1# @ohos.net.networkSecurity (Network Security) 2 3The **networkSecurity** module provides the network security verification capability. Specifically, it provides APIs for applications to verify the certificates in use. 4 5> **NOTE** 6> 7> The initial APIs of this module are supported since API version 11. Newly added APIs will be marked with a superscript to indicate their earliest API version. 8 9## Modules to Import 10 11```ts 12import { networkSecurity } from '@kit.NetworkKit'; 13``` 14 15## Sample Code 16 17```ts 18import { networkSecurity } from '@kit.NetworkKit'; 19 20// Define certificate blobs 21const cert: networkSecurity.CertBlob = { 22 type: networkSecurity.CertType.CERT_TYPE_PEM, 23 data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 24}; 25 26const caCert: networkSecurity.CertBlob = { 27 type: networkSecurity.CertType.CERT_TYPE_PEM, 28 data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 29}; 30 31// Perform asynchronous certificate verification 32networkSecurity.certVerification(cert, caCert) 33 .then((result) => { 34 console.info('Certificate verification result:', result); 35 }) 36 .catch((error: BusinessError) => { 37 console.error('Certificate verification failed:', error); 38 }); 39``` 40 41> **NOTE** 42> 43> Be sure to replace the certificate data in the example with the actual certificate data. 44 45## CertType 46 47Enumerates certificate types. 48 49**System capability**: SystemCapability.Communication.NetStack 50 51| Name | Value | Description | 52| ------------- | ----- | ------------- | 53| CERT_TYPE_PEM | 0 | PEM certificate| 54| CERT_TYPE_DER | 1 | DER certificate.| 55 56 57## CertBlob 58 59Defines the certificate data. 60 61**System capability**: SystemCapability.Communication.NetStack 62 63| Name | Type | Mandatory | Description | 64| ----- | --------------------- | --------- | -------------- | 65| type | CertType | Yes | Certificate type. | 66| data | string \| ArrayBuffer | Yes | Certificate data. | 67 68 69## networkSecurity.certVerification 70 71certVerification(cert: CertBlob, caCert?: CertBlob): Promise\<number\> 72 73Obtains the preset CA certificate and custom CA certificate from the certificate management module, and verifies the certificate passed by the application. 74 75**System capability**: SystemCapability.Communication.NetStack 76 77**Parameters** 78 79| Name| Type | Mandatory| Description | 80| ------ | -------- | ---- | ---------------------- | 81| cert | CertBlob | Yes | Certificate to be verified. | 82| caCert | CertBlob | No | Custom CA certificate.| 83 84**Return values:** 85 86| Type | Description | 87| --------------- | ------------------------------------------------------------ | 88| Promise\<number\> | Promise used to return the result. The value **0** indicates that the certificate verification is successful, and a non-0 value indicates that the verification has failed.| 89 90**Error codes** 91 92| ID| Error Message | 93| -------- | ---------------------------------------------------- | 94| 401 | Parameter error. | 95| 2305001 | Unspecified error. | 96| 2305002 | Unable to get issuer certificate. | 97| 2305003 | Unable to get certificate revocation list (CRL). | 98| 2305004 | Unable to decrypt certificate signature. | 99| 2305005 | Unable to decrypt CRL signature. | 100| 2305006 | Unable to decode issuer public key. | 101| 2305007 | Certificate signature failure. | 102| 2305008 | CRL signature failure. | 103| 2305009 | Certificate is not yet valid. | 104| 2305010 | Certificate has expired. | 105| 2305011 | CRL is not yet valid. | 106| 2305012 | CRL has expired. | 107| 2305018 | Self-signed certificate. | 108| 2305023 | Certificate has been revoked. | 109| 2305024 | Invalid certificate authority (CA). | 110| 2305027 | Certificate is untrusted. | 111| 2305069 | Call invalid. | 112 113> **NOTE** 114> 115> If any of the preceding error codes is reported during certificate verification, rectify the error based on the detailed information about the error description. 116 117**Example** 118 119```ts 120import { networkSecurity } from '@kit.NetworkKit'; 121import { BusinessError } from '@kit.BasicServicesKit'; 122 123// Define certificate blobs 124const cert:networkSecurity.CertBlob = { 125 type: networkSecurity.CertType.CERT_TYPE_PEM, 126 data: '-----BEGIN CERTIFICATE-----\n... (certificate data) ...\n-----END CERTIFICATE-----', 127}; 128 129const caCert:networkSecurity.CertBlob = { 130 type: networkSecurity.CertType.CERT_TYPE_PEM, 131 data: '-----BEGIN CERTIFICATE-----\n... (CA certificate data) ...\n-----END CERTIFICATE-----', 132}; 133 134// Perform asynchronous certificate verification 135networkSecurity.certVerification(cert, caCert) 136 .then((result) => { 137 console.info('Certificate verification result:', result); 138 }) 139 .catch((error: BusinessError) => { 140 console.error('Certificate verification failed:', error); 141 }); 142``` 143> **NOTE** 144> 145> Be sure to replace the certificate data in the example with the actual certificate data. 146 147 148 149## networkSecurity.certVerificationSync 150 151certVerificationSync(cert: CertBlob, caCert?: CertBlob): number 152 153Obtains the preset CA certificate and custom CA certificate from the certificate management module, and verifies the certificate passed by the application. 154 155**System capability**: SystemCapability.Communication.NetStack 156 157**Parameters** 158 159| Name| Type | Mandatory| Description | 160| ------ | -------- | ---- | ---------------------- | 161| cert | CertBlob | Yes | Certificate to be verified. | 162| caCert | CertBlob | No | Custom CA certificate.| 163 164**Return values:** 165 166| Type | Description | 167| ------ | ------------------------------------------------------------ | 168| number | Certificate verification result. The value **0** indicates that the certificate verification is successful, and a non-0 value indicates that the verification has failed.| 169 170**Error codes** 171 172| ID| Error Message | 173| -------- | ---------------------------------------------------- | 174| 401 | Parameter error. | 175| 2305001 | Unspecified error. | 176| 2305002 | Unable to get issuer certificate. | 177| 2305003 | Unable to get certificate revocation list (CRL). | 178| 2305004 | Unable to decrypt certificate signature. | 179| 2305005 | Unable to decrypt CRL signature. | 180| 2305006 | Unable to decode issuer public key. | 181| 2305007 | Certificate signature failure. | 182| 2305008 | CRL signature failure. | 183| 2305009 | Certificate is not yet valid. | 184| 2305010 | Certificate has expired. | 185| 2305011 | CRL is not yet valid. | 186| 2305012 | CRL has expired. | 187| 2305023 | Certificate has been revoked. | 188| 2305024 | Invalid certificate authority (CA). | 189| 2305027 | Certificate is untrusted. | 190 191> **NOTE** 192> 193> If any of the preceding error codes is reported during certificate verification, rectify the error based on the detailed information about the error description. 194 195**Example** 196 197```ts 198import { networkSecurity } from '@kit.NetworkKit'; 199import { BusinessError } from '@kit.BasicServicesKit'; 200 201// Create certificate blobs 202const cert: networkSecurity.CertBlob = { 203 type: networkSecurity.CertType.CERT_TYPE_PEM, 204 data: '-----BEGIN CERTIFICATE-----\n...' 205}; 206 207const caCert: networkSecurity.CertBlob = { 208 type: networkSecurity.CertType.CERT_TYPE_PEM, 209 data: '-----BEGIN CERTIFICATE-----\n...' 210}; 211 212// Asynchronous verification 213networkSecurity.certVerification(cert, caCert) 214 .then((result) => { 215 console.info('Verification Result:', result); 216 }) 217 .catch((error: BusinessError) => { 218 console.error('Verification Error:', error); 219 }); 220 221// Synchronous verification 222let resultSync: number = networkSecurity.certVerificationSync(cert, caCert); 223console.info('Synchronous Verification Result:', resultSync); 224``` 225 226> **NOTE** 227> 228> Be sure to replace the certificate data in the example with the actual certificate data. 229