1# Certificate Development
2
3
4This topic walks you through on how to create a certificate object, obtain information about the certificate, and check the validity period of the certificate.
5
6
7## How to Develop
8
91. Import the [cert](../../reference/apis-device-certificate-kit/js-apis-cert.md) module.
10   ```ts
11   import { cert } from '@kit.DeviceCertificateKit';
12   ```
13
142. Use [cert.createX509Cert](../../reference/apis-device-certificate-kit/js-apis-cert.md#certcreatex509cert) to create an **X509Cert** object based on the existing X.509 certificate data.
15
163. Obtain certificate information.<br>
17   The following example shows how to obtain the certificate version and serial number. For more information, see [X509Cert](../../reference/apis-device-certificate-kit/js-apis-cert.md#x509cert).
18
194. Use [X509Cert.getPublicKey](../../reference/apis-device-certificate-kit/js-apis-cert.md#getpublickey) to obtain the public key in the certificate and use [X509Cert.verify](../../reference/apis-device-certificate-kit/js-apis-cert.md#verify) to verify the signature.
20
21   In this example, a self-signed certificate is used. Therefore, the public key in the certificate is obtained. In your app experience, obtain the public key for signature verification based on actual situation.
22
235. Use [X509Cert.checkValidityWithDate](../../reference/apis-device-certificate-kit/js-apis-cert.md#checkvaliditywithdate) to check the certificate validity period.
24
25   The input parameter **date** is used to check whether the specified date is within the validity period of the X.509 certificate.
26
27```ts
28import { cert } from '@kit.DeviceCertificateKit';
29import { BusinessError } from '@kit.BasicServicesKit';
30import { util } from '@kit.ArkTS';
31
32// The following is an example of the certificate binary data, which varies with the service.
33let certData = '-----BEGIN CERTIFICATE-----\n' +
34  'MIIBLzCB1QIUO/QDVJwZLIpeJyPjyTvE43xvE5cwCgYIKoZIzj0EAwIwGjEYMBYG\n' +
35  'A1UEAwwPRXhhbXBsZSBSb290IENBMB4XDTIzMDkwNDExMjAxOVoXDTI2MDUzMDEx\n' +
36  'MjAxOVowGjEYMBYGA1UEAwwPRXhhbXBsZSBSb290IENBMFkwEwYHKoZIzj0CAQYI\n' +
37  'KoZIzj0DAQcDQgAEHjG74yMIueO7z3T+dyuEIrhxTg2fqgeNB3SGfsIXlsiUfLTa\n' +
38  'tUsU0i/sePnrKglj2H8Abbx9PK0tsW/VgqwDIDAKBggqhkjOPQQDAgNJADBGAiEA\n' +
39  '0ce/fvA4tckNZeB865aOApKXKlBjiRlaiuq5mEEqvNACIQDPD9WyC21MXqPBuRUf\n' +
40  'BetUokslUfjT6+s/X4ByaxycAA==\n' +
41  '-----END CERTIFICATE-----\n';
42
43// Certificate example.
44function certSample(): void {
45  let textEncoder = new util.TextEncoder();
46  let encodingBlob: cert.EncodingBlob = {
47    // Convert the certificate data from a string to a Unit8Array.
48    data: textEncoder.encodeInto(certData),
49    // Certificate format. Only PEM and DER are supported. In this example, the certificate is in PEM format.
50    encodingFormat: cert.EncodingFormat.FORMAT_PEM
51  };
52
53  // Create an X509Cert object.
54  cert.createX509Cert(encodingBlob, (err, x509Cert) => {
55    if (err != null) {
56      // The X509Cert object fails to be created.
57      console.error(`createX509Cert failed, errCode:${err.code}, errMsg:${err.message}`);
58      return;
59    }
60    // The X509Cert object is created.
61    console.log('createX509Cert success');
62
63    // Obtain the certificate version.
64    let version = x509Cert.getVersion();
65    let serial = x509Cert.getCertSerialNumber();
66    console.log(`X509 version: ${version} , X509 serial:${serial}`);
67
68    // Use the getPublicKey() method of the upper-level certificate object or the self-signed certificate object to obtain the public key object.
69    try {
70      let pubKey = x509Cert.getPublicKey();
71      // Verify the certificate signature.
72      x509Cert.verify(pubKey, (err, data) => {
73        if (err == null) {
74          // Signature verification is successful.
75          console.log('verify success');
76        } else {
77          // Signature verification fails.
78          console.error(`verify failed, errCode: ${err.code} , errMsg:${err.message}`);
79        }
80      });
81    } catch (error) {
82      let e: BusinessError = error as BusinessError;
83      console.error(`getPublicKey failed, errCode: ${e.code} , errMsg:${e.message}`);
84    }
85
86    // Use a string to represent the date.
87    let date = '20230930000001Z';
88
89    // Check the validity period of the certificate.
90    try {
91      x509Cert.checkValidityWithDate(date);
92    } catch (error) {
93      let e: BusinessError = error as BusinessError;
94      console.error(`checkValidityWithDate failed, errCode: ${e.code}, errMsg:${e.message}`);
95    }
96  });
97}
98```
99