1# Certificate and CRL Collection Development
2
3This topic walks you through on how to filter certificates or CRLs based on a **CertCRLCollection** object.
4
5## How to Develop
6
71. Import the [certFramework](../../reference/apis-device-certificate-kit/js-apis-cert.md) module.
8
9   ```ts
10   import { cert } from '@kit.DeviceCertificateKit';
11   ```
12
132. Use [cert.createX509Cert](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509cert) to create an X.509 certificate object.
14
153. Use [cert.createX509CRL](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509crl11) to create an X.509 CRL object.
16
174. Use [cert.createCertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatecertcrlcollection11) to create a [CertCRLCollection](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcrlcollection11) object.
18
195. Use [CertCRLCollection.selectCerts](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcerts11) to search for all certificates that match [X509CertMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509certmatchparameters11).
20
216. Use [CertCRLCollection.selectCRLs](../../reference/apis-device-certificate-kit/js-apis-cert.md#selectcrls11) to search for all CRLs that match [X509CRLMatchParameters](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509crlmatchparameters11).
22
23```ts
24import { cert } from '@kit.DeviceCertificateKit';
25import { BusinessError } from '@kit.BasicServicesKit';
26import { util } from '@kit.ArkTS';
27
28async function createX509CRL(): Promise<cert.X509CRL> {
29  let crlData = '-----BEGIN X509 CRL-----\n' +
30    'MIHzMF4CAQMwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKQ1JMIGlzc3VlchcN\n' +
31    'MTcwODA3MTExOTU1WhcNMzIxMjE0MDA1MzIwWjAVMBMCAgPoFw0zMjEyMTQwMDUz\n' +
32    'MjBaMA0GCSqGSIb3DQEBBAUAA4GBACEPHhlaCTWA42ykeaOyR0SGQIHIOUR3gcDH\n' +
33    'J1LaNwiL+gDxI9rMQmlhsUGJmPIPdRs9uYyI+f854lsWYisD2PUEpn3DbEvzwYeQ\n' +
34    '5SqQoPDoM+YfZZa23hoTLsu52toXobP74sf/9K501p/+8hm4ROMLBoRT86GQKY6g\n' +
35    'eavsH0Q3\n' +
36    '-----END X509 CRL-----\n';
37
38  // Binary data of the CRL, which must be set based on the service.
39  let textEncoder = new util.TextEncoder();
40  let encodingBlob: cert.EncodingBlob = {
41    data: textEncoder.encodeInto(crlData),
42    // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER.
43    encodingFormat: cert.EncodingFormat.FORMAT_PEM
44  };
45  let x509CRL: cert.X509CRL = {} as cert.X509CRL;
46  try {
47    x509CRL = await cert.createX509CRL(encodingBlob);
48  } catch (err) {
49    let e: BusinessError = err as BusinessError;
50    console.error(`createX509CRL failed, errCode: ${e.code}, errMsg: ${e.message}`);
51  }
52  return x509CRL;
53}
54
55async function createX509Cert(): Promise<cert.X509Cert> {
56  let certData = '-----BEGIN CERTIFICATE-----\n' +
57    'MIIBHTCBwwICA+gwCgYIKoZIzj0EAwIwGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290\n' +
58    'IENBMB4XDTIzMDkwNTAyNDgyMloXDTI2MDUzMTAyNDgyMlowGjEYMBYGA1UEAwwP\n' +
59    'RXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEHjG74yMI\n' +
60    'ueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTatUsU0i/sePnrKglj2H8Abbx9\n' +
61    'PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEApVZno/Z7WyDc/muRN1y57uaY\n' +
62    'Mjrgnvp/AMdE8qmFiDwCIQCrIYdHVO1awaPgcdALZY+uLQi6mEs/oMJLUcmaag3E\n' +
63    'Qw==\n' +
64    '-----END CERTIFICATE-----\n';
65
66  let textEncoder = new util.TextEncoder();
67  let encodingBlob: cert.EncodingBlob = {
68    data: textEncoder.encodeInto(certData),
69    // Set the encoding format, which can be FORMAT_PEM or FORMAT_DER.
70    encodingFormat: cert.EncodingFormat.FORMAT_PEM
71  };
72
73  let x509Cert: cert.X509Cert = {} as cert.X509Cert;
74  try {
75    x509Cert = await cert.createX509Cert(encodingBlob);
76  } catch (err) {
77    let e: BusinessError = err as BusinessError;
78    console.error(`createX509Cert failed, errCode: ${e.code}, errMsg: ${e.message}`);
79  }
80  return x509Cert;
81}
82
83async function sample() {
84  const x509Cert = await createX509Cert();
85  const x509CRL = await createX509CRL();
86  let collection: cert.CertCRLCollection = {} as cert.CertCRLCollection;
87  try {
88    collection = cert.createCertCRLCollection([x509Cert], [x509CRL]);
89    console.log('createCertCRLCollection success');
90  } catch (err) {
91    console.error('createCertCRLCollection failed');
92  }
93
94  const certParam: cert.X509CertMatchParameters = {
95    validDate: '231128000000Z'
96  }
97  try {
98    let certs: cert.X509Cert[] = await collection.selectCerts(certParam);
99  } catch (err) {
100    console.error('selectCerts failed');
101  }
102
103  const crlParam: cert.X509CRLMatchParameters = {
104    x509Cert: x509Cert
105  }
106  try {
107    let crls: cert.X509CRL[] = await collection.selectCRLs(crlParam);
108    console.error('selectCRLs success');
109  } catch (err) {
110    console.error('selectCRLs failed');
111  }
112}
113```
114
115
116