1# Certificate Framework 2 3## Introduction 4The certificate framework shields the implementation differences of third-party certificate algorithm libraries. It provides the capabilities of parsing and verifying certificates, certificate extensions, and certificate revocation lists (CRLs), and verifying certificate chains. You can use the APIs provided by the certificate framework to easily complete your development. 5 6**Figure 1** Certificate framework architecture 7 8 9 10 11The certificate framework consists of the following: 12 13- API layer: provides unified JavaScript interfaces to implement capabilities, including parsing certificates, certificate extensions, and CRLs and verifying certificate chains. 14 * Certificate operations include obtaining the version number, serial number (SN), issuer, subject, signature algorithm, and public key of the certificate based on the certificate data passed by the service. 15 * Certificate extension operations include obtaining the object identifier (OID) list of the certificate extensions based on the certificate extension fields passed by the service and obtaining specific data based on the OID. 16 * CRL operations include obtaining revoked certificates, SNs, issuers, and revocation time of the certificates based on the CRL. 17 * Certificate chain operations include verifying the validity of a certificate chain based on the certificate chain data passed by the service. 18- Framework implementation layer: manages internal objects and flexibly loads the algorithm library adaptation layer to adapt to the algorithm and shield differences between the third-party algorithm libraries. 19- Algorithm library adaptation layer: calls specific APIs of the OpenSSL or Mbed TLS algorithm library to provide capabilities, such as parsing certificates and obtaining certificate fields, for services. 20 21## Directory Structure 22``` 23base/security/certificate_framwork 24├── bundle.json # Component configuration file 25├── cf.gni # Compilation configuration file 26├── config # Configuration related to the build 27├── figures # Figures used in the README 28├── frameworks # Framework implementation layer 29│ ├── ability # Abilities of the framework layer 30│ ├── adapter # Algorithm library adaptation layer 31│ ├── common # Common methods relied on internally 32│ ├── core # Certificate framework implementation 33│ └── js 34│ └── napi # JS interfaces encapsulated by NAPI 35├── interfaces # APIs exposed externally 36└── test # Test cases 37``` 38 39## Building the Certificate Framework 40 41In the root directory of the OpenHarmony source code, run the following command to separately build the certificate framework component: 42```shell 43./build.sh --product-name rk3568 --ccache --build-target certificate_framework 44``` 45> **NOTE** 46> 47> --**product-name** indicates the product name, for example, **rk3568**. 48> 49> --**ccache** indicates the cache function used during the compilation. 50> 51> --**build-target** indicates the name of the component to build. 52 53 54## Usage 55 56### Available APIs 57 58 59 60### How to Use 61 62 63 64## Repositories Involved 65 66[Security subsystem](https://gitee.com/openharmony/docs/blob/master/en/readme/Security.md) 67 68[security\_crypto\_framework](https://gitee.com/openharmony/security_crypto_framework) 69 70[**security\_certificate\_framework**](https://gitee.com/openharmony-sig/security_certificate_framework) 71