: cert.EncodingFormat.FORMAT_PEM, }; async function crlMatch() { let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(certEncodingBlob); console.log('createX509Cert success'); } catch (err) { console.error('createX509Cert failed'); } cert.createX509CRL(crlEncodingBlob, (error, x509CRL) => { if (error) { console.error('createX509CRL failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('createX509CRL success'); try { const param: cert.X509CRLMatchParameters = { issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], x509Cert: x509Cert } const result = x509CRL.match(param); } catch (error) { let e: BusinessError = error as BusinessError; console.error('x509CRL match failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); } ``` ### getIssuerX500DistinguishedName¹²⁺ getIssuerX500DistinguishedName(): X500DistinguishedName Obtains the DN of the X.509 certificate issuer. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let crlEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function crlGetIssuerX500DistinguishedName() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(crlEncodingBlob); console.log('createX509CRL success'); let name = x509Crl.getIssuerX500DistinguishedName(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### toString¹²⁺ toString(): string Converts the object data into a string. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | string | String obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let crlEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function crlToString() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(crlEncodingBlob); console.log('createX509CRL success'); console.info('crlToString success: ' + JSON.stringify(x509Crl.toString())); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### hashCode¹²⁺ hashCode(): Uint8Array Obtains the hash value of the data in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | Uint8Array | Hash value obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let crlEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function crlHashCode() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(crlEncodingBlob); console.log('createX509CRL success'); console.info('crlHashCode success: ' + JSON.stringify(x509Crl.hashCode())); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getExtensionsObject¹²⁺ getExtensionsObject(): CertExtension Obtains the certification extensions in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------------------------- | | [CertExtension](#certextension10) | Certificate extensions object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIIB6DCB0QIBATANBgkqhkiG9w0BAQsFADCBjjELMAkGA1UEBhMCUlUxFTATBgNV\n' + 'BAgMDNCc0L7RgdC60LLQsDELMAkGA1UECgwC0K8xCzAJBgNVBAsMAtCvMSowKAYD\n' + 'VQQDDCHQlNC80LjRgtGA0LjQuSDQkdC10LvRj9Cy0YHQutC40LkxIjAgBgkqhkiG\n' + '9w0BCQEWE2JlbGRtaXRAZXhhbXBsZS5jb20XDTE3MDQyNDEzMjUzMVoXDTE3MDUy\n' + 'NDEzMjUzMVqgDjAMMAoGA1UdFAQDAgEBMA0GCSqGSIb3DQEBCwUAA4IBAQCF5eX+\n' + '1BM/BxoHU2/3pQHJgPSKevN0/K/daiFHiJl7Kb9GCwKY14B1RvbN2rUP/58Mt+aq\n' + 'jvauf1yBzlaJQeJKZcsCmG9p6Tr1y0BJXhrq5kC0SLyNDsfGUTfuxnwmo+clHXRU\n' + '+gKuk+h0WkJL022ZYbJ38w588k4NT3CWVHeE23EDC264p942mlDE7en6MyL152Pe\n' + 'Ld9YrWiq5iOIOrIbQLErq0EjwxvHG9sMiYFUa6VrwmRf26nyZ7u9RKJDP+o2dltw\n' + 'diBaSXC3Qt3pZ8BIfv/l81lwp8Dr63SwCII2pIRplyICdQqmX/a+1q8kThXIP2Kx\n' + '+X48g7VE2o2X4cfy\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let crlEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function crlHashCode() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(crlEncodingBlob); console.log('createX509CRL success'); let object = x509Crl.getExtensionsObject(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## cert.createCertChainValidator createCertChainValidator(algorithm :string) : CertChainValidator Creates a **CertChainValidator** object. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------ | ---- | ------------------------------------------ | | algorithm | string | Yes | Certificate chain validator algorithm. Currently, only **PKIX** is supported.| **Return value** | Type | Description | | ------------------ | -------------------- | | [CertChainValidator](#certchainvalidator) | **CertChainValidator** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; try { let validator = cert.createCertChainValidator('PKIX'); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createCertChainValidator failed, errCode: ' + e.code + ', errMsg: ' + e.message); } ``` ## CertChainValidator Provides APIs for certificate chain validator operations. ### Properties **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert | Name | Type | Readable| Writable| Description | | ------- | ------ | ---- | ---- | -------------------------- | | algorithm | string | Yes | No | Algorithm used by the X509 certificate chain validator.| ### validate validate(certChain : CertChainData, callback : AsyncCallback\) : void Validates an X.509 certificate chain. This API uses an asynchronous callback to return the result. The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ------------------------------------------------------------ | | certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data. | | callback | AsyncCallback\ | Yes | Callback used to return the result. If **error** is **null**, the X.509 certificate chain is valid. If **error** is not **null**, the X.509 certificate chain is not valid.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Binary data of the certificate chain. let certPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + '-----END CERTIFICATE-----'; let caPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + '6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 'sSus\n' + '-----END CERTIFICATE-----'; let certPemData = stringToUint8Array(certPem); let caPemData = stringToUint8Array(caPem); let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) certChainBuff.set(certPemDataLenData) certChainBuff.set(certPemData, certPemDataLenData.length) certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) let certChainData: cert.CertChainData = { data: certChainBuff, // Number of certificates in the certificate chain. It must be set based on the service. count: 2, // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; try { let validator = cert.createCertChainValidator('PKIX'); validator.validate(certChainData, (error, data) => { if (error) { console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('validate success'); } }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); } ``` ### validate validate(certChain : CertChainData) : Promise\ Validates an X.509 certificate chain. This API uses a promise to return the result. The certificate chain validator does not verify the certificate validity period because the system time on the device is untrusted. To check the validity period of a certificate, use the [checkValidityWithDate()](#checkvaliditywithdate) API of the **X509Cert** class. For details about certificate specifications, see [Certificate Specifications](../../security/DeviceCertificateKit/certificate-framework-overview.md#certificate-specifications). **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | -------------------------- | | certChain | [CertChainData](#certchaindata) | Yes | Serialized X.509 certificate chain data.| **Return value** | Type | Description | | -------------- | ----------- | | Promise\ | Promise used to return the result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate chain data. let certPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + '-----END CERTIFICATE-----'; let caPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + '6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 'sSus\n' + '-----END CERTIFICATE-----'; let certPemData = stringToUint8Array(certPem); let caPemData = stringToUint8Array(caPem); let certPemDataLenData = new Uint8Array(new Uint16Array([certPemData.length]).buffer) let caPemDataLenData = new Uint8Array(new Uint16Array([caPemData.length]).buffer) let certChainBuff = new Uint8Array(certPemDataLenData.length + certPemData.length + caPemDataLenData.length + caPemData.length) certChainBuff.set(certPemDataLenData) certChainBuff.set(certPemData, certPemDataLenData.length) certChainBuff.set(caPemDataLenData, certPemDataLenData.length + certPemData.length) certChainBuff.set(caPemData, certPemDataLenData.length + certPemData.length + caPemDataLenData.length) let certChainData: cert.CertChainData = { data: certChainBuff, // Number of certificates in the certificate chain. It must be set based on the service. count: 2, // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; try { let validator = cert.createCertChainValidator('PKIX'); validator.validate(certChainData).then(result => { console.log('validate success'); }).catch((error: BusinessError) => { console.error('validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getNotBeforeTime failed, errCode: ' + e.code + ', errMsg: ' + e.message); } ``` ## X509CrlEntry^(deprecated) Provides APIs for operating the revoked certificates. > **NOTE** > > This API is deprecated since API version 11. Use [X509CrlEntry](#x509crlentry11) instead. ### getEncoded^(deprecated) getEncoded(callback : AsyncCallback\) : void Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-2) instead. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | --------------------------------------------- | ---- | ------------------------------------ | | callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized data of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (err, x509Crl) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = 1000; let crlEntry = x509Crl.getRevokedCert(serialNumber); crlEntry.getEncoded((error, data) => { if (error) { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getEncoded success'); } }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getEncoded^(deprecated) getEncoded() : Promise\ Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRLEntry.getEncoded](#getencoded11-3) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------------------------- | -------------------------- | | Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (err, x509Crl) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = 1000; let crlEntry = x509Crl.getRevokedCert(serialNumber); crlEntry.getEncoded().then(result => { console.log('getEncoded success'); }).catch((error: BusinessError) => { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getSerialNumber^(deprecated) getSerialNumber() : number Obtains the serial number of this revoked certificate. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRLEntry.getSerialNumber](#getserialnumber11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ---------------------- | | number | Serial number of the revoked certificate obtained.| **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (err, x509Crl) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = 1000; let crlEntry = x509Crl.getRevokedCert(serialNumber); serialNumber = crlEntry.getSerialNumber(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getCertIssuer^(deprecated) getCertIssuer() : DataBlob Obtains the issuer of this revoked certificate. This API uses an asynchronous callback to return the result. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRLEntry.getCertIssuer](#getcertissuer11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ----------------------- | | [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | -------------- | | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (err, x509Crl) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = 1000; let crlEntry = x509Crl.getRevokedCert(serialNumber); let issuer = crlEntry.getCertIssuer(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getRevocationDate^(deprecated) getRevocationDate() : string Obtains the date when the certificate is revoked. > **NOTE** > > This API is deprecated since API version 11. Use [X509CRLEntry.getRevocationDate](#getrevocationdate11) instead. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ------------------ | | string | Certificate revocation date obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509Crl(encodingBlob, (err, x509Crl) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = 1000; let crlEntry = x509Crl.getRevokedCert(serialNumber); let date = crlEntry.getRevocationDate(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ## X509CRLEntry¹¹⁺ Provides APIs for operating the revoked certificates. ### getEncoded¹¹⁺ getEncoded(callback : AsyncCallback\) : void Obtains the serialized data of the revoked certificate. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | --------------------------------------------- | ---- | ------------------------------------ | | callback | AsyncCallback\<[EncodingBlob](#encodingblob)> | Yes | Callback used to return the serialized data of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); crlEntry.getEncoded((error, data) => { if (error) { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('getEncoded success'); } }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getEncoded¹¹⁺ getEncoded() : Promise\ Obtains the serialized data of the revoked certificate. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------------------------- | -------------------------- | | Promise\<[EncodingBlob](#encodingblob)> | Promise used to return the serialized data of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); crlEntry.getEncoded().then(result => { console.log('getEncoded success'); }).catch((error: BusinessError) => { console.error('getEncoded failed, errCode: ' + error.code + ', errMsg: ' + error.message); }); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getSerialNumber¹¹⁺ getSerialNumber() : bigint Obtains the serial number of this revoked certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | ---------------------- | | bigint | Serial number of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509Crl failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 crl success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); serialNumber = crlEntry.getSerialNumber(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getSerialNumber failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getCertIssuer¹¹⁺ getCertIssuer() : DataBlob Obtains the issuer of this revoked certificate. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | -------------------------- | | [DataBlob](#datablob) | Issuer of the revoked certificate obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 801 | this operation is not supported. | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); let issuer = crlEntry.getCertIssuer(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getCertIssuer failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getRevocationDate¹¹⁺ getRevocationDate() : string Obtains the date when the certificate is revoked. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------ | -------------------- | | string | Certificate revocation date obtained, in ASN.1 format.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); let date = crlEntry.getRevocationDate(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getRevocationDate failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getExtensions¹¹⁺ getExtensions(): DataBlob Obtains the CRL extensions. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | --------------------- | ------------------------ | | [DataBlob](#datablob) | CRL extensions obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIIBjjB4AgEBMA0GCSqGSIb3DQEBCwUAMBIxEDAOBgNVBAMMB1Jvb3QgQ0EXDTI0\n' + 'MDMxOTAyMDQwN1oXDTI0MDQxODAyMDQwN1owIjAgAgEEFw0yNDAzMTkwMjA0MDZa\n' + 'MAwwCgYDVR0VBAMKAQGgDjAMMAoGA1UdFAQDAgEAMA0GCSqGSIb3DQEBCwUAA4IB\n' + 'AQCbjvmHxC8dW6WCS/ga73kx2b7f8I/2eVuDYyReuBiGWeJ9vDmGqimJ9VwOk+ph\n' + 'LvG/2Zvh9I8qXxnOWeseA2C0bEshJGvXpquIjm00OUyLlK6jdfRbhXT8OyvDjqZs\n' + 'e1IsMV7Zo11SUc8nR2d0QQ7EVDCN/XFKPsmoK7PhJnRh5gc8W3FKQ6b8H9kdjgTa\n' + 'KQUap1OIDReVsjPBmRAbwMMLtbrAMllF7E6x7uHgHTGaK1ZPJDtsnCJ45ur3mk/o\n' + 'HAJFwHNjNDltiEfvMSs76/X0cwitpeW4dFk6c3QtqhxJrHDD4gl8di+xHOyHXpzX\n' + '+i2osvdPWRia0dJCL1PCA14k\n' + '-----END X509 CRL-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(4); let crlEntry = x509CRL.getRevokedCert(serialNumber); let extensions = crlEntry.getExtensions(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or getExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### hasExtensions¹¹⁺ hasExtensions(): boolean Checks whether this CRL entry has extensions. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | boolean | Returns **true** if the CRL entry has extension; returns **false** otherwise.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CRL(encodingBlob, (err, x509CRL) => { if (err) { console.error('createX509CRL failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('create x509 CRL success'); try { let serialNumber = BigInt(1000); let crlEntry = x509CRL.getRevokedCert(serialNumber); let hasExtensions = crlEntry.hasExtensions(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('getRevokedCert or hasExtensions failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }) ``` ### getCertIssuerX500DistinguishedName¹²⁺ getCertIssuerX500DistinguishedName(): X500DistinguishedName Obtains the DN of the certificate issuer. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | [X500DistinguishedName](#x500distinguishedname12) | DN object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetCertIssuerX500DistinguishedName() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(encodingBlob); console.log('createX509CRL success'); let name = x509Crl.getRevokedCert(BigInt(1000)).getCertIssuerX500DistinguishedName(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### toString¹²⁺ toString(): string Converts the object data into a string. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | string | String obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certToString() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(encodingBlob); console.log('createX509CRL success'); console.info('toString success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).toString())); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### hashCode¹²⁺ hashCode(): Uint8Array Obtains the hash value of the data in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | Uint8Array | Hash value obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n' let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certHashCode() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(encodingBlob); console.log('createX509CRL success'); console.info('hashCode success: ' + JSON.stringify(x509Crl.getRevokedCert(BigInt(1000)).hashCode())); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getExtensionsObject¹²⁺ getExtensionsObject(): CertExtension Obtains the certification extensions in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | [CertExtension](#certextension10) | Certificate extensions object obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let crlData = '-----BEGIN X509 CRL-----\n' + 'MIINlTCCDH0CAQEwDQYJKoZIhvcNAQELBQAwTDELMAkGA1UEBhMCVVMxFTATBgNV\n' + 'BAoTDERpZ2lDZXJ0IEluYzEmMCQGA1UEAxMdRGlnaUNlcnQgU2VjdXJlIFNpdGUg\n' + 'Q04gQ0EgRzMXDTI0MDMxMjE4NDQ0NVoXDTI0MDMxOTE4NDQ0NVowggvJMCECEAbk\n' + 'wC/+N2YXfpw7vgDJ2xAXDTIzMDIwNzA1NTg1OFowIQIQDonqcHww7uhlmWH+OfIe\n' + 'PhcNMjMwMzA5MDcwMzI1WjAvAhAM4CTrULrJUEinWgT9AFPvFw0yMzAzMjAxOTE4\n' + 'NTRaMAwwCgYDVR0VBAMKAQQwIQIQBQP4xflKkcRehoJ2NaA/jhcNMjMwMzIyMDk0\n' + 'NTI5WjAvAhAOmgzoiIqznAaFec53PVPUFw0yMzAzMjcyMDI4MDNaMAwwCgYDVR0V\n' + 'BAMKAQQwLwIQBaC2Z3D4dcQ/O7HnzFU9KBcNMjMwMzI5MTc1OTQ1WjAMMAoGA1Ud\n' + 'FQQDCgEFMCECEAlz9Rg1b+9La4oFqsHUc4AXDTIzMDMzMTAyMzk0MVowIQIQD9yW\n' + '92pX6BinUKVBVSSTmBcNMjMwNDExMDExNjI5WjAvAhAIIarHUWWee4V9W/Yzm86k\n' + 'Fw0yMzA0MTQyMDE5MTJaMAwwCgYDVR0VBAMKAQQwIQIQC2OiM3VIJX2dEe8/pf8f\n' + 'hRcNMjMwNDIxMDMzMDIyWjAhAhAP0ueyg5n/7b2Hotml7f42Fw0yMzA0MjYwMjU3\n' + 'NDJaMCECEAqMu61nkOEmTOdMbUZTMrkXDTIzMDUxNzAxMzI0NVowLwIQDYv1rt0K\n' + 'olvP+nQoi5LeLRcNMjMwNTIzMTc0MDE4WjAMMAoGA1UdFQQDCgEEMC8CEA8WMKlw\n' + 'iCK36PruJvup5bUXDTIzMDUyMzE3NDA1M1owDDAKBgNVHRUEAwoBBDAvAhAJ5uwT\n' + 'aqwgLzNVpxh4u9EPFw0yMzA1MjUxNzEwNTBaMAwwCgYDVR0VBAMKAQQwIQIQCg0k\n' + '5UadwDH5xm14yxcgLRcNMjMwNjA3MDcyNDAwWjAhAhAEByUhbBR6/pZRFUH2PTxE\n' + 'Fw0yMzA2MDgwMjIwMzBaMCECEATquAQcy3W1kUOkb4VoOvEXDTIzMDYyNjA5MDIw\n' + 'NlowIQIQBrF5sueIjk1snKdO0ISOXhcNMjMwNjMwMDI0MDA0WjAhAhAJEG72WQtV\n' + 'lTOYiA0xjVk5Fw0yMzA3MDUwMjEyMzdaMCECEAmXIuCMJv9gllYuKfCHm5EXDTIz\n' + 'MDcwNTAyMTIzN1owIQIQAotQots0ngzRwACzrS9mCBcNMjMwNzA2MDU0NDU3WjAh\n' + 'AhAG2hyGc9SfXrLc0Uk2J1BeFw0yMzA3MjQwMTUwNDBaMCECEAJhm5FSlVyTG9UK\n' + 'zS+ecUgXDTIzMDcyNjA2NDQzM1owIQIQC4mlxBQuFxWC4pF7/P8BDxcNMjMwNzMx\n' + 'MTAzMjU0WjAhAhADCEp333/avF3m6HZtBImOFw0yMzA3MzExMDMzNTBaMCECEAKd\n' + 'P7fydlXUcS4v/YnZMMwXDTIzMDczMTEwMzQzOFowIQIQC+m5EUcRd1E0lEIPj17Z\n' + 'rRcNMjMwODAxMDYwNDE4WjAvAhAF4QcgQQlWpAi4FVflzbKxFw0yMzA4MDMxNjIz\n' + 'MTdaMAwwCgYDVR0VBAMKAQQwIQIQAn01GEZ50Y5ugIcEuGfF9BcNMjMwODA4MDE1\n' + 'NzM1WjAhAhAFHj3FDKeP9q9CM924d8RIFw0yMzA4MDgwMTU5NDhaMC8CEAnkNPSD\n' + 'U5yiMsV3fU06a6oXDTIzMDgwODE5MjIwMlowDDAKBgNVHRUEAwoBBDAvAhAETU4z\n' + '13iMKiwQujsxJDRhFw0yMzA4MTAyMDU4NDdaMAwwCgYDVR0VBAMKAQQwIQIQB1oD\n' + 'M2mOYuse7e/nTqx+8xcNMjMwOTA0MDUwOTU3WjAhAhALf3Bp63so6O+R5QbWPWu6\n' + 'Fw0yMzEwMDkwNjE5NTVaMCECEAKFHdXcy/zBXRtMj3BVhO0XDTIzMTAwOTA2MTk1\n' + 'N1owIQIQDNNmVHN4tMu1xth6IAe4ZhcNMjMxMDEyMDc0MjQ1WjAhAhACNNJA2oMM\n' + 'pr+giIgczvHOFw0yMzEwMTYwNTEyMzdaMCECEAoQun7uSHhvy6GBoxG7XOkXDTIz\n' + 'MTExNjA3MDAzN1owLwIQA1NsI22PLvohCvKwdtAJwBcNMjMxMjA2MTgyNzUzWjAM\n' + 'MAoGA1UdFQQDCgEEMCECEAWagozDt4jfBzi+aDGFr88XDTIzMTIxMTA3MjM1OFow\n' + 'IQIQD1g7NdEk7t05zg6yweYc5hcNMjMxMjExMDcyNTM3WjAhAhAMJnRjUQAzFQFH\n' + 'kwIguRz2Fw0yMzEyMTEwNzI2NDJaMCECEAT0bVxyPKkeTV8JQuPxfcwXDTIzMTIx\n' + 'MTA3MjcyNlowIQIQA/5BlE0Ushtw24Ol9L2sexcNMjMxMjExMDcyODA2WjAhAhAL\n' + 'Ij6FAKVJDnKAwwt19+/RFw0yMzEyMTEwNzI5MDJaMCECEAmPyfX3FuOHgryS2i8c\n' + 'SrUXDTIzMTIxMTA3Mjk0M1owIQIQC+uGa6tmPRPCB0jW+6WWUhcNMjMxMjExMDcz\n' + 'MDIzWjAhAhAJCq59mFZj6SWLH/m18Fq2Fw0yMzEyMTEwNzMwNTJaMCECEAp0Po24\n' + 'WHmdEMTVyp9AMssXDTIzMTIxMTA3MzEyNlowIQIQAcf+793qPEHipkAhjf7MghcN\n' + 'MjMxMjExMDczMTQ5WjAhAhAElLuCARMBoDIH0Y2D1DpSFw0yMzEyMTEwNzMyMTla\n' + 'MCECEAWlgWhTXqKOB61zA7Ao8vQXDTIzMTIxMTA3MzI0OFowIQIQAeZqfkFYc/6t\n' + 'zO7j/FVYwBcNMjMxMjExMDczMzM1WjAhAhAHzftyRhskxV6opTfHb59OFw0yMzEy\n' + 'MTEwNzM0MDNaMCECEASXrBHdRYUm9VIZ1wN4qAsXDTIzMTIxMTA3MzQyN1owIQIQ\n' + 'BDFb/OY65CZ1sTdMPAc+IhcNMjMxMjExMDczNTEzWjAhAhAFg7mRyWvWXc+KT014\n' + 'Ro5AFw0yMzEyMTEwNzM1NDhaMCECEA+wAstqfBUEkSvinYlWeOwXDTIzMTIxMTA3\n' + 'MzYyNVowIQIQB3Z75ksHGnvGmuHbvwbheRcNMjMxMjExMDczNjU5WjAhAhALfrIn\n' + 'OGRVeePivKkJ+d1xFw0yMzEyMTEwNzM4MDFaMCECEAnm5NfU36m+FXNlJiUsXpMX\n' + 'DTIzMTIxMTA3MzgzNVowIQIQCrBoHo4X2md3Amteqh7h3RcNMjMxMjExMDczOTA3\n' + 'WjAhAhAGxHlqrHu66ifOwTTMhHHFFw0yMzEyMTEwNzM5NDNaMCECEA2BDG1SI7Se\n' + '2GAt+b9UnF8XDTIzMTIxMTA3NDAyNFowLwIQDZvl5jkmAwjTweDCtrXbLRcNMjMx\n' + 'MjExMjA0NDQ3WjAMMAoGA1UdFQQDCgEEMCECEAzgcwGVpyXXZSmLLF4MExQXDTIz\n' + 'MTIxOTE3MjczMlowIQIQARB9nVoMuE5GSFeb3U553hcNMjMxMjE5MTcyODA1WjAh\n' + 'AhAD+JIH7lFcX9UNqTogrMcPFw0yMzEyMTkxNzI5MDZaMCECEAux1kd8ugXs4mI+\n' + 'xMfXgpsXDTIzMTIxOTE3MjkyOFowIQIQCUO5VqAmbxA8Jdly97msLhcNMjMxMjE5\n' + 'MTcyOTU0WjAhAhAFyzrU1JtsiPNPeWrfdvGvFw0yMzEyMTkxNzMwNDlaMCECEAwT\n' + 'tMq5EsBTUhQwm6nWhnAXDTIzMTIyMDE3NDc1NlowIQIQBx3qL8rMclE9gxamaa14\n' + 'xBcNMjMxMjIwMTc0ODM2WjAhAhAOnKUlrCaxs+lRqLrBmk2PFw0yNDAxMzAxOTMw\n' + 'MTVaMCECEAtYs/5ZRsrMAxQVDA44eWYXDTI0MDIwNjA2MjYwMFowIQIQDjrMV1d3\n' + '0NhxngX5rqqxjBcNMjQwMjIxMDc0ODEwWjAhAhAPGohz3+JyS6H4JzHCjLrXFw0y\n' + 'NDAyMjgyMDQxMjZaMC8CEAqZ2QktAMprzZmtolbOXlgXDTI0MDIyOTE4MDYzMVow\n' + 'DDAKBgNVHRUEAwoBBDAhAhAMAHgNfiburtKDp8OJuzRCFw0yNDAzMDQwNjA3MzJa\n' + 'MCECEA/HgrXcSBqkb2JdfrFDAfgXDTI0MDMwNDA2MDczMlqgMDAuMB8GA1UdIwQY\n' + 'MBaAFETZyEozjtNSjaeSlGEfmsilt+zLMAsGA1UdFAQEAgIFrDANBgkqhkiG9w0B\n' + 'AQsFAAOCAQEAJ5rSr0Av5sH59J2LXW5hZ8SJTzDbR8ADdi/CCLolbUUnE0oaAZ+2\n' + '9z0niAD5m8HQikNz8K+FKAsQatN/CAj4bzRMeF37hQCiZpqNtxP69JDGeWpGPiH2\n' + 'K/YfpzL9iSbBOxFmosxUX8J/iX36mCUl+3OUHh+qSYeElboxeAmTCnY5Pl5Bq9is\n' + 'gp0MmzNYCo7GEFrtS03p2msK25uRqQl6Qn0NZS0yGjdUG7RTZe4xua5drjEkB1o/\n' + '15f+mtYj6DtWM1twi1q3VYVxhRSsk6XmmS0BViTEl+MT0BRAPwBSdlyt++1Pnnrd\n' + 'BsQoO8O2EVpJ54fxKMCSDOkJf1hNCxi3eQ==\n' + '-----END X509 CRL-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certGetExtensionsObject() { let x509Crl: cert.X509CRL = {} as cert.X509CRL; try { x509Crl = await cert.createX509CRL(encodingBlob); console.log('createX509CRL success'); let object = x509Crl.getRevokedCert(BigInt('14091103387070223745671018446433705560')).getExtensionsObject(); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## cert.createCertCRLCollection¹¹⁺ createCertCRLCollection(certs: Array\, crls?: Array\): CertCRLCollection Creates an object for a collection of X.509 certificates and CRLs. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------- | ---- | ------------------------------ | | certs | Array\<[X509Cert](#x509cert)> | Yes | X.509 certificates. | | crls | Array\<[X509CRL](#x509crl11)> | No | X.509 CRLs. | **Return value** | Type | Description | | ------------------ | -------------------- | | [CertCRLCollection](#certcrlcollection11) | **CertCRLCollection** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509CRL(): Promise { let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509CRL: cert.X509CRL = {} as cert.X509CRL; try { x509CRL = await cert.createX509CRL(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CRL; } async function createX509Cert(): Promise { let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function createCollection() { const x509Cert = await createX509Cert(); const x509CRL = await createX509CRL(); try { const collection: cert.CertCRLCollection = cert.createCertCRLCollection([x509Cert], [x509CRL]); console.log('createCertCRLCollection success'); } catch (err) { console.error('createCertCRLCollection failed'); } } ``` ## CertCRLCollection¹¹⁺ Provides APIs for locating certificates or CRLs in a **CertCRLCollection** object. ### selectCerts¹¹⁺ selectCerts(param: X509CertMatchParameters): Promise\> Selects certificates that match the specified parameters. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ------------ | | param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | **Return value** | Type | Description | | --------------------------------------- | --------------------------------------- | | Promise\> | Promise used to return the matched certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509Cert(): Promise { let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function selectCerts() { const x509Cert = await createX509Cert(); const collection = cert.createCertCRLCollection([x509Cert]); try { const param: cert.X509CertMatchParameters = { x509Cert, validDate: '20231121074700Z', issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), publicKeyAlgID: '1.2.840.10045.2.1' }; const certs = await collection.selectCerts(param); console.log('call selectCerts success'); } catch (err) { console.error('call selectCerts failed'); } } ``` ### selectCerts¹¹⁺ selectCerts(param: X509CertMatchParameters, callback: AsyncCallback\>): void Selects certificates that match the specified parameters. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ----------------- | | param | [X509CertMatchParameters](#x509certmatchparameters11) | Yes | Parameters used to match the certificates. | | callback | AsyncCallback\> | Yes | Callback used to return the matched certificates.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509Cert(): Promise { let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function selectCerts() { const x509Cert = await createX509Cert(); const collection = cert.createCertCRLCollection([x509Cert]); // The value varies with the service. const param: cert.X509CertMatchParameters = { x509Cert, validDate: '20231121074700Z', issuer: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), subject: new Uint8Array([0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x45, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x20, 0x52, 0x6F, 0x6F, 0x74, 0x20, 0x43, 0x41]), publicKeyAlgID: '1.2.840.10045.2.1' }; collection.selectCerts(param, (err, certs) => { if (err) { console.error('selectCerts failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('selectCerts success'); } }); } ``` ### selectCRLs¹¹⁺ selectCRLs(param: X509CRLMatchParameters): Promise\> Selects CRLs that match the specified parameters. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ------------ | | param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs. | **Return value** | Type | Description | | -------------- | ----------- | | Promise\> | Promise used to return the matched CRLs.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509CRL(): Promise { let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509CRL: cert.X509CRL = {} as cert.X509CRL; try { x509CRL = await cert.createX509CRL(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CRL; } async function createX509Cert(): Promise { const certData = "-----BEGIN CERTIFICATE-----\r\n" + "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + "-----END CERTIFICATE-----\r\n"; const certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), encodingFormat: cert.EncodingFormat.FORMAT_PEM, }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(certEncodingBlob); console.log('createX509Cert success'); } catch (err) { console.error('createX509Cert failed'); } return x509Cert; } async function selectCRLs() { const x509CRL = await createX509CRL(); const x509Cert = await createX509Cert(); const collection = cert.createCertCRLCollection([], [x509CRL]); const param: cert.X509CRLMatchParameters = { issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], x509Cert: x509Cert } try { const crls = await collection.selectCRLs(param); console.log('selectCRLs success'); } catch (err) { console.error('selectCRLs failed'); } } ``` ### selectCRLs¹¹⁺ selectCRLs(param: X509CRLMatchParameters, callback: AsyncCallback\>): void Selects CRLs that match the specified parameters. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ----------------- | | param | [X509CRLMatchParameters](#x509crlmatchparameters11) | Yes | Parameters used to match the CRLs.| | callback | AsyncCallback\> | Yes | Callback used to return the matched CRLs.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509CRL(): Promise { let crlData = '-----BEGIN X509 CRL-----\n' + 'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' + 'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' + 'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' + 'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' + '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' + 'eavsH0Q3\n' + '-----END X509 CRL-----\n'; // Binary data of the CRL, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(crlData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509CRL: cert.X509CRL = {} as cert.X509CRL; try { x509CRL = await cert.createX509CRL(encodingBlob); } catch (err) { let e: BusinessError = err as BusinessError; console.error('createX509CRL failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CRL; } async function createX509Cert(): Promise { const certData = "-----BEGIN CERTIFICATE-----\r\n" + "MIIC8TCCAdmgAwIBAgIIFB75m06RTHwwDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE\r\n" + "BhMCQ04xEDAOBgNVBAgTB0ppYW5nc3UxEDAOBgNVBAcTB05hbmppbmcxCzAJBgNV\r\n" + "BAoTAnRzMQswCQYDVQQLEwJ0czELMAkGA1UEAxMCdHMwHhcNMjMxMTIzMDMzMjAw\r\n" + "WhcNMjQxMTIzMDMzMjAwWjBhMQswCQYDVQQGEwJDTjEQMA4GA1UECBMHSmlhbmdz\r\n" + "dTEQMA4GA1UEBxMHTmFuamluZzEMMAoGA1UEChMDdHMxMQwwCgYDVQQLEwN0czEx\r\n" + "EjAQBgNVBAMTCTEyNy4wLjAuMTAqMAUGAytlcAMhALsWnY9cMNC6jzduM69vI3Ej\r\n" + "pUlgHtEHS8kRfmYBupJSo4GvMIGsMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFNSg\r\n" + "poQvfxR8A1Y4St8NjOHkRpm4MAsGA1UdDwQEAwID+DAnBgNVHSUEIDAeBggrBgEF\r\n" + "BQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEyNy4wLjAuMTAR\r\n" + "BglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0\r\n" + "ZTANBgkqhkiG9w0BAQsFAAOCAQEAfnLmPF6BtAUCZ9pjt1ITdXc5M4LJfMw5IPcv\r\n" + "fUAvhdaUXtqBQcjGCWtDdhyb1n5Xp+N7oKz/Cnn0NGFTwVArtFiQ5NEP2CmrckLh\r\n" + "Da4VnsDFU+zx2Bbfwo5Ms7iArxyx0fArbMZzN9D1lZcVjiIxp1+3k1/0sdCemcY/\r\n" + "y7mw5NwkcczLWLBZl1/Ho8b4dlo1wTA7TZk9uu8UwYBwXDrQe6S9rMcvMcRKiJ9e\r\n" + "V4SYZIO7ihr8+n4LQDQP+spvX4cf925a3kyZrftfvGCJ2ZNwvsPhyumYhaBqAgSy\r\n" + "Up2BImymAqPi157q9EeYcQz170TtDZHGmjYzdQxhOAHRb6/IdQ==\r\n" + "-----END CERTIFICATE-----\r\n"; const certEncodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), encodingFormat: cert.EncodingFormat.FORMAT_PEM, }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(certEncodingBlob); console.log('createX509Cert success'); } catch (err) { console.error('createX509Cert failed'); } return x509Cert; } async function selectCRLs() { const x509CRL = await createX509CRL(); const x509Cert = await createX509Cert(); const collection = cert.createCertCRLCollection([], [x509CRL]); const param: cert.X509CRLMatchParameters = { issuer: [new Uint8Array([0x30, 0x58, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x43, 0x4E, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x4A, 0x69, 0x61, 0x6E, 0x67, 0x73, 0x75, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x07, 0x4E, 0x61, 0x6E, 0x6A, 0x69, 0x6E, 0x67, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x13, 0x02, 0x74, 0x73, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x02, 0x74, 0x73])], x509Cert: x509Cert } collection.selectCRLs(param, (err, crls) => { if (err) { console.error('selectCRLs failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('selectCRLs success'); } }); } ``` ## cert.createX509CertChain¹¹⁺ createX509CertChain(inStream: EncodingBlob): Promise\ Creates an X.509 certificate chain instance. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data.| **Return value** | Type | Description | | ------------------------------- | ---------------- | | Promise\<[X509CertChain](#x509certchain11)> | Promise used to return the **X509CertChain** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509CertChain(): Promise { let certChainData = "-----BEGIN CERTIFICATE-----\n" + "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + "uKPWR9dKBA==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + "xjoE\n" + "-----END CERTIFICATE-----\n"; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; try { x509CertChain = await cert.createX509CertChain(encodingBlob); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CertChain; } createX509CertChain(); ``` ## cert.createX509CertChain¹¹⁺ createX509CertChain(inStream: EncodingBlob, callback: AsyncCallback\): void Creates an X.509 certificate chain instance. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ------------------------------------- | ---- | -------------------------- | | inStream | [EncodingBlob](#encodingblob) | Yes | X.509 certificate serialization data. | | callback | AsyncCallback\<[X509CertChain](#x509certchain11)> | Yes | Callback used to return the **X509CertChain** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certChainData = "-----BEGIN CERTIFICATE-----\n" + "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + "uKPWR9dKBA==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + "xjoE\n" + "-----END CERTIFICATE-----\n"; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CertChain(encodingBlob, (err, certChain) => { if (err) { console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('createX509CertChain success'); } }); ``` ## cert.createX509CertChain¹¹⁺ createX509CertChain(certs: Array\): X509CertChain Creates an X.509 certificate chain object based on the specified certificates. This API returns the result synchronously. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | -------------------- | ---- | -------------------------- | | certs | Array\<[X509Cert](#x509cert)> | Yes | Array of X.509 certificates.| **Return value** | Type | Description | | --------------------------------- | -------------------- | | [X509CertChain](#x509certchain11) | **X509CertChain** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509Cert(): Promise { let certData = '-----BEGIN CERTIFICATE-----\n' + 'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' + 'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' + 'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' + 'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' + 'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' + 'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' + 'Qw==\n' + '-----END CERTIFICATE-----\n'; // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function createX509CertChain(): Promise { const x509Cert = await createX509Cert(); let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; try { x509CertChain = cert.createX509CertChain([x509Cert]); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CertChain; } createX509CertChain(); ``` ## cert.buildX509CertChain¹²⁺ buildX509CertChain(param: [CertChainBuildParameters](#certchainbuildparameters12)): Promise\ Builds an X.509 certificate chain with a **CertChainBuildParameters** object. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | -------------------- | ---- | -------------------------- | | param | [CertChainBuildParameters](#certchainbuildparameters12) | Yes | Object used to build the certificate chain.| **Return value** | Type | Description | | --------------------------------- | -------------------- | | [CertChainBuildResult](#certchainbuildresult12) | **X509CertChain** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } // Certificate chain data. let certPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIDTjCCAjagAwIBAgIBBDANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDQwMVoXDTM0MDMxNzAyMDQwMVowEjEQMA4GA1UEAwwH\n' + 'ZGV2aWNlMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMIXL3e7UE/c\n' + 'Z1dPVgRZ5L8gsQ/azuYVBvoFf7o8ksYrL7G1+qZIJjVRqZkuTirLW4GicbkIkPNW\n' + 'eix5cDhkjkC+q5SBCOrSSTTlvX3xcOY1gMlA5MgeBfGixFusq4d5VPF2KceZ20/a\n' + 'ygwGD0Uv0X81OERyPom/dYdJUvfaD9ifPFJ1fKIj/cPFG3yJK/ojpEfndZNdESQL\n' + 'TkoDekilg2UGOLtY6fb9Ns37ncuIj33gCS/R9m1tgtmqCTcgOQ4hwKhjVF3InmPO\n' + '2BbWKvD1RUX+rHC2a2HHDQILOOtDTy8dHvE+qZlK0efrpRgoFEERJAGPi1GDGWiA\n' + '7UX1c4MCxIECAwEAAaOBrjCBqzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQbkAcMT7ND\n' + 'fGp3VPFzYHppZ1zxLTAfBgNVHSMEGDAWgBR0W/koCbvDtFGHUQZLM3j6HKsW2DAd\n' + 'BgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwCwYDVR0PBAQDAgeAMDIGCCsG\n' + 'AQUFBwEBBCYwJDAiBggrBgEFBQcwAYYWaHR0cHM6Ly8xMjcuMC4wLjE6OTk5OTAN\n' + 'BgkqhkiG9w0BAQsFAAOCAQEAF1OTzTmbklFOdZCxrF3zg9owUPJR5RB+PbuBlUfI\n' + '8tkGXkMltQ8PN1dv6Cq+d8BluiJdWEzqVoJa/e5SHHJyYQSOhlurRG0GBXllVQ1I\n' + 'n1PFaI40+9X2X6wrEcdC5nbzogR1jSiksCiTcARMddj0Xrp5FMrFaaGY8M/xqzdW\n' + 'LTDl4nfbuxtA71cIjnE4kOcaemly9/S2wYWdPktsPxQPY1nPUOeJFI7o0sH3rK0c\n' + 'JSqtgAG8vnjK+jbx9RpkgqCsXgUbIahL573VTgxrNrsRjCuVal7XVxl/xOKXr6Er\n' + 'Gpc+OCrXbHNZkUQE5fZH3yL2tXd7EASEb6J3aEWHfF8YBA==\n' + '-----END CERTIFICATE-----'; let caPem = '-----BEGIN CERTIFICATE-----\n' + 'MIIC/zCCAeegAwIBAgIBATANBgkqhkiG9w0BAQsFADASMRAwDgYDVQQDDAdSb290\n' + 'IENBMB4XDTI0MDMxOTAyMDIyNFoXDTM0MDMxNzAyMDIyNFowEjEQMA4GA1UEAwwH\n' + 'Um9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALxI5SDvRfKU\n' + '6XaTeyh2LHlUK0rVSeYfXkYf5Mc3Pgucg+ewzQjxkACMx5NYaW1zfGDNPG1i5IZl\n' + 'cPeWNz1Tm2g6wTd+LyNoNOOmwfLV8pLXSfAukgNrBREf3BzVrbu7hvPd2MmLH23H\n' + 'OBM9uDPTIqu3n2CDN2EzwULjaSk2g+jvhVKsDLInu5uKPmZBFhs1FWKgcnVnlbi1\n' + 'AyAx4efheits6EO70oV6UufCEtS1VsBXQHZRAG4ogshWldRBVNxkU6yHAfg0mM/5\n' + 'EhrZsfh51fWqlrhNWrInjgNV3xIt5ebTIgKZWUlSVHEA/UqDoGfY+CsAJdteZWOW\n' + 'KjsrC/DK2O0CAwEAAaNgMF4wHQYDVR0OBBYEFHRb+SgJu8O0UYdRBkszePocqxbY\n' + 'MB8GA1UdIwQYMBaAFHRb+SgJu8O0UYdRBkszePocqxbYMA8GA1UdEwEB/wQFMAMB\n' + 'Af8wCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQAKOT1ObfQNMN2wdfHq\n' + 'PQgFDDp6rBMbZe70LswPirSXljo4S/vfbG+gBoWCdu/SfsV+lyP75kg1wX0IQvzW\n' + 'xYNh864dgqPmGd0v8TIfM0UT0PpnowUyBHQ+E7LNYIOh/kjHbl3oERdEFA2PUyE9\n' + 'j3GLdg8oe/LqhEQCSAlH+v2RQgBZ9eVN+mSdUxwywm9U3acb0uqVkGiWK/ywumpg\n' + 'AmIZLMJtMVvg8uDkfy16Z4lChTEdNaJVUqPczUNk2kHXIF4we4be9HoOuTVz/SD/\n' + 'IsOhXn/BjS3jnhyS9fxo+opJf9zVTWI02Hlh1WVVtH/m3nIZblyAJhcjCHA2wZSz\n' + 'sSus\n' + '-----END CERTIFICATE-----'; async function createX509Cert(certData: string): Promise { // Certificate binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certData), // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509Cert: cert.X509Cert = {} as cert.X509Cert; try { x509Cert = await cert.createX509Cert(encodingBlob); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509Cert failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509Cert; } async function buildX509CertChain() { try { const caCert = await createX509Cert(caPem); const x509Cert = await createX509Cert(certPem); let certCrlCollection = await cert.createCertCRLCollection([x509Cert]); let param: cert.CertChainBuildParameters = { certMatchParameters: {validDate:'20240812080000Z'}, maxLength: 3, validationParameters: { date: '20240812080000Z', certCRLs: [certCrlCollection], trustAnchors: [{CACert:caCert}, {CACert:caCert}], } } let certChainBuildResult = await cert.buildX509CertChain(param); console.info("cert issuer name: " + certChainBuildResult.validationResult.entityCert.getIssuerName().data) console.info("ca subject name: " + certChainBuildResult.validationResult.trustAnchor.CACert?.getSubjectName().data) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } buildX509CertChain(); ``` ## cert.createTrustAnchorsWithKeyStore¹²⁺ createTrustAnchorsWithKeyStore(keystore: Uint8Array, pwd: string): Promise> Creates a [TrustAnchor](#x509trustanchor11) object array from a .p12 keystore file. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | -------------------- | ---- | -------------------------- | | keystore | Uint8Array | Yes| .p12 file in DER format.| | pwd | string | Yes| Password of the .p12 file.| **Return value** | Type | Description | | --------------------------------- | -------------------- | | Array\<[X509TrustAnchor](#x509trustanchor11)> | **X509TrustAnchor** object array created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------------------------------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; try { cert.createTrustAnchorsWithKeyStore( new Uint8Array([0x30, 0x82, 0x07, 0x5C, 0x02, 0x01, 0x03, 0x30, 0x82, 0x07, 0x12, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x07, 0x03, 0x04, 0x82, 0x06, 0xFF, 0x30, 0x82, 0x06, 0xFB, 0x30, 0x82, 0x05, 0xB2, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x06, 0xA0, 0x82, 0x05, 0xA3, 0x30, 0x82, 0x05, 0x9F, 0x02, 0x01, 0x00, 0x30, 0x82, 0x05, 0x98, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xA9, 0x1C, 0x1B, 0x19, 0x36, 0xDE, 0xD4, 0x20, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0x7D, 0xE5, 0x23, 0x96, 0x18, 0x8B, 0xF4, 0xBC, 0x9F, 0x4E, 0xE8, 0xE9, 0xAA, 0x52, 0x18, 0x39, 0x80, 0x82, 0x05, 0x30, 0x02, 0x2D, 0x59, 0xA9, 0x96, 0x5A, 0xFE, 0x20, 0x18, 0xB2, 0x25, 0xEA, 0xFC, 0x86, 0x0F, 0xA8, 0x3C, 0x2B, 0x26, 0x2F, 0x44, 0x6E, 0xF3, 0x15, 0xB7, 0x94, 0xE4, 0x43, 0xEE, 0xE6, 0xC3, 0xBB, 0x3C, 0x9E, 0x60, 0x08, 0xF8, 0x15, 0x61, 0x44, 0xD0, 0xEA, 0xD5, 0x6D, 0x1A, 0x3B, 0x9F, 0x4E, 0x2A, 0x1E, 0xBB, 0xB9, 0x4E, 0x15, 0x43, 0xB8, 0x68, 0xDB, 0x1A, 0x4E, 0x41, 0xBA, 0x29, 0x8E, 0x75, 0xEB, 0x12, 0xC1, 0xF0, 0x4B, 0x0D, 0x13, 0xB2, 0xC2, 0x48, 0x6F, 0xC4, 0xC4, 0x82, 0xF2, 0x26, 0xD4, 0x3D, 0x1F, 0x42, 0x7D, 0x67, 0xB0, 0x37, 0x55, 0x9E, 0xD9, 0x46, 0x99, 0x98, 0xB4, 0xE7, 0x4B, 0x07, 0x08, 0x3F, 0xD3, 0x96, 0x9A, 0xC5, 0xDA, 0x37, 0x74, 0x08, 0x5D, 0x3B, 0x06, 0x8A, 0x16, 0x6D, 0x81, 0x63, 0x01, 0x83, 0x94, 0xDA, 0x1B, 0x0E, 0x04, 0xCE, 0x18, 0xF0, 0x51, 0x22, 0xD8, 0x2D, 0xF1, 0x69, 0x0C, 0xCB, 0xC9, 0x51, 0x17, 0x07, 0x1F, 0x2B, 0xCF, 0x74, 0x26, 0xD7, 0x73, 0xB3, 0x2D, 0xF2, 0x82, 0xF0, 0x38, 0x5B, 0x8A, 0x8F, 0xCD, 0x84, 0x69, 0x40, 0x59, 0xCE, 0xB3, 0x39, 0xFE, 0xF6, 0xB7, 0x24, 0x89, 0x34, 0xFF, 0xF4, 0x40, 0x50, 0x06, 0x4D, 0xC6, 0x13, 0x82, 0xAF, 0x7F, 0x84, 0xB1, 0x67, 0x3C, 0x89, 0xBB, 0x5D, 0x32, 0xC3, 0xA6, 0xF1, 0x7D, 0xF5, 0x72, 0x68, 0x75, 0xCE, 0x69, 0xAB, 0x6C, 0x32, 0xDA, 0x16, 0x3B, 0xC4, 0xCA, 0x47, 0x45, 0xE9, 0x59, 0x1E, 0xB1, 0x70, 0xDA, 0x8A, 0x00, 0x69, 0x80, 0x40, 0xCA, 0x60, 0xE6, 0x07, 0x16, 0xF0, 0xA2, 0xF9, 0x12, 0x7D, 0x09, 0x43, 0x66, 0x46, 0x78, 0x35, 0xA6, 0x94, 0x35, 0x60, 0x82, 0xFC, 0xB8, 0x5E, 0x39, 0xE7, 0xA1, 0x22, 0xAD, 0xCC, 0x6F, 0x5E, 0xCE, 0x01, 0x6B, 0xA1, 0xDD, 0xE5, 0xDD, 0x79, 0x9B, 0xA1, 0x28, 0xC4, 0x03, 0x84, 0x8D, 0x6C, 0x07, 0xD4, 0xFE, 0x57, 0xFB, 0x89, 0x3F, 0x43, 0x44, 0x69, 0xF1, 0x9E, 0x53, 0x6C, 0x11, 0x11, 0x96, 0x79, 0xE4, 0xB8, 0x3B, 0x49, 0x2E, 0xF6, 0x3B, 0xC5, 0x6C, 0x76, 0x21, 0x22, 0x15, 0x85, 0x77, 0x8A, 0xDD, 0xD2, 0x43, 0x85, 0x73, 0x39, 0x77, 0x9F, 0xFA, 0x8F, 0xCF, 0xCB, 0xEA, 0x62, 0xBD, 0x5C, 0x66, 0x45, 0xCD, 0xB0, 0xCA, 0x42, 0xCC, 0xB9, 0xCF, 0xE3, 0x84, 0x63, 0x9F, 0x63, 0xCE, 0x49, 0xE9, 0x74, 0x26, 0xCC, 0x26, 0x78, 0xCE, 0x9F, 0x4E, 0x38, 0xA2, 0x9C, 0xEB, 0x75, 0xC5, 0x33, 0x6B, 0x00, 0x83, 0x85, 0xA3, 0x0F, 0xE7, 0xE1, 0x11, 0xA6, 0x48, 0xDC, 0xEF, 0x0C, 0x05, 0xB3, 0xDE, 0x94, 0xB9, 0x69, 0xCB, 0x27, 0x09, 0xAB, 0x27, 0xD8, 0x06, 0xED, 0x25, 0xBC, 0xA6, 0x2E, 0xB7, 0xF9, 0x2E, 0xAD, 0x84, 0x1D, 0xDD, 0x73, 0xD8, 0xC0, 0x46, 0x8A, 0xFE, 0x9A, 0xDF, 0x07, 0xE1, 0x33, 0xE2, 0x1C, 0x37, 0x6A, 0x8E, 0xA2, 0x91, 0x0B, 0xD7, 0x76, 0xEF, 0x3C, 0x87, 0x4A, 0x53, 0x84, 0xFA, 0xFA, 0xC5, 0x71, 0x76, 0xC0, 0x75, 0x70, 0x67, 0x67, 0x71, 0x9D, 0x8B, 0x81, 0x6F, 0x68, 0xC5, 0xB1, 0xFC, 0xA3, 0x59, 0xB5, 0xD0, 0x03, 0x56, 0xE7, 0x89, 0x03, 0xD7, 0x99, 0xDE, 0x66, 0x33, 0xFA, 0x53, 0x50, 0x5F, 0xB4, 0x9D, 0xB3, 0x90, 0x8F, 0x57, 0x20, 0xF0, 0x8B, 0xDB, 0x73, 0xCA, 0xA4, 0x71, 0x61, 0x67, 0x6A, 0x6D, 0xA5, 0xCA, 0x88, 0xD4, 0xCC, 0x82, 0x34, 0xC9, 0x3E, 0x10, 0x10, 0x57, 0xD1, 0x08, 0x96, 0x80, 0x09, 0xA8, 0xBB, 0x6F, 0x53, 0x8F, 0xFD, 0x87, 0xCF, 0x73, 0xFC, 0xE1, 0x3A, 0x92, 0x2E, 0x78, 0x66, 0xFB, 0x86, 0x5D, 0x62, 0xE0, 0xC4, 0x58, 0x55, 0x3F, 0xA4, 0xEA, 0xA1, 0xBE, 0x5B, 0x5E, 0x8E, 0x46, 0x50, 0x5E, 0x7C, 0x01, 0xD6, 0x63, 0xAA, 0x6F, 0xD5, 0xFD, 0xAF, 0xC5, 0x1D, 0xB3, 0x90, 0x9C, 0xD8, 0x5F, 0x8D, 0xF2, 0x81, 0xEB, 0xBF, 0xA1, 0xDE, 0xB7, 0x9D, 0xCD, 0x24, 0x82, 0x06, 0x0B, 0x63, 0xE6, 0xBF, 0x57, 0x51, 0xF0, 0xB6, 0xE9, 0x7F, 0xAA, 0x7B, 0x10, 0xBD, 0xCD, 0x85, 0x41, 0xE0, 0xD7, 0xF1, 0x53, 0xB7, 0xF8, 0x46, 0x91, 0x9E, 0x8D, 0x4B, 0xCB, 0x28, 0x35, 0x40, 0x37, 0x1E, 0x83, 0x64, 0x6A, 0x70, 0x01, 0x9D, 0xBF, 0xF1, 0x0E, 0xB6, 0x2E, 0x7A, 0xB7, 0x8F, 0x0F, 0x8C, 0x69, 0xD6, 0xF2, 0xD1, 0xF6, 0x1E, 0xCD, 0x08, 0xA8, 0xD4, 0x1B, 0xCB, 0x38, 0xEA, 0x26, 0x37, 0x5C, 0x60, 0x3A, 0x38, 0x5B, 0x12, 0x1D, 0x00, 0x7B, 0xEC, 0xCE, 0xFB, 0x89, 0x23, 0x8A, 0x11, 0xE1, 0x1B, 0xDE, 0x54, 0x91, 0x6A, 0x26, 0x22, 0xD0, 0x1C, 0x2E, 0xBA, 0xD0, 0x92, 0x87, 0xDA, 0xF0, 0x93, 0xBB, 0x3A, 0x2C, 0x52, 0xFB, 0xB2, 0xA9, 0xA8, 0x92, 0x19, 0xE3, 0x19, 0xDC, 0xB0, 0x0E, 0xC5, 0xE7, 0x9D, 0xFB, 0xF9, 0xA3, 0x23, 0x32, 0xD0, 0x4E, 0x2C, 0x05, 0x2D, 0x76, 0xDB, 0x93, 0x53, 0x5B, 0x0E, 0x2A, 0xA3, 0xDD, 0x5F, 0xD3, 0x1A, 0x3B, 0x1E, 0x1F, 0x26, 0x88, 0x43, 0xAD, 0x10, 0x1F, 0xA9, 0xC4, 0xF9, 0x1F, 0xCD, 0xA5, 0xD2, 0xDC, 0x24, 0x95, 0x1D, 0xE7, 0x57, 0xE1, 0x02, 0x0A, 0x20, 0xEA, 0x6A, 0x78, 0x4E, 0x96, 0xE2, 0xE5, 0x6D, 0x6F, 0xFD, 0x81, 0x7B, 0x61, 0x85, 0xA3, 0x3D, 0xC5, 0x7B, 0xEF, 0xAE, 0x58, 0xA2, 0xDB, 0x91, 0x73, 0xDB, 0x47, 0x8E, 0xD1, 0x7D, 0xD7, 0x8F, 0x56, 0x06, 0x28, 0x8C, 0x78, 0x73, 0x02, 0x65, 0xB0, 0x16, 0x4B, 0xE6, 0xA3, 0xD7, 0x06, 0x7C, 0xEA, 0x7D, 0xE2, 0xAE, 0xBB, 0xE5, 0xD2, 0xEB, 0xF0, 0x91, 0x71, 0x7C, 0xBC, 0xA6, 0x1A, 0xE8, 0x9F, 0xD3, 0xA9, 0x3C, 0x5D, 0x60, 0xCF, 0x59, 0x26, 0x46, 0x45, 0xF2, 0x7F, 0x85, 0x6B, 0xE7, 0xC2, 0x58, 0x52, 0x90, 0x12, 0x07, 0xBA, 0xE6, 0xB8, 0xE5, 0xD7, 0x24, 0x93, 0xD5, 0x6E, 0xB1, 0x74, 0x6C, 0xAA, 0xA0, 0x60, 0xBF, 0xF3, 0x32, 0x41, 0x0B, 0xA2, 0x01, 0x84, 0x0D, 0x83, 0xE4, 0x43, 0xD1, 0xBA, 0xC1, 0x92, 0x84, 0x26, 0xF8, 0xF2, 0x77, 0x20, 0x1B, 0xF2, 0x8F, 0x00, 0x69, 0x18, 0x2F, 0x6C, 0xA8, 0x58, 0xB5, 0x5D, 0xFA, 0x27, 0xD2, 0x38, 0xD2, 0x49, 0x6E, 0xDF, 0x55, 0x79, 0xAF, 0x1C, 0x44, 0xDA, 0x5A, 0xD7, 0x44, 0x53, 0x50, 0x8B, 0x77, 0x70, 0x4D, 0x91, 0xEC, 0x07, 0xA5, 0x64, 0x21, 0x3C, 0x31, 0x09, 0x68, 0x65, 0xB4, 0xFA, 0xBE, 0x23, 0xF9, 0xDF, 0x77, 0x46, 0xA2, 0x9A, 0x5D, 0xE3, 0xBE, 0x1E, 0xE3, 0x84, 0xEF, 0xAE, 0x7D, 0xF8, 0x1C, 0x54, 0xE8, 0x4E, 0xAE, 0xB5, 0xBB, 0xD6, 0xC3, 0x8D, 0x56, 0x79, 0xE8, 0x7C, 0x43, 0xDC, 0xF3, 0xB3, 0x7A, 0x30, 0x22, 0x09, 0xBC, 0x10, 0xD6, 0x84, 0xC4, 0x0F, 0x4C, 0x0B, 0xA2, 0xD1, 0xCB, 0xCD, 0x1F, 0x50, 0x3D, 0xF7, 0x23, 0x45, 0x55, 0x18, 0x21, 0x3D, 0x64, 0x05, 0x2E, 0x52, 0x3A, 0x73, 0xFD, 0xF2, 0xA9, 0xCA, 0x3F, 0xF6, 0x7F, 0x87, 0xE8, 0x56, 0x9B, 0x68, 0x6B, 0x20, 0xB0, 0x1D, 0x83, 0x04, 0x2F, 0x59, 0xFD, 0x84, 0x57, 0x7D, 0x82, 0x97, 0x96, 0xE8, 0xFB, 0xDF, 0x71, 0x8C, 0x26, 0x47, 0x85, 0xA5, 0xBE, 0xFB, 0xF5, 0x05, 0x4C, 0xD3, 0x3D, 0x73, 0xF4, 0xA5, 0xF1, 0xA3, 0x99, 0x98, 0x1B, 0x84, 0x8B, 0xB3, 0x53, 0xCE, 0x4D, 0xEA, 0x5A, 0x48, 0xD2, 0xB9, 0x7E, 0xB6, 0xEB, 0x9B, 0x94, 0x6F, 0xDD, 0x44, 0x80, 0x89, 0xD2, 0x78, 0x6D, 0xB9, 0xDA, 0x8B, 0x83, 0x49, 0xE0, 0x4D, 0x49, 0xDF, 0x6B, 0xFF, 0xF7, 0x04, 0x00, 0x32, 0xAA, 0x1D, 0x4F, 0x8D, 0x4B, 0xDE, 0xB8, 0x0D, 0xC6, 0x54, 0x1C, 0xB2, 0xCD, 0x60, 0x29, 0x72, 0x0A, 0x7E, 0xE7, 0xEB, 0x7A, 0xF6, 0x5B, 0x04, 0x3F, 0x5B, 0x93, 0x12, 0x0D, 0xD5, 0xFF, 0x7A, 0x41, 0x44, 0x0B, 0x37, 0x12, 0x82, 0x3D, 0xDD, 0x1E, 0x59, 0xB9, 0xBE, 0x0F, 0x9E, 0xD6, 0xD0, 0x68, 0x69, 0x74, 0xF9, 0xB1, 0x21, 0xA3, 0x70, 0x4F, 0xDA, 0xF8, 0x9F, 0xB9, 0x49, 0x3F, 0xC6, 0xB2, 0x69, 0xC8, 0xD8, 0x60, 0xF1, 0x6A, 0x52, 0x07, 0xFA, 0x42, 0xFD, 0xA9, 0x06, 0xCF, 0x97, 0x4A, 0x0E, 0xC5, 0xFC, 0x63, 0x27, 0x54, 0xC8, 0xBE, 0x8B, 0x4F, 0xB6, 0x42, 0xBC, 0xA2, 0xCC, 0x70, 0x4A, 0x6B, 0x24, 0x5B, 0x68, 0x28, 0x47, 0xFA, 0x6B, 0x89, 0x28, 0x07, 0x5D, 0xE0, 0x2C, 0x4A, 0xD9, 0x22, 0xE3, 0xB3, 0x2F, 0xAA, 0xC2, 0xA0, 0x7C, 0x0F, 0x92, 0xC5, 0xDD, 0xB6, 0x23, 0x8F, 0x73, 0x73, 0x0F, 0xD7, 0x73, 0x71, 0x2F, 0x0A, 0x78, 0xE8, 0x5B, 0xDB, 0xC2, 0xE0, 0xDB, 0xC9, 0x3E, 0xC3, 0x72, 0x9C, 0x14, 0xD7, 0xD1, 0x28, 0xFD, 0xF4, 0xEE, 0xBC, 0x0E, 0x13, 0x37, 0xCA, 0x85, 0x9F, 0xB9, 0xA2, 0x0E, 0xF6, 0xE7, 0x49, 0xD1, 0xD0, 0x11, 0x76, 0x53, 0xA3, 0x73, 0x95, 0x2A, 0x23, 0xC8, 0x0E, 0x97, 0x83, 0x07, 0x64, 0xB2, 0x51, 0xB7, 0xC8, 0x51, 0x9F, 0xA4, 0x3E, 0x7B, 0xA4, 0x18, 0x6D, 0x99, 0xF0, 0x6E, 0xC3, 0x97, 0xAE, 0xF4, 0xB7, 0x66, 0x37, 0xFA, 0x65, 0xFC, 0x5E, 0xE2, 0x57, 0xFA, 0x8B, 0x4C, 0x86, 0x10, 0xB4, 0x5C, 0xA4, 0xD2, 0x60, 0x83, 0x69, 0x1E, 0xFF, 0x36, 0x9B, 0xF9, 0x84, 0xFB, 0xB8, 0x83, 0x64, 0xF1, 0x41, 0xA5, 0x25, 0x56, 0x21, 0xBA, 0x13, 0x98, 0x0C, 0x3B, 0x04, 0xAA, 0x6C, 0x9A, 0xD4, 0xE3, 0x13, 0x15, 0x54, 0x05, 0x4C, 0x5C, 0xE1, 0x7A, 0x31, 0x5E, 0x90, 0xCF, 0x48, 0x4E, 0x83, 0xD7, 0x7F, 0xED, 0x93, 0x22, 0xAB, 0x67, 0xE7, 0x76, 0x32, 0x64, 0xBA, 0x5A, 0x21, 0x3E, 0x30, 0x82, 0x01, 0x41, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0xA0, 0x82, 0x01, 0x32, 0x04, 0x82, 0x01, 0x2E, 0x30, 0x82, 0x01, 0x2A, 0x30, 0x82, 0x01, 0x26, 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x0C, 0x0A, 0x01, 0x02, 0xA0, 0x81, 0xEF, 0x30, 0x81, 0xEC, 0x30, 0x57, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D, 0x30, 0x4A, 0x30, 0x29, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C, 0x30, 0x1C, 0x04, 0x08, 0xED, 0x3E, 0xED, 0x07, 0x5C, 0x1F, 0x71, 0xAD, 0x02, 0x02, 0x08, 0x00, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x02, 0x09, 0x05, 0x00, 0x30, 0x1D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x01, 0x2A, 0x04, 0x10, 0xA7, 0x49, 0xA4, 0x6E, 0x00, 0x19, 0x75, 0x59, 0x75, 0x59, 0xBA, 0x4B, 0xC7, 0x24, 0x88, 0x34, 0x04, 0x81, 0x90, 0xCA, 0x23, 0x82, 0xAA, 0x16, 0x57, 0x99, 0xFA, 0x94, 0x9F, 0xAE, 0x32, 0x5C, 0x5B, 0xE7, 0x01, 0xD0, 0xED, 0xA7, 0x58, 0x57, 0x52, 0xBF, 0x57, 0x13, 0xD4, 0x15, 0xB0, 0x06, 0xF5, 0x38, 0xCC, 0x64, 0x23, 0x09, 0xD5, 0x8C, 0x0D, 0x64, 0x31, 0xFA, 0x74, 0xAA, 0x96, 0x7E, 0x9B, 0x16, 0xCA, 0x21, 0xFD, 0xC0, 0x54, 0x91, 0x40, 0x7F, 0xB3, 0xF2, 0xA3, 0xEC, 0xA1, 0x4A, 0x07, 0xF0, 0x87, 0x22, 0xDB, 0x8A, 0x49, 0x89, 0xF7, 0xF2, 0x6A, 0xFC, 0x8D, 0x03, 0x6E, 0x32, 0x4F, 0xD0, 0xD8, 0x93, 0x92, 0xA5, 0xF1, 0x41, 0xBD, 0xEA, 0xE1, 0x38, 0xA9, 0xD8, 0x9D, 0xAB, 0xB4, 0x8E, 0x4A, 0x40, 0x0E, 0xC7, 0xE3, 0xE9, 0xBF, 0x0E, 0xBA, 0x8D, 0xAA, 0x3E, 0x93, 0x53, 0x88, 0xEE, 0x0A, 0x2C, 0x71, 0xF1, 0x61, 0x44, 0xA5, 0xAD, 0xED, 0x3E, 0xAB, 0x32, 0x9A, 0x32, 0x85, 0x08, 0xF5, 0x8B, 0xCC, 0x15, 0x35, 0xEE, 0xFA, 0x17, 0x27, 0x97, 0x8D, 0xD9, 0x1C, 0x5E, 0x74, 0x9D, 0x7B, 0x31, 0x25, 0x30, 0x23, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x15, 0x31, 0x16, 0x04, 0x14, 0x5F, 0x8E, 0xAB, 0x9C, 0x5F, 0xE2, 0x3B, 0xB1, 0x5C, 0x1A, 0x36, 0x1D, 0x7D, 0xCB, 0x90, 0x45, 0x20, 0x3C, 0x3B, 0xAC, 0x30, 0x41, 0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20, 0x93, 0x25, 0xC4, 0x3E, 0x2A, 0x6D, 0x4C, 0x30, 0x87, 0x0F, 0xE3, 0x5A, 0x95, 0xB0, 0xF2, 0x6C, 0xBA, 0x07, 0x89, 0x7D, 0xFB, 0xCF, 0xCF, 0x1D, 0x54, 0xA3, 0x36, 0x24, 0x7B, 0x30, 0x97, 0xB5, 0x04, 0x08, 0xE7, 0x96, 0x59, 0xCC, 0x42, 0x9F, 0xEF, 0xFC, 0x02, 0x02, 0x08, 0x00]), '123456').then((data) => { console.log('createTrustAnchorsWithKeyStore sucess, number of the result is: ' + JSON.stringify(data.length)); }).catch((err : BusinessError) => { console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(err)); }) } catch (error) { console.error('createTrustAnchorsWithKeyStore failed:' + JSON.stringify(error)); } ``` ## X509CertChain¹¹⁺ Provides APIs for managing the X.509 certificate chain. ### getCertList¹¹⁺ getCertList(): Array\ Obtains the X.509 certificate list. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | -------------- | ----------- | | Array\<[X509Cert](#x509cert)> | X.509 certificate list obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certChainData = "-----BEGIN CERTIFICATE-----\n" + "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + "uKPWR9dKBA==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + "xjoE\n" + "-----END CERTIFICATE-----\n"; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; cert.createX509CertChain(encodingBlob, (err, certChain) => { if (err) { console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('createX509CertChain success'); try { let certList = certChain.getCertList(); } catch (err) { let e: BusinessError = err as BusinessError; console.error('X509CertChain getCertList failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } }); ``` ### validate¹¹⁺ validate(param: CertChainValidationParameters): Promise\ Validates a certificate chain. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ----------------- | | param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| **Return value** | Type | Description | | ------------------------------------------------------------ | --------------------------------- | | Promise\<[CertChainValidationResult](#certchainvalidationresult11)> | Promise used to return the result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } async function createX509CertChain(): Promise { let certChainData = "-----BEGIN CERTIFICATE-----\n" + "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + "uKPWR9dKBA==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + "xjoE\n" + "-----END CERTIFICATE-----\n"; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; try { x509CertChain = await cert.createX509CertChain(encodingBlob); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } return x509CertChain; } async function validate() { const certChain = await createX509CertChain(); // Certificate chain validation data, which varies with the service. const param: cert.CertChainValidationParameters = { date: '20231212080000Z', trustAnchors: [{ CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), }] } try { const validationRes = await certChain.validate(param); console.log('X509CertChain validate success'); } catch (err) { console.error('X509CertChain validate failed'); } } validate(); ``` ### validate¹¹⁺ validate(param: CertChainValidationParameters, callback: AsyncCallback\): void Validates a certificate chain. This API uses an asynchronous callback to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | --------- | ------------------------------- | ---- | ------------ | | param | [CertChainValidationParameters](#certchainvalidationparameters11) | Yes | Parameters for validating the X.509 certificate chain.| | callback | AsyncCallback\<[CertChainValidationResult](#certchainvalidationresult11)> | Yes | Callback used to return the certificate chain validation result.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certChainData = "-----BEGIN CERTIFICATE-----\n" + "MIID6jCCAtKgAwIBAgIIIM2q/TmRoLcwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE\n" + "BhMCRU4xEDAOBgNVBAgTB0VuZ2xhbmQxDzANBgNVBAcTBkxvbmRvbjEMMAoGA1UE\n" + "ChMDdHMyMQwwCgYDVQQLEwN0czIxDDAKBgNVBAMTA3RzMjAeFw0yMzEyMDUwNzM5\n" + "MDBaFw0yNDEwMzEyMzU5MDBaMGExCzAJBgNVBAYTAkNOMRAwDgYDVQQIEwdKaWFu\n" + "Z3N1MRAwDgYDVQQHEwdOYW5qaW5nMQwwCgYDVQQKEwN0czMxDDAKBgNVBAsTA3Rz\n" + "MzESMBAGA1UEAxMJMTI3LjAuMC4xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" + "CgKCAQEAtt+2QxUevbolYLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLR\n" + "p26LFV/F8ebwPyo8YEBKSwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmc\n" + "rVvLBNMeVnxY86xHpo0MTNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0j\n" + "zT9GjeUP6JLdLFUZJKUPSTK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/U\n" + "T+p5ThAMH593zszlz330nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI3\n" + "8MFQFJKvRHfgTAvVsvAvpBUM2DuBKwIDAQABo4GsMIGpMAkGA1UdEwQCMAAwHQYD\n" + "VR0OBBYEFDfsHTMZwoA6eaDFlBUyDpka+sYtMAsGA1UdDwQEAwID+DAnBgNVHSUE\n" + "IDAeBggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEMBQGA1UdEQQNMAuCCTEy\n" + "Ny4wLjAuMTARBglghkgBhvhCAQEEBAMCBkAwHgYJYIZIAYb4QgENBBEWD3hjYSBj\n" + "ZXJ0aWZpY2F0ZTANBgkqhkiG9w0BAQsFAAOCAQEAp5vTvXrt8ZpgRJVtzv9ss0lJ\n" + "izp1fJf+ft5cDXrs7TSD5oHrSW2vk/ZieIMhexU4LFwhs4OE7jK6pgI48Dseqxx7\n" + "B/KktxhVMJUmVXd9Ayjp6f+BtZlIk0cArPuoXToXjsV8caTGBXHRdzxpAk/w9syc\n" + "GYrbH9TrdNMuTizOb+k268oKXUageZNxHmd7YvOXkcNgrd29jzwXKDYYiUa1DISz\n" + "DnYaJOgPt0B/5izhoWNK7GhJDy9KEuLURcTSWFysbbnljwO9INPT9MmlS83PdAgN\n" + "iS8VXF4pce1W9U5jH7d7k0JDVSXybebe1iPFphsZpYM/NE+jap+mPy1nTCbf9g==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIC0zCCAoWgAwIBAgIIXpLoPpQVWnkwBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDczNzAwWhcNMjQw\n" + "OTAxMjM1OTAwWjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czIxDDAKBgNVBAsTA3RzMjEMMAoGA1UE\n" + "AxMDdHMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtt+2QxUevbol\n" + "YLp51QGcUpageI4fwGLIqv4fj4aoVnHFOOBqVOVpfCLRp26LFV/F8ebwPyo8YEBK\n" + "SwXzMD1573rMSbaH9BalscH5lZYAbetXoio6YRvzlcmcrVvLBNMeVnxY86xHpo0M\n" + "TNyP7W024rZsxWO98xFQVdoiaBC+7+midlisx2Y+7u0jzT9GjeUP6JLdLFUZJKUP\n" + "STK3jVzw9v1eZQZKYoNfU6vFMd6ndtwW6qEnwpzmmX/UT+p5ThAMH593zszlz330\n" + "nTSXBjIsGkyvOz9gSB0Z0LAuJj06XUNhGL5xKJYKbdI38MFQFJKvRHfgTAvVsvAv\n" + "pBUM2DuBKwIDAQABo28wbTAMBgNVHRMEBTADAQH/MB0GA1UdDgQWBBQ37B0zGcKA\n" + "OnmgxZQVMg6ZGvrGLTALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMB4G\n" + "CWCGSAGG+EIBDQQRFg94Y2EgY2VydGlmaWNhdGUwBQYDK2VwA0EAuasLBe55YgvF\n" + "b4wmHeohylc9r8cFGS1LNQ5UcSn3sGqMYf6ehnef16NLuCW6upHCs8Sui4iAMvsP\n" + "uKPWR9dKBA==\n" + "-----END CERTIFICATE-----\n" + "-----BEGIN CERTIFICATE-----\n" + "MIIB3zCCAZGgAwIBAgIIWQvOEDl+ya4wBQYDK2VwMFoxCzAJBgNVBAYTAkVOMRAw\n" + "DgYDVQQIEwdFbmdsYW5kMQ8wDQYDVQQHEwZMb25kb24xDDAKBgNVBAoTA3RzMTEM\n" + "MAoGA1UECxMDdHMxMQwwCgYDVQQDEwN0czEwHhcNMjMxMjA1MDAwMDAwWhcNMjQx\n" + "MjA0MjM1OTU5WjBaMQswCQYDVQQGEwJFTjEQMA4GA1UECBMHRW5nbGFuZDEPMA0G\n" + "A1UEBxMGTG9uZG9uMQwwCgYDVQQKEwN0czExDDAKBgNVBAsTA3RzMTEMMAoGA1UE\n" + "AxMDdHMxMCowBQYDK2VwAyEAuxadj1ww0LqPN24zr28jcSOlSWAe0QdLyRF+ZgG6\n" + "klKjdTBzMBIGA1UdEwEB/wQIMAYBAf8CARQwHQYDVR0OBBYEFNSgpoQvfxR8A1Y4\n" + "St8NjOHkRpm4MAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAAcwHgYJYIZI\n" + "AYb4QgENBBEWD3hjYSBjZXJ0aWZpY2F0ZTAFBgMrZXADQQAblBgoa72X/K13WOvc\n" + "KW0fqBgFKvLy85hWD6Ufi61k4ProQiZzMK+0+y9jReKelPx/zRdCCgSbQroAR2mV\n" + "xjoE\n" + "-----END CERTIFICATE-----\n"; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; // Certificate chain validation data, which varies with the service. let param: cert.CertChainValidationParameters = { date: '20231212080000Z', trustAnchors: [{ CAPubKey: new Uint8Array([0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 0xbb, 0x16,0x9d, 0x8f, 0x5c, 0x30, 0xd0, 0xba, 0x8f, 0x37, 0x6e, 0x33, 0xaf, 0x6f, 0x23, 0x71, 0x23, 0xa5, 0x49, 0x60,0x1e, 0xd1, 0x07, 0x4b, 0xc9, 0x11, 0x7e, 0x66, 0x01, 0xba, 0x92, 0x52]), CASubject: new Uint8Array([0x30, 0x5a, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x45,0x4e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x13, 0x07, 0x45, 0x6e, 0x67, 0x6c, 0x61, 0x6e,0x64, 0x31, 0x0f, 0x30, 0x0d, 0x06, 0x03, 0x55, 0x04, 0x07, 0x13, 0x06, 0x4c, 0x6f, 0x6e, 0x64, 0x6f, 0x6e,0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a,0x06, 0x03, 0x55, 0x04, 0x0b, 0x13, 0x03, 0x74, 0x73, 0x31, 0x31, 0x0c, 0x30, 0x0a, 0x06, 0x03, 0x55, 0x04,0x03, 0x13, 0x03, 0x74, 0x73, 0x31]), }] }; cert.createX509CertChain(encodingBlob, (err, certChain) => { if (err) { console.error('createX509CertChain failed, errCode: ' + err.code + ', errMsg: ' + err.message); } else { console.log('createX509CertChain success'); certChain.validate(param, (error, validationRes) => { if (error) { console.error('X509CertChain validate failed, errCode: ' + error.code + ', errMsg: ' + error.message); } else { console.log('X509CertChain validate success'); } }); } }); ``` ### toString¹²⁺ toString(): string Converts the object data into a string. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | string | String obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certChainData = '-----BEGIN CERTIFICATE-----\n' + 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + '-----END CERTIFICATE-----\n' + '-----BEGIN CERTIFICATE-----\n' + 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 'tPO+\n' + '-----END CERTIFICATE-----\n'; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certChainToString() { let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; try { x509CertChain = await cert.createX509CertChain(encodingBlob); console.log('createX509CertChain success'); console.info('toString success: ' + JSON.stringify(x509CertChain.toString())); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### hashCode¹²⁺ hashCode(): Uint8Array Obtains the hash value of the data in DER format. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ---------------------------------------------------- | | Uint8Array | Hash value obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ----------------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let certChainData = '-----BEGIN CERTIFICATE-----\n' + 'MIIGVjCCBT6gAwIBAgIQBMO0W3CU9LWVw1bE/jqYojANBgkqhkiG9w0BAQsFADBE\n' + 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMR4wHAYDVQQDExVH\n' + 'ZW9UcnVzdCBSU0EgQ04gQ0EgRzIwHhcNMjMwMzIzMDAwMDAwWhcNMjQwNDIyMjM1\n' + 'OTU5WjB1MQswCQYDVQQGEwJDTjERMA8GA1UECBMIemhlamlhbmcxETAPBgNVBAcT\n' + 'CGhhbmd6aG91MSwwKgYDVQQKEyNOZXRFYXNlIChIYW5nemhvdSkgTmV0d29yayBD\n' + 'by4sIEx0ZDESMBAGA1UEAwwJKi4xNjMuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC\n' + 'AQ8AMIIBCgKCAQEAwELks0Q1Z81u1OpbGdEFE2Snm/WpLfmiC5YFj5nFrinSX+UZ\n' + 'MIk42euBdjYSsWFxbljmWDdUCjstMhG8vRAjz3Nt1QniMCunHHFGujR5rSNLWYHE\n' + 'vCPhfptIhqOaE/rvkWGZZr2KjTQQN0dRf8dm9Oewy8DHu95c9jW6c9AVgKWUVOni\n' + 'tTOcJCnrndWjgCIPfKmKgrwaNaMnuQyy5nPIUHl/5EGzuGHrwjwlF+w+cT+Fwdix\n' + 'C3msEOCwX6wzo6baDs4og2EzuPNyTp4n4UqH5aHhLePgBFboOAyJwWp3+XJNpNGw\n' + 'GkU56cUUy7+AAn268EVvUNr7uQ65t2t+Ys32bQIDAQABo4IDETCCAw0wHwYDVR0j\n' + 'BBgwFoAUJG+RP4mHhw4ywkAY38VM60/ISTIwHQYDVR0OBBYEFD1HyRYJ5jqkvYL7\n' + 'C6TSt8/y3e7hMB0GA1UdEQQWMBSCCSouMTYzLmNvbYIHMTYzLmNvbTAOBgNVHQ8B\n' + 'Af8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMD0GA1UdHwQ2\n' + 'MDQwMqAwoC6GLGh0dHA6Ly9jcmwuZGlnaWNlcnQuY24vR2VvVHJ1c3RSU0FDTkNB\n' + 'RzIuY3JsMD4GA1UdIAQ3MDUwMwYGZ4EMAQICMCkwJwYIKwYBBQUHAgEWG2h0dHA6\n' + 'Ly93d3cuZGlnaWNlcnQuY29tL0NQUzBxBggrBgEFBQcBAQRlMGMwIwYIKwYBBQUH\n' + 'MAGGF2h0dHA6Ly9vY3NwLmRpZ2ljZXJ0LmNuMDwGCCsGAQUFBzAChjBodHRwOi8v\n' + 'Y2FjZXJ0cy5kaWdpY2VydC5jbi9HZW9UcnVzdFJTQUNOQ0FHMi5jcnQwCQYDVR0T\n' + 'BAIwADCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUA7s3QZNXbGs7FXLedtM0T\n' + 'ojKHRny87N7DUUhZRnEftZsAAAGHDSE15QAABAMARjBEAiBRpmsJ3F9AI8wFxqOQ\n' + 'bHp+RL6F8cvNydajQ0Bqxjvd3AIgefAU/po3jBm+96dFVdbX+AG1uss67DL3VL5I\n' + 'nUmVva8AdgBz2Z6JG0yWeKAgfUed5rLGHNBRXnEZKoxrgBB6wXdytQAAAYcNITZS\n' + 'AAAEAwBHMEUCID/sUP12odF7uTTEyE0PjCpKo3nF7A3ba3b5wJJsZrDrAiEAxrat\n' + 'W2eeZTD458LPSPrMMBb1/o6zibWXqJCQye+bVFwAdwBIsONr2qZHNA/lagL6nTDr\n' + 'HFIBy1bdLIHZu7+rOdiEcwAAAYcNITYeAAAEAwBIMEYCIQCCJ2ktM1F+d1I5mQju\n' + 'Tn7oDYxy3GCGyG3u/yhu8k7EaAIhANSP8cAaMQFV6y8B2tubKY5eSQtgkF3a6NNq\n' + 'QJjtPnoHMA0GCSqGSIb3DQEBCwUAA4IBAQC8dK/G4nvs/SyQe/mnK+rUYIdSFs+4\n' + 'lgzatmq8V/I1tBly+Sv/FPhnn4F3iCrqy9j8y202FP51ev95DGbjlJRTIFPqVAO8\n' + 'ywYrLhvl1SJhV0b/8NF0Pr3dZVnK5Vfn11+LSBUg0cBB2hcVV30nv3IuVhz3d12n\n' + 'P+VseYQgMpQf7ad+ttpZtA7yqHzrUm4fzr03G7q88GztACRSHoYiPbOlz99SeTgW\n' + '7bzZl1I4taxy2Q3b0ZBGfUt/kPY05tpKzKwDTbbqSErYszCt5X1RfVvf3coxF8Mo\n' + '9bHbs2wYIzQBdujDQ/hU0u6ItERer3SUItZoxaSIxdrZ9eXFwVvXsT/g\n' + '-----END CERTIFICATE-----\n' + '-----BEGIN CERTIFICATE-----\n' + 'MIIFDzCCA/egAwIBAgIQCxNitu5qnT6WiTDxbiB9OTANBgkqhkiG9w0BAQsFADBh\n' + 'MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3\n' + 'd3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD\n' + 'QTAeFw0yMDAzMDQxMjA0NDBaFw0zMDAzMDQxMjA0NDBaMEQxCzAJBgNVBAYTAlVT\n' + 'MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxHjAcBgNVBAMTFUdlb1RydXN0IFJTQSBD\n' + 'TiBDQSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANA1OZJJtZUI\n' + '7zj4qFHT79g+Otks4TEfmUEDhrNKBEEjb/i29GBfnpvFdT36azCg2VODJRSjIzFn\n' + '4qADcc84EmfKiDEM97HFsQPp9RRkqxH5cB51EU2eBE9Ua95x+wQp/KSdCqITCQ/v\n' + 'yvm3J4Upjl0wlW8wRCPCWcYw3pKClGRkNzVtI1KXnfpn7fG3N84n7wlBb9IGKJFa\n' + 'c/6+hxvZx2qnfLsxdIKR0Q/biGoU6Z8Iy/R/p7GoPO8vamV090+QHEL5AdSzKtEh\n' + 'U9vdvcuWjjLxVnaJLfj/6WoGZj8UWn3zFbEoTVaAfp2xqdzW7yRvi2r148m9ev7l\n' + 'jDqHo8UX69sCAwEAAaOCAd4wggHaMB0GA1UdDgQWBBQkb5E/iYeHDjLCQBjfxUzr\n' + 'T8hJMjAfBgNVHSMEGDAWgBQD3lA1VtFMu2bwo+IbG8OXsj3RVTAOBgNVHQ8BAf8E\n' + 'BAMCAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMBIGA1UdEwEB/wQI\n' + 'MAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsGAQUFBzABhhdodHRwOi8vb2Nz\n' + 'cC5kaWdpY2VydC5jbjBABgNVHR8EOTA3MDWgM6Axhi9odHRwOi8vY3JsLmRpZ2lj\n' + 'ZXJ0LmNuL0RpZ2lDZXJ0R2xvYmFsUm9vdENBLmNybDCB3QYDVR0gBIHVMIHSMIHF\n' + 'BglghkgBhv1sAQEwgbcwKAYIKwYBBQUHAgEWHGh0dHBzOi8vd3d3LmRpZ2ljZXJ0\n' + 'LmNvbS9DUFMwgYoGCCsGAQUFBwICMH4MfEFueSB1c2Ugb2YgdGhpcyBDZXJ0aWZp\n' + 'Y2F0ZSBjb25zdGl0dXRlcyBhY2NlcHRhbmNlIG9mIHRoZSBSZWx5aW5nIFBhcnR5\n' + 'IEFncmVlbWVudCBsb2NhdGVkIGF0IGh0dHBzOi8vd3d3LmRpZ2ljZXJ0LmNvbS9y\n' + 'cGEtdWEwCAYGZ4EMAQICMA0GCSqGSIb3DQEBCwUAA4IBAQCzkcXq0TN0oSn4UeXp\n' + 'FBW7U8zrHBIhH9MXHNBp+Yy/yN19133UY05uuHXHaU2Uv0hxefckjPdkaX7ARso+\n' + 'O3Ar6nf7YfBwCqSpqsNckKT7KKtf3Ot95wYFpKDa64jcRUfxzRWnmq12IVzczqHI\n' + 'sIvUZQINw/UHSQcWekdUnMg58bQSHyTjwkj9jcX2RURxaVZkr15wxo/Z3Ydo2PVK\n' + '3afEr0/vcuFvE7QeGXiI2DJdVt3JefatZ3rj4VTW2aUZwHGUiWWIUudBfQKR0JEp\n' + 'lJ8MFaKDh4/A2VEJnXILu1iwvc1m3jCaPuzZKdoHM/1234bznJI2aAfhfIhoHw90\n' + 'tPO+\n' + '-----END CERTIFICATE-----\n'; // Certificate chain binary data, which varies with the service. let encodingBlob: cert.EncodingBlob = { data: stringToUint8Array(certChainData), // Set the encoding format, which can be FORMAT_PEM, FORMAT_DER, or FORMAT_PKCS7. encodingFormat: cert.EncodingFormat.FORMAT_PEM }; async function certChainHashCode() { let x509CertChain: cert.X509CertChain = {} as cert.X509CertChain; try { x509CertChain = await cert.createX509CertChain(encodingBlob); console.log('createX509CertChain success'); console.info('hashCode success: ' + JSON.stringify(x509CertChain.hashCode())); } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX509CertChain failed, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## cert.createX500DistinguishedName¹²⁺ createX500DistinguishedName(nameStr: string): Promise\ Creates an **X500DistinguishedName** object in the form of a string. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------- | | nameStr | string | Yes|DN of the string type defined by X.509.| **Return value** | Type | Description | | ------------------------------- | ---------------- | | Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; // Convert the string into a Uint8Array. function stringToUint8Array(str: string): Uint8Array { let arr: Array = []; for (let i = 0, j = str.length; i < j; i++) { arr.push(str.charCodeAt(i)); } return new Uint8Array(arr); } let nameStr = '/CN=John Doe/OU=IT Department/O=ACME Inc./L=San Francisco/ST=California/C=US/CN=ALN C/CN=XTS'; async function createX500DistinguishedName() { try { cert.createX500DistinguishedName(nameStr) .then((data) => { console.log('createX500DistinguishedName success'); }) .catch((err: BusinessError) => { console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## cert.createX500DistinguishedName¹²⁺ createX500DistinguishedName(nameDer: Uint8Array): Promise\ Creates an **X500DistinguishedName** object in DER format. This API uses a promise to return the result. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | -------- | ----------------------------- | ---- | -------------------- | | nameDer | Uint8Array | Yes|Name of the Uint8Array type in DER format defined by X.509.| **Return value** | Type | Description | | ------------------------------- | ---------------- | | Promise\<[X500DistinguishedName](#x500distinguishedname12)> | Promise used to return the **X500DistinguishedName** object created.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | | 19030002 | the certificate signature verification failed. | | 19030003 | the certificate has not taken effect. | | 19030004 | the certificate has expired. | | 19030005 | failed to obtain the certificate issuer. | | 19030006 | the key cannot be used for signing a certificate. | | 19030007 | the key cannot be used for digital signature. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); async function createX500DistinguishedName() { try { cert.createX500DistinguishedName(nameDer) .then((data) => { console.log('createX500DistinguishedName success'); }) .catch((err: BusinessError) => { console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ## X500DistinguishedName¹²⁺ Provides APIs for managing the **X500DistinguishedName** instance. ### getName¹²⁺ getName(): string Obtains the DN in the form of a string. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ------------------------------------------------- | | string | DN in the form of a string obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; let nameDer = new Uint8Array([48,41,49,11,48,9,6,3,85,4,3,12,2,67,65,49,13,48,11,6,3,85,4,10,12,4,116,101,115,116,49,11,48,9,6,3,85,4,6,19,2,67,78]); async function getName() { try { cert.createX500DistinguishedName(nameDer) .then((data) => { console.log('createX500DistinguishedName success'); console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName())) }) .catch((err: BusinessError) => { console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getName¹²⁺ getName(type: string): Array\ Obtains DNs of the specified type. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Parameters** | Name | Type | Mandatory| Description | | ------------ | ------ | ---- | -------------- | | type | string | Yes| Type of the DNs to obtain.| **Return value** | Type | Description | | ------- | ------------------------------------------------- | | Array\ | DNs obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 401 | invalid parameters. Possible causes:
1. Mandatory parameters are left unspecified;
2. Incorrect parameter types;
3. Parameter verification failed.| | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; async function getName() { try { cert.createX500DistinguishedName(nameStr) .then((data) => { console.log('createX500DistinguishedName success'); console.info('createX500DistinguishedName getName: ' + JSON.stringify(data.getName("CN"))) }) .catch((err: BusinessError) => { console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); } } ``` ### getEncoded¹²⁺ getEncoded(): EncodingBlob Obtains the data of the X.509 certificate **extensions** field. **Atomic service API**: This API can be used in atomic services since API version 12. **System capability**: SystemCapability.Security.Cert **Return value** | Type | Description | | ------- | ------------------------------------------------- | | [EncodingBlob](#encodingblob) | X.509 certificate extensions data obtained.| **Error codes** For details about the error codes, see [Certificate Error Codes](errorcode-cert.md). | ID| Error Message | | -------- | ------------- | | 19020001 | memory error. | | 19020002 | runtime error. | | 19030001 | crypto operation error. | **Example** ```ts import { cert } from '@kit.DeviceCertificateKit'; import { BusinessError } from '@kit.BasicServicesKit'; let nameStr = '/CN=Example CA/OU=test cert/O=test/L=XA/ST=SX/C=CN/CN=RSA CA/CN=XTS'; async function getEncoded() { try { cert.createX500DistinguishedName(nameStr) .then((data) => { console.log('createX500DistinguishedName success'); let encodingBlobData = data.getEncoded(); }) .catch((err: BusinessError) => { console.error('createX500DistinguishedName catch, errCode: ' + err.code + ', errMsg: ' + err.message); }) } catch (error) { let e: BusinessError = error as BusinessError; console.error('createX500DistinguishedName catch, errCode: ' + e.code + ', errMsg: ' + e.message); } } ```